public FormRequest create(
RequestDetails requestDetails,
Process process,
ProcessInstance processInstance,
Task task,
ActionType actionType,
FormValidation validation)
throws StatusCodeError {
Activity activity = activity(process, processInstance, task);
// Don't allow anyone to issue a create request for a task that's not open
if (actionType == ActionType.CREATE
&& task != null
&& task.getTaskStatus() != null
&& !task.getTaskStatus().equals(Constants.TaskStatuses.OPEN)) actionType = ActionType.VIEW;
FormRequest.Builder formRequestBuilder =
new FormRequest.Builder()
.processDefinitionKey(process.getProcessDefinitionKey())
.instance(processInstance)
.task(task)
.activity(activity)
.action(actionType);
if (requestDetails != null) {
String contentType =
requestDetails.getContentType() != null
? requestDetails.getContentType().toString()
: null;
formRequestBuilder
.remoteAddr(requestDetails.getRemoteAddr())
.remoteHost(requestDetails.getRemoteHost())
.remotePort(requestDetails.getRemotePort())
.remoteUser(requestDetails.getRemoteUser())
.actAsUser(requestDetails.getActAsUser())
.certificateIssuer(requestDetails.getCertificateIssuer())
.certificateSubject(requestDetails.getCertificateSubject())
.contentType(contentType)
.referrer(requestDetails.getReferrer())
.userAgent(requestDetails.getUserAgent());
List<MediaType> acceptableMediaTypes = requestDetails.getAcceptableMediaTypes();
if (acceptableMediaTypes != null) {
for (MediaType acceptableMediaType : acceptableMediaTypes) {
formRequestBuilder.acceptableMediaType(acceptableMediaType.toString());
}
}
}
if (validation != null) {
formRequestBuilder.messages(validation.getResults());
}
return requestRepository.save(formRequestBuilder.build());
}
public FormRequest handle(RequestDetails request, String requestId) throws StatusCodeError {
FormRequest formRequest = requestRepository.findOne(requestId);
if (formRequest == null) {
return null;
}
if (request != null) {
if (request.getRemoteUser() != null
&& formRequest.getRemoteUser() != null
&& !request.getRemoteUser().equals(formRequest.getRemoteUser())) {
LOG.error(
"Wrong user viewing or submitting form: "
+ request.getRemoteUser()
+ " not "
+ formRequest.getRemoteUser());
throw new ForbiddenError(Constants.ExceptionCodes.user_does_not_match);
}
if (request.getRemoteHost() != null
&& formRequest.getRemoteHost() != null
&& !request.getRemoteHost().equals(formRequest.getRemoteHost()))
LOG.warn(
"This should not happen -- submission remote host ("
+ request.getRemoteHost()
+ ") does not match request ("
+ formRequest.getRemoteHost()
+ ")");
if (request.getRemoteAddr() != null
&& formRequest.getRemoteAddr() != null
&& !request.getRemoteAddr().equals(formRequest.getRemoteAddr()))
LOG.warn(
"This should not happen -- submission remote address ("
+ request.getRemoteAddr()
+ ") does not match request ("
+ formRequest.getRemoteAddr()
+ ")");
if (formRequest.getCertificateIssuer() != null
&& formRequest.getCertificateSubject() != null) {
String certificateIssuer = request.getCertificateIssuer();
String certificateSubject = request.getCertificateSubject();
if (StringUtils.isEmpty(certificateIssuer)
|| StringUtils.isEmpty(certificateSubject)
|| !certificateIssuer.equals(formRequest.getCertificateIssuer())
|| !certificateSubject.equals(formRequest.getCertificateSubject())) {
LOG.error(
"Wrong certificate submitting form: "
+ certificateIssuer
+ ":"
+ certificateSubject
+ " not "
+ formRequest.getCertificateIssuer()
+ ":"
+ formRequest.getCertificateSubject());
throw new ForbiddenError(Constants.ExceptionCodes.certificate_does_not_match);
}
}
if (formRequest.getRequestDate() != null) {
Hours hours =
Hours.hoursBetween(new DateTime(formRequest.getRequestDate()), new DateTime());
int h = hours.getHours();
if (h > 1) {
throw new ForbiddenError(Constants.ExceptionCodes.request_expired);
}
}
}
ProcessInstance instance = formRequest.getInstance();
if (instance == null
&& StringUtils.isNotEmpty(formRequest.getProcessDefinitionKey())
&& StringUtils.isNotEmpty(formRequest.getProcessInstanceId()))
instance =
processInstanceService.read(
formRequest.getProcessDefinitionKey(), formRequest.getProcessInstanceId(), false);
FormRequest.Builder builder =
new FormRequest.Builder(formRequest)
.instance(instance)
.task(taskService.read(instance, formRequest.getTaskId()));
return builder.build();
}