private void commands( final OperationCommand command, final Task task, final User user, final OrganizationalEntity targetEntity, OrganizationalEntity... entities) { final PeopleAssignments people = task.getPeopleAssignments(); final InternalTaskData taskData = (InternalTaskData) task.getTaskData(); if (command.getNewStatus() != null) { taskData.setStatus(command.getNewStatus()); } else if (command.isSetToPreviousStatus()) { taskData.setStatus(taskData.getPreviousStatus()); } if (command.isAddTargetEntityToPotentialOwners() && !people.getPotentialOwners().contains(targetEntity)) { people.getPotentialOwners().add(targetEntity); } if (command.isRemoveUserFromPotentialOwners()) { people.getPotentialOwners().remove(user); } if (command.isSetNewOwnerToUser()) { taskData.setActualOwner(user); } if (command.isSetNewOwnerToNull()) { taskData.setActualOwner(null); } if (command.getExec() != null) { switch (command.getExec()) { case Claim: { taskData.setActualOwner((User) targetEntity); // @TODO: Ical stuff // Task was reserved so owner should get icals // SendIcal.getInstance().sendIcalForTask(task, // service.getUserinfo()); break; } case Nominate: { if (entities != null && entities.length > 0) { List<OrganizationalEntity> potentialOwners = new ArrayList<OrganizationalEntity>(Arrays.asList(entities)); ((InternalPeopleAssignments) task.getPeopleAssignments()) .setPotentialOwners(potentialOwners); assignOwnerAndStatus((InternalTaskData) task.getTaskData(), potentialOwners); } break; } } } }
void evalCommand( final Operation operation, final List<OperationCommand> commands, final Task task, final User user, final OrganizationalEntity targetEntity, List<String> groupIds, OrganizationalEntity... entities) throws PermissionDeniedException { boolean statusMatched = false; final TaskData taskData = task.getTaskData(); for (OperationCommand command : commands) { // first find out if we have a matching status if (command.getStatus() != null) { for (Status status : command.getStatus()) { if (task.getTaskData().getStatus() == status) { statusMatched = true; // next find out if the user can execute this doOperation if (!isAllowed(command, task, user, groupIds)) { String errorMessage = "User '" + user + "' does not have permissions to execute operation '" + operation + "' on task id " + task.getId(); throw new PermissionDeniedException(errorMessage); } commands(command, task, user, targetEntity, entities); } else { logger.debug( "No match on status for task {} :status {} != {}", task.getId(), task.getTaskData().getStatus(), status); } } } if (command.getPreviousStatus() != null) { for (Status status : command.getPreviousStatus()) { if (taskData.getPreviousStatus() == status) { statusMatched = true; // next find out if the user can execute this doOperation if (!isAllowed(command, task, user, groupIds)) { String errorMessage = "User '" + user + "' does not have permissions to execute operation '" + operation + "' on task id " + task.getId(); throw new PermissionDeniedException(errorMessage); } commands(command, task, user, targetEntity, entities); } else { logger.debug( "No match on previous status for task {} :status {} != {}", task.getId(), task.getTaskData().getStatus(), status); } } } if (!command.isGroupTargetEntityAllowed() && targetEntity instanceof Group) { String errorMessage = "User '" + user + "' was unable to execute operation '" + operation + "' on task id " + task.getId() + " due to 'target entity cannot be group'"; throw new PermissionDeniedException(errorMessage); } } if (!statusMatched) { String errorMessage = "User '" + user + "' was unable to execute operation '" + operation + "' on task id " + task.getId() + " due to a no 'current status' match"; throw new PermissionDeniedException(errorMessage); } }
private boolean isAllowed( final OperationCommand command, final Task task, final User user, List<String> groupIds) { boolean operationAllowed = false; for (Allowed allowed : command.getAllowed()) { if (operationAllowed) { break; } switch (allowed) { case Owner: { operationAllowed = (task.getTaskData().getActualOwner() != null && task.getTaskData().getActualOwner().equals(user)); break; } case Initiator: { operationAllowed = (task.getTaskData().getCreatedBy() != null && (task.getTaskData().getCreatedBy().equals(user) || groupIds != null && groupIds.contains(task.getTaskData().getCreatedBy().getId()))); break; } case PotentialOwner: { operationAllowed = isAllowed( user, groupIds, (List<OrganizationalEntity>) task.getPeopleAssignments().getPotentialOwners()); break; } case BusinessAdministrator: { operationAllowed = isAllowed( user, groupIds, (List<OrganizationalEntity>) task.getPeopleAssignments().getBusinessAdministrators()); break; } case TaskStakeholders: { operationAllowed = isAllowed( user, groupIds, (List<OrganizationalEntity>) ((InternalPeopleAssignments) task.getPeopleAssignments()) .getTaskStakeholders()); break; } case Anyone: { operationAllowed = true; break; } } } if (operationAllowed && command.isUserIsExplicitPotentialOwner()) { // if user has rights to execute the command, make sure user is explicitly specified (not as a // group) operationAllowed = task.getPeopleAssignments().getPotentialOwners().contains(user); } if (operationAllowed && command.isSkipable()) { operationAllowed = task.getTaskData().isSkipable(); } return operationAllowed; }