private void commands(
final OperationCommand command,
final Task task,
final User user,
final OrganizationalEntity targetEntity,
OrganizationalEntity... entities) {
final PeopleAssignments people = task.getPeopleAssignments();
final InternalTaskData taskData = (InternalTaskData) task.getTaskData();
if (command.getNewStatus() != null) {
taskData.setStatus(command.getNewStatus());
} else if (command.isSetToPreviousStatus()) {
taskData.setStatus(taskData.getPreviousStatus());
}
if (command.isAddTargetEntityToPotentialOwners()
&& !people.getPotentialOwners().contains(targetEntity)) {
people.getPotentialOwners().add(targetEntity);
}
if (command.isRemoveUserFromPotentialOwners()) {
people.getPotentialOwners().remove(user);
}
if (command.isSetNewOwnerToUser()) {
taskData.setActualOwner(user);
}
if (command.isSetNewOwnerToNull()) {
taskData.setActualOwner(null);
}
if (command.getExec() != null) {
switch (command.getExec()) {
case Claim:
{
taskData.setActualOwner((User) targetEntity);
// @TODO: Ical stuff
// Task was reserved so owner should get icals
// SendIcal.getInstance().sendIcalForTask(task,
// service.getUserinfo());
break;
}
case Nominate:
{
if (entities != null && entities.length > 0) {
List<OrganizationalEntity> potentialOwners =
new ArrayList<OrganizationalEntity>(Arrays.asList(entities));
((InternalPeopleAssignments) task.getPeopleAssignments())
.setPotentialOwners(potentialOwners);
assignOwnerAndStatus((InternalTaskData) task.getTaskData(), potentialOwners);
}
break;
}
}
}
}
void evalCommand(
final Operation operation,
final List<OperationCommand> commands,
final Task task,
final User user,
final OrganizationalEntity targetEntity,
List<String> groupIds,
OrganizationalEntity... entities)
throws PermissionDeniedException {
boolean statusMatched = false;
final TaskData taskData = task.getTaskData();
for (OperationCommand command : commands) {
// first find out if we have a matching status
if (command.getStatus() != null) {
for (Status status : command.getStatus()) {
if (task.getTaskData().getStatus() == status) {
statusMatched = true;
// next find out if the user can execute this doOperation
if (!isAllowed(command, task, user, groupIds)) {
String errorMessage =
"User '"
+ user
+ "' does not have permissions to execute operation '"
+ operation
+ "' on task id "
+ task.getId();
throw new PermissionDeniedException(errorMessage);
}
commands(command, task, user, targetEntity, entities);
} else {
logger.debug(
"No match on status for task {} :status {} != {}",
task.getId(),
task.getTaskData().getStatus(),
status);
}
}
}
if (command.getPreviousStatus() != null) {
for (Status status : command.getPreviousStatus()) {
if (taskData.getPreviousStatus() == status) {
statusMatched = true;
// next find out if the user can execute this doOperation
if (!isAllowed(command, task, user, groupIds)) {
String errorMessage =
"User '"
+ user
+ "' does not have permissions to execute operation '"
+ operation
+ "' on task id "
+ task.getId();
throw new PermissionDeniedException(errorMessage);
}
commands(command, task, user, targetEntity, entities);
} else {
logger.debug(
"No match on previous status for task {} :status {} != {}",
task.getId(),
task.getTaskData().getStatus(),
status);
}
}
}
if (!command.isGroupTargetEntityAllowed() && targetEntity instanceof Group) {
String errorMessage =
"User '"
+ user
+ "' was unable to execute operation '"
+ operation
+ "' on task id "
+ task.getId()
+ " due to 'target entity cannot be group'";
throw new PermissionDeniedException(errorMessage);
}
}
if (!statusMatched) {
String errorMessage =
"User '"
+ user
+ "' was unable to execute operation '"
+ operation
+ "' on task id "
+ task.getId()
+ " due to a no 'current status' match";
throw new PermissionDeniedException(errorMessage);
}
}
private boolean isAllowed(
final OperationCommand command, final Task task, final User user, List<String> groupIds) {
boolean operationAllowed = false;
for (Allowed allowed : command.getAllowed()) {
if (operationAllowed) {
break;
}
switch (allowed) {
case Owner:
{
operationAllowed =
(task.getTaskData().getActualOwner() != null
&& task.getTaskData().getActualOwner().equals(user));
break;
}
case Initiator:
{
operationAllowed =
(task.getTaskData().getCreatedBy() != null
&& (task.getTaskData().getCreatedBy().equals(user)
|| groupIds != null
&& groupIds.contains(task.getTaskData().getCreatedBy().getId())));
break;
}
case PotentialOwner:
{
operationAllowed =
isAllowed(
user,
groupIds,
(List<OrganizationalEntity>) task.getPeopleAssignments().getPotentialOwners());
break;
}
case BusinessAdministrator:
{
operationAllowed =
isAllowed(
user,
groupIds,
(List<OrganizationalEntity>)
task.getPeopleAssignments().getBusinessAdministrators());
break;
}
case TaskStakeholders:
{
operationAllowed =
isAllowed(
user,
groupIds,
(List<OrganizationalEntity>)
((InternalPeopleAssignments) task.getPeopleAssignments())
.getTaskStakeholders());
break;
}
case Anyone:
{
operationAllowed = true;
break;
}
}
}
if (operationAllowed && command.isUserIsExplicitPotentialOwner()) {
// if user has rights to execute the command, make sure user is explicitly specified (not as a
// group)
operationAllowed = task.getPeopleAssignments().getPotentialOwners().contains(user);
}
if (operationAllowed && command.isSkipable()) {
operationAllowed = task.getTaskData().isSkipable();
}
return operationAllowed;
}
