private boolean isAllowed( final OperationCommand command, final Task task, final User user, List<String> groupIds) { boolean operationAllowed = false; for (Allowed allowed : command.getAllowed()) { if (operationAllowed) { break; } switch (allowed) { case Owner: { operationAllowed = (task.getTaskData().getActualOwner() != null && task.getTaskData().getActualOwner().equals(user)); break; } case Initiator: { operationAllowed = (task.getTaskData().getCreatedBy() != null && (task.getTaskData().getCreatedBy().equals(user) || groupIds != null && groupIds.contains(task.getTaskData().getCreatedBy().getId()))); break; } case PotentialOwner: { operationAllowed = isAllowed( user, groupIds, (List<OrganizationalEntity>) task.getPeopleAssignments().getPotentialOwners()); break; } case BusinessAdministrator: { operationAllowed = isAllowed( user, groupIds, (List<OrganizationalEntity>) task.getPeopleAssignments().getBusinessAdministrators()); break; } case TaskStakeholders: { operationAllowed = isAllowed( user, groupIds, (List<OrganizationalEntity>) ((InternalPeopleAssignments) task.getPeopleAssignments()) .getTaskStakeholders()); break; } case Anyone: { operationAllowed = true; break; } } } if (operationAllowed && command.isUserIsExplicitPotentialOwner()) { // if user has rights to execute the command, make sure user is explicitly specified (not as a // group) operationAllowed = task.getPeopleAssignments().getPotentialOwners().contains(user); } if (operationAllowed && command.isSkipable()) { operationAllowed = task.getTaskData().isSkipable(); } return operationAllowed; }