private boolean isAllowed(
final OperationCommand command, final Task task, final User user, List<String> groupIds) {
boolean operationAllowed = false;
for (Allowed allowed : command.getAllowed()) {
if (operationAllowed) {
break;
}
switch (allowed) {
case Owner:
{
operationAllowed =
(task.getTaskData().getActualOwner() != null
&& task.getTaskData().getActualOwner().equals(user));
break;
}
case Initiator:
{
operationAllowed =
(task.getTaskData().getCreatedBy() != null
&& (task.getTaskData().getCreatedBy().equals(user)
|| groupIds != null
&& groupIds.contains(task.getTaskData().getCreatedBy().getId())));
break;
}
case PotentialOwner:
{
operationAllowed =
isAllowed(
user,
groupIds,
(List<OrganizationalEntity>) task.getPeopleAssignments().getPotentialOwners());
break;
}
case BusinessAdministrator:
{
operationAllowed =
isAllowed(
user,
groupIds,
(List<OrganizationalEntity>)
task.getPeopleAssignments().getBusinessAdministrators());
break;
}
case TaskStakeholders:
{
operationAllowed =
isAllowed(
user,
groupIds,
(List<OrganizationalEntity>)
((InternalPeopleAssignments) task.getPeopleAssignments())
.getTaskStakeholders());
break;
}
case Anyone:
{
operationAllowed = true;
break;
}
}
}
if (operationAllowed && command.isUserIsExplicitPotentialOwner()) {
// if user has rights to execute the command, make sure user is explicitly specified (not as a
// group)
operationAllowed = task.getPeopleAssignments().getPotentialOwners().contains(user);
}
if (operationAllowed && command.isSkipable()) {
operationAllowed = task.getTaskData().isSkipable();
}
return operationAllowed;
}
