public Builder taskSubresources(String processDefinitionKey, Task task, ViewContext context) {
this.assignment =
context != null && task != null && task.getTaskInstanceId() != null
? context.getApplicationUri(
Task.Constants.ROOT_ELEMENT_NAME,
processDefinitionKey,
task.getTaskInstanceId(),
"assign")
: null;
this.task = task;
return this;
}
private void verifyCurrentUserIsAuthorized(Process process, Task task)
throws ForbiddenError, BadRequestError {
if (process == null) throw new BadRequestError(Constants.ExceptionCodes.process_does_not_exist);
String taskId = task != null ? task.getTaskInstanceId() : null;
Entity principal = identityHelper.getPrincipal();
if (principal == null || StringUtils.isEmpty(principal.getEntityId())) {
LOG.error(
"Forbidden: Unauthorized user or user with no userId (e.g. system user) attempting to create a request for task: "
+ taskId);
throw new ForbiddenError();
}
if (!principal.hasRole(process, AuthorizationRole.OVERSEER)) {
if (task != null && !task.isCandidateOrAssignee(principal)) {
LOG.warn(
"Forbidden: Unauthorized principal "
+ principal.toString()
+ " attempting to access task "
+ taskId);
throw new ForbiddenError();
}
}
}
private Form(Form.Builder builder, ViewContext context) {
this.process = builder.process;
this.formInstanceId = builder.formInstanceId;
this.processInstanceId = builder.processInstanceId;
this.submissionType = builder.submissionType;
this.actionType = builder.actionType;
this.layout = builder.layout;
this.task = builder.task;
this.container = builder.container;
this.applicationStatusExplanation = builder.applicationStatusExplanation;
this.explanation = builder.explanation;
this.data = builder.data;
this.validation = builder.validation;
this.root =
context != null
? context.getApplicationOrPublicUri(builder.anonymous, Constants.ROOT_ELEMENT_NAME)
: null;
this.action =
context != null
? context.getApplicationOrPublicUri(
builder.anonymous,
Constants.ROOT_ELEMENT_NAME,
builder.processDefinitionKey,
builder.formInstanceId)
: null;
if (task != null && task.getTaskInstanceId() != null)
this.link =
context != null
? context.getApplicationOrPublicUri(
builder.anonymous, Constants.ROOT_ELEMENT_NAME, builder.processDefinitionKey)
+ "?taskId="
+ task.getTaskInstanceId()
: null;
else
this.link =
context != null
? context.getApplicationOrPublicUri(
builder.anonymous, Constants.ROOT_ELEMENT_NAME, builder.processDefinitionKey)
: null;
this.src =
context != null
? context.getApplicationOrPublicUri(
builder.anonymous, "resource", builder.processDefinitionKey, builder.formInstanceId)
: null;
this.staticRoot =
context != null
? context.getApplicationOrPublicUri(
builder.anonymous, "resource", "static", builder.processDefinitionKey)
: null;
this.assignment = builder.assignment;
this.activation = builder.activation;
this.attachment = builder.attachment;
this.cancellation = builder.cancellation;
this.history = builder.history;
this.restart = builder.restart;
this.suspension = builder.suspension;
this.attachmentCount = builder.attachmentCount;
this.attachments =
builder.attachments != null
? Collections.unmodifiableList(builder.attachments)
: Collections.<Attachment>emptyList();
this.valid = builder.valid;
this.external = builder.external;
this.allowAttachments = builder.allowAttachments;
this.anonymous = builder.anonymous;
this.disposition = builder.disposition;
this.currentUser = builder.currentUser;
this.bucketUrl = builder.bucketUrl;
this.bucketList = builder.bucketList;
}