@Override
 public Response readTask(
     final String rawProcessDefinitionKey, final String taskId, final MessageContext context)
     throws PieceworkException {
   Entity principal = identityHelper.getPrincipal();
   String processDefinitionKey = sanitizer.sanitize(rawProcessDefinitionKey);
   Process process = identityHelper.findProcess(processDefinitionKey, true);
   return taskForm(context, process, taskId);
 }
 @Override
 public Response read(final String rawProcessDefinitionKey, final MessageContext context)
     throws PieceworkException {
   String processDefinitionKey = sanitizer.sanitize(rawProcessDefinitionKey);
   Process process = identityHelper.findProcess(processDefinitionKey, true);
   return startForm(context, process);
 }
示例#3
0
  private void verifyCurrentUserIsAuthorized(Process process, Task task)
      throws ForbiddenError, BadRequestError {
    if (process == null) throw new BadRequestError(Constants.ExceptionCodes.process_does_not_exist);

    String taskId = task != null ? task.getTaskInstanceId() : null;

    Entity principal = identityHelper.getPrincipal();
    if (principal == null || StringUtils.isEmpty(principal.getEntityId())) {
      LOG.error(
          "Forbidden: Unauthorized user or user with no userId (e.g. system user) attempting to create a request for task: "
              + taskId);
      throw new ForbiddenError();
    }

    if (!principal.hasRole(process, AuthorizationRole.OVERSEER)) {
      if (task != null && !task.isCandidateOrAssignee(principal)) {
        LOG.warn(
            "Forbidden: Unauthorized principal "
                + principal.toString()
                + " attempting to access task "
                + taskId);
        throw new ForbiddenError();
      }
    }
  }
 @Override
 public Response submit(
     final String rawProcessDefinitionKey,
     final String rawRequestId,
     final MessageContext context,
     final MultipartBody body)
     throws PieceworkException {
   String processDefinitionKey = sanitizer.sanitize(rawProcessDefinitionKey);
   Process process = identityHelper.findProcess(processDefinitionKey, true);
   return submitForm(context, process, rawRequestId, body);
 }
 @Override
 public Response validate(
     final String rawProcessDefinitionKey,
     final String rawRequestId,
     final String rawValidationId,
     final MessageContext context,
     final MultivaluedMap<String, String> formData)
     throws PieceworkException {
   String processDefinitionKey = sanitizer.sanitize(rawProcessDefinitionKey);
   Process process = identityHelper.findProcess(processDefinitionKey, true);
   return validateForm(context, process, formData, rawRequestId, rawValidationId);
 }