Example 1 with EntityNotFoundException
use of org.alfresco.rest.framework.core.exceptions.EntityNotFoundException in project alfresco-remote-api by Alfresco.
the class TasksImpl method update.
@Override
public Task update(String taskId, Task task, Parameters parameters) {
TaskStateTransition taskAction = null;
List<String> selectedProperties = parameters.getSelectedProperties();
if (selectedProperties.contains("state")) {
taskAction = TaskStateTransition.getTaskActionFromString(task.getState());
}
// Fetch the task unfiltered, we check authorization below
TaskQuery query = activitiProcessEngine.getTaskService().createTaskQuery().taskId(taskId);
org.activiti.engine.task.Task taskInstance = query.singleResult();
if (taskInstance == null) {
// Check if task exists in history, to be able to return appropriate error when trying to update an
// existing completed task vs. an unexisting task vs. unauthorized
boolean taskHasExisted = activitiProcessEngine.getHistoryService().createHistoricTaskInstanceQuery().taskId(taskId).count() > 0;
if (taskHasExisted) {
throw new UnsupportedResourceOperationException("Task with id: " + taskId + " cannot be updated, it's completed");
} else {
throw new EntityNotFoundException(taskId);
}
} else {
String user = AuthenticationUtil.getRunAsUser();
// Check if user is either assignee, owner or admin
boolean authorized = authorityService.isAdminAuthority(user) || user.equals(taskInstance.getOwner()) || user.equals(taskInstance.getAssignee());
Set<String> candidateGroups = new HashSet<String>();
if (!authorized) {
// Check if user is initiator of the process this task is involved with
List<IdentityLink> linksForTask = activitiProcessEngine.getTaskService().getIdentityLinksForTask(taskId);
// the identity-links, there is no reason why we should check candidate using a DB-query
for (IdentityLink link : linksForTask) {
if (user.equals(link.getUserId()) && IdentityLinkType.STARTER.equals(link.getType())) {
authorized = true;
break;
}
// MNT-13276
if ((taskInstance.getAssignee() == null) && (link.getGroupId() != null) && link.getType().equals(IdentityLinkType.CANDIDATE)) {
Set<String> userGroups = authorityService.getAuthoritiesForUser(user);
if (userGroups.contains(link.getGroupId())) {
authorized = true;
break;
}
}
if (taskAction == TaskStateTransition.CLAIMED && link.getGroupId() != null && link.getType().equals(IdentityLinkType.CANDIDATE)) {
candidateGroups.add(link.getGroupId());
}
if (taskAction == TaskStateTransition.CLAIMED && link.getUserId() != null && link.getType().equals(IdentityLinkType.CANDIDATE) && user.equals(link.getUserId())) {
// User is a direct candidate for the task, authorized to claim
authorized = true;
break;
}
}
}
// When claiming, a limited update (set assignee through claim) is allowed
if (!authorized && taskAction == TaskStateTransition.CLAIMED) {
Set<String> userGroups = authorityService.getAuthoritiesForUser(user);
for (String group : candidateGroups) {
if (userGroups.contains(group)) {
authorized = true;
break;
}
}
}
if (!authorized) {
// None of the above conditions are met, not authorized to update task
throw new PermissionDeniedException();
}
}
// Update fields if no action is required
if (taskAction == null) {
// Only update task in Activiti API if actual properties are changed
if (updateTaskProperties(selectedProperties, task, taskInstance)) {
activitiProcessEngine.getTaskService().saveTask(taskInstance);
}
} else {
// Perform actions associated to state transition
if (taskAction != null) {
// look for variables submitted with task action
Map<String, Object> globalVariables = new HashMap<String, Object>();
Map<String, Object> localVariables = new HashMap<String, Object>();
if (selectedProperties.contains("variables") && task.getVariables() != null && task.getVariables().size() > 0) {
for (TaskVariable taskVariable : task.getVariables()) {
taskVariable = convertToTypedVariable(taskVariable, taskInstance);
if (taskVariable.getVariableScope() == VariableScope.GLOBAL) {
globalVariables.put(taskVariable.getName(), taskVariable.getValue());
} else {
localVariables.put(taskVariable.getName(), taskVariable.getValue());
}
}
}
switch(taskAction) {
case CLAIMED:
try {
activitiProcessEngine.getTaskService().claim(taskId, AuthenticationUtil.getRunAsUser());
} catch (ActivitiTaskAlreadyClaimedException atace) {
throw new ConstraintViolatedException("The task is already claimed by another user.");
}
break;
case COMPLETED:
if (localVariables.size() > 0) {
activitiProcessEngine.getTaskService().setVariablesLocal(taskId, localVariables);
}
setOutcome(taskId);
if (globalVariables.size() > 0) {
activitiProcessEngine.getTaskService().complete(taskId, globalVariables);
} else {
activitiProcessEngine.getTaskService().complete(taskId);
}
break;
case DELEGATED:
if (selectedProperties.contains("assignee") && task.getAssignee() != null) {
if (taskInstance.getAssignee() == null || !taskInstance.getAssignee().equals(AuthenticationUtil.getRunAsUser())) {
// Alter assignee before delegating to preserve trail of who actually delegated
activitiProcessEngine.getTaskService().setAssignee(taskId, AuthenticationUtil.getRunAsUser());
}
activitiProcessEngine.getTaskService().delegateTask(taskId, task.getAssignee());
} else {
throw new InvalidArgumentException("When delegating a task, assignee should be selected and provided in the request.");
}
break;
case RESOLVED:
if (localVariables.size() > 0) {
activitiProcessEngine.getTaskService().setVariablesLocal(taskId, localVariables);
}
setOutcome(taskId);
if (globalVariables.size() > 0) {
activitiProcessEngine.getTaskService().resolveTask(taskId, globalVariables);
} else {
activitiProcessEngine.getTaskService().resolveTask(taskId);
}
break;
case UNCLAIMED:
activitiProcessEngine.getTaskService().setAssignee(taskId, null);
break;
}
}
}
Task responseTask = new Task(activitiProcessEngine.getHistoryService().createHistoricTaskInstanceQuery().taskId(taskId).singleResult());
// if the task is not ended the task state might be pending or resolved
if (responseTask.getEndedAt() == null) {
try {
org.activiti.engine.task.Task runningTask = activitiProcessEngine.getTaskService().createTaskQuery().taskId(taskId).singleResult();
if (runningTask != null) {
if (runningTask.getDelegationState() == DelegationState.PENDING) {
responseTask.setState(TaskStateTransition.DELEGATED.name().toLowerCase());
} else if (runningTask.getDelegationState() == DelegationState.RESOLVED) {
responseTask.setState(TaskStateTransition.RESOLVED.name().toLowerCase());
}
}
} catch (Exception e) {
// ignore the exception
}
}
return responseTask;
}
Also used :
Task(org.alfresco.rest.workflow.api.model.Task)
TaskStateTransition(org.alfresco.rest.workflow.api.model.TaskStateTransition)
UnsupportedResourceOperationException(org.alfresco.rest.framework.core.exceptions.UnsupportedResourceOperationException)
HashMap(java.util.HashMap)
TaskVariable(org.alfresco.rest.workflow.api.model.TaskVariable)
EntityNotFoundException(org.alfresco.rest.framework.core.exceptions.EntityNotFoundException)
IdentityLink(org.activiti.engine.task.IdentityLink)
ConstraintViolatedException(org.alfresco.rest.framework.core.exceptions.ConstraintViolatedException)
PermissionDeniedException(org.alfresco.rest.framework.core.exceptions.PermissionDeniedException)
EntityNotFoundException(org.alfresco.rest.framework.core.exceptions.EntityNotFoundException)
UnsupportedResourceOperationException(org.alfresco.rest.framework.core.exceptions.UnsupportedResourceOperationException)
ActivitiTaskAlreadyClaimedException(org.activiti.engine.ActivitiTaskAlreadyClaimedException)
ConstraintViolatedException(org.alfresco.rest.framework.core.exceptions.ConstraintViolatedException)
InvalidQNameException(org.alfresco.service.namespace.InvalidQNameException)
InvalidArgumentException(org.alfresco.rest.framework.core.exceptions.InvalidArgumentException)
ActivitiTaskAlreadyClaimedException(org.activiti.engine.ActivitiTaskAlreadyClaimedException)
InvalidArgumentException(org.alfresco.rest.framework.core.exceptions.InvalidArgumentException)
TaskQuery(org.activiti.engine.task.TaskQuery)
PermissionDeniedException(org.alfresco.rest.framework.core.exceptions.PermissionDeniedException)
HashSet(java.util.HashSet)
Example 2 with EntityNotFoundException
use of org.alfresco.rest.framework.core.exceptions.EntityNotFoundException in project alfresco-remote-api by Alfresco.
the class TasksImpl method getValidHistoricTask.
/**
* Get a valid {@link HistoricTaskInstance} based on the given task id. Checks if current logged
* in user is assignee/owner/involved with the task. In case true was passed for "validIfClaimable",
* the task is also valid if the current logged in user is a candidate for claiming the task.
*
* @throws EntityNotFoundException when the task was not found
* @throws PermissionDeniedException when the current logged in user isn't allowed to access task.
*/
protected HistoricTaskInstance getValidHistoricTask(String taskId) {
HistoricTaskInstanceQuery query = activitiProcessEngine.getHistoryService().createHistoricTaskInstanceQuery().taskId(taskId);
if (authorityService.isAdminAuthority(AuthenticationUtil.getRunAsUser())) {
// Admin is allowed to read all tasks in the current tenant
if (tenantService.isEnabled()) {
query.processVariableValueEquals(ActivitiConstants.VAR_TENANT_DOMAIN, TenantUtil.getCurrentDomain());
}
} else {
// If non-admin user, involvement in the task is required (either owner, assignee or externally involved).
query.taskInvolvedUser(AuthenticationUtil.getRunAsUser());
}
HistoricTaskInstance taskInstance = query.singleResult();
if (taskInstance == null) {
// Either the task doesn't exist or the user is not involved directly. We can differentiate by
// checking if the task exists without applying the additional filtering
taskInstance = activitiProcessEngine.getHistoryService().createHistoricTaskInstanceQuery().taskId(taskId).singleResult();
if (taskInstance == null) {
// Full error message will be "Task with id: 'id' was not found"
throw new EntityNotFoundException(taskId);
} else {
boolean isTaskClaimable = false;
if (taskInstance.getEndTime() == null) {
// Task is not yet finished, so potentially claimable. If user is part of a "candidateGroup", the task is accessible to the
// user regardless of not being involved/owner/assignee
isTaskClaimable = activitiProcessEngine.getTaskService().createTaskQuery().taskCandidateGroupIn(new ArrayList<String>(authorityService.getAuthoritiesForUser(AuthenticationUtil.getRunAsUser()))).taskId(taskId).count() == 1;
}
if (isTaskClaimable == false) {
throw new PermissionDeniedException();
}
}
}
return taskInstance;
}
Also used :
HistoricTaskInstance(org.activiti.engine.history.HistoricTaskInstance)
PermissionDeniedException(org.alfresco.rest.framework.core.exceptions.PermissionDeniedException)
EntityNotFoundException(org.alfresco.rest.framework.core.exceptions.EntityNotFoundException)
HistoricTaskInstanceQuery(org.activiti.engine.history.HistoricTaskInstanceQuery)
Example 3 with EntityNotFoundException
use of org.alfresco.rest.framework.core.exceptions.EntityNotFoundException in project alfresco-remote-api by Alfresco.
the class TasksImpl method getValidTask.
/**
* Get a valid {@link org.activiti.engine.task.Task} based on the given task id. Checks if current logged
* in user is assignee/owner/involved with the task. In case true was passed for "validIfClaimable",
* the task is also valid if the current logged in user is a candidate for claiming the task.
*
* @throws EntityNotFoundException when the task was not found
* @throws PermissionDeniedException when the current logged in user isn't allowed to access task.
*/
protected org.activiti.engine.task.Task getValidTask(String taskId) {
if (taskId == null) {
throw new InvalidArgumentException("Task id is required.");
}
TaskQuery query = activitiProcessEngine.getTaskService().createTaskQuery().taskId(taskId);
if (authorityService.isAdminAuthority(AuthenticationUtil.getRunAsUser())) {
// Admin is allowed to read all tasks in the current tenant
if (tenantService.isEnabled()) {
query.processVariableValueEquals(ActivitiConstants.VAR_TENANT_DOMAIN, TenantUtil.getCurrentDomain());
}
} else {
// If non-admin user, involvement in the task is required (either owner, assignee or externally involved).
query.taskInvolvedUser(AuthenticationUtil.getRunAsUser());
}
org.activiti.engine.task.Task taskInstance = query.singleResult();
if (taskInstance == null) {
// Either the task doesn't exist or the user is not involved directly. We can differentiate by
// checking if the task exists without applying the additional filtering
taskInstance = activitiProcessEngine.getTaskService().createTaskQuery().taskId(taskId).singleResult();
if (taskInstance == null) {
// Full error message will be "Task with id: 'id' was not found"
throw new EntityNotFoundException(taskId);
} else {
// Task is not yet finished, so potentially claimable. If user is part of a "candidateGroup", the task is accessible to the
// user regardless of not being involved/owner/assignee
boolean isTaskClaimable = activitiProcessEngine.getTaskService().createTaskQuery().taskCandidateGroupIn(new ArrayList<String>(authorityService.getAuthoritiesForUser(AuthenticationUtil.getRunAsUser()))).taskId(taskId).count() == 1;
if (isTaskClaimable == false) {
throw new PermissionDeniedException();
}
}
}
return taskInstance;
}
Also used :
InvalidArgumentException(org.alfresco.rest.framework.core.exceptions.InvalidArgumentException)
TaskQuery(org.activiti.engine.task.TaskQuery)
ArrayList(java.util.ArrayList)
PermissionDeniedException(org.alfresco.rest.framework.core.exceptions.PermissionDeniedException)
EntityNotFoundException(org.alfresco.rest.framework.core.exceptions.EntityNotFoundException)
Example 4 with EntityNotFoundException
use of org.alfresco.rest.framework.core.exceptions.EntityNotFoundException in project alfresco-remote-api by Alfresco.
the class WorkflowRestImpl method getItemFromProcess.
/**
* Get an item from the process package variable
*/
public Item getItemFromProcess(String itemId, String processId) {
NodeRef nodeRef = getNodeRef(itemId);
ActivitiScriptNode packageScriptNode = null;
try {
HistoricVariableInstance variableInstance = activitiProcessEngine.getHistoryService().createHistoricVariableInstanceQuery().processInstanceId(processId).variableName(BPM_PACKAGE).singleResult();
if (variableInstance != null) {
packageScriptNode = (ActivitiScriptNode) variableInstance.getValue();
} else {
throw new EntityNotFoundException(processId);
}
} catch (ActivitiObjectNotFoundException e) {
throw new EntityNotFoundException(processId);
}
Item item = null;
if (packageScriptNode != null) {
List<ChildAssociationRef> documentList = nodeService.getChildAssocs(packageScriptNode.getNodeRef());
for (ChildAssociationRef childAssociationRef : documentList) {
if (childAssociationRef.getChildRef().equals(nodeRef)) {
item = createItemForNodeRef(childAssociationRef.getChildRef());
break;
}
}
}
if (item == null) {
throw new EntityNotFoundException(itemId);
}
return item;
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
Item(org.alfresco.rest.workflow.api.model.Item)
ActivitiScriptNode(org.alfresco.repo.workflow.activiti.ActivitiScriptNode)
HistoricVariableInstance(org.activiti.engine.history.HistoricVariableInstance)
EntityNotFoundException(org.alfresco.rest.framework.core.exceptions.EntityNotFoundException)
ActivitiObjectNotFoundException(org.activiti.engine.ActivitiObjectNotFoundException)
ChildAssociationRef(org.alfresco.service.cmr.repository.ChildAssociationRef)
Example 5 with EntityNotFoundException
use of org.alfresco.rest.framework.core.exceptions.EntityNotFoundException in project alfresco-remote-api by Alfresco.
the class WorkflowRestImpl method getItemsFromProcess.
/**
* Get all items from the process package variable
*/
public CollectionWithPagingInfo<Item> getItemsFromProcess(String processId, Paging paging) {
ActivitiScriptNode packageScriptNode = null;
try {
HistoricVariableInstance variableInstance = activitiProcessEngine.getHistoryService().createHistoricVariableInstanceQuery().processInstanceId(processId).variableName(BPM_PACKAGE).singleResult();
if (variableInstance != null) {
packageScriptNode = (ActivitiScriptNode) variableInstance.getValue();
} else {
throw new EntityNotFoundException(processId);
}
} catch (ActivitiObjectNotFoundException e) {
throw new EntityNotFoundException(processId);
}
List<Item> page = new ArrayList<Item>();
if (packageScriptNode != null) {
List<ChildAssociationRef> documentList = nodeService.getChildAssocs(packageScriptNode.getNodeRef());
for (ChildAssociationRef childAssociationRef : documentList) {
Item item = createItemForNodeRef(childAssociationRef.getChildRef());
page.add(item);
}
}
return CollectionWithPagingInfo.asPaged(paging, page, false, page.size());
}
Also used :
Item(org.alfresco.rest.workflow.api.model.Item)
ActivitiScriptNode(org.alfresco.repo.workflow.activiti.ActivitiScriptNode)
ArrayList(java.util.ArrayList)
HistoricVariableInstance(org.activiti.engine.history.HistoricVariableInstance)
EntityNotFoundException(org.alfresco.rest.framework.core.exceptions.EntityNotFoundException)
ActivitiObjectNotFoundException(org.activiti.engine.ActivitiObjectNotFoundException)
ChildAssociationRef(org.alfresco.service.cmr.repository.ChildAssociationRef)
Aggregations
EntityNotFoundException (org.alfresco.rest.framework.core.exceptions.EntityNotFoundException)66
NodeRef (org.alfresco.service.cmr.repository.NodeRef)28
InvalidArgumentException (org.alfresco.rest.framework.core.exceptions.InvalidArgumentException)24
PermissionDeniedException (org.alfresco.rest.framework.core.exceptions.PermissionDeniedException)16
QName (org.alfresco.service.namespace.QName)15
ConstraintViolatedException (org.alfresco.rest.framework.core.exceptions.ConstraintViolatedException)12
SiteInfo (org.alfresco.service.cmr.site.SiteInfo)12
HashMap (java.util.HashMap)11
InvalidNodeRefException (org.alfresco.service.cmr.repository.InvalidNodeRefException)11
ArrayList (java.util.ArrayList)9
WebApiDescription (org.alfresco.rest.framework.WebApiDescription)8
InvalidSharedIdException (org.alfresco.service.cmr.quickshare.InvalidSharedIdException)7
Serializable (java.io.Serializable)6
FileInfo (org.alfresco.service.cmr.model.FileInfo)6
HistoricProcessInstance (org.activiti.engine.history.HistoricProcessInstance)5
ProcessInstance (org.activiti.engine.runtime.ProcessInstance)5
ActivitiScriptNode (org.alfresco.repo.workflow.activiti.ActivitiScriptNode)5
ApiException (org.alfresco.rest.framework.core.exceptions.ApiException)5
ActivitiObjectNotFoundException (org.activiti.engine.ActivitiObjectNotFoundException)4
HistoricVariableInstance (org.activiti.engine.history.HistoricVariableInstance)4
