Examples with PermissionDeniedException org.jbpm.services.task.exception.PermissionDeniedException used on opensource projects

Example 36 with PermissionDeniedException

use of org.jbpm.services.task.exception.PermissionDeniedException in project jbpm by kiegroup.

the class LifeCycleBaseTest method testForwardFromReservedWithIncorrectUser.

@Test
public void testForwardFromReservedWithIncorrectUser() throws Exception {
    // One potential owner, should go straight to state Reserved
    String str = "(with (new Task()) { priority = 55, taskData = (with( new TaskData()) { } ), ";
    str += "peopleAssignments = (with ( new PeopleAssignments() ) { potentialOwners = [new User('Bobba Fet'), new User('Darth Vader') ],businessAdministrators = [ new User('Administrator') ], }),";
    str += "name =  'This is my task name' })";
    Task task = TaskFactory.evalTask(new StringReader(str));
    taskService.addTask(task, new HashMap<String, Object>());
    long taskId = task.getId();
    // Claim and Reserved
    taskService.claim(taskId, "Darth Vader");
    Task task1 = taskService.getTaskById(taskId);
    assertEquals(Status.Reserved, task1.getTaskData().getStatus());
    assertEquals("Darth Vader", task1.getTaskData().getActualOwner().getId());
    // Check was not delegated
    PermissionDeniedException denied = null;
    try {
        taskService.forward(taskId, "Bobba Fet", "Tony Stark");
    } catch (PermissionDeniedException e) {
        denied = e;
    }
    assertNotNull("Should get permissed denied exception", denied);
    Task task2 = taskService.getTaskById(taskId);
    User user = createUser("Darth Vader");
    assertTrue(task2.getPeopleAssignments().getPotentialOwners().contains(user));
    user = createUser("Tony Stark");
    assertFalse(task2.getPeopleAssignments().getPotentialOwners().contains(user));
    assertEquals("Darth Vader", task2.getTaskData().getActualOwner().getId());
    assertEquals(Status.Reserved, task2.getTaskData().getStatus());
}

Example 37 with PermissionDeniedException

use of org.jbpm.services.task.exception.PermissionDeniedException in project jbpm by kiegroup.

the class MVELLifeCycleManager method assignOwnerAndStatus.

/**
 * This method will potentially assign the actual owner of this TaskData and set the status
 * of the data.
 * <li>If there is only 1 potential owner, and it is a <code>User</code>, that will become the actual
 * owner of the TaskData and the status will be set to <code>Status.Reserved</code>.</li>
 * <li>f there is only 1 potential owner, and it is a <code>Group</code>,  no owner will be assigned
 * and the status will be set to <code>Status.Ready</code>.</li>
 * <li>If there are more than 1 potential owners, the status will be set to <code>Status.Ready</code>.</li>
 * <li>otherwise, the task data will be unchanged</li>
 *
 * @param taskdata - task data
 * @param potentialOwners - list of potential owners
 * @return current status of task data
 */
public static Status assignOwnerAndStatus(InternalTaskData taskData, List<OrganizationalEntity> potentialOwners) {
    if (taskData.getStatus() != Status.Created) {
        throw new PermissionDeniedException("Can only assign task owner if status is Created!");
    }
    Status assignedStatus = null;
    if (potentialOwners.size() == 1) {
        // if there is a single potential owner, assign and set status to Reserved
        OrganizationalEntity potentialOwner = potentialOwners.get(0);
        // if there is a single potential user owner, assign and set status to Reserved
        if (potentialOwner instanceof User) {
            taskData.setActualOwner((User) potentialOwner);
            assignedStatus = Status.Reserved;
        }
        // If there is a group set as potentialOwners, set the status to Ready ??
        if (potentialOwner instanceof Group) {
            assignedStatus = Status.Ready;
        }
    } else if (potentialOwners.size() > 1) {
        // multiple potential owners, so set to Ready so one can claim.
        assignedStatus = Status.Ready;
    } else {
    // @TODO we have no potential owners
    }
    if (assignedStatus != null) {
        taskData.setStatus(assignedStatus);
    } else {
        // status wasn't assigned, so just return the currrent status
        assignedStatus = taskData.getStatus();
    }
    return assignedStatus;
}

Example 38 with PermissionDeniedException

use of org.jbpm.services.task.exception.PermissionDeniedException in project jbpm by kiegroup.

the class MVELLifeCycleManager method evalCommand.

void evalCommand(final Operation operation, final List<OperationCommand> commands, final Task task, final User user, final OrganizationalEntity targetEntity, List<String> groupIds, OrganizationalEntity... entities) throws PermissionDeniedException {
    boolean statusMatched = false;
    final TaskData taskData = task.getTaskData();
    for (OperationCommand command : commands) {
        // first find out if we have a matching status
        if (command.getStatus() != null) {
            for (Status status : command.getStatus()) {
                if (task.getTaskData().getStatus() == status) {
                    statusMatched = true;
                    // next find out if the user can execute this doOperation
                    if (!isAllowed(command, task, user, groupIds)) {
                        String errorMessage = "User '" + user + "' does not have permissions to execute operation '" + operation + "' on task id " + task.getId();
                        throw new PermissionDeniedException(errorMessage);
                    }
                    commands(command, task, user, targetEntity, entities);
                } else {
                    logger.debug("No match on status for task {} :status {}  != {}", task.getId(), task.getTaskData().getStatus(), status);
                }
            }
        }
        if (command.getPreviousStatus() != null) {
            for (Status status : command.getPreviousStatus()) {
                if (taskData.getPreviousStatus() == status) {
                    statusMatched = true;
                    // next find out if the user can execute this doOperation
                    if (!isAllowed(command, task, user, groupIds)) {
                        String errorMessage = "User '" + user + "' does not have permissions to execute operation '" + operation + "' on task id " + task.getId();
                        throw new PermissionDeniedException(errorMessage);
                    }
                    commands(command, task, user, targetEntity, entities);
                } else {
                    logger.debug("No match on previous status for task {} :status {}  != {}", task.getId(), task.getTaskData().getStatus(), status);
                }
            }
        }
        if (!command.isGroupTargetEntityAllowed() && targetEntity instanceof Group) {
            String errorMessage = "User '" + user + "' was unable to execute operation '" + operation + "' on task id " + task.getId() + " due to 'target entity cannot be group'";
            throw new PermissionDeniedException(errorMessage);
        }
    }
    if (!statusMatched) {
        String errorMessage = "User '" + user + "' was unable to execute operation '" + operation + "' on task id " + task.getId() + " due to a no 'current status' match";
        throw new PermissionDeniedException(errorMessage);
    }
}

Example 39 with PermissionDeniedException

use of org.jbpm.services.task.exception.PermissionDeniedException in project jbpm by kiegroup.

the class UserTaskServiceImplTest method testUpdateTaskPermissionDenied.

@Test
public void testUpdateTaskPermissionDenied() {
    processInstanceId = processService.startProcess(deploymentUnit.getIdentifier(), "org.jbpm.writedocument");
    assertNotNull(processInstanceId);
    List<Long> taskIds = runtimeDataService.getTasksByProcessInstanceId(processInstanceId);
    assertNotNull(taskIds);
    assertEquals(1, taskIds.size());
    Long taskId = taskIds.get(0);
    UserTaskInstanceDesc task = runtimeDataService.getTaskById(taskId);
    assertNotNull(task);
    assertEquals("Write a Document", task.getName());
    try {
        ((org.jbpm.kie.services.impl.model.UserTaskInstanceDesc) task).setName("updated");
        userTaskService.updateTask(taskId, "john", task, null, null);
        fail("John is not admin nor potential owner");
    } catch (PermissionDeniedException e) {
    // expected
    }
    task = runtimeDataService.getTaskById(taskId);
    assertNotNull(task);
    assertEquals(Status.Reserved.toString(), task.getStatus());
    assertEquals("Write a Document", task.getName());
    assertEquals(9, task.getPriority().intValue());
}

Example 40 with PermissionDeniedException

use of org.jbpm.services.task.exception.PermissionDeniedException in project jbpm by kiegroup.

the class UserTaskServiceImpl method release.

@Override
public void release(String deploymentId, Long taskId, String userId) {
    UserTaskInstanceDesc task = dataService.getTaskById(taskId);
    validateTask(deploymentId, taskId, task);
    RuntimeManager manager = getRuntimeManager(task);
    if (manager == null) {
        logger.warn("Cannot find runtime manager for task {}", taskId);
        return;
    }
    RuntimeEngine engine = manager.getRuntimeEngine(ProcessInstanceIdContext.get(task.getProcessInstanceId()));
    try {
        TaskService taskService = engine.getTaskService();
        // perform actual operation
        taskService.release(taskId, userId);
    } catch (PermissionDeniedException e) {
        throw new TaskNotFoundException(e.getMessage());
    } finally {
        disposeRuntimeEngine(manager, engine);
    }
}