Examples with BPMNForbiddenException org.wso2.carbon.bpmn.rest.common.exception.BPMNForbiddenException used on opensource projects

Example 1 with BPMNForbiddenException

use of org.wso2.carbon.bpmn.rest.common.exception.BPMNForbiddenException in project carbon-business-process by wso2.

the class UserSubstitutionService method getRequestedAssignee.

/**
 * Validate and get the assignee for a substitute request
 * @param user
 * @return actual assignee of the substitute request
 * @throws UserStoreException
 */
private String getRequestedAssignee(final String user) throws UserStoreException {
    String loggedInUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
    UserRealm userRealm = BPMNOSGIService.getUserRealm();
    String assignee = getTenantAwareUser(user);
    // validate the assignee
    if (assignee != null && !assignee.trim().isEmpty() && !assignee.equals(loggedInUser)) {
        // setting another users
        boolean isAuthorized = isUserAuthorizedForSubstitute(loggedInUser);
        if (!isAuthorized) {
            throw new BPMNForbiddenException("Action requires BPMN substitution permission");
        }
        if (!userRealm.getUserStoreManager().isExistingUser(assignee)) {
            throw new ActivitiIllegalArgumentException("Non existing user for argument assignee : " + assignee);
        }
    } else {
        // assignee is the logged in user
        assignee = loggedInUser;
    }
    return assignee;
}

Example 2 with BPMNForbiddenException

use of org.wso2.carbon.bpmn.rest.common.exception.BPMNForbiddenException in project carbon-business-process by wso2.

the class UserSubstitutionService method querySubstitutes.

/**
 * Query the substitution records based on substitute, assignee and enabled or disabled.
 * Pagination parameters, start, size, sort, order are allowed.
 * @return paginated list of substitution info records
 */
@GET
@Path("/")
@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response querySubstitutes() {
    if (!subsFeatureEnabled) {
        return Response.status(405).build();
    }
    Map<String, String> queryMap = new HashedMap();
    for (Map.Entry<String, String> entry : propertiesMap.entrySet()) {
        String value = uriInfo.getQueryParameters().getFirst(entry.getKey());
        if (value != null) {
            queryMap.put(entry.getValue(), value);
        }
    }
    // validate the parameters
    try {
        // replace with tenant aware user names
        String tenantAwareUser = getTenantAwareUser(queryMap.get(SubstitutionQueryProperties.USER));
        queryMap.put(SubstitutionQueryProperties.USER, tenantAwareUser);
        String tenantAwareSub = getTenantAwareUser(queryMap.get(SubstitutionQueryProperties.SUBSTITUTE));
        queryMap.put(SubstitutionQueryProperties.SUBSTITUTE, tenantAwareSub);
        if (!isUserAuthorizedForSubstitute(PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername())) {
            String loggedInUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
            if (!((queryMap.get(SubstitutionQueryProperties.USER) != null && queryMap.get(SubstitutionQueryProperties.USER).equals(loggedInUser)) || (queryMap.get(SubstitutionQueryProperties.SUBSTITUTE) != null && queryMap.get(SubstitutionQueryProperties.SUBSTITUTE).equals(loggedInUser)))) {
                throw new BPMNForbiddenException("Not allowed to view others substitution details. No sufficient permission");
            }
        }
    } catch (UserStoreException e) {
        throw new ActivitiException("Error accessing User Store for input validations", e);
    }
    // validate pagination parameters
    validatePaginationParams(queryMap);
    int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
    List<SubstitutesDataModel> dataModelList = UserSubstitutionUtils.querySubstitutions(queryMap, tenantId);
    int totalResultCount = UserSubstitutionUtils.getQueryResultCount(queryMap, tenantId);
    SubstituteInfoCollectionResponse collectionResponse = new SubstituteInfoCollectionResponse();
    collectionResponse.setTotal(totalResultCount);
    List<SubstituteInfoResponse> responseList = new ArrayList<>();
    for (SubstitutesDataModel subsData : dataModelList) {
        SubstituteInfoResponse response = new SubstituteInfoResponse();
        response.setEnabled(subsData.isEnabled());
        response.setEndTime(subsData.getSubstitutionEnd());
        response.setStartTime(subsData.getSubstitutionStart());
        response.setSubstitute(subsData.getSubstitute());
        response.setAssignee(subsData.getUser());
        responseList.add(response);
    }
    collectionResponse.setSubstituteInfoList(responseList);
    collectionResponse.setSize(responseList.size());
    String sortType = getSortType(queryMap.get(SubstitutionQueryProperties.SORT));
    collectionResponse.setSort(sortType);
    collectionResponse.setStart(Integer.parseInt(queryMap.get(SubstitutionQueryProperties.START)));
    collectionResponse.setOrder(queryMap.get(SubstitutionQueryProperties.ORDER));
    return Response.ok(collectionResponse).build();
}

Example 3 with BPMNForbiddenException

use of org.wso2.carbon.bpmn.rest.common.exception.BPMNForbiddenException in project carbon-business-process by wso2.

the class WorkflowTaskService method deleteTask.

@DELETE
@Path("/{taskId}")
public Response deleteTask(@PathParam("taskId") String taskId) {
    Boolean cascadeHistory = false;
    if (uriInfo.getQueryParameters().getFirst("cascadeHistory") != null) {
        cascadeHistory = Boolean.valueOf(uriInfo.getQueryParameters().getFirst("cascadeHistory"));
    }
    String deleteReason = uriInfo.getQueryParameters().getFirst("deleteReason");
    Task taskToDelete = getTaskFromRequest(taskId);
    if (taskToDelete.getExecutionId() != null) {
        // Can't delete a task that is part of a process instance
        throw new BPMNForbiddenException("Cannot delete a task that is part of a process-instance.");
    }
    TaskService taskService = BPMNOSGIService.getTaskService();
    if (cascadeHistory != null) {
        // Ignore delete-reason since the task-history (where the reason is recorded) will be deleted anyway
        taskService.deleteTask(taskToDelete.getId(), cascadeHistory);
    } else {
        // Delete with delete-reason
        taskService.deleteTask(taskToDelete.getId(), deleteReason);
    }
    return Response.ok().status(Response.Status.NO_CONTENT).build();
}

Example 4 with BPMNForbiddenException

use of org.wso2.carbon.bpmn.rest.common.exception.BPMNForbiddenException in project carbon-business-process by wso2.

the class UserSubstitutionService method getSubstitute.

/**
 * Return the substitute info for the given user in path parameter
 * @param user
 * @return SubstituteInfoResponse
 * @throws URISyntaxException
 */
@GET
@Path("/{user}")
@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response getSubstitute(@PathParam("user") String user) throws UserStoreException {
    if (!subsFeatureEnabled) {
        return Response.status(405).build();
    }
    user = getTenantAwareUser(user);
    int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
    String loggedInUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
    if (!loggedInUser.equals(user) && !isUserAuthorizedForSubstitute(loggedInUser)) {
        throw new BPMNForbiddenException("Not allowed to view others substitution details. No sufficient permission");
    }
    SubstitutesDataModel model = UserSubstitutionUtils.getSubstituteOfUser(user, tenantId);
    if (model != null) {
        SubstituteInfoResponse response = new SubstituteInfoResponse();
        response.setSubstitute(model.getSubstitute());
        response.setAssignee(model.getUser());
        response.setEnabled(model.isEnabled());
        response.setStartTime(model.getSubstitutionStart());
        response.setEndTime(model.getSubstitutionEnd());
        return Response.ok(response).build();
    } else {
        return Response.status(404).build();
    }
}