use of org.wso2.carbon.humantask.core.dao.GenericHumanRoleDAO in project carbon-business-process by wso2.
the class OperationAuthorizationUtil method isExcludedEntity.
private static boolean isExcludedEntity(TaskDAO task, OrganizationalEntityDAO validatee, PeopleQueryEvaluator pqe) {
GenericHumanRoleDAO excludedOwners = task.getGenericHumanRole(GenericHumanRoleDAO.GenericHumanRoleType.EXCLUDED_OWNERS);
if (excludedOwners != null) {
for (OrganizationalEntityDAO entityForRole : getGroupOrganizationalEntities(excludedOwners)) {
if (OrganizationalEntityDAO.OrganizationalEntityType.GROUP.equals(entityForRole.getOrgEntityType())) {
String roleName = entityForRole.getName();
List<String> userListForRole = pqe.getUserNameListForRole(roleName);
if (userListForRole.contains(validatee.getName())) {
log.error("User " + validatee.getName() + " is in EXCLUDED_OWNERS role");
return true;
}
}
}
List<OrganizationalEntityDAO> orgEntities = getUserOrganizationalEntities(excludedOwners);
Collections.sort(orgEntities, PeopleQueryComparators.peopleNameComparator());
if (Collections.binarySearch(orgEntities, validatee, PeopleQueryComparators.peopleNameComparator()) >= 0) {
log.error("User " + validatee.getName() + " is in EXCLUDED_OWNERS role");
return true;
}
}
return false;
}
use of org.wso2.carbon.humantask.core.dao.GenericHumanRoleDAO in project carbon-business-process by wso2.
the class OperationAuthorizationUtil method authoriseUser.
/**
* @param task : The task against which the user being validated.
* @param validatee : The OrganizationalEntityDAO being validated.
* @param allowedRoleTypes : The allowed role types for the validatee object.
* @param pqe : PeopleQueryEvaluator for people queries.
* @return : true if the user is in the specified roles for the given task. false otherwise.
*/
public static boolean authoriseUser(TaskDAO task, OrganizationalEntityDAO validatee, List<GenericHumanRoleDAO.GenericHumanRoleType> allowedRoleTypes, PeopleQueryEvaluator pqe) {
List<GenericHumanRoleDAO> humanRolesInTask = task.getHumanRoles();
if (isExcludedEntity(task, validatee, pqe)) {
return false;
}
for (GenericHumanRoleDAO role : humanRolesInTask) {
if (allowedRoleTypes.contains(role.getType())) {
// check for groups
for (OrganizationalEntityDAO entityForRole : getGroupOrganizationalEntities(role)) {
if (OrganizationalEntityDAO.OrganizationalEntityType.GROUP.equals(entityForRole.getOrgEntityType())) {
String roleName = entityForRole.getName();
List<String> userListForRole = pqe.getUserNameListForRole(roleName);
if (userListForRole.contains(validatee.getName())) {
return true;
}
}
}
// check for users
// TODO validate user existance in the user store.
List<OrganizationalEntityDAO> orgEntities = getUserOrganizationalEntities(role);
Collections.sort(orgEntities, PeopleQueryComparators.peopleNameComparator());
if (Collections.binarySearch(orgEntities, validatee, PeopleQueryComparators.peopleNameComparator()) >= 0) {
return true;
}
}
}
return false;
}
use of org.wso2.carbon.humantask.core.dao.GenericHumanRoleDAO in project carbon-business-process by wso2.
the class Delegate method checkPreConditions.
/**
* Checks the Pre-conditions before executing the task operation.
*/
@Override
protected void checkPreConditions() {
checkForValidTask();
OrganizationalEntityDAO caller = getOperationInvoker();
TaskDAO task = getTask();
// if the delegatee is not an existing user
if (!getEngine().getPeopleQueryEvaluator().isExistingUser(delegatee.getName())) {
String errMsg = String.format("The user[%s] cannot delegate task[id:%d] to the given" + " delegatee[name:%s] as he/she does not exist in the user store", caller.getName(), task.getId(), delegatee.getName());
log.error(errMsg);
throw new HumanTaskIllegalArgumentException(errMsg);
}
if (isExcludedOwner(delegatee.getName())) {
String errMsg = String.format("The user[%s] cannot delegate task[id:%d] to the given" + " delegatee[name:%s] as he/she is an exclude owner for this task.", caller.getName(), task.getId(), delegatee.getName());
log.error(errMsg);
throw new HumanTaskIllegalArgumentException(errMsg);
}
// if the task is in reserved or in-progress we have to release it first.
if (TaskStatus.RESERVED.equals(task.getStatus()) || TaskStatus.IN_PROGRESS.equals(task.getStatus())) {
// task releasing can be done only by bus admins and the actual owner.
List<GenericHumanRoleDAO.GenericHumanRoleType> allowedRoles = new ArrayList<GenericHumanRoleDAO.GenericHumanRoleType>();
allowedRoles.add(GenericHumanRoleDAO.GenericHumanRoleType.BUSINESS_ADMINISTRATORS);
allowedRoles.add(GenericHumanRoleDAO.GenericHumanRoleType.ACTUAL_OWNER);
try {
authoriseRoles(allowedRoles);
} catch (Exception ex) {
String err = String.format("The task[id:%d] can be only delegated after it's released. " + "But for the task to be released you need to be a business " + "administrator or the actual owner of the task. " + "Given user[%s] is not in those roles!", task.getId(), caller.getName());
log.error(err);
throw new HumanTaskIllegalAccessException(err, ex);
}
task.release();
}
// Add delegatee as a potential owner.
GenericHumanRoleDAO potentialOwnersRole = task.getGenericHumanRole(GenericHumanRoleDAO.GenericHumanRoleType.POTENTIAL_OWNERS);
if (getEngine().getPeopleQueryEvaluator().isOrgEntityInRole(delegatee, potentialOwnersRole)) {
task.persistToPotentialOwners(delegatee);
}
}
use of org.wso2.carbon.humantask.core.dao.GenericHumanRoleDAO in project carbon-business-process by wso2.
the class Nominate method checkPreConditions.
/**
* Checks the Pre-conditions before executing the task operation.
*/
@Override
protected void checkPreConditions() {
PeopleQueryEvaluator pqe = getEngine().getPeopleQueryEvaluator();
pqe.checkOrgEntitiesExist(nominees);
// Check for Excluded Owners.
GenericHumanRoleDAO excludedOwnerRoles = getTask().getGenericHumanRole(GenericHumanRoleDAO.GenericHumanRoleType.EXCLUDED_OWNERS);
if (excludedOwnerRoles != null) {
List<OrganizationalEntityDAO> excludedOrgEntities = excludedOwnerRoles.getOrgEntities();
// Case 1 : Matching Excluded OrgEntity List.
for (OrganizationalEntityDAO nominee : nominees) {
for (OrganizationalEntityDAO excludedOrgEntity : excludedOrgEntities) {
if (nominee.getOrgEntityType() == excludedOrgEntity.getOrgEntityType() && nominee.getName().equals(excludedOrgEntity.getName())) {
String errMsg = String.format("The task nomination failed. One nominee is in the excluded Owner List for task " + getTask().getId() + ".");
log.error(errMsg);
throw new HumanTaskIllegalArgumentException(errMsg);
}
}
}
// Case 2: Checking OrgEntity Users in Excluded OrgEntity Groups.
for (OrganizationalEntityDAO nominee : nominees) {
if (nominee.getOrgEntityType() == OrganizationalEntityDAO.OrganizationalEntityType.USER) {
List<String> roleNameListForUser = getEngine().getPeopleQueryEvaluator().getRoleNameListForUser(nominee.getName());
for (OrganizationalEntityDAO excludedOrgEntity : excludedOrgEntities) {
if (excludedOrgEntity.getOrgEntityType() == OrganizationalEntityDAO.OrganizationalEntityType.GROUP && roleNameListForUser.contains(excludedOrgEntity.getName())) {
String errMsg = String.format("The task nomination failed. One nominee is in an excluded Owner Group for task " + getTask().getId() + ".");
log.error(errMsg);
throw new HumanTaskIllegalArgumentException(errMsg);
}
}
}
}
}
}
Aggregations