Search in sources :

Example 6 with GenericHumanRoleDAO

use of org.wso2.carbon.humantask.core.dao.GenericHumanRoleDAO in project carbon-business-process by wso2.

the class OperationAuthorizationUtil method isExcludedEntity.

private static boolean isExcludedEntity(TaskDAO task, OrganizationalEntityDAO validatee, PeopleQueryEvaluator pqe) {
    GenericHumanRoleDAO excludedOwners = task.getGenericHumanRole(GenericHumanRoleDAO.GenericHumanRoleType.EXCLUDED_OWNERS);
    if (excludedOwners != null) {
        for (OrganizationalEntityDAO entityForRole : getGroupOrganizationalEntities(excludedOwners)) {
            if (OrganizationalEntityDAO.OrganizationalEntityType.GROUP.equals(entityForRole.getOrgEntityType())) {
                String roleName = entityForRole.getName();
                List<String> userListForRole = pqe.getUserNameListForRole(roleName);
                if (userListForRole.contains(validatee.getName())) {
                    log.error("User " + validatee.getName() + " is in EXCLUDED_OWNERS role");
                    return true;
                }
            }
        }
        List<OrganizationalEntityDAO> orgEntities = getUserOrganizationalEntities(excludedOwners);
        Collections.sort(orgEntities, PeopleQueryComparators.peopleNameComparator());
        if (Collections.binarySearch(orgEntities, validatee, PeopleQueryComparators.peopleNameComparator()) >= 0) {
            log.error("User " + validatee.getName() + " is in EXCLUDED_OWNERS role");
            return true;
        }
    }
    return false;
}
Also used : OrganizationalEntityDAO(org.wso2.carbon.humantask.core.dao.OrganizationalEntityDAO) GenericHumanRoleDAO(org.wso2.carbon.humantask.core.dao.GenericHumanRoleDAO)

Example 7 with GenericHumanRoleDAO

use of org.wso2.carbon.humantask.core.dao.GenericHumanRoleDAO in project carbon-business-process by wso2.

the class OperationAuthorizationUtil method authoriseUser.

/**
 * @param task             : The task against which the user being validated.
 * @param validatee        : The OrganizationalEntityDAO being validated.
 * @param allowedRoleTypes : The allowed role types for the validatee object.
 * @param pqe              : PeopleQueryEvaluator for people queries.
 * @return : true if the user is in the specified roles for the given task. false otherwise.
 */
public static boolean authoriseUser(TaskDAO task, OrganizationalEntityDAO validatee, List<GenericHumanRoleDAO.GenericHumanRoleType> allowedRoleTypes, PeopleQueryEvaluator pqe) {
    List<GenericHumanRoleDAO> humanRolesInTask = task.getHumanRoles();
    if (isExcludedEntity(task, validatee, pqe)) {
        return false;
    }
    for (GenericHumanRoleDAO role : humanRolesInTask) {
        if (allowedRoleTypes.contains(role.getType())) {
            // check for groups
            for (OrganizationalEntityDAO entityForRole : getGroupOrganizationalEntities(role)) {
                if (OrganizationalEntityDAO.OrganizationalEntityType.GROUP.equals(entityForRole.getOrgEntityType())) {
                    String roleName = entityForRole.getName();
                    List<String> userListForRole = pqe.getUserNameListForRole(roleName);
                    if (userListForRole.contains(validatee.getName())) {
                        return true;
                    }
                }
            }
            // check for users
            // TODO validate user existance in the user store.
            List<OrganizationalEntityDAO> orgEntities = getUserOrganizationalEntities(role);
            Collections.sort(orgEntities, PeopleQueryComparators.peopleNameComparator());
            if (Collections.binarySearch(orgEntities, validatee, PeopleQueryComparators.peopleNameComparator()) >= 0) {
                return true;
            }
        }
    }
    return false;
}
Also used : OrganizationalEntityDAO(org.wso2.carbon.humantask.core.dao.OrganizationalEntityDAO) GenericHumanRoleDAO(org.wso2.carbon.humantask.core.dao.GenericHumanRoleDAO)

Example 8 with GenericHumanRoleDAO

use of org.wso2.carbon.humantask.core.dao.GenericHumanRoleDAO in project carbon-business-process by wso2.

the class Delegate method checkPreConditions.

/**
 * Checks the Pre-conditions before executing the task operation.
 */
@Override
protected void checkPreConditions() {
    checkForValidTask();
    OrganizationalEntityDAO caller = getOperationInvoker();
    TaskDAO task = getTask();
    // if the delegatee is not an existing user
    if (!getEngine().getPeopleQueryEvaluator().isExistingUser(delegatee.getName())) {
        String errMsg = String.format("The user[%s] cannot delegate task[id:%d] to the given" + " delegatee[name:%s] as he/she does not exist in the user store", caller.getName(), task.getId(), delegatee.getName());
        log.error(errMsg);
        throw new HumanTaskIllegalArgumentException(errMsg);
    }
    if (isExcludedOwner(delegatee.getName())) {
        String errMsg = String.format("The user[%s] cannot delegate task[id:%d] to the given" + " delegatee[name:%s] as he/she is an exclude owner for this task.", caller.getName(), task.getId(), delegatee.getName());
        log.error(errMsg);
        throw new HumanTaskIllegalArgumentException(errMsg);
    }
    // if the task is in reserved or in-progress we have to release it first.
    if (TaskStatus.RESERVED.equals(task.getStatus()) || TaskStatus.IN_PROGRESS.equals(task.getStatus())) {
        // task releasing can be done only by bus admins and the actual owner.
        List<GenericHumanRoleDAO.GenericHumanRoleType> allowedRoles = new ArrayList<GenericHumanRoleDAO.GenericHumanRoleType>();
        allowedRoles.add(GenericHumanRoleDAO.GenericHumanRoleType.BUSINESS_ADMINISTRATORS);
        allowedRoles.add(GenericHumanRoleDAO.GenericHumanRoleType.ACTUAL_OWNER);
        try {
            authoriseRoles(allowedRoles);
        } catch (Exception ex) {
            String err = String.format("The task[id:%d] can be only delegated after it's released. " + "But for the task to be released you need to be a business " + "administrator or the actual owner of the task. " + "Given user[%s] is not in those roles!", task.getId(), caller.getName());
            log.error(err);
            throw new HumanTaskIllegalAccessException(err, ex);
        }
        task.release();
    }
    // Add delegatee as a potential owner.
    GenericHumanRoleDAO potentialOwnersRole = task.getGenericHumanRole(GenericHumanRoleDAO.GenericHumanRoleType.POTENTIAL_OWNERS);
    if (getEngine().getPeopleQueryEvaluator().isOrgEntityInRole(delegatee, potentialOwnersRole)) {
        task.persistToPotentialOwners(delegatee);
    }
}
Also used : HumanTaskIllegalAccessException(org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskIllegalAccessException) HumanTaskIllegalArgumentException(org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskIllegalArgumentException) ArrayList(java.util.ArrayList) HumanTaskIllegalArgumentException(org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskIllegalArgumentException) HumanTaskIllegalAccessException(org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskIllegalAccessException) HumanTaskRuntimeException(org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskRuntimeException)

Example 9 with GenericHumanRoleDAO

use of org.wso2.carbon.humantask.core.dao.GenericHumanRoleDAO in project carbon-business-process by wso2.

the class Nominate method checkPreConditions.

/**
 * Checks the Pre-conditions before executing the task operation.
 */
@Override
protected void checkPreConditions() {
    PeopleQueryEvaluator pqe = getEngine().getPeopleQueryEvaluator();
    pqe.checkOrgEntitiesExist(nominees);
    // Check for Excluded Owners.
    GenericHumanRoleDAO excludedOwnerRoles = getTask().getGenericHumanRole(GenericHumanRoleDAO.GenericHumanRoleType.EXCLUDED_OWNERS);
    if (excludedOwnerRoles != null) {
        List<OrganizationalEntityDAO> excludedOrgEntities = excludedOwnerRoles.getOrgEntities();
        // Case 1 : Matching Excluded OrgEntity List.
        for (OrganizationalEntityDAO nominee : nominees) {
            for (OrganizationalEntityDAO excludedOrgEntity : excludedOrgEntities) {
                if (nominee.getOrgEntityType() == excludedOrgEntity.getOrgEntityType() && nominee.getName().equals(excludedOrgEntity.getName())) {
                    String errMsg = String.format("The task nomination failed. One nominee is in the excluded Owner List for task " + getTask().getId() + ".");
                    log.error(errMsg);
                    throw new HumanTaskIllegalArgumentException(errMsg);
                }
            }
        }
        // Case 2: Checking OrgEntity Users in Excluded OrgEntity Groups.
        for (OrganizationalEntityDAO nominee : nominees) {
            if (nominee.getOrgEntityType() == OrganizationalEntityDAO.OrganizationalEntityType.USER) {
                List<String> roleNameListForUser = getEngine().getPeopleQueryEvaluator().getRoleNameListForUser(nominee.getName());
                for (OrganizationalEntityDAO excludedOrgEntity : excludedOrgEntities) {
                    if (excludedOrgEntity.getOrgEntityType() == OrganizationalEntityDAO.OrganizationalEntityType.GROUP && roleNameListForUser.contains(excludedOrgEntity.getName())) {
                        String errMsg = String.format("The task nomination failed. One nominee is in an excluded Owner Group for task " + getTask().getId() + ".");
                        log.error(errMsg);
                        throw new HumanTaskIllegalArgumentException(errMsg);
                    }
                }
            }
        }
    }
}
Also used : HumanTaskIllegalArgumentException(org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskIllegalArgumentException) PeopleQueryEvaluator(org.wso2.carbon.humantask.core.engine.PeopleQueryEvaluator)

Aggregations

HumanTaskRuntimeException (org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskRuntimeException)5 GenericHumanRoleDAO (org.wso2.carbon.humantask.core.dao.GenericHumanRoleDAO)4 OrganizationalEntityDAO (org.wso2.carbon.humantask.core.dao.OrganizationalEntityDAO)4 ArrayList (java.util.ArrayList)3 PeopleQueryEvaluator (org.wso2.carbon.humantask.core.engine.PeopleQueryEvaluator)2 HumanTaskIllegalArgumentException (org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskIllegalArgumentException)2 OrganizationalEntityProvider (org.wso2.carbon.humantask.core.dao.jpa.openjpa.model.provider.OrganizationalEntityProvider)1 HumanTaskIllegalAccessException (org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskIllegalAccessException)1 NotificationConfiguration (org.wso2.carbon.humantask.core.store.NotificationConfiguration)1 TaskConfiguration (org.wso2.carbon.humantask.core.store.TaskConfiguration)1 RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)1 RegistryService (org.wso2.carbon.registry.core.service.RegistryService)1 UserRealm (org.wso2.carbon.user.core.UserRealm)1 UserStoreException (org.wso2.carbon.user.core.UserStoreException)1