This is an automated email from the ASF dual-hosted git repository.
andreapatricelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 0e99ce8 now get form returns a result only if user in candidate or
assignee
0e99ce8 is described below
commit 0e99ce817aea4945ee0d44938e452c77a88d7928
Author: Andrea Patricelli <andreapatrice...@apache.org>
AuthorDate: Wed May 22 17:55:47 2019 +0200
now get form returns a result only if user in candidate or assignee
---
.../syncope/client/enduser/pages/Flowable.java | 3 +-
.../client/enduser/rest/UserRequestRestClient.java | 7 +++-
.../core/flowable/api/UserRequestHandler.java | 7 ++--
.../flowable/impl/FlowableUserRequestHandler.java | 17 +++++++--
.../syncope/core/logic/UserRequestLogic.java | 43 ++++++++++++----------
.../rest/api/service/UserRequestService.java | 7 +++-
.../rest/cxf/service/UserRequestServiceImpl.java | 4 +-
7 files changed, 56 insertions(+), 32 deletions(-)
diff --git
a/ext/flowable/client-enduser/src/main/java/org/apache/syncope/client/enduser/pages/Flowable.java
b/ext/flowable/client-enduser/src/main/java/org/apache/syncope/client/enduser/pages/Flowable.java
index 18c8ff3..caf4ae8 100644
---
a/ext/flowable/client-enduser/src/main/java/org/apache/syncope/client/enduser/pages/Flowable.java
+++
b/ext/flowable/client-enduser/src/main/java/org/apache/syncope/client/enduser/pages/Flowable.java
@@ -149,7 +149,8 @@ public class Flowable extends BaseExtPage {
super(id);
final UserRequestForm formTO = userRequest.getHasForm()
- ?
userRequestRestClient.getForm(userRequest.getTaskId()).orElse(null)
+ ?
userRequestRestClient.getForm(SyncopeEnduserSession.get().getSelfTO().getUsername(),
userRequest.
+ getTaskId()).orElse(null)
: null;
add(formTO == null || formTO.getProperties() == null ||
formTO.getProperties().isEmpty()
diff --git
a/ext/flowable/client-enduser/src/main/java/org/apache/syncope/client/enduser/rest/UserRequestRestClient.java
b/ext/flowable/client-enduser/src/main/java/org/apache/syncope/client/enduser/rest/UserRequestRestClient.java
index 2933faa..4eccef8 100644
---
a/ext/flowable/client-enduser/src/main/java/org/apache/syncope/client/enduser/rest/UserRequestRestClient.java
+++
b/ext/flowable/client-enduser/src/main/java/org/apache/syncope/client/enduser/rest/UserRequestRestClient.java
@@ -70,8 +70,11 @@ public class UserRequestRestClient extends BaseRestClient {
getResult();
}
- public Optional<UserRequestForm> getForm(final String taskId) {
- return
Optional.ofNullable(getService(UserRequestService.class).getForm(taskId));
+ public Optional<UserRequestForm> getForm(final String username, final
String taskId) {
+ return
Optional.ofNullable(getService(UserRequestService.class).getForm(StringUtils.isBlank(username)
+ ? SyncopeEnduserSession.get().getSelfTO().getUsername()
+ : username,
+ taskId));
}
public void submitForm(final UserRequestForm form) {
diff --git
a/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/api/UserRequestHandler.java
b/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/api/UserRequestHandler.java
index c2024ca..ac1ab10 100644
---
a/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/api/UserRequestHandler.java
+++
b/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/api/UserRequestHandler.java
@@ -87,10 +87,11 @@ public interface UserRequestHandler {
/**
* Get the form matching the provided task id.
*
- * @param taskId user key (optional)
+ * @param userKey user key
+ * @param taskId task id
* @return the form for the given task id
*/
- UserRequestForm getForm(String taskId);
+ UserRequestForm getForm(String userKey, String taskId);
/**
* Get the forms matching the provided parameters.
@@ -111,7 +112,7 @@ public interface UserRequestHandler {
* @return updated form
*/
UserRequestForm claimForm(String taskId);
-
+
/**
* Unclaim a form for a given object.
*
diff --git
a/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/impl/FlowableUserRequestHandler.java
b/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/impl/FlowableUserRequestHandler.java
index 03c5a7e..6df04f1 100644
---
a/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/impl/FlowableUserRequestHandler.java
+++
b/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/impl/FlowableUserRequestHandler.java
@@ -299,7 +299,9 @@ public class FlowableUserRequestHandler implements
UserRequestHandler {
}
protected UserRequestForm getForm(final Task task) {
- return FlowableUserRequestHandler.this.getForm(task,
engine.getFormService().getTaskFormData(task.getId()));
+ return task == null
+ ? null
+ : FlowableUserRequestHandler.this.getForm(task,
engine.getFormService().getTaskFormData(task.getId()));
}
protected UserRequestForm getForm(final Task task, final TaskFormData fd) {
@@ -449,8 +451,17 @@ public class FlowableUserRequestHandler implements
UserRequestHandler {
}
@Override
- public UserRequestForm getForm(final String taskId) {
- return getForm(getTask(taskId));
+ public UserRequestForm getForm(final String userKey, final String taskId) {
+ TaskQuery query =
engine.getTaskService().createTaskQuery().taskId(taskId);
+ if (userKey != null) {
+
query.processInstanceBusinessKeyLike(FlowableRuntimeUtils.getProcBusinessKey("%",
userKey));
+ }
+
+ String authUser = AuthContextUtils.getUsername();
+
+ return adminUser.equals(authUser)
+ ? getForm(getTask(taskId))
+ :
getForm(query.taskCandidateOrAssigned(authUser).singleResult());
}
@Transactional(readOnly = true)
diff --git
a/ext/flowable/logic/src/main/java/org/apache/syncope/core/logic/UserRequestLogic.java
b/ext/flowable/logic/src/main/java/org/apache/syncope/core/logic/UserRequestLogic.java
index 390782e..2fb2135 100644
---
a/ext/flowable/logic/src/main/java/org/apache/syncope/core/logic/UserRequestLogic.java
+++
b/ext/flowable/logic/src/main/java/org/apache/syncope/core/logic/UserRequestLogic.java
@@ -153,10 +153,12 @@ public class UserRequestLogic extends
AbstractTransactionalLogic<EntityTO> {
}
@PreAuthorize("isAuthenticated()")
- public UserRequestForm getForm(final String taskId) {
- return userRequestHandler.getForm(taskId);
+ public UserRequestForm getForm(final String userKey, final String taskId) {
+ evaluateKey(userKey);
+
+ return userRequestHandler.getForm(userKey, taskId);
}
-
+
@PreAuthorize("isAuthenticated()")
@Transactional(readOnly = true)
public Pair<Integer, List<UserRequestForm>> getForms(
@@ -164,22 +166,8 @@ public class UserRequestLogic extends
AbstractTransactionalLogic<EntityTO> {
final int page,
final int size,
final List<OrderByClause> orderByClauses) {
-
- if (userKey == null) {
- securityChecks(null,
- FlowableEntitlement.USER_REQUEST_FORM_LIST,
- "Listing forms not allowed");
- } else {
- User user = userDAO.find(userKey);
- if (user == null) {
- throw new NotFoundException("User " + userKey);
- }
-
- securityChecks(user.getUsername(),
- FlowableEntitlement.USER_REQUEST_FORM_LIST,
- "Listing forms for user" + user.getUsername() + " not
allowed");
- }
-
+ evaluateKey(userKey);
+
return userRequestHandler.getForms(userKey, page, size,
orderByClauses);
}
@@ -225,4 +213,21 @@ public class UserRequestLogic extends
AbstractTransactionalLogic<EntityTO> {
throw new UnresolvedReferenceException();
}
+
+ private void evaluateKey(final String userKey) {
+ if (userKey == null) {
+ securityChecks(null,
+ FlowableEntitlement.USER_REQUEST_FORM_LIST,
+ "Listing forms not allowed");
+ } else {
+ User user = userDAO.find(userKey);
+ if (user == null) {
+ throw new NotFoundException("User " + userKey);
+ }
+
+ securityChecks(user.getUsername(),
+ FlowableEntitlement.USER_REQUEST_FORM_LIST,
+ "Listing forms for user" + user.getUsername() + " not
allowed");
+ }
+ }
}
diff --git
a/ext/flowable/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/UserRequestService.java
b/ext/flowable/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/UserRequestService.java
index e61894c..5de65a5 100644
---
a/ext/flowable/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/UserRequestService.java
+++
b/ext/flowable/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/UserRequestService.java
@@ -94,13 +94,16 @@ public interface UserRequestService extends JAXRSService {
/**
* Returns a user request form matching the given task id.
*
+ * @param username username of the logged user
* @param taskId workflow task id
* @return the form for the given task id
*/
@GET
- @Path("forms/{taskId}")
+ @Path("forms/{username}/{taskId}")
@Produces({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML,
MediaType.APPLICATION_XML })
- UserRequestForm getForm(@NotNull @PathParam("taskId") String taskId);
+ UserRequestForm getForm(
+ @NotNull @PathParam("username") String username,
+ @NotNull @PathParam("taskId") String taskId);
/**
* Returns a list of user request forms matching the given query.
diff --git
a/ext/flowable/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/UserRequestServiceImpl.java
b/ext/flowable/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/UserRequestServiceImpl.java
index 547cf34..d339ac8 100644
---
a/ext/flowable/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/UserRequestServiceImpl.java
+++
b/ext/flowable/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/UserRequestServiceImpl.java
@@ -75,8 +75,8 @@ public class UserRequestServiceImpl extends
AbstractServiceImpl implements UserR
}
@Override
- public UserRequestForm getForm(final String taskId) {
- return logic.getForm(taskId);
+ public UserRequestForm getForm(final String username, final String taskId)
{
+ return logic.getForm(getActualKey(userDAO, username), taskId);
}
@Override
