From 4bc99f1b2645d4dfa98c467c279a6e1453ac2a28 Mon Sep 17 00:00:00 2001 From: Enrique Gonzalez Martinez Date: Thu, 5 Sep 2024 10:05:26 +0200 Subject: [PATCH] fix workitems and user tasks --- .../org/kie/kogito/auth/SecurityPolicy.java | 19 +- .../RestResourceUserTaskQuarkusTemplate.java | 355 ++++++++--------- .../RestResourceUserTaskSpringTemplate.java | 375 +++++++++--------- 3 files changed, 373 insertions(+), 376 deletions(-) diff --git a/api/kogito-api/src/main/java/org/kie/kogito/auth/SecurityPolicy.java b/api/kogito-api/src/main/java/org/kie/kogito/auth/SecurityPolicy.java index 8d56e994953..f233a13f323 100644 --- a/api/kogito-api/src/main/java/org/kie/kogito/auth/SecurityPolicy.java +++ b/api/kogito-api/src/main/java/org/kie/kogito/auth/SecurityPolicy.java @@ -26,6 +26,8 @@ import org.kie.kogito.internal.process.workitem.KogitoWorkItem; import org.kie.kogito.internal.process.workitem.NotAuthorizedException; import org.kie.kogito.internal.process.workitem.Policy; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Security policy that delivers IdentityProvider to allow to security @@ -34,6 +36,8 @@ */ public class SecurityPolicy implements Policy { + private static final Logger LOGGER = LoggerFactory.getLogger(SecurityPolicy.class); + private IdentityProvider identity; /** @@ -61,6 +65,8 @@ protected SecurityPolicy(IdentityProvider identity) { @Override public void enforce(KogitoWorkItem workItem) { + + String actualOwner = workItem.getActualOwner(); String actualOwners = (String) workItem.getParameter("ActorId"); String actualRoles = (String) workItem.getParameter("GroupId"); String excludedOwner = (String) workItem.getParameter("ExcludedOwnerId"); @@ -71,11 +77,14 @@ public void enforce(KogitoWorkItem workItem) { List roles = actualRoles != null ? List.of(actualRoles.split(",")) : new ArrayList<>(); List userRoles = new ArrayList<>(identity.getRoles()); userRoles.retainAll(roles); - String actualOwner = workItem.getActualOwner(); - if (actualOwner != null && !identity.getName().equals(actualOwner)) { - throw new NotAuthorizedException("this work item " + workItem.getStringId() + " is not allows by this owner" + actualOwner); - } else if (!owners.contains(identity.getName()) && userRoles.isEmpty()) { - throw new NotAuthorizedException("this work item " + workItem.getStringId() + " is not allows by this owner" + actualOwners + " or " + actualRoles); + LOGGER.info("enforcing identity {} and roles {} with potential owners {} and potential groups {} and exclude groups {}", + identity.getName(), identity.getRoles(), owners, roles, excluded); + if (!owners.contains(identity.getName()) && userRoles.isEmpty()) { + LOGGER.error("not authorized with owner {} against identity {}", actualOwner, identity.getName()); + throw new NotAuthorizedException("this work item " + workItem.getStringId() + " is not allows by this owner " + actualOwners + " or " + actualRoles); + } else if (userRoles.isEmpty() && actualOwner != null && !identity.getName().equals(actualOwner)) { + LOGGER.error("identity {} with roles {} not authorized in {}", identity.getName(), identity.getRoles(), roles); + throw new NotAuthorizedException("this work item " + workItem.getStringId() + " is not allows by this owner " + actualOwner); } } } diff --git a/kogito-codegen-modules/kogito-codegen-processes/src/main/resources/class-templates/RestResourceUserTaskQuarkusTemplate.java b/kogito-codegen-modules/kogito-codegen-processes/src/main/resources/class-templates/RestResourceUserTaskQuarkusTemplate.java index baa6ba31324..684f94cb131 100644 --- a/kogito-codegen-modules/kogito-codegen-processes/src/main/resources/class-templates/RestResourceUserTaskQuarkusTemplate.java +++ b/kogito-codegen-modules/kogito-codegen-processes/src/main/resources/class-templates/RestResourceUserTaskQuarkusTemplate.java @@ -41,16 +41,16 @@ public class $Type$Resource { @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) public Response signal(@PathParam("id") final String id, - @QueryParam("user") final String user, - @QueryParam("group") final List groups, - @Context UriInfo uriInfo) { + @QueryParam("user") final String user, + @QueryParam("group") final List groups, + @Context UriInfo uriInfo) { return null; - // processService.signalTask(process, id, "$taskName$", SecurityPolicy.of(user, groups)) -// .map(task -> Response -// .created(uriInfo.getAbsolutePathBuilder().path(task.getId()).build()) -// .entity(task.getResults()) -// .build()) -// .orElseThrow(NotFoundException::new); + processService.signalWorkItem(process, id, "$taskName$", SecurityPolicy.of(user, groups)) + .map(task -> Response + .created(uriInfo.getAbsolutePathBuilder().path(task.getId()).build()) + .entity(task.getResults()) + .build()) + .orElseThrow(NotFoundException::new); } @POST @@ -58,27 +58,25 @@ public Response signal(@PathParam("id") final String id, @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) public $Type$Output completeTask(@PathParam("id") final String id, - @PathParam("taskId") final String taskId, - @QueryParam("phase") @DefaultValue("complete") final String phase, - @QueryParam("user") final String user, - @QueryParam("group") final List groups, - final $TaskOutput$ model) { - return null; -// processService.transitionWorkItem(process, id, taskId, phase, SecurityPolicy.of(user, groups), model) -// .orElseThrow(NotFoundException::new); + @PathParam("taskId") final String taskId, + @QueryParam("phase") @DefaultValue("complete") final String phase, + @QueryParam("user") final String user, + @QueryParam("group") final List groups, + final $TaskOutput$ model) { + return processService.transitionWorkItem(process, id, taskId, phase, SecurityPolicy.of(user, groups), model) + .orElseThrow(NotFoundException::new); } @PUT @Path("/{id}/$taskName$/{taskId}") @Consumes(MediaType.APPLICATION_JSON) public $TaskOutput$ saveTask(@PathParam("id") final String id, - @PathParam("taskId") final String taskId, - @QueryParam("user") final String user, - @QueryParam("group") final List groups, - final $TaskOutput$ model) { - return null; - //processService.saveTask(process, id, taskId, SecurityPolicy.of(user, groups), model, $TaskOutput$::fromMap) - //.orElseThrow(NotFoundException::new); + @PathParam("taskId") final String taskId, + @QueryParam("user") final String user, + @QueryParam("group") final List groups, + final $TaskOutput$ model) { + return processService.setWorkItemOutput(process, id, taskId, SecurityPolicy.of(user, groups), model, $TaskOutput$::fromMap) + .orElseThrow(NotFoundException::new); } @POST @@ -92,34 +90,31 @@ public Response signal(@PathParam("id") final String id, @QueryParam("user") final String user, @QueryParam("group") final List groups, final $TaskOutput$ model) { - return null; - //processService.transitionWorkItem(process, id, taskId, phase, SecurityPolicy.of(user, groups), model) - // .orElseThrow(NotFoundException::new); + return processService.transitionWorkItem(process, id, taskId, phase, SecurityPolicy.of(user, groups), model) + .orElseThrow(NotFoundException::new); } @GET @Path("/{id}/$taskName$/{taskId}") @Produces(MediaType.APPLICATION_JSON) public $TaskModel$ getWorkItem(@PathParam("id") String id, - @PathParam("taskId") String taskId, - @QueryParam("user") final String user, - @QueryParam("group") final List groups) { - return null; - //processService.getWorkItems(process, id, taskId, SecurityPolicy.of(user, groups), $TaskModel$::from) - // .orElseThrow(NotFoundException::new); + @PathParam("taskId") String taskId, + @QueryParam("user") final String user, + @QueryParam("group") final List groups) { + return processService.getWorkItems(process, id, taskId, SecurityPolicy.of(user, groups), $TaskModel$::from) + .orElseThrow(NotFoundException::new); } @DELETE @Path("/{id}/$taskName$/{taskId}") @Produces(MediaType.APPLICATION_JSON) public $Type$Output abortTask(@PathParam("id") final String id, - @PathParam("taskId") final String taskId, - @QueryParam("phase") @DefaultValue("abort") final String phase, - @QueryParam("user") final String user, - @QueryParam("group") final List groups) { - return null; - // processService.taskTransition(process, id, taskId, phase, SecurityPolicy.of(user, groups), null) - // .orElseThrow(NotFoundException::new); + @PathParam("taskId") final String taskId, + @QueryParam("phase") @DefaultValue("abort") final String phase, + @QueryParam("user") final String user, + @QueryParam("group") final List groups) { + return processService.transitionWorkItem(process, id, taskId, phase, SecurityPolicy.of(user, groups), null) + .orElseThrow(NotFoundException::new); } @GET @@ -129,144 +124,144 @@ public Map getSchema() { return JsonSchemaUtil.load(this.getClass().getClassLoader(), process.id(), "$taskName$"); } -// @GET -// @Path("/{id}/$taskName$/{taskId}/schema") -// @Produces(MediaType.APPLICATION_JSON) -// public Map getSchemaAndPhases(@PathParam("id") final String id, -// @PathParam("taskId") final String taskId, -// @QueryParam("user") final String user, -// @QueryParam("group") final List groups) { -// return processService.getSchemaAndPhases(process, id, taskId, "$taskName$", SecurityPolicy.of(user, groups)); -// } -// -// @POST -// @Path("/{id}/$taskName$/{taskId}/comments") -// @Consumes(MediaType.TEXT_PLAIN) -// @Produces(MediaType.APPLICATION_JSON) -// public Response addComment(@PathParam("id") final String id, -// @PathParam("taskId") final String taskId, -// @QueryParam("user") final String user, -// @QueryParam("group") final List groups, -// String commentInfo, -// @Context UriInfo uriInfo) { -// return processService.addComment(process, id, taskId, SecurityPolicy.of(user, groups), commentInfo) -// .map(comment -> Response.created(uriInfo.getAbsolutePathBuilder().path(comment.getId().toString()).build()) -// .entity(comment).build()) -// .orElseThrow(NotFoundException::new); -// } -// -// @PUT -// @Path("/{id}/$taskName$/{taskId}/comments/{commentId}") -// @Consumes(MediaType.TEXT_PLAIN) -// @Produces(MediaType.APPLICATION_JSON) -// public Comment updateComment(@PathParam("id") final String id, -// @PathParam("taskId") final String taskId, -// @PathParam("commentId") final String commentId, -// @QueryParam("user") final String user, -// @QueryParam("group") final List groups, -// String comment) { -// return processService.updateComment(process, id, taskId, commentId, SecurityPolicy.of(user, groups), comment) -// .orElseThrow(NotFoundException::new); -// } -// -// @DELETE -// @Path("/{id}/$taskName$/{taskId}/comments/{commentId}") -// public Response deleteComment(@PathParam("id") final String id, -// @PathParam("taskId") final String taskId, -// @PathParam("commentId") final String commentId, -// @QueryParam("user") final String user, -// @QueryParam("group") final List groups) { -// return processService.deleteComment(process, id, taskId, commentId, SecurityPolicy.of(user, groups)) -// .map(removed -> (removed ? Response.ok() : Response.status(Status.NOT_FOUND)).build()) -// .orElseThrow(NotFoundException::new); -// } -// -// @POST -// @Path("/{id}/$taskName$/{taskId}/attachments") -// @Consumes(MediaType.APPLICATION_JSON) -// @Produces(MediaType.APPLICATION_JSON) -// public Response addAttachment(@PathParam("id") final String id, -// @PathParam("taskId") final String taskId, -// @QueryParam("user") final String user, -// @QueryParam("group") final List groups, -// AttachmentInfo attachmentInfo, -// @Context UriInfo uriInfo) { -// return processService.addAttachment(process, id, taskId, SecurityPolicy.of(user, groups), attachmentInfo) -// .map(attachment -> Response -// .created(uriInfo.getAbsolutePathBuilder().path(attachment.getId().toString()).build()) -// .entity(attachment).build()) -// .orElseThrow(NotFoundException::new); -// } -// -// @PUT -// @Path("/{id}/$taskName$/{taskId}/attachments/{attachmentId}") -// @Consumes(MediaType.APPLICATION_JSON) -// @Produces(MediaType.APPLICATION_JSON) -// public Attachment updateAttachment(@PathParam("id") final String id, -// @PathParam("taskId") final String taskId, -// @PathParam("attachmentId") final String attachmentId, -// @QueryParam("user") final String user, -// @QueryParam("group") final List groups, -// AttachmentInfo attachment) { -// return processService.updateAttachment(process, id, taskId, attachmentId, SecurityPolicy.of(user, groups), attachment) -// .orElseThrow(NotFoundException::new); -// } -// -// @DELETE -// @Path("/{id}/$taskName$/{taskId}/attachments/{attachmentId}") -// public Response deleteAttachment(@PathParam("id") final String id, -// @PathParam("taskId") final String taskId, -// @PathParam("attachmentId") final String attachmentId, -// @QueryParam("user") final String user, -// @QueryParam("group") final List groups) { -// return processService.deleteAttachment(process, id, taskId, attachmentId, SecurityPolicy.of(user, groups)) -// .map(removed -> (removed ? Response.ok() : Response.status(Status.NOT_FOUND)).build()) -// .orElseThrow(NotFoundException::new); -// } -// -// @GET -// @Path("/{id}/$taskName$/{taskId}/attachments/{attachmentId}") -// @Produces(MediaType.APPLICATION_JSON) -// public Attachment getAttachment(@PathParam("id") final String id, -// @PathParam("taskId") final String taskId, -// @PathParam("attachmentId") final String attachmentId, -// @QueryParam("user") final String user, -// @QueryParam("group") final List groups) { -// return processService.getAttachment(process, id, taskId, attachmentId, SecurityPolicy.of(user, groups)) -// .orElseThrow(() -> new NotFoundException("Attachment " + attachmentId + " not found")); -// } -// -// @GET -// @Path("/{id}/$taskName$/{taskId}/attachments") -// @Produces(MediaType.APPLICATION_JSON) -// public Collection getAttachments(@PathParam("id") final String id, -// @PathParam("taskId") final String taskId, -// @QueryParam("user") final String user, -// @QueryParam("group") final List groups) { -// return processService.getAttachments(process, id, taskId, SecurityPolicy.of(user, groups)) -// .orElseThrow(NotFoundException::new); -// } -// -// @GET -// @Path("/{id}/$taskName$/{taskId}/comments/{commentId}") -// @Produces(MediaType.APPLICATION_JSON) -// public Comment getComment(@PathParam("id") final String id, -// @PathParam("taskId") final String taskId, -// @PathParam("commentId") final String commentId, -// @QueryParam("user") final String user, -// @QueryParam("group") final List groups) { -// return processService.getComment(process, id, taskId, commentId, SecurityPolicy.of(user, groups)) -// .orElseThrow(() -> new NotFoundException("Comment " + commentId + " not found")); -// } -// -// @GET -// @Path("/{id}/$taskName$/{taskId}/comments") -// @Produces(MediaType.APPLICATION_JSON) -// public Collection getComments(@PathParam("id") final String id, -// @PathParam("taskId") final String taskId, -// @QueryParam("user") final String user, -// @QueryParam("group") final List groups) { -// return processService.getComments(process, id, taskId, SecurityPolicy.of(user, groups)) -// .orElseThrow(NotFoundException::new); -// } + @GET + @Path("/{id}/$taskName$/{taskId}/schema") + @Produces(MediaType.APPLICATION_JSON) + public Map getSchemaAndPhases(@PathParam("id") final String id, + @PathParam("taskId") final String taskId, + @QueryParam("user") final String user, + @QueryParam("group") final List groups) { + return processService.getWorkItemSchemaAndPhases(process, id, taskId, "$taskName$", SecurityPolicy.of(user, groups)); + } + // + // @POST + // @Path("/{id}/$taskName$/{taskId}/comments") + // @Consumes(MediaType.TEXT_PLAIN) + // @Produces(MediaType.APPLICATION_JSON) + // public Response addComment(@PathParam("id") final String id, + // @PathParam("taskId") final String taskId, + // @QueryParam("user") final String user, + // @QueryParam("group") final List groups, + // String commentInfo, + // @Context UriInfo uriInfo) { + // return processService.addComment(process, id, taskId, SecurityPolicy.of(user, groups), commentInfo) + // .map(comment -> Response.created(uriInfo.getAbsolutePathBuilder().path(comment.getId().toString()).build()) + // .entity(comment).build()) + // .orElseThrow(NotFoundException::new); + // } + // + // @PUT + // @Path("/{id}/$taskName$/{taskId}/comments/{commentId}") + // @Consumes(MediaType.TEXT_PLAIN) + // @Produces(MediaType.APPLICATION_JSON) + // public Comment updateComment(@PathParam("id") final String id, + // @PathParam("taskId") final String taskId, + // @PathParam("commentId") final String commentId, + // @QueryParam("user") final String user, + // @QueryParam("group") final List groups, + // String comment) { + // return processService.updateComment(process, id, taskId, commentId, SecurityPolicy.of(user, groups), comment) + // .orElseThrow(NotFoundException::new); + // } + // + // @DELETE + // @Path("/{id}/$taskName$/{taskId}/comments/{commentId}") + // public Response deleteComment(@PathParam("id") final String id, + // @PathParam("taskId") final String taskId, + // @PathParam("commentId") final String commentId, + // @QueryParam("user") final String user, + // @QueryParam("group") final List groups) { + // return processService.deleteComment(process, id, taskId, commentId, SecurityPolicy.of(user, groups)) + // .map(removed -> (removed ? Response.ok() : Response.status(Status.NOT_FOUND)).build()) + // .orElseThrow(NotFoundException::new); + // } + // + // @POST + // @Path("/{id}/$taskName$/{taskId}/attachments") + // @Consumes(MediaType.APPLICATION_JSON) + // @Produces(MediaType.APPLICATION_JSON) + // public Response addAttachment(@PathParam("id") final String id, + // @PathParam("taskId") final String taskId, + // @QueryParam("user") final String user, + // @QueryParam("group") final List groups, + // AttachmentInfo attachmentInfo, + // @Context UriInfo uriInfo) { + // return processService.addAttachment(process, id, taskId, SecurityPolicy.of(user, groups), attachmentInfo) + // .map(attachment -> Response + // .created(uriInfo.getAbsolutePathBuilder().path(attachment.getId().toString()).build()) + // .entity(attachment).build()) + // .orElseThrow(NotFoundException::new); + // } + // + // @PUT + // @Path("/{id}/$taskName$/{taskId}/attachments/{attachmentId}") + // @Consumes(MediaType.APPLICATION_JSON) + // @Produces(MediaType.APPLICATION_JSON) + // public Attachment updateAttachment(@PathParam("id") final String id, + // @PathParam("taskId") final String taskId, + // @PathParam("attachmentId") final String attachmentId, + // @QueryParam("user") final String user, + // @QueryParam("group") final List groups, + // AttachmentInfo attachment) { + // return processService.updateAttachment(process, id, taskId, attachmentId, SecurityPolicy.of(user, groups), attachment) + // .orElseThrow(NotFoundException::new); + // } + // + // @DELETE + // @Path("/{id}/$taskName$/{taskId}/attachments/{attachmentId}") + // public Response deleteAttachment(@PathParam("id") final String id, + // @PathParam("taskId") final String taskId, + // @PathParam("attachmentId") final String attachmentId, + // @QueryParam("user") final String user, + // @QueryParam("group") final List groups) { + // return processService.deleteAttachment(process, id, taskId, attachmentId, SecurityPolicy.of(user, groups)) + // .map(removed -> (removed ? Response.ok() : Response.status(Status.NOT_FOUND)).build()) + // .orElseThrow(NotFoundException::new); + // } + // + // @GET + // @Path("/{id}/$taskName$/{taskId}/attachments/{attachmentId}") + // @Produces(MediaType.APPLICATION_JSON) + // public Attachment getAttachment(@PathParam("id") final String id, + // @PathParam("taskId") final String taskId, + // @PathParam("attachmentId") final String attachmentId, + // @QueryParam("user") final String user, + // @QueryParam("group") final List groups) { + // return processService.getAttachment(process, id, taskId, attachmentId, SecurityPolicy.of(user, groups)) + // .orElseThrow(() -> new NotFoundException("Attachment " + attachmentId + " not found")); + // } + // + // @GET + // @Path("/{id}/$taskName$/{taskId}/attachments") + // @Produces(MediaType.APPLICATION_JSON) + // public Collection getAttachments(@PathParam("id") final String id, + // @PathParam("taskId") final String taskId, + // @QueryParam("user") final String user, + // @QueryParam("group") final List groups) { + // return processService.getAttachments(process, id, taskId, SecurityPolicy.of(user, groups)) + // .orElseThrow(NotFoundException::new); + // } + // + // @GET + // @Path("/{id}/$taskName$/{taskId}/comments/{commentId}") + // @Produces(MediaType.APPLICATION_JSON) + // public Comment getComment(@PathParam("id") final String id, + // @PathParam("taskId") final String taskId, + // @PathParam("commentId") final String commentId, + // @QueryParam("user") final String user, + // @QueryParam("group") final List groups) { + // return processService.getComment(process, id, taskId, commentId, SecurityPolicy.of(user, groups)) + // .orElseThrow(() -> new NotFoundException("Comment " + commentId + " not found")); + // } + // + // @GET + // @Path("/{id}/$taskName$/{taskId}/comments") + // @Produces(MediaType.APPLICATION_JSON) + // public Collection getComments(@PathParam("id") final String id, + // @PathParam("taskId") final String taskId, + // @QueryParam("user") final String user, + // @QueryParam("group") final List groups) { + // return processService.getComments(process, id, taskId, SecurityPolicy.of(user, groups)) + // .orElseThrow(NotFoundException::new); + // } } diff --git a/kogito-codegen-modules/kogito-codegen-processes/src/main/resources/class-templates/RestResourceUserTaskSpringTemplate.java b/kogito-codegen-modules/kogito-codegen-processes/src/main/resources/class-templates/RestResourceUserTaskSpringTemplate.java index 402bf9680ef..6bed9c04671 100644 --- a/kogito-codegen-modules/kogito-codegen-processes/src/main/resources/class-templates/RestResourceUserTaskSpringTemplate.java +++ b/kogito-codegen-modules/kogito-codegen-processes/src/main/resources/class-templates/RestResourceUserTaskSpringTemplate.java @@ -46,83 +46,76 @@ public class $Type$Resource { @PostMapping(value = "/{id}/$taskName$", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity signal(@PathVariable("id") final String id, - @RequestParam("user") final String user, - @RequestParam("group") final List groups, - final UriComponentsBuilder uriComponentsBuilder) { + @RequestParam("user") final String user, + @RequestParam("group") final List groups, + final UriComponentsBuilder uriComponentsBuilder) { - return null; - -// processService.signalTask(process, id, "$taskName$", SecurityPolicy.of(user, groups)) -// .map(task -> ResponseEntity -// .created(uriComponentsBuilder -// .path("/$name$/{id}/$taskName$/{taskId}") -// .buildAndExpand(id, task.getId()).toUri()) -// .body(task.getResults())) -// .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + return processService.signalWorkItem(process, id, "$taskName$", SecurityPolicy.of(user, groups)) + .map(task -> ResponseEntity + .created(uriComponentsBuilder + .path("/$name$/{id}/$taskName$/{taskId}") + .buildAndExpand(id, task.getId()).toUri()) + .body(task.getResults())) + .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); } @PostMapping(value = "/{id}/$taskName$/{taskId}/phases/{phase}", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE) public $Type$Output completeTask(@PathVariable("id") final String id, - @PathVariable("taskId") final String taskId, - @PathVariable("phase") final String phase, - @RequestParam("user") final String user, - @RequestParam("group") final List groups, - @RequestBody(required = false) final $TaskOutput$ model) { - return null; - //processService.taskTransition(process, id, taskId, phase, SecurityPolicy.of(user, groups), model) - // .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + @PathVariable("taskId") final String taskId, + @PathVariable("phase") final String phase, + @RequestParam("user") final String user, + @RequestParam("group") final List groups, + @RequestBody(required = false) final $TaskOutput$ model) { + return processService.transitionWorkItem(process, id, taskId, phase, SecurityPolicy.of(user, groups), model) + .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); } @PutMapping(value = "/{id}/$taskName$/{taskId}", consumes = MediaType.APPLICATION_JSON_VALUE) public $TaskOutput$ saveTask(@PathVariable("id") final String id, - @PathVariable("taskId") final String taskId, - @RequestParam(value = "user", required = false) final String user, - @RequestParam(value = "group", required = false) final List groups, - @RequestBody(required = false) final $TaskOutput$ model) { - return null; -// processService.saveTask(process, id, taskId, SecurityPolicy.of(user, groups), model, $TaskOutput$::fromMap) -// .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + @PathVariable("taskId") final String taskId, + @RequestParam(value = "user", required = false) final String user, + @RequestParam(value = "group", required = false) final List groups, + @RequestBody(required = false) final $TaskOutput$ model) { + return processService.setWorkItemOutput(process, id, taskId, SecurityPolicy.of(user, groups), model, $TaskOutput$::fromMap) + .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); } @PostMapping(value = "/{id}/$taskName$/{taskId}", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE) public $Type$Output taskTransition(@PathVariable("id") final String id, - @PathVariable("taskId") final String taskId, - @RequestParam(value = "phase", required = false, - defaultValue = "complete") final String phase, - @RequestParam(value = "user", - required = false) final String user, - @RequestParam(value = "group", - required = false) final List groups, - @RequestBody(required = false) final $TaskOutput$ model) { - return null; - //processService.taskTransition(process, id, taskId, phase, SecurityPolicy.of(user, groups), model) - // .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + @PathVariable("taskId") final String taskId, + @RequestParam(value = "phase", required = false, + defaultValue = "complete") final String phase, + @RequestParam(value = "user", + required = false) final String user, + @RequestParam(value = "group", + required = false) final List groups, + @RequestBody(required = false) final $TaskOutput$ model) { + return processService.transitionWorkItem(process, id, taskId, phase, SecurityPolicy.of(user, groups), model) + .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); } @GetMapping(value = "/{id}/$taskName$/{taskId}", produces = MediaType.APPLICATION_JSON_VALUE) public $TaskModel$ getTask(@PathVariable("id") String id, - @PathVariable("taskId") String taskId, - @RequestParam(value = "user", required = false) final String user, - @RequestParam(value = "group", - required = false) final List groups) { - return null; - //processService.getTask(process, id, taskId, SecurityPolicy.of(user, groups), $TaskModel$::from) - // .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + @PathVariable("taskId") String taskId, + @RequestParam(value = "user", required = false) final String user, + @RequestParam(value = "group", + required = false) final List groups) { + return processService.getWorkItem(process, id, taskId, SecurityPolicy.of(user, groups), $TaskModel$::from) + .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); } @DeleteMapping(value = "/{id}/$taskName$/{taskId}", produces = MediaType.APPLICATION_JSON_VALUE) public $Type$Output abortTask(@PathVariable("id") final String id, - @PathVariable("taskId") final String taskId, - @RequestParam(value = "phase", required = false, - defaultValue = "abort") final String phase, - @RequestParam(value = "user", required = false) final String user, - @RequestParam(value = "group", - required = false) final List groups) { - return null; - //processService.taskTransition(process, id, taskId, phase, SecurityPolicy.of(user, groups), null) - // .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + @PathVariable("taskId") final String taskId, + @RequestParam(value = "phase", required = false, + defaultValue = "abort") final String phase, + @RequestParam(value = "user", required = false) final String user, + @RequestParam(value = "group", + required = false) final List groups) { + return processService.transitionWorkItem(process, id, taskId, phase, SecurityPolicy.of(user, groups), null) + .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); } @GetMapping(value = "$taskName$/schema", produces = MediaType.APPLICATION_JSON_VALUE) @@ -130,141 +123,141 @@ public Map getSchema() { return JsonSchemaUtil.load(this.getClass().getClassLoader(), process.id(), "$taskName$"); } -// @GetMapping(value = "/{id}/$taskName$/{taskId}/schema", produces = MediaType.APPLICATION_JSON_VALUE) -// public Map getSchemaAndPhases(@PathVariable("id") final String id, -// @PathVariable("taskId") final String taskId, -// @RequestParam(value = "user", required = false) final String user, -// @RequestParam(value = "group", -// required = false) final List groups) { -// return processService.getSchemaAndPhases(process, id, taskId, "$taskName$", SecurityPolicy.of(user, groups)); -// } -// -// @PostMapping(value = "/{id}/$taskName$/{taskId}/comments", produces = MediaType.APPLICATION_JSON_VALUE, -// consumes = MediaType.TEXT_PLAIN_VALUE) -// public ResponseEntity addComment(@PathVariable("id") final String id, -// @PathVariable("taskId") final String taskId, -// @RequestParam(value = "user", required = false) final String user, -// @RequestParam(value = "group", -// required = false) final List groups, -// @RequestBody String commentInfo, -// UriComponentsBuilder uriComponentsBuilder) { -// return processService.addComment(process, id, taskId, SecurityPolicy.of(user, groups), commentInfo) -// .map(comment -> ResponseEntity -// .created(uriComponentsBuilder.path("/$name$/{id}/$taskName$/{taskId}/comments/{commentId}") -// .buildAndExpand(id, taskId, comment.getId().toString()).toUri()) -// .body(comment)) -// .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); -// } -// -// @PutMapping(value = "/{id}/$taskName$/{taskId}/comments/{commentId}", produces = MediaType.APPLICATION_JSON_VALUE, -// consumes = MediaType.TEXT_PLAIN_VALUE) -// public Comment updateComment(@PathVariable("id") final String id, -// @PathVariable("taskId") final String taskId, -// @PathVariable("commentId") final String commentId, -// @RequestParam(value = "user", required = false) final String user, -// @RequestParam(value = "group", -// required = false) final List groups, -// @RequestBody String comment) { -// return processService.updateComment(process, id, taskId, commentId, SecurityPolicy.of(user, groups), comment) -// .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); -// } -// -// @DeleteMapping(value = "/{id}/$taskName$/{taskId}/comments/{commentId}") -// public ResponseEntity deleteComment(@PathVariable("id") final String id, -// @PathVariable("taskId") final String taskId, -// @PathVariable("commentId") final String commentId, -// @RequestParam(value = "user", required = false) final String user, -// @RequestParam(value = "group", required = false) final List groups) { -// return processService.deleteComment(process, id, taskId, commentId, SecurityPolicy.of(user, groups)) -// .map(removed -> (removed ? ResponseEntity.ok().build() : ResponseEntity.notFound().build())) -// .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); -// } -// -// @PostMapping(value = "/{id}/$taskName$/{taskId}/attachments", produces = MediaType.APPLICATION_JSON_VALUE, -// consumes = MediaType.APPLICATION_JSON_VALUE) -// public ResponseEntity addAttachment(@PathVariable("id") final String id, -// @PathVariable("taskId") final String taskId, -// @RequestParam(value = "user", required = false) final String user, -// @RequestParam(value = "group", -// required = false) final List groups, -// @RequestBody AttachmentInfo attachmentInfo, -// UriComponentsBuilder uriComponentsBuilder) { -// return processService.addAttachment(process, id, taskId, SecurityPolicy.of(user, groups), attachmentInfo) -// .map(attachment -> ResponseEntity -// .created(uriComponentsBuilder.path( -// "/$name$/{id}/$taskName$/{taskId}/attachments/{attachmentId}") -// .buildAndExpand(id, -// taskId, attachment.getId()).toUri()) -// .body(attachment)) -// .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); -// } -// -// @PutMapping(value = "/{id}/$taskName$/{taskId}/attachments/{attachmentId}", -// produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE) -// public Attachment updateAttachment(@PathVariable("id") final String id, -// @PathVariable("taskId") final String taskId, -// @PathVariable("attachmentId") final String attachmentId, -// @RequestParam(value = "user", -// required = false) final String user, -// @RequestParam(value = "group", -// required = false) final List groups, -// @RequestBody AttachmentInfo attachment) { -// return processService.updateAttachment(process, id, taskId, attachmentId, SecurityPolicy.of(user, groups), attachment) -// .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); -// } -// -// @DeleteMapping(value = "/{id}/$taskName$/{taskId}/attachments/{attachmentId}") -// public ResponseEntity deleteAttachment(@PathVariable("id") final String id, -// @PathVariable("taskId") final String taskId, -// @PathVariable("attachmentId") final String attachmentId, -// @RequestParam(value = "user", required = false) final String user, -// @RequestParam(value = "group", required = false) final List groups) { -// -// return processService.deleteAttachment(process, id, taskId, attachmentId, SecurityPolicy.of(user, groups)) -// .map(removed -> (removed ? ResponseEntity.ok() : ResponseEntity.notFound()).build()) -// .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); -// } -// -// @GetMapping(value = "/{id}/$taskName$/{taskId}/attachments/{attachmentId}", -// produces = MediaType.APPLICATION_JSON_VALUE) -// public Attachment getAttachment(@PathVariable("id") final String id, -// @PathVariable("taskId") final String taskId, -// @PathVariable("attachmentId") final String attachmentId, -// @RequestParam(value = "user", required = false) final String user, -// @RequestParam(value = "group", -// required = false) final List groups) { -// return processService.getAttachment(process, id, taskId, attachmentId, SecurityPolicy.of(user, groups)) -// .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "Attachment " + attachmentId + " not found")); -// } -// -// @GetMapping(value = "/{id}/$taskName$/{taskId}/attachments", produces = MediaType.APPLICATION_JSON_VALUE) -// public Collection getAttachments(@PathVariable("id") final String id, -// @PathVariable("taskId") final String taskId, -// @RequestParam(value = "user") final String user, -// @RequestParam(value = "group") final List groups) { -// return processService.getAttachments(process, id, taskId, SecurityPolicy.of(user, groups)) -// .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); -// } -// -// @GetMapping(value = "/{id}/$taskName$/{taskId}/comments/{commentId}", produces = MediaType.APPLICATION_JSON_VALUE) -// public Comment getComment(@PathVariable("id") final String id, -// @PathVariable("taskId") final String taskId, -// @PathVariable("commentId") final String commentId, -// @RequestParam(value = "user", required = false) final String user, -// @RequestParam(value = "group", -// required = false) final List groups) { -// return processService.getComment(process, id, taskId, commentId, SecurityPolicy.of(user, groups)) -// .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "Comment " + commentId + " not found")); -// } -// -// @GetMapping(value = "/{id}/$taskName$/{taskId}/comments", produces = MediaType.APPLICATION_JSON_VALUE) -// public Collection getComments(@PathVariable("id") final String id, -// @PathVariable("taskId") final String taskId, -// @RequestParam(value = "user", -// required = false) final String user, -// @RequestParam(value = "group", -// required = false) final List groups) { -// return processService.getComments(process, id, taskId, SecurityPolicy.of(user, groups)) -// .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); -// } + @GetMapping(value = "/{id}/$taskName$/{taskId}/schema", produces = MediaType.APPLICATION_JSON_VALUE) + public Map getSchemaAndPhases(@PathVariable("id") final String id, + @PathVariable("taskId") final String taskId, + @RequestParam(value = "user", required = false) final String user, + @RequestParam(value = "group", + required = false) final List groups) { + return processService.getWorkItemSchemaAndPhases(process, id, taskId, "$taskName$", SecurityPolicy.of(user, groups)); + } + // + // @PostMapping(value = "/{id}/$taskName$/{taskId}/comments", produces = MediaType.APPLICATION_JSON_VALUE, + // consumes = MediaType.TEXT_PLAIN_VALUE) + // public ResponseEntity addComment(@PathVariable("id") final String id, + // @PathVariable("taskId") final String taskId, + // @RequestParam(value = "user", required = false) final String user, + // @RequestParam(value = "group", + // required = false) final List groups, + // @RequestBody String commentInfo, + // UriComponentsBuilder uriComponentsBuilder) { + // return processService.addComment(process, id, taskId, SecurityPolicy.of(user, groups), commentInfo) + // .map(comment -> ResponseEntity + // .created(uriComponentsBuilder.path("/$name$/{id}/$taskName$/{taskId}/comments/{commentId}") + // .buildAndExpand(id, taskId, comment.getId().toString()).toUri()) + // .body(comment)) + // .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + // } + // + // @PutMapping(value = "/{id}/$taskName$/{taskId}/comments/{commentId}", produces = MediaType.APPLICATION_JSON_VALUE, + // consumes = MediaType.TEXT_PLAIN_VALUE) + // public Comment updateComment(@PathVariable("id") final String id, + // @PathVariable("taskId") final String taskId, + // @PathVariable("commentId") final String commentId, + // @RequestParam(value = "user", required = false) final String user, + // @RequestParam(value = "group", + // required = false) final List groups, + // @RequestBody String comment) { + // return processService.updateComment(process, id, taskId, commentId, SecurityPolicy.of(user, groups), comment) + // .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + // } + // + // @DeleteMapping(value = "/{id}/$taskName$/{taskId}/comments/{commentId}") + // public ResponseEntity deleteComment(@PathVariable("id") final String id, + // @PathVariable("taskId") final String taskId, + // @PathVariable("commentId") final String commentId, + // @RequestParam(value = "user", required = false) final String user, + // @RequestParam(value = "group", required = false) final List groups) { + // return processService.deleteComment(process, id, taskId, commentId, SecurityPolicy.of(user, groups)) + // .map(removed -> (removed ? ResponseEntity.ok().build() : ResponseEntity.notFound().build())) + // .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + // } + // + // @PostMapping(value = "/{id}/$taskName$/{taskId}/attachments", produces = MediaType.APPLICATION_JSON_VALUE, + // consumes = MediaType.APPLICATION_JSON_VALUE) + // public ResponseEntity addAttachment(@PathVariable("id") final String id, + // @PathVariable("taskId") final String taskId, + // @RequestParam(value = "user", required = false) final String user, + // @RequestParam(value = "group", + // required = false) final List groups, + // @RequestBody AttachmentInfo attachmentInfo, + // UriComponentsBuilder uriComponentsBuilder) { + // return processService.addAttachment(process, id, taskId, SecurityPolicy.of(user, groups), attachmentInfo) + // .map(attachment -> ResponseEntity + // .created(uriComponentsBuilder.path( + // "/$name$/{id}/$taskName$/{taskId}/attachments/{attachmentId}") + // .buildAndExpand(id, + // taskId, attachment.getId()).toUri()) + // .body(attachment)) + // .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + // } + // + // @PutMapping(value = "/{id}/$taskName$/{taskId}/attachments/{attachmentId}", + // produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE) + // public Attachment updateAttachment(@PathVariable("id") final String id, + // @PathVariable("taskId") final String taskId, + // @PathVariable("attachmentId") final String attachmentId, + // @RequestParam(value = "user", + // required = false) final String user, + // @RequestParam(value = "group", + // required = false) final List groups, + // @RequestBody AttachmentInfo attachment) { + // return processService.updateAttachment(process, id, taskId, attachmentId, SecurityPolicy.of(user, groups), attachment) + // .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + // } + // + // @DeleteMapping(value = "/{id}/$taskName$/{taskId}/attachments/{attachmentId}") + // public ResponseEntity deleteAttachment(@PathVariable("id") final String id, + // @PathVariable("taskId") final String taskId, + // @PathVariable("attachmentId") final String attachmentId, + // @RequestParam(value = "user", required = false) final String user, + // @RequestParam(value = "group", required = false) final List groups) { + // + // return processService.deleteAttachment(process, id, taskId, attachmentId, SecurityPolicy.of(user, groups)) + // .map(removed -> (removed ? ResponseEntity.ok() : ResponseEntity.notFound()).build()) + // .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + // } + // + // @GetMapping(value = "/{id}/$taskName$/{taskId}/attachments/{attachmentId}", + // produces = MediaType.APPLICATION_JSON_VALUE) + // public Attachment getAttachment(@PathVariable("id") final String id, + // @PathVariable("taskId") final String taskId, + // @PathVariable("attachmentId") final String attachmentId, + // @RequestParam(value = "user", required = false) final String user, + // @RequestParam(value = "group", + // required = false) final List groups) { + // return processService.getAttachment(process, id, taskId, attachmentId, SecurityPolicy.of(user, groups)) + // .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "Attachment " + attachmentId + " not found")); + // } + // + // @GetMapping(value = "/{id}/$taskName$/{taskId}/attachments", produces = MediaType.APPLICATION_JSON_VALUE) + // public Collection getAttachments(@PathVariable("id") final String id, + // @PathVariable("taskId") final String taskId, + // @RequestParam(value = "user") final String user, + // @RequestParam(value = "group") final List groups) { + // return processService.getAttachments(process, id, taskId, SecurityPolicy.of(user, groups)) + // .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + // } + // + // @GetMapping(value = "/{id}/$taskName$/{taskId}/comments/{commentId}", produces = MediaType.APPLICATION_JSON_VALUE) + // public Comment getComment(@PathVariable("id") final String id, + // @PathVariable("taskId") final String taskId, + // @PathVariable("commentId") final String commentId, + // @RequestParam(value = "user", required = false) final String user, + // @RequestParam(value = "group", + // required = false) final List groups) { + // return processService.getComment(process, id, taskId, commentId, SecurityPolicy.of(user, groups)) + // .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "Comment " + commentId + " not found")); + // } + // + // @GetMapping(value = "/{id}/$taskName$/{taskId}/comments", produces = MediaType.APPLICATION_JSON_VALUE) + // public Collection getComments(@PathVariable("id") final String id, + // @PathVariable("taskId") final String taskId, + // @RequestParam(value = "user", + // required = false) final String user, + // @RequestParam(value = "group", + // required = false) final List groups) { + // return processService.getComments(process, id, taskId, SecurityPolicy.of(user, groups)) + // .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + // } } \ No newline at end of file