exoplatform
diff --git a/‎processes-api/src/main/java/org/exoplatform/processes/service/ProcessesService.java‎
Lines changed: 40 additions & 11 deletions b/‎processes-api/src/main/java/org/exoplatform/processes/service/ProcessesService.java‎
Lines changed: 40 additions & 11 deletions
diff --git a/‎processes-api/src/main/java/org/exoplatform/processes/storage/ProcessesStorage.java‎
Lines changed: 3 additions & 3 deletions b/‎processes-api/src/main/java/org/exoplatform/processes/storage/ProcessesStorage.java‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎processes-services/src/main/java/org/exoplatform/processes/Utils/EntityMapper.java‎
Lines changed: 13 additions & 32 deletions b/‎processes-services/src/main/java/org/exoplatform/processes/Utils/EntityMapper.java‎
Lines changed: 13 additions & 32 deletions
diff --git a/‎processes-services/src/main/java/org/exoplatform/processes/Utils/ProcessesUtils.java‎
Lines changed: 44 additions & 1 deletion b/‎processes-services/src/main/java/org/exoplatform/processes/Utils/ProcessesUtils.java‎
Lines changed: 44 additions & 1 deletion
@@ -50,6 +50,9 @@ List<WorkFlow> getWorkFlows(ProcessesFilter filter,
   int countWorkFlows(ProcessesFilter filter,
                      long userIdentityId) throws IllegalAccessException;
 
+  WorkFlow getWorkFlow(long id,
+                       long userIdentityId) throws IllegalAccessException;
+
   WorkFlow getWorkFlow(long id) throws IllegalAccessException;
 
   WorkFlow createWorkFlow(WorkFlow workFlow, long userId) throws IllegalAccessException;
@@ -69,6 +72,8 @@ WorkFlow updateWorkFlow(WorkFlow workFlow,
    */
   List<Work> getWorks(long userIdentityId, WorkFilter workFilter, int offset, int limit) throws Exception;
 
+  WorkFlow getWorkFlowByProjectId(long projectId, long userId) throws IllegalAccessException;
+
   WorkFlow getWorkFlowByProjectId(long projectId);
 
   /**
@@ -88,32 +93,38 @@ Work updateWork(Work work, long userId) throws IllegalArgumentException,
    * Delete a workflow by its given Id.
    *
    * @param workflowId : workflow id
+   * @param userId user id
    */
-  void deleteWorkflowById(Long workflowId);
+  void deleteWorkflowById(Long workflowId, long userId) throws IllegalAccessException, ObjectNotFoundException;
 
   /**
    * @param projectId: Tasks project id
    * @param isCompleted: filter by completed and uncompleted tasks
+   * @param userId user id
    * @return Filtered tasks count
    * @throws Exception
    */
-  int countWorksByWorkflow(Long projectId, Boolean isCompleted) throws Exception;
+  int countWorksByWorkflow(Long projectId, long userId, Boolean isCompleted) throws Exception;
 
   /**
    * Delete a work by its given id.
    *
    * @param workId: Work id
+   * @param userId user identity ID
    */
-  void deleteWorkById(Long workId);
+  void deleteWorkById(Long workId, long userId) throws ObjectNotFoundException, IllegalAccessException;
 
   /**
    * update the completed property of the task of a work to completed or uncompleted
    *
    * @param workId work id
+   * @param userId user identity ID
    * @param completed work completed property, can be true or false
+   * @throws ObjectNotFoundException
+   * @throws IllegalAccessException
    * @return {@link Work}
    */
-  Work updateWorkCompleted(Long workId, boolean completed);
+  Work updateWorkCompleted(Long workId, long userId, boolean completed) throws ObjectNotFoundException, IllegalAccessException;
 
   /**
    * Creates a work draft
@@ -122,8 +133,9 @@ Work updateWork(Work work, long userId) throws IllegalArgumentException,
    * @param userId user identity
    * @return {@link Work}
    * @throws IllegalArgumentException
+
    */
-  Work createWorkDraft(Work work, long userId) throws IllegalArgumentException;
+  Work createWorkDraft(Work work, long userId) throws IllegalArgumentException, IllegalAccessException;
 
   /**
    * Updates a work draft
@@ -134,7 +146,7 @@ Work updateWork(Work work, long userId) throws IllegalArgumentException,
    * @throws IllegalArgumentException
    * @throws ObjectNotFoundException
    */
-  Work updateWorkDraft(Work work, long userId) throws IllegalArgumentException, ObjectNotFoundException;
+  Work updateWorkDraft(Work work, long userId) throws IllegalArgumentException, ObjectNotFoundException, IllegalAccessException;
 
   /**
    * Retrieves a list of accessible WorkDraft, for a selected user
@@ -150,9 +162,10 @@ Work updateWork(Work work, long userId) throws IllegalArgumentException,
   /**
    * Deletes a work draft by its given id
    *
-   * @param id Work draft id
+   * @param userId user identity Id
+   * @param draftId Work draft id
    */
-  void deleteWorkDraftById(Long id);
+  void deleteWorkDraftById(Long draftId, long userId) throws IllegalAccessException, ObjectNotFoundException;
 
   /**
    * Retrieves the list of available statuses in all workflows
@@ -164,21 +177,37 @@ Work updateWork(Work work, long userId) throws IllegalArgumentException,
   /**
    * Retrieves a Work by its given id
    *
-   * @param userIdentityId user identity id
+   * @param userId user identity id
    * @param workId Work id
    * @return {@link Work}
    */
-  Work getWorkById(long userIdentityId, Long workId);
+  Work getWorkById(long userId, Long workId) throws IllegalAccessException;
 
   /**
    * Retrieves an illustration image by its given id
    *
    * @param illustrationId illustration file id
+   * @param userId user id
    * @return {@link IllustrativeAttachment}
    * @throws FileStorageException
    * @throws ObjectNotFoundException
    */
-  IllustrativeAttachment getIllustrationImageById(Long illustrationId) throws FileStorageException,
+  IllustrativeAttachment getIllustrationImageById(Long illustrationId,
+                                                  long userId) throws FileStorageException,
                                                                        ObjectNotFoundException,
                                                                        IOException;
+
+  boolean canAccess(WorkFlow workFlow, org.exoplatform.services.security.Identity identity);
+
+  boolean canAdd(org.exoplatform.services.security.Identity identity);
+
+  boolean canEdit(WorkFlow workFlow, org.exoplatform.services.security.Identity identity);
+
+  boolean canDelete(WorkFlow workFlow, org.exoplatform.services.security.Identity identity);
+
+  boolean canAddRequest(WorkFlow workFlow, org.exoplatform.services.security.Identity identity);
+
+  boolean canEditRequest(WorkFlow workFlow, org.exoplatform.services.security.Identity identity);
+
+  boolean canDeleteRequest(WorkFlow workFlow, org.exoplatform.services.security.Identity identity);
 }
@@ -64,7 +64,7 @@ public interface ProcessesStorage {
 
   WorkFlow getWorkFlowByProjectId(long projectId);
 
-  WorkFlow saveWorkFlow(WorkFlow workFlow, long userId) throws IllegalArgumentException;
+  WorkFlow saveWorkFlow(WorkFlow workFlow, Identity identity) throws IllegalArgumentException;
 
   /**
    * Retrieves list of filtered works
@@ -84,11 +84,11 @@ public interface ProcessesStorage {
    * Saving a work and deletes its related draft if it was created from draft
    *
    * @param work Work Object
-   * @param userId user Id
+   * @param identity user social identity
    * @return {@link Work}
    * @throws IllegalArgumentException
    */
-  Work saveWork(Work work, long userId) throws IllegalArgumentException;
+  Work saveWork(Work work, Identity identity) throws IllegalArgumentException;
 
   /**
    * Delete a workflow by its given Id.
 
@@ -13,11 +13,13 @@
 import org.exoplatform.processes.entity.WorkEntity;
 import org.exoplatform.processes.entity.WorkFlowEntity;
 import org.exoplatform.processes.model.*;
+import org.exoplatform.processes.service.ProcessesService;
 import org.exoplatform.services.log.ExoLogger;
 import org.exoplatform.services.log.Log;
 import org.exoplatform.services.organization.Group;
 import org.exoplatform.services.organization.GroupHandler;
 import org.exoplatform.services.organization.OrganizationService;
+import org.exoplatform.services.security.Identity;
 import org.exoplatform.social.core.space.model.Space;
 import org.exoplatform.social.core.space.spi.SpaceService;
 import org.exoplatform.task.dto.StatusDto;
@@ -26,16 +28,14 @@
 public class EntityMapper {
   private static final Log LOG = ExoLogger.getLogger(EntityMapper.class);
 
-  private static final String PROCESSES_GROUP =  "/platform/processes";
-
   private EntityMapper() {
   }
 
-  public static WorkFlow fromEntity(WorkFlowEntity workFlowEntity, List<String> memberships) {
+  public static WorkFlow fromEntity(WorkFlowEntity workFlowEntity, Identity identity) {
     if (workFlowEntity == null) {
       return null;
     }
-    return new WorkFlow(workFlowEntity.getId(),
+    WorkFlow workFlow = new WorkFlow(workFlowEntity.getId(),
                         workFlowEntity.getTitle(),
                         workFlowEntity.getDescription(),
                         workFlowEntity.getSummary(),
@@ -48,13 +48,15 @@ public static WorkFlow fromEntity(WorkFlowEntity workFlowEntity, List<String> me
                         workFlowEntity.getModifiedDate(),
                         workFlowEntity.getProjectId(),
                         "",
-                        getACL(workFlowEntity, memberships),
+            null,
                         null,
                         new IllustrativeAttachment(workFlowEntity.getIllustrationImageId()),
                         workFlowEntity.getManager(),
                         workFlowEntity.getParticipator(),
                         false,
                         fromGroupToIdentity(workFlowEntity.getManager()));
+    workFlow.setAcl(getACL(workFlow, identity));
+    return workFlow;
   }
 
   static List<CreatorIdentityEntity> fromGroupToIdentity(Set<String> managers) {
@@ -90,43 +92,22 @@ static List<CreatorIdentityEntity> fromGroupToIdentity(Set<String> managers) {
     return identityEntities;
   }
 
-  public static ProcessPermission getACL(WorkFlowEntity workFlowEntity, List<String> memberships) {
+  public static ProcessPermission getACL(WorkFlow workFlow, Identity identity) {
 
-    if (memberships == null)
+    if (identity == null) {
       return new ProcessPermission(true, true, true, true);
-    ProcessPermission permission = new ProcessPermission(false, false, false, false);
-    for (String member : memberships) {
-      for (String manager : workFlowEntity.getManager()) {
-        if (member.contains(manager)) {
-          permission.setCanAddRequest(true);
-          break;
-        }
-      }
-      for (String participator : workFlowEntity.getParticipator()) {
-        if (member.equals(participator)) {
-          permission.setCanAccess(true);
-          permission.setCanEdit(true);
-          break;
-        }
-      }
-      if (member.contains(PROCESSES_GROUP)) {
-        permission.setCanDelete(true);
-        permission.setCanEdit(true);
-      }
-      if (permission.isCanAddRequest() && permission.isCanAccess() && permission.isCanDelete() && permission.isCanEdit()) {
-        break;
-      }
     }
-    return permission;
+    ProcessesService processesService = CommonsUtils.getService(ProcessesService.class);
+    return new ProcessPermission(processesService.canAccess(workFlow, identity), processesService.canEdit(workFlow, identity), processesService.canDelete(workFlow, identity), processesService.canAddRequest(workFlow, identity));
   }
 
   public static WorkFlow fromEntity(WorkFlowEntity workFlowEntity,
                                     IllustrativeAttachment illustrativeAttachment,
-                                    List<String> memberships) {
+                                    Identity identity) {
     if (workFlowEntity == null) {
       return null;
     }
-    WorkFlow workFlow = fromEntity(workFlowEntity, memberships);
+    WorkFlow workFlow = fromEntity(workFlowEntity, identity);
     if (illustrativeAttachment != null) {
       workFlow.setIllustrativeAttachment(illustrativeAttachment);
     }
 
@@ -1,6 +1,11 @@
 package org.exoplatform.processes.Utils;
 
+import java.util.*;
+
 import org.exoplatform.commons.utils.CommonsUtils;
+import org.exoplatform.portal.config.UserACL;
+import org.exoplatform.processes.model.CreatorIdentityEntity;
+import org.exoplatform.processes.model.WorkFlow;
 import org.exoplatform.services.listener.ListenerService;
 import org.exoplatform.services.log.ExoLogger;
 import org.exoplatform.services.log.Log;
@@ -16,8 +21,10 @@ public class ProcessesUtils {
 
   private static final Log LOG = ExoLogger.getLogger(ProcessesUtils.class);
 
+  public static final String PROCESSES_GROUP = "/platform/processes";
+
   public static String getUserNameByIdentityId(IdentityManager identityManager, long identityId) {
-    Identity identity = identityManager.getIdentity(String.valueOf(identityId));
+    Identity identity = identityManager.getIdentity(identityId);
     return identity != null ? identity.getRemoteId() : "";
   }
 
@@ -38,6 +45,42 @@ public static Space getProjectParentSpace(Long projectId) {
     return null;
   }
 
+  public static boolean isPlatformAdmin(org.exoplatform.services.security.Identity identity) {
+    UserACL userAcl = CommonsUtils.getService(UserACL.class);
+    return userAcl.isAdministrator(identity);
+  }
+
+  public static boolean isProcessAdmin(org.exoplatform.services.security.Identity identity) {
+    UserACL userAcl = CommonsUtils.getService(UserACL.class);
+    return userAcl.isMemberOf(identity, PROCESSES_GROUP);
+  }
+
+  public static boolean isProcessManager(org.exoplatform.services.security.Identity identity, WorkFlow workFlow) {
+    UserACL userAcl = CommonsUtils.getService(UserACL.class);
+    return userAcl.isMemberOf(identity, Objects.requireNonNull(getProjectParentSpace(workFlow.getProjectId())).getGroupId());
+  }
+
+  public static boolean isProcessParticipant(org.exoplatform.services.security.Identity identity, WorkFlow workFlow) {
+    UserACL userAcl = CommonsUtils.getService(UserACL.class);
+    return getGroupsFromRequestCreators(workFlow.getRequestsCreators()).stream().anyMatch(m -> userAcl.isMemberOf(identity, m));
+  }
+
+  public static Set<String> getGroupsFromRequestCreators(List<CreatorIdentityEntity> requestsCreators) {
+    SpaceService spaceService = CommonsUtils.getService(SpaceService.class);
+    List<String> groups = new ArrayList<>();
+    for (CreatorIdentityEntity id : requestsCreators) {
+      if (id.getIdentity().getProviderId().equals("space")) {
+        Space space = spaceService.getSpaceByPrettyName(id.getIdentity().getRemoteId());
+        if (space != null) {
+          groups.add(space.getGroupId());
+        }
+      } else {
+        groups.add(id.getIdentity().getRemoteId());
+      }
+    }
+    return new HashSet<>(groups);
+  }
+
   public static <S, D> void broadcast(ListenerService listenerService, String eventName, S source, D data) {
     try {
       listenerService.broadcast(eventName, source, data);