IEngUserProfile profile =null;
try{
profile = UserUtilities.getUserProfile(user);
} catch (Exception e) {
logger.error("An error occurred while creating the profile of user [" + user + "]");
throw new SecurityException("An error occurred while creating the profile of user [" + user + "]", e);
}
// Check if the user can execute the document
boolean canSee = ObjectsAccessVerifier.canSee(biobj, profile);
if (!canSee) {
logger.error("Current user cannot execute the required document");
throw new SecurityException("Current user cannot execute the required document");
}
Integer id = biobj.getId();
// get the correct roles for execution
List correctRoles = null;
if (profile.isAbleToExecuteAction(SpagoBIConstants.DOCUMENT_MANAGEMENT_DEV)
|| profile.isAbleToExecuteAction(SpagoBIConstants.DOCUMENT_MANAGEMENT_USER)
|| profile.isAbleToExecuteAction(SpagoBIConstants.DOCUMENT_MANAGEMENT_ADMIN))
correctRoles = DAOFactory.getBIObjectDAO().getCorrectRolesForExecution(id, profile);
else
correctRoles = DAOFactory.getBIObjectDAO().getCorrectRolesForExecution(id);
logger.debug("correct roles for execution retrived " + correctRoles);
if (correctRoles == null || correctRoles.size() == 0) {
logger.error("Object cannot be executed by no role of the user");
throw new SecurityException("Object cannot be executed by no role of the user");
}
if (parameters == null) {
logger.debug("Input parameters map is null. It will be considered as an empty map");
parameters = new HashMap();
}
boolean parametersAreCorrect = false;
String roleName = (String) parameters.get("SBI_EXECUTION_ROLE");
if (roleName != null) {
// if a role is specified, check if it is a valid role for execution
logger.debug("Execution role specified: " + roleName);
if (!correctRoles.contains(roleName)) {
if (correctRoles == null || correctRoles.size() == 0) {
logger.error("Role [] is not a valid role for the execution of document with id = [" + biobj.getId()
+ "], label = [" + biobj.getLabel() + "]");
throw new SecurityException("Role [] is not a valid role for the execution of document with id = [" + biobj.getId()
+ "], label = [" + biobj.getLabel() + "]");
}
}
// check if parameter values are correct for the role
parametersAreCorrect = checkParametersErrors(profile, biobj.getId(), roleName, parameters);
} else {
// if a role is not specified, iterate on valid roles
logger.debug("Execution role not specified: iterating on all available roles...");
Iterator it = correctRoles.iterator();
while (it.hasNext()) {
roleName = it.next().toString();
// check if parameter values are correct for the role
parametersAreCorrect = checkParametersErrors(profile, biobj.getId(), roleName, parameters);
if (parametersAreCorrect) {
break;
} else {
logger.debug("Role " + roleName + " is NOT compatible with input parameters");
}
}
}
if (!parametersAreCorrect) {
logger.error("Document cannot be executed by the user with the input parameters.");
throw new SecurityException("Document cannot be executed by the user with the input parameters.");
} else {
logger.debug("Role " + roleName + " is compatible with input parameters");
}
} finally {
logger.debug("OUT");