script/workflow/getprocessesforuser.js

	getprocessesforuser.js revision 759cbe36aeb56cbe1e788d90fbaa7f1a7e797f5d
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore/**
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore *
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * Copyright (c) 2012 ForgeRock AS. All Rights Reserved
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore *
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * The contents of this file are subject to the terms
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * of the Common Development and Distribution License
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * (the License). You may not use this file except in
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * compliance with the License.
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore *
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * You can obtain a copy of the License at
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * http://forgerock.org/license/CDDLv1.0.html
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * See the License for the specific language governing
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * permission and limitations under the License.
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore *
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * When distributing Covered Code, include this CDDL
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * Header Notice in each file and include the License file
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * at http://forgerock.org/license/CDDLv1.0.html
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * If applicable, add the following below the CDDL Header,
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * with the fields enclosed by brackets [] replaced by
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * your own identifying information:
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore * "Portions Copyrighted [year] [name of copyright owner]"
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore */
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Mooreif (request.method !== "query") {
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore    throw {
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore        "openidmCode" : 403,
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore        "message" : "Access denied"
753a6d457b330b1b29b2d3eefcd0831116ce950dSherry Moore    };
}
if (!request.params || (!request.params.userId && !request.params.userName)) {
    throw "Required params: userId or userName";
}

(function () {
    var users = {},

    getUser = function(userId) {
        var user,
            params,
            result;

        if (!users[userId]) {
            user = openidm.read("managed/user/"+userId);
            if (!user) {
                params = {
                    "_queryId": "for-userName",
                    "uid": userId
                };
                result = openidm.query("managed/user", params);
                if (result.result && result.result.length === 1) {
                    user = result.result[0];
                }
                if (!user) {
                    user = openidm.read("repo/internal/user/"+userId);
                }

                if(!user) {
                    throw "Bad userId";
                }
            }
            users[userId] = user;
        }
        return users[userId];
    },

    contains = function(object, comaseparatedList) {
        var items = comaseparatedList.split(','),i;
        for (i = 0; i < items.length; i++) {
            if (items[i] === object) {
                return true;
            }
        }
        return false;
    },

    isProcessAvalibleForUser = function(processAccessPolicies, processDefinition, userRoles) {
        var i,
            props,
            property,
            matches,
            requiresRole;

        for (i = 0; i < processAccessPolicies.length; i++) {
            props =  processAccessPolicies[i].propertiesCheck;
            property = props.property;
            matches = props.matches;
            requiresRole = props.requiresRole;

            if (processDefinition[property].match(matches)) {
                if (contains(requiresRole, userRoles)) {
                    return true;
                }
            }
        }
        return false;
    },

    getProcessesAvalibleForUser = function(processDefinitions, userRoles) {
        var processesAvalibleToUser = [],
            processAccessPolicies = openidm.read("config/process/access").workflowAccess,
            processDefinition,
            i;

        for (i = 0; i < processDefinitions.length; i++) {
            processDefinition = processDefinitions[i];
            if (isProcessAvalibleForUser(processAccessPolicies, processDefinition, userRoles)) {
                processesAvalibleToUser.push(processDefinition);
            }
        }
        return processesAvalibleToUser;
    },
    processDefinitions = {},
    user = {},
    roles,
    processesForUser = [],
    processDefinitionsQueryParams = {
        "_queryId": "query-all-ids"
    };


    //code:

    if (request.params.userId) {
        user = getUser(request.params.userId);
        roles = user.roles;
    } else {
        user = getUser(request.params.userName);
        roles = user.roles;
    }

    processDefinitions = openidm.query("workflow/processdefinition", processDefinitionsQueryParams).result;

    processesForUser = getProcessesAvalibleForUser(processDefinitions, roles);

    //return value
    return processesForUser;

} ());