Ticket #23 : business analyst can create and edit his case definitions

Author: habarthierry-hue

src/CaseManagement.CMMN.AspNetCore/Apis/CaseDefinitionsController.cs

@@ -81,14 +81,7 @@ private static JObject ToDto(FindResponse<CaseDefinition> resp)
                 { "start_index", resp.StartIndex },
                 { "total_length", resp.TotalLength },
                 { "count", resp.Count },
-                { "content", new JArray(resp.Content.Select(r => new JObject
-                {
-                    { "id", r.Id },
-                    { "name", r.Name },
-                    { "description", r.Description },
-                    { "case_file", r.CaseFileId },
-                    { "create_datetime", r.CreateDateTime }
-                })) }
+                { "content", new JArray(resp.Content.Select(r => ToDto(r))) }
             };
         }
 
@@ -124,6 +117,7 @@ private static FindWorkflowDefinitionsParameter ExtractFindParameter(IEnumerable
         {
             string caseFile;
             string text;
+            string caseOwner;
             var parameter = new FindWorkflowDefinitionsParameter();
             parameter.ExtractFindParameter(query);
             if (query.TryGet("case_file", out caseFile))
@@ -136,6 +130,11 @@ private static FindWorkflowDefinitionsParameter ExtractFindParameter(IEnumerable
                 parameter.Text = text;
             }
 
+            if (query.TryGet("owner", out caseOwner))
+            {
+                parameter.CaseOwner = caseOwner;
+            }
+
             return parameter;
         }
     }

src/CaseManagement.CMMN.AspNetCore/Apis/CaseFilesController.cs

@@ -96,6 +96,7 @@ public async Task<IActionResult> Upload([FromBody] UploadCaseFilesCommand parame
         }
 
         [HttpPut("{id}")]
+        [Authorize("update_casefile")]
         public async Task<IActionResult> Update(string id, [FromBody] UpdateCaseFileCommand parameter)
         {
             try

src/CaseManagement.CMMN.AspNetCore/Apis/CaseInstancesController.cs

@@ -81,17 +81,26 @@ public async Task<IActionResult> GetCaseFileItems(string id)
         }
 
         [HttpPost]
+        [Authorize("add_case_instance")]
         public async Task<IActionResult> Create([FromBody] CreateCaseInstanceCommand createCaseInstance)
         {
             try
             {
+                createCaseInstance.NameIdentifier = this.GetNameIdentifier();
                 var result = await _createCaseInstanceCommandHandler.Handle(createCaseInstance);
                 return new ContentResult
                 {
                     StatusCode = (int)HttpStatusCode.Created,
                     Content = ToDto(result).ToString()
                 };
             }
+            catch(UnauthorizedCaseWorkerException)
+            {
+                return this.ToError(new Dictionary<string, string>
+                {
+                    { "unauthorized_request", "you're not authorized to create the case instance" }
+                }, HttpStatusCode.Unauthorized, Request);
+            }
             catch (UnknownCaseDefinitionException)
             {
                 return this.ToError(new Dictionary<string, string>
@@ -102,13 +111,21 @@ public async Task<IActionResult> Create([FromBody] CreateCaseInstanceCommand cre
         }
 
         [HttpGet("{id}/launch")]
+        [Authorize("launch_case_intance")]
         public async Task<IActionResult> Launch(string id)
         {
             try
             {
-                await _launchCaseInstanceCommandHandler.Handle(new LaunchCaseInstanceCommand { CaseInstanceId = id });
+                await _launchCaseInstanceCommandHandler.Handle(new LaunchCaseInstanceCommand { CaseInstanceId = id, NameIdentifier = this.GetNameIdentifier() });
                 return new OkResult();
             }
+            catch (UnauthorizedCaseWorkerException)
+            {
+                return this.ToError(new Dictionary<string, string>
+                {
+                    { "unauthorized_request", "you're not authorized to launch the case instance" }
+                }, HttpStatusCode.Unauthorized, Request);
+            }
             catch (UnknownCaseInstanceException)
             {
                 return this.ToError(new Dictionary<string, string>

src/CaseManagement.CMMN.Host/Startup.cs

@@ -62,6 +62,9 @@ public void ConfigureServices(IServiceCollection services)
                 policy.AddPolicy("get_performance", p => p.RequireRole("admin"));
                 policy.AddPolicy("get_casedefinition", p => p.RequireRole("businessanalyst"));
                 policy.AddPolicy("add_casefile", p => p.RequireRole("businessanalyst"));
+                policy.AddPolicy("update_casefile", p => p.RequireRole("businessanalyst"));
+                policy.AddPolicy("add_case_instance", p => p.RequireRole("businessanalyst"));
+                policy.AddPolicy("launch_case_intance", p => p.RequireRole("businessanalyst"));
             });
             services.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin()
                 .AllowAnyMethod()

src/CaseManagement.CMMN/CaseInstance/CommandHandlers/CreateCaseInstanceCommandHandler.cs

@@ -24,8 +24,14 @@ public CreateCaseInstanceCommandHandler(ICaseDefinitionQueryRepository cmmnWorkf
             {
                 throw new UnknownCaseDefinitionException();
             }
+
+            if (workflowDefinition.CaseOwner != command.NameIdentifier)
+            {
+                throw new UnauthorizedCaseWorkerException(command.NameIdentifier, null, null);
+            }
 
             var workflowInstance = Domains.CaseInstance.New(workflowDefinition);
+            workflowInstance.CaseOwner = command.NameIdentifier;
             await _commitAggregateHelper.Commit(workflowInstance, workflowInstance.GetStreamName());
             return workflowInstance;
         }

src/CaseManagement.CMMN/CaseInstance/CommandHandlers/LaunchCaseInstanceCommandHandler.cs

@@ -25,6 +25,11 @@ public async Task Handle(LaunchCaseInstanceCommand launchCaseInstanceCommand)
             {
                 throw new UnknownCaseInstanceException(launchCaseInstanceCommand.CaseInstanceId);
             }
+
+            if (caseInstance.CaseOwner != launchCaseInstanceCommand.NameIdentifier)
+            {
+                throw new UnauthorizedCaseWorkerException(launchCaseInstanceCommand.NameIdentifier, caseInstance.Id, null);
+            }
 
             await _queueProvider.QueueLaunchProcess(caseInstance.Id);
         }

src/CaseManagement.CMMN/CaseInstance/Commands/CreateCaseInstanceCommand.cs

@@ -7,5 +7,6 @@ public class CreateCaseInstanceCommand
     {
         [DataMember(Name = "case_definition_id")]
         public string CaseDefinitionId { get; set; }
+        public string NameIdentifier { get; set; }
     }
 }

src/CaseManagement.CMMN/CaseInstance/Commands/LaunchCaseInstanceCommand.cs

@@ -3,5 +3,6 @@
     public class LaunchCaseInstanceCommand
     {
         public string CaseInstanceId { get; set; }
+        public string NameIdentifier { get; set; }
     }
 }

src/CaseManagement.CMMN/Domains/CaseInstance/CaseInstance.cs

@@ -37,6 +37,7 @@ public CaseInstance(string id, DateTime createDateTime, string workflowDefinitio
         }
 
         public string CaseDefinitionId { get; set; }
+        public string CaseOwner { get; set; }
         public DateTime CreateDateTime { get; set; }
         public string State { get; set; }
         public CaseInstanceExecutionContext ExecutionContext { get; set; }
@@ -1015,7 +1016,8 @@ public override object Clone()
                 Version = Version,
                 CaseDefinitionId = CaseDefinitionId,
                 WorkflowElementInstances = WorkflowElementInstances == null ? null : WorkflowElementInstances.Select(w => (CaseElementInstance)w.Clone()).ToList(),
-                ElementPlanificationLst = ElementPlanificationLst.Select(w => (CaseElementInstancePlanification)w.Clone()).ToList()
+                ElementPlanificationLst = ElementPlanificationLst.Select(w => (CaseElementInstancePlanification)w.Clone()).ToList(),
+                CaseOwner = CaseOwner
             };
         }