Example 46 with PublicApiException
use of org.alfresco.rest.api.tests.client.PublicApiException in project alfresco-remote-api by Alfresco.
the class TaskWorkflowApiTest method testGetTaskItems.
@Test
public void testGetTaskItems() throws Exception {
final RequestContext requestContext = initApiClientWithTestUser();
String otherPerson = getOtherPersonInNetwork(requestContext.getRunAsUser(), requestContext.getNetworkId()).getId();
RequestContext otherContext = new RequestContext(requestContext.getNetworkId(), otherPerson);
String tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + requestContext.getNetworkId();
RequestContext adminContext = new RequestContext(requestContext.getNetworkId(), tenantAdmin);
// Create test-document and add to package
NodeRef[] docNodeRefs = createTestDocuments(requestContext);
ProcessInfo processInfo = startAdhocProcess(requestContext, docNodeRefs);
final Task task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInfo.getId()).singleResult();
assertNotNull(task);
activitiProcessEngine.getTaskService().setAssignee(task.getId(), null);
try {
TasksClient tasksClient = publicApiClient.tasksClient();
JSONObject itemsJSON = tasksClient.findTaskItems(task.getId());
assertNotNull(itemsJSON);
JSONArray entriesJSON = (JSONArray) itemsJSON.get("entries");
assertNotNull(entriesJSON);
assertTrue(entriesJSON.size() == 2);
boolean doc1Found = false;
boolean doc2Found = false;
for (Object entryObject : entriesJSON) {
JSONObject entryObjectJSON = (JSONObject) entryObject;
JSONObject entryJSON = (JSONObject) entryObjectJSON.get("entry");
if (entryJSON.get("name").equals("Test Doc1")) {
doc1Found = true;
assertEquals(docNodeRefs[0].getId(), entryJSON.get("id"));
assertEquals("Test Doc1", entryJSON.get("name"));
assertEquals("Test Doc1 Title", entryJSON.get("title"));
assertEquals("Test Doc1 Description", entryJSON.get("description"));
assertNotNull(entryJSON.get("createdAt"));
assertEquals(requestContext.getRunAsUser(), entryJSON.get("createdBy"));
assertNotNull(entryJSON.get("modifiedAt"));
assertEquals(requestContext.getRunAsUser(), entryJSON.get("modifiedBy"));
assertNotNull(entryJSON.get("size"));
assertNotNull(entryJSON.get("mimeType"));
} else {
doc2Found = true;
assertEquals(docNodeRefs[1].getId(), entryJSON.get("id"));
assertEquals("Test Doc2", entryJSON.get("name"));
assertEquals("Test Doc2 Title", entryJSON.get("title"));
assertEquals("Test Doc2 Description", entryJSON.get("description"));
assertNotNull(entryJSON.get("createdAt"));
assertEquals(requestContext.getRunAsUser(), entryJSON.get("createdBy"));
assertNotNull(entryJSON.get("modifiedAt"));
assertEquals(requestContext.getRunAsUser(), entryJSON.get("modifiedBy"));
assertNotNull(entryJSON.get("size"));
assertNotNull(entryJSON.get("mimeType"));
}
}
assertTrue(doc1Found);
assertTrue(doc2Found);
// get with admin
publicApiClient.setRequestContext(adminContext);
itemsJSON = tasksClient.findTaskItems(task.getId());
assertNotNull(itemsJSON);
entriesJSON = (JSONArray) itemsJSON.get("entries");
assertNotNull(entriesJSON);
assertTrue(entriesJSON.size() == 2);
// get with non involved user
publicApiClient.setRequestContext(otherContext);
try {
tasksClient.findTaskItems(task.getId());
fail("Expected exception");
} catch (PublicApiException e) {
assertEquals(403, e.getHttpResponse().getStatusCode());
}
// get with candidate user
activitiProcessEngine.getTaskService().addCandidateUser(task.getId(), otherContext.getRunAsUser());
publicApiClient.setRequestContext(otherContext);
itemsJSON = tasksClient.findTaskItems(task.getId());
assertNotNull(itemsJSON);
entriesJSON = (JSONArray) itemsJSON.get("entries");
assertNotNull(entriesJSON);
assertTrue(entriesJSON.size() == 2);
// get with user from candidate group with no assignee
List<MemberOfSite> memberships = getTestFixture().getNetwork(otherContext.getNetworkId()).getSiteMemberships(otherContext.getRunAsUser());
assertTrue(memberships.size() > 0);
MemberOfSite memberOfSite = memberships.get(0);
String group = "GROUP_site_" + memberOfSite.getSiteId() + "_" + memberOfSite.getRole().name();
activitiProcessEngine.getTaskService().deleteCandidateUser(task.getId(), otherContext.getRunAsUser());
activitiProcessEngine.getTaskService().addCandidateGroup(task.getId(), group);
publicApiClient.setRequestContext(otherContext);
itemsJSON = tasksClient.findTaskItems(task.getId());
assertNotNull(itemsJSON);
entriesJSON = (JSONArray) itemsJSON.get("entries");
assertNotNull(entriesJSON);
assertTrue(entriesJSON.size() == 2);
// get with user from candidate group with assignee
activitiProcessEngine.getTaskService().setAssignee(task.getId(), requestContext.getRunAsUser());
try {
tasksClient.findTaskItems(task.getId());
fail("Expected exception");
} catch (PublicApiException e) {
assertEquals(403, e.getHttpResponse().getStatusCode());
}
// invalid task id
publicApiClient.setRequestContext(requestContext);
try {
tasksClient.findTaskItems("fakeid");
fail("Expected exception");
} catch (PublicApiException e) {
assertEquals(404, e.getHttpResponse().getStatusCode());
}
// get items from completed task with initiator
TenantUtil.runAsUserTenant(new TenantRunAsWork<Void>() {
@Override
public Void doWork() throws Exception {
activitiProcessEngine.getTaskService().complete(task.getId());
return null;
}
}, requestContext.getRunAsUser(), requestContext.getNetworkId());
publicApiClient.setRequestContext(requestContext);
itemsJSON = tasksClient.findTaskItems(task.getId());
assertNotNull(itemsJSON);
entriesJSON = (JSONArray) itemsJSON.get("entries");
assertNotNull(entriesJSON);
assertTrue(entriesJSON.size() == 2);
// get items from completed task with user from candidate group
publicApiClient.setRequestContext(otherContext);
try {
tasksClient.findTaskItems(task.getId());
fail("Expected exception");
} catch (PublicApiException e) {
assertEquals(403, e.getHttpResponse().getStatusCode());
}
} finally {
cleanupProcessInstance(processInfo.getId());
}
}
Also used :
Task(org.activiti.engine.task.Task)
TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient)
JSONArray(org.json.simple.JSONArray)
MemberOfSite(org.alfresco.rest.api.tests.client.data.MemberOfSite)
ProcessInfo(org.alfresco.rest.workflow.api.model.ProcessInfo)
PublicApiException(org.alfresco.rest.api.tests.client.PublicApiException)
PublicApiException(org.alfresco.rest.api.tests.client.PublicApiException)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
JSONObject(org.json.simple.JSONObject)
JSONObject(org.json.simple.JSONObject)
RequestContext(org.alfresco.rest.api.tests.client.RequestContext)
Test(org.junit.Test)
Example 47 with PublicApiException
use of org.alfresco.rest.api.tests.client.PublicApiException in project alfresco-remote-api by Alfresco.
the class TaskWorkflowApiTest method testUpdateTaskVariablesAuthentication.
@Test
@SuppressWarnings("unchecked")
public void testUpdateTaskVariablesAuthentication() throws Exception {
RequestContext requestContext = initApiClientWithTestUser();
String initiator = getOtherPersonInNetwork(requestContext.getRunAsUser(), requestContext.getNetworkId()).getId();
// Start process by one user and try to access the task variables as the task assignee instead of the process
// initiator to see if the assignee is authorized to get the task
ProcessInstance processInstance = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
try {
JSONObject variableBody = new JSONObject();
variableBody.put("name", "newVariable");
variableBody.put("value", 1234);
variableBody.put("scope", "global");
Task task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInstance.getId()).singleResult();
assertNotNull(task);
TasksClient tasksClient = publicApiClient.tasksClient();
// Try updating task variables when NOT involved in the task
try {
tasksClient.updateTaskVariable(task.getId(), "newVariable", variableBody);
fail("Exception expected");
} catch (PublicApiException expected) {
assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
assertErrorSummary("Permission was denied", expected.getHttpResponse());
}
// Set assignee, task variables should be updatable now
activitiProcessEngine.getTaskService().setAssignee(task.getId(), requestContext.getRunAsUser());
JSONObject jsonObject = tasksClient.updateTaskVariable(task.getId(), "newVariable", variableBody);
assertNotNull(jsonObject);
// Updating task variables as admin should be possible
String tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + requestContext.getNetworkId();
publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
jsonObject = tasksClient.updateTaskVariable(task.getId(), "newVariable", variableBody);
assertNotNull(jsonObject);
// Updating the task variables as a admin from another tenant shouldn't be possible
TestNetwork anotherNetwork = getOtherNetwork(requestContext.getNetworkId());
tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + anotherNetwork.getId();
publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
try {
jsonObject = tasksClient.updateTaskVariable(task.getId(), "newVariable", variableBody);
fail("Exception expected");
} catch (PublicApiException expected) {
assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
assertErrorSummary("Permission was denied", expected.getHttpResponse());
}
} finally {
cleanupProcessInstance(processInstance);
}
}
Also used :
PublicApiException(org.alfresco.rest.api.tests.client.PublicApiException)
Task(org.activiti.engine.task.Task)
JSONObject(org.json.simple.JSONObject)
TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient)
TestNetwork(org.alfresco.rest.api.tests.RepoService.TestNetwork)
ProcessInstance(org.activiti.engine.runtime.ProcessInstance)
RequestContext(org.alfresco.rest.api.tests.client.RequestContext)
Test(org.junit.Test)
Example 48 with PublicApiException
use of org.alfresco.rest.api.tests.client.PublicApiException in project alfresco-remote-api by Alfresco.
the class TaskWorkflowApiTest method testGetTaskByIdAuthorization.
@Test
public void testGetTaskByIdAuthorization() throws Exception {
RequestContext requestContext = initApiClientWithTestUser();
String initiator = getOtherPersonInNetwork(requestContext.getRunAsUser(), requestContext.getNetworkId()).getId();
// Start process by one user and try to access the task as the task assignee instead of the process
// initiator to see if the assignee is authorized to get the task
ProcessInstance processInstance = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
try {
Task task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInstance.getId()).singleResult();
assertNotNull(task);
TasksClient tasksClient = publicApiClient.tasksClient();
// Try accessing task when NOT involved in the task
try {
tasksClient.findTaskById(task.getId());
fail("Exception expected");
} catch (PublicApiException expected) {
assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
assertErrorSummary("Permission was denied", expected.getHttpResponse());
}
// Set assignee, task should be accessible now
activitiProcessEngine.getTaskService().setAssignee(task.getId(), requestContext.getRunAsUser());
JSONObject jsonObject = tasksClient.findTaskById(task.getId());
assertNotNull(jsonObject);
// Fetching task as admin should be possible
String tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + requestContext.getNetworkId();
publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
jsonObject = tasksClient.findTaskById(task.getId());
assertNotNull(jsonObject);
// Fetching the task as a admin from another tenant shouldn't be possible
TestNetwork anotherNetwork = getOtherNetwork(requestContext.getNetworkId());
tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + anotherNetwork.getId();
publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
try {
tasksClient.findTaskById(task.getId());
fail("Exception expected");
} catch (PublicApiException expected) {
assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
assertErrorSummary("Permission was denied", expected.getHttpResponse());
}
} finally {
cleanupProcessInstance(processInstance);
}
}
Also used :
PublicApiException(org.alfresco.rest.api.tests.client.PublicApiException)
Task(org.activiti.engine.task.Task)
JSONObject(org.json.simple.JSONObject)
TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient)
TestNetwork(org.alfresco.rest.api.tests.RepoService.TestNetwork)
ProcessInstance(org.activiti.engine.runtime.ProcessInstance)
RequestContext(org.alfresco.rest.api.tests.client.RequestContext)
Test(org.junit.Test)
Example 49 with PublicApiException
use of org.alfresco.rest.api.tests.client.PublicApiException in project alfresco-remote-api by Alfresco.
the class TaskWorkflowApiTest method testCompleteTask.
@Test
@SuppressWarnings("unchecked")
public void testCompleteTask() throws Exception {
RequestContext requestContext = initApiClientWithTestUser();
String user = requestContext.getRunAsUser();
String initiator = getOtherPersonInNetwork(requestContext.getRunAsUser(), requestContext.getNetworkId()).getId();
ProcessInstance processCompleteAsAssignee = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
ProcessInstance processCompleteAsOwner = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
ProcessInstance processCompleteAsInitiator = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
ProcessInstance processCompleteAsAdmin = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
ProcessInstance processCompleteWithVariables = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
try {
Task asAssigneeTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteAsAssignee.getId()).singleResult();
Task asOwnerTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteAsOwner.getId()).singleResult();
Task asInitiatorTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteAsInitiator.getId()).singleResult();
Task asAdminTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteAsAdmin.getId()).singleResult();
Task withVariablesTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteWithVariables.getId()).singleResult();
TasksClient tasksClient = publicApiClient.tasksClient();
// Unclaiming the task when NOT assignee, owner, initiator or admin results in error
JSONObject taskBody = new JSONObject();
taskBody.put("state", "completed");
List<String> selectedFields = new ArrayList<String>();
selectedFields.addAll(Arrays.asList(new String[] { "state" }));
try {
tasksClient.updateTask(asAssigneeTask.getId(), taskBody, selectedFields);
fail("Exception expected");
} catch (PublicApiException expected) {
assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
assertErrorSummary("Permission was denied", expected.getHttpResponse());
}
// Completing as assignee initiator
activitiProcessEngine.getTaskService().setAssignee(asAssigneeTask.getId(), user);
JSONObject result = tasksClient.updateTask(asAssigneeTask.getId(), taskBody, selectedFields);
assertEquals("completed", result.get("state"));
assertNotNull(result.get("endedAt"));
assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(asAssigneeTask.getId()).singleResult());
// Completing as process initiator
requestContext.setRunAsUser(initiator);
activitiProcessEngine.getTaskService().setAssignee(asInitiatorTask.getId(), null);
result = tasksClient.updateTask(asInitiatorTask.getId(), taskBody, selectedFields);
assertEquals("completed", result.get("state"));
assertNotNull(result.get("endedAt"));
assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(asInitiatorTask.getId()).singleResult());
// Completing as owner
requestContext.setRunAsUser(user);
asOwnerTask.setOwner(user);
activitiProcessEngine.getTaskService().saveTask(asOwnerTask);
result = tasksClient.updateTask(asOwnerTask.getId(), taskBody, selectedFields);
assertEquals("completed", result.get("state"));
assertNotNull(result.get("endedAt"));
assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(asOwnerTask.getId()).singleResult());
// Complete as admin
String tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + requestContext.getNetworkId();
publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
asAdminTask.setOwner(null);
activitiProcessEngine.getTaskService().saveTask(asAdminTask);
result = tasksClient.updateTask(asAdminTask.getId(), taskBody, selectedFields);
assertEquals("completed", result.get("state"));
assertNotNull(result.get("endedAt"));
assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(asAdminTask.getId()).singleResult());
// Complete with variables
requestContext.setRunAsUser(initiator);
activitiProcessEngine.getTaskService().setAssignee(withVariablesTask.getId(), null);
JSONArray variablesArray = new JSONArray();
JSONObject variableBody = new JSONObject();
variableBody.put("name", "newGlobalVariable");
variableBody.put("value", 1234);
variableBody.put("scope", "global");
variablesArray.add(variableBody);
variableBody = new JSONObject();
variableBody.put("name", "newLocalVariable");
variableBody.put("value", 5678);
variableBody.put("scope", "local");
variablesArray.add(variableBody);
taskBody.put("variables", variablesArray);
selectedFields.add("variables");
result = tasksClient.updateTask(withVariablesTask.getId(), taskBody, selectedFields);
assertEquals("completed", result.get("state"));
assertNotNull(result.get("endedAt"));
assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(withVariablesTask.getId()).singleResult());
HistoricTaskInstance historyTask = activitiProcessEngine.getHistoryService().createHistoricTaskInstanceQuery().taskId(withVariablesTask.getId()).includeProcessVariables().includeTaskLocalVariables().singleResult();
assertEquals(1234, historyTask.getProcessVariables().get("newGlobalVariable"));
assertEquals(5678, historyTask.getTaskLocalVariables().get("newLocalVariable"));
assertNotNull("The outcome should not be null for completed task.", historyTask.getTaskLocalVariables().get("bpm_outcome"));
JSONObject variables = tasksClient.findTaskVariables(withVariablesTask.getId());
assertNotNull(variables);
JSONObject list = (JSONObject) variables.get("list");
assertNotNull(list);
JSONArray entries = (JSONArray) list.get("entries");
assertNotNull(entries);
boolean foundGlobal = false;
boolean foundLocal = false;
for (Object entry : entries) {
JSONObject variableObject = (JSONObject) ((JSONObject) entry).get("entry");
if ("newGlobalVariable".equals(variableObject.get("name"))) {
assertEquals(1234L, variableObject.get("value"));
foundGlobal = true;
} else if ("newLocalVariable".equals(variableObject.get("name"))) {
assertEquals(5678L, variableObject.get("value"));
foundLocal = true;
}
}
assertTrue(foundGlobal);
assertTrue(foundLocal);
} finally {
cleanupProcessInstance(processCompleteAsAssignee, processCompleteAsAdmin, processCompleteAsInitiator, processCompleteAsOwner, processCompleteWithVariables);
}
}
Also used :
Task(org.activiti.engine.task.Task)
HistoricTaskInstance(org.activiti.engine.history.HistoricTaskInstance)
TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient)
ArrayList(java.util.ArrayList)
JSONArray(org.json.simple.JSONArray)
PublicApiException(org.alfresco.rest.api.tests.client.PublicApiException)
JSONObject(org.json.simple.JSONObject)
ProcessInstance(org.activiti.engine.runtime.ProcessInstance)
JSONObject(org.json.simple.JSONObject)
RequestContext(org.alfresco.rest.api.tests.client.RequestContext)
Test(org.junit.Test)
Example 50 with PublicApiException
use of org.alfresco.rest.api.tests.client.PublicApiException in project alfresco-remote-api by Alfresco.
the class TaskWorkflowApiTest method testUpdateTaskMnt13276.
@Test
@SuppressWarnings("unchecked")
public void testUpdateTaskMnt13276() throws Exception {
RequestContext requestContext = initApiClientWithTestUser();
String initiatorId = requestContext.getRunAsUser();
ProcessInfo processInfo = startReviewPooledProcess(requestContext);
// create test users
final List<TestPerson> persons = transactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<List<TestPerson>>() {
@SuppressWarnings("synthetic-access")
public List<TestPerson> execute() throws Throwable {
ArrayList<TestPerson> persons = new ArrayList<TestPerson>();
String temp = "_" + System.currentTimeMillis();
persons.add(currentNetwork.createUser(new PersonInfo("user0", "user0", "user0" + temp, "password", null, "skype", "location", "telephone", "mob", "instant", "google")));
persons.add(currentNetwork.createUser(new PersonInfo("user1", "user1", "user1" + temp, "password", null, "skype", "location", "telephone", "mob", "instant", "google")));
persons.add(currentNetwork.createUser(new PersonInfo("user2", "user2", "user2" + temp, "password", null, "skype", "location", "telephone", "mob", "instant", "google")));
return persons;
}
}, false, true);
final MemberOfSite memberOfSite = currentNetwork.getSiteMemberships(initiatorId).get(0);
// startReviewPooledProcess() uses initiator's site id and role name for construct bpm_groupAssignee, thus we need appropriate things for created users
transactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>() {
public Void execute() throws Throwable {
TenantUtil.runAsUserTenant(new TenantRunAsWork<Void>() {
@Override
public Void doWork() throws Exception {
TestSite initiatorSite = (TestSite) memberOfSite.getSite();
initiatorSite.inviteToSite(persons.get(0).getId(), memberOfSite.getRole());
initiatorSite.inviteToSite(persons.get(1).getId(), memberOfSite.getRole());
// this user wouldn't be in group
initiatorSite.inviteToSite(persons.get(2).getId(), SiteRole.SiteConsumer == memberOfSite.getRole() ? SiteRole.SiteCollaborator : SiteRole.SiteConsumer);
return null;
}
}, AuthenticationUtil.getAdminUserName(), currentNetwork.getId());
return null;
}
}, false, true);
try {
Task task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInfo.getId()).singleResult();
TasksClient tasksClient = publicApiClient.tasksClient();
// Updating the task by user in group
JSONObject taskBody = new JSONObject();
taskBody.put("name", "Updated name by user in group");
List<String> selectedFields = new ArrayList<String>();
selectedFields.addAll(Arrays.asList(new String[] { "name" }));
requestContext.setRunAsUser(persons.get(0).getId());
JSONObject result = tasksClient.updateTask(task.getId(), taskBody, selectedFields);
assertEquals("Updated name by user in group", result.get("name"));
task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInfo.getId()).singleResult();
assertNotNull(task);
assertEquals("Updated name by user in group", task.getName());
// Updating the task by user not in group
try {
taskBody.put("name", "Updated name by user not in group");
requestContext.setRunAsUser(persons.get(2).getId());
tasksClient.updateTask(task.getId(), taskBody, selectedFields);
fail("User not from group should not see items.");
} catch (PublicApiException expected) {
assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
assertErrorSummary("Permission was denied", expected.getHttpResponse());
}
// claim task
TaskService taskService = activitiProcessEngine.getTaskService();
task = taskService.createTaskQuery().processInstanceId(processInfo.getId()).singleResult();
taskService.setAssignee(task.getId(), persons.get(1).getId());
// Updating by user in group for claimed task by another user
try {
taskBody = new JSONObject();
taskBody.put("name", "Updated name by user in group for claimed task");
selectedFields.addAll(Arrays.asList(new String[] { "name" }));
requestContext.setRunAsUser(persons.get(0).getId());
result = tasksClient.updateTask(task.getId(), taskBody, selectedFields);
fail("User from group should not see items for claimed task by another user.");
} catch (PublicApiException expected) {
assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
assertErrorSummary("Permission was denied", expected.getHttpResponse());
}
} finally {
cleanupProcessInstance(processInfo.getId());
}
}
Also used :
Task(org.activiti.engine.task.Task)
PersonInfo(org.alfresco.rest.api.tests.PersonInfo)
RetryingTransactionHelper(org.alfresco.repo.transaction.RetryingTransactionHelper)
TestSite(org.alfresco.rest.api.tests.RepoService.TestSite)
TaskService(org.activiti.engine.TaskService)
TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient)
ArrayList(java.util.ArrayList)
MemberOfSite(org.alfresco.rest.api.tests.client.data.MemberOfSite)
ProcessInfo(org.alfresco.rest.workflow.api.model.ProcessInfo)
PublicApiException(org.alfresco.rest.api.tests.client.PublicApiException)
JSONObject(org.json.simple.JSONObject)
TenantRunAsWork(org.alfresco.repo.tenant.TenantUtil.TenantRunAsWork)
List(java.util.List)
ArrayList(java.util.ArrayList)
RequestContext(org.alfresco.rest.api.tests.client.RequestContext)
TestPerson(org.alfresco.rest.api.tests.RepoService.TestPerson)
Test(org.junit.Test)
Aggregations
PublicApiException (org.alfresco.rest.api.tests.client.PublicApiException)78
Test (org.junit.Test)73
RequestContext (org.alfresco.rest.api.tests.client.RequestContext)67
JSONObject (org.json.simple.JSONObject)40
ArrayList (java.util.ArrayList)24
Task (org.activiti.engine.task.Task)23
ProcessInfo (org.alfresco.rest.workflow.api.model.ProcessInfo)23
TasksClient (org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient)21
ProcessesClient (org.alfresco.rest.workflow.api.tests.WorkflowApiClient.ProcessesClient)19
TestNetwork (org.alfresco.rest.api.tests.RepoService.TestNetwork)18
ProcessInstance (org.activiti.engine.runtime.ProcessInstance)16
Paging (org.alfresco.rest.api.tests.client.PublicApiClient.Paging)16
NodeRef (org.alfresco.service.cmr.repository.NodeRef)15
HashMap (java.util.HashMap)13
List (java.util.List)13
ListResponse (org.alfresco.rest.api.tests.client.PublicApiClient.ListResponse)13
JSONArray (org.json.simple.JSONArray)13
TestSite (org.alfresco.rest.api.tests.RepoService.TestSite)12
TenantRunAsWork (org.alfresco.repo.tenant.TenantUtil.TenantRunAsWork)11
TestPerson (org.alfresco.rest.api.tests.RepoService.TestPerson)9
