Search in sources :

Example 36 with TasksClient

use of org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient in project alfresco-remote-api by Alfresco.

the class TaskWorkflowApiTest method testUpdateTaskVariablesAuthentication.

@Test
@SuppressWarnings("unchecked")
public void testUpdateTaskVariablesAuthentication() throws Exception {
    RequestContext requestContext = initApiClientWithTestUser();
    String initiator = getOtherPersonInNetwork(requestContext.getRunAsUser(), requestContext.getNetworkId()).getId();
    // Start process by one user and try to access the task variables as the task assignee instead of the process
    // initiator to see if the assignee is authorized to get the task
    ProcessInstance processInstance = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
    try {
        JSONObject variableBody = new JSONObject();
        variableBody.put("name", "newVariable");
        variableBody.put("value", 1234);
        variableBody.put("scope", "global");
        Task task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInstance.getId()).singleResult();
        assertNotNull(task);
        TasksClient tasksClient = publicApiClient.tasksClient();
        // Try updating task variables when NOT involved in the task
        try {
            tasksClient.updateTaskVariable(task.getId(), "newVariable", variableBody);
            fail("Exception expected");
        } catch (PublicApiException expected) {
            assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
            assertErrorSummary("Permission was denied", expected.getHttpResponse());
        }
        // Set assignee, task variables should be updatable now
        activitiProcessEngine.getTaskService().setAssignee(task.getId(), requestContext.getRunAsUser());
        JSONObject jsonObject = tasksClient.updateTaskVariable(task.getId(), "newVariable", variableBody);
        assertNotNull(jsonObject);
        // Updating task variables as admin should be possible
        String tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + requestContext.getNetworkId();
        publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
        jsonObject = tasksClient.updateTaskVariable(task.getId(), "newVariable", variableBody);
        assertNotNull(jsonObject);
        // Updating the task variables as a admin from another tenant shouldn't be possible
        TestNetwork anotherNetwork = getOtherNetwork(requestContext.getNetworkId());
        tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + anotherNetwork.getId();
        publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
        try {
            jsonObject = tasksClient.updateTaskVariable(task.getId(), "newVariable", variableBody);
            fail("Exception expected");
        } catch (PublicApiException expected) {
            assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
            assertErrorSummary("Permission was denied", expected.getHttpResponse());
        }
    } finally {
        cleanupProcessInstance(processInstance);
    }
}
Also used : PublicApiException(org.alfresco.rest.api.tests.client.PublicApiException) Task(org.activiti.engine.task.Task) JSONObject(org.json.simple.JSONObject) TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient) TestNetwork(org.alfresco.rest.api.tests.RepoService.TestNetwork) ProcessInstance(org.activiti.engine.runtime.ProcessInstance) RequestContext(org.alfresco.rest.api.tests.client.RequestContext) Test(org.junit.Test)

Example 37 with TasksClient

use of org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient in project alfresco-remote-api by Alfresco.

the class TaskWorkflowApiTest method testGetTaskCandidates.

@Test
public void testGetTaskCandidates() throws Exception {
    RequestContext requestContext = initApiClientWithTestUser();
    ProcessInstance processInstance = startAdhocProcess(requestContext.getRunAsUser(), requestContext.getNetworkId(), null);
    try {
        Task task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInstance.getId()).singleResult();
        assertNotNull(task);
        activitiProcessEngine.getTaskService().addCandidateUser(task.getId(), "testuser");
        activitiProcessEngine.getTaskService().addCandidateUser(task.getId(), "testuser2");
        activitiProcessEngine.getTaskService().addCandidateGroup(task.getId(), "testgroup");
        TasksClient tasksClient = publicApiClient.tasksClient();
        JSONObject taskCandidatesJSONObject = tasksClient.findTaskCandidates(task.getId());
        assertNotNull(taskCandidatesJSONObject);
        JSONArray candidateArrayJSON = (JSONArray) ((JSONObject) taskCandidatesJSONObject.get("list")).get("entries");
        assertEquals(3, candidateArrayJSON.size());
        boolean testUser1Found = false;
        boolean testUser2Found = false;
        boolean testGroupFound = false;
        for (int i = 0; i < candidateArrayJSON.size(); i++) {
            JSONObject entry = (JSONObject) ((JSONObject) candidateArrayJSON.get(i)).get("entry");
            if ("group".equals(entry.get("candidateType"))) {
                testGroupFound = true;
                assertEquals("testgroup", entry.get("candidateId"));
            } else if ("user".equals(entry.get("candidateType"))) {
                if ("testuser".equals(entry.get("candidateId"))) {
                    testUser1Found = true;
                } else if ("testuser2".equals(entry.get("candidateId"))) {
                    testUser2Found = true;
                }
            }
        }
        assertTrue(testUser1Found);
        assertTrue(testUser2Found);
        assertTrue(testGroupFound);
    } finally {
        cleanupProcessInstance(processInstance);
    }
}
Also used : Task(org.activiti.engine.task.Task) JSONObject(org.json.simple.JSONObject) TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient) JSONArray(org.json.simple.JSONArray) ProcessInstance(org.activiti.engine.runtime.ProcessInstance) RequestContext(org.alfresco.rest.api.tests.client.RequestContext) Test(org.junit.Test)

Example 38 with TasksClient

use of org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient in project alfresco-remote-api by Alfresco.

the class TaskWorkflowApiTest method testGetTaskByIdAuthorization.

@Test
public void testGetTaskByIdAuthorization() throws Exception {
    RequestContext requestContext = initApiClientWithTestUser();
    String initiator = getOtherPersonInNetwork(requestContext.getRunAsUser(), requestContext.getNetworkId()).getId();
    // Start process by one user and try to access the task as the task assignee instead of the process
    // initiator to see if the assignee is authorized to get the task
    ProcessInstance processInstance = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
    try {
        Task task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInstance.getId()).singleResult();
        assertNotNull(task);
        TasksClient tasksClient = publicApiClient.tasksClient();
        // Try accessing task when NOT involved in the task
        try {
            tasksClient.findTaskById(task.getId());
            fail("Exception expected");
        } catch (PublicApiException expected) {
            assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
            assertErrorSummary("Permission was denied", expected.getHttpResponse());
        }
        // Set assignee, task should be accessible now
        activitiProcessEngine.getTaskService().setAssignee(task.getId(), requestContext.getRunAsUser());
        JSONObject jsonObject = tasksClient.findTaskById(task.getId());
        assertNotNull(jsonObject);
        // Fetching task as admin should be possible
        String tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + requestContext.getNetworkId();
        publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
        jsonObject = tasksClient.findTaskById(task.getId());
        assertNotNull(jsonObject);
        // Fetching the task as a admin from another tenant shouldn't be possible
        TestNetwork anotherNetwork = getOtherNetwork(requestContext.getNetworkId());
        tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + anotherNetwork.getId();
        publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
        try {
            tasksClient.findTaskById(task.getId());
            fail("Exception expected");
        } catch (PublicApiException expected) {
            assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
            assertErrorSummary("Permission was denied", expected.getHttpResponse());
        }
    } finally {
        cleanupProcessInstance(processInstance);
    }
}
Also used : PublicApiException(org.alfresco.rest.api.tests.client.PublicApiException) Task(org.activiti.engine.task.Task) JSONObject(org.json.simple.JSONObject) TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient) TestNetwork(org.alfresco.rest.api.tests.RepoService.TestNetwork) ProcessInstance(org.activiti.engine.runtime.ProcessInstance) RequestContext(org.alfresco.rest.api.tests.client.RequestContext) Test(org.junit.Test)

Example 39 with TasksClient

use of org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient in project alfresco-remote-api by Alfresco.

the class TaskWorkflowApiTest method testCompleteTask.

@Test
@SuppressWarnings("unchecked")
public void testCompleteTask() throws Exception {
    RequestContext requestContext = initApiClientWithTestUser();
    String user = requestContext.getRunAsUser();
    String initiator = getOtherPersonInNetwork(requestContext.getRunAsUser(), requestContext.getNetworkId()).getId();
    ProcessInstance processCompleteAsAssignee = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
    ProcessInstance processCompleteAsOwner = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
    ProcessInstance processCompleteAsInitiator = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
    ProcessInstance processCompleteAsAdmin = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
    ProcessInstance processCompleteWithVariables = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
    try {
        Task asAssigneeTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteAsAssignee.getId()).singleResult();
        Task asOwnerTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteAsOwner.getId()).singleResult();
        Task asInitiatorTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteAsInitiator.getId()).singleResult();
        Task asAdminTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteAsAdmin.getId()).singleResult();
        Task withVariablesTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteWithVariables.getId()).singleResult();
        TasksClient tasksClient = publicApiClient.tasksClient();
        // Unclaiming the task when NOT assignee, owner, initiator or admin results in error
        JSONObject taskBody = new JSONObject();
        taskBody.put("state", "completed");
        List<String> selectedFields = new ArrayList<String>();
        selectedFields.addAll(Arrays.asList(new String[] { "state" }));
        try {
            tasksClient.updateTask(asAssigneeTask.getId(), taskBody, selectedFields);
            fail("Exception expected");
        } catch (PublicApiException expected) {
            assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
            assertErrorSummary("Permission was denied", expected.getHttpResponse());
        }
        // Completing as assignee initiator
        activitiProcessEngine.getTaskService().setAssignee(asAssigneeTask.getId(), user);
        JSONObject result = tasksClient.updateTask(asAssigneeTask.getId(), taskBody, selectedFields);
        assertEquals("completed", result.get("state"));
        assertNotNull(result.get("endedAt"));
        assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(asAssigneeTask.getId()).singleResult());
        // Completing as process initiator
        requestContext.setRunAsUser(initiator);
        activitiProcessEngine.getTaskService().setAssignee(asInitiatorTask.getId(), null);
        result = tasksClient.updateTask(asInitiatorTask.getId(), taskBody, selectedFields);
        assertEquals("completed", result.get("state"));
        assertNotNull(result.get("endedAt"));
        assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(asInitiatorTask.getId()).singleResult());
        // Completing as owner
        requestContext.setRunAsUser(user);
        asOwnerTask.setOwner(user);
        activitiProcessEngine.getTaskService().saveTask(asOwnerTask);
        result = tasksClient.updateTask(asOwnerTask.getId(), taskBody, selectedFields);
        assertEquals("completed", result.get("state"));
        assertNotNull(result.get("endedAt"));
        assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(asOwnerTask.getId()).singleResult());
        // Complete as admin
        String tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + requestContext.getNetworkId();
        publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
        asAdminTask.setOwner(null);
        activitiProcessEngine.getTaskService().saveTask(asAdminTask);
        result = tasksClient.updateTask(asAdminTask.getId(), taskBody, selectedFields);
        assertEquals("completed", result.get("state"));
        assertNotNull(result.get("endedAt"));
        assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(asAdminTask.getId()).singleResult());
        // Complete with variables
        requestContext.setRunAsUser(initiator);
        activitiProcessEngine.getTaskService().setAssignee(withVariablesTask.getId(), null);
        JSONArray variablesArray = new JSONArray();
        JSONObject variableBody = new JSONObject();
        variableBody.put("name", "newGlobalVariable");
        variableBody.put("value", 1234);
        variableBody.put("scope", "global");
        variablesArray.add(variableBody);
        variableBody = new JSONObject();
        variableBody.put("name", "newLocalVariable");
        variableBody.put("value", 5678);
        variableBody.put("scope", "local");
        variablesArray.add(variableBody);
        taskBody.put("variables", variablesArray);
        selectedFields.add("variables");
        result = tasksClient.updateTask(withVariablesTask.getId(), taskBody, selectedFields);
        assertEquals("completed", result.get("state"));
        assertNotNull(result.get("endedAt"));
        assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(withVariablesTask.getId()).singleResult());
        HistoricTaskInstance historyTask = activitiProcessEngine.getHistoryService().createHistoricTaskInstanceQuery().taskId(withVariablesTask.getId()).includeProcessVariables().includeTaskLocalVariables().singleResult();
        assertEquals(1234, historyTask.getProcessVariables().get("newGlobalVariable"));
        assertEquals(5678, historyTask.getTaskLocalVariables().get("newLocalVariable"));
        assertNotNull("The outcome should not be null for completed task.", historyTask.getTaskLocalVariables().get("bpm_outcome"));
        JSONObject variables = tasksClient.findTaskVariables(withVariablesTask.getId());
        assertNotNull(variables);
        JSONObject list = (JSONObject) variables.get("list");
        assertNotNull(list);
        JSONArray entries = (JSONArray) list.get("entries");
        assertNotNull(entries);
        boolean foundGlobal = false;
        boolean foundLocal = false;
        for (Object entry : entries) {
            JSONObject variableObject = (JSONObject) ((JSONObject) entry).get("entry");
            if ("newGlobalVariable".equals(variableObject.get("name"))) {
                assertEquals(1234L, variableObject.get("value"));
                foundGlobal = true;
            } else if ("newLocalVariable".equals(variableObject.get("name"))) {
                assertEquals(5678L, variableObject.get("value"));
                foundLocal = true;
            }
        }
        assertTrue(foundGlobal);
        assertTrue(foundLocal);
    } finally {
        cleanupProcessInstance(processCompleteAsAssignee, processCompleteAsAdmin, processCompleteAsInitiator, processCompleteAsOwner, processCompleteWithVariables);
    }
}
Also used : Task(org.activiti.engine.task.Task) HistoricTaskInstance(org.activiti.engine.history.HistoricTaskInstance) TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient) ArrayList(java.util.ArrayList) JSONArray(org.json.simple.JSONArray) PublicApiException(org.alfresco.rest.api.tests.client.PublicApiException) JSONObject(org.json.simple.JSONObject) ProcessInstance(org.activiti.engine.runtime.ProcessInstance) JSONObject(org.json.simple.JSONObject) RequestContext(org.alfresco.rest.api.tests.client.RequestContext) Test(org.junit.Test)

Example 40 with TasksClient

use of org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient in project alfresco-remote-api by Alfresco.

the class TaskWorkflowApiTest method testUpdateTaskMnt13276.

@Test
@SuppressWarnings("unchecked")
public void testUpdateTaskMnt13276() throws Exception {
    RequestContext requestContext = initApiClientWithTestUser();
    String initiatorId = requestContext.getRunAsUser();
    ProcessInfo processInfo = startReviewPooledProcess(requestContext);
    // create test users
    final List<TestPerson> persons = transactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<List<TestPerson>>() {

        @SuppressWarnings("synthetic-access")
        public List<TestPerson> execute() throws Throwable {
            ArrayList<TestPerson> persons = new ArrayList<TestPerson>();
            String temp = "_" + System.currentTimeMillis();
            persons.add(currentNetwork.createUser(new PersonInfo("user0", "user0", "user0" + temp, "password", null, "skype", "location", "telephone", "mob", "instant", "google")));
            persons.add(currentNetwork.createUser(new PersonInfo("user1", "user1", "user1" + temp, "password", null, "skype", "location", "telephone", "mob", "instant", "google")));
            persons.add(currentNetwork.createUser(new PersonInfo("user2", "user2", "user2" + temp, "password", null, "skype", "location", "telephone", "mob", "instant", "google")));
            return persons;
        }
    }, false, true);
    final MemberOfSite memberOfSite = currentNetwork.getSiteMemberships(initiatorId).get(0);
    // startReviewPooledProcess() uses initiator's site id and role name for construct bpm_groupAssignee, thus we need appropriate things for created users
    transactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>() {

        public Void execute() throws Throwable {
            TenantUtil.runAsUserTenant(new TenantRunAsWork<Void>() {

                @Override
                public Void doWork() throws Exception {
                    TestSite initiatorSite = (TestSite) memberOfSite.getSite();
                    initiatorSite.inviteToSite(persons.get(0).getId(), memberOfSite.getRole());
                    initiatorSite.inviteToSite(persons.get(1).getId(), memberOfSite.getRole());
                    // this user wouldn't be in group
                    initiatorSite.inviteToSite(persons.get(2).getId(), SiteRole.SiteConsumer == memberOfSite.getRole() ? SiteRole.SiteCollaborator : SiteRole.SiteConsumer);
                    return null;
                }
            }, AuthenticationUtil.getAdminUserName(), currentNetwork.getId());
            return null;
        }
    }, false, true);
    try {
        Task task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInfo.getId()).singleResult();
        TasksClient tasksClient = publicApiClient.tasksClient();
        // Updating the task by user in group
        JSONObject taskBody = new JSONObject();
        taskBody.put("name", "Updated name by user in group");
        List<String> selectedFields = new ArrayList<String>();
        selectedFields.addAll(Arrays.asList(new String[] { "name" }));
        requestContext.setRunAsUser(persons.get(0).getId());
        JSONObject result = tasksClient.updateTask(task.getId(), taskBody, selectedFields);
        assertEquals("Updated name by user in group", result.get("name"));
        task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInfo.getId()).singleResult();
        assertNotNull(task);
        assertEquals("Updated name by user in group", task.getName());
        // Updating the task by user not in group
        try {
            taskBody.put("name", "Updated name by user not in group");
            requestContext.setRunAsUser(persons.get(2).getId());
            tasksClient.updateTask(task.getId(), taskBody, selectedFields);
            fail("User not from group should not see items.");
        } catch (PublicApiException expected) {
            assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
            assertErrorSummary("Permission was denied", expected.getHttpResponse());
        }
        // claim task
        TaskService taskService = activitiProcessEngine.getTaskService();
        task = taskService.createTaskQuery().processInstanceId(processInfo.getId()).singleResult();
        taskService.setAssignee(task.getId(), persons.get(1).getId());
        // Updating by user in group for claimed task by another user
        try {
            taskBody = new JSONObject();
            taskBody.put("name", "Updated name by user in group for claimed task");
            selectedFields.addAll(Arrays.asList(new String[] { "name" }));
            requestContext.setRunAsUser(persons.get(0).getId());
            result = tasksClient.updateTask(task.getId(), taskBody, selectedFields);
            fail("User from group should not see items for claimed task by another user.");
        } catch (PublicApiException expected) {
            assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
            assertErrorSummary("Permission was denied", expected.getHttpResponse());
        }
    } finally {
        cleanupProcessInstance(processInfo.getId());
    }
}
Also used : Task(org.activiti.engine.task.Task) PersonInfo(org.alfresco.rest.api.tests.PersonInfo) RetryingTransactionHelper(org.alfresco.repo.transaction.RetryingTransactionHelper) TestSite(org.alfresco.rest.api.tests.RepoService.TestSite) TaskService(org.activiti.engine.TaskService) TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient) ArrayList(java.util.ArrayList) MemberOfSite(org.alfresco.rest.api.tests.client.data.MemberOfSite) ProcessInfo(org.alfresco.rest.workflow.api.model.ProcessInfo) PublicApiException(org.alfresco.rest.api.tests.client.PublicApiException) JSONObject(org.json.simple.JSONObject) TenantRunAsWork(org.alfresco.repo.tenant.TenantUtil.TenantRunAsWork) List(java.util.List) ArrayList(java.util.ArrayList) RequestContext(org.alfresco.rest.api.tests.client.RequestContext) TestPerson(org.alfresco.rest.api.tests.RepoService.TestPerson) Test(org.junit.Test)

Aggregations

TasksClient (org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient)41 Test (org.junit.Test)41 RequestContext (org.alfresco.rest.api.tests.client.RequestContext)39 Task (org.activiti.engine.task.Task)38 JSONObject (org.json.simple.JSONObject)36 ProcessInstance (org.activiti.engine.runtime.ProcessInstance)32 PublicApiException (org.alfresco.rest.api.tests.client.PublicApiException)22 ArrayList (java.util.ArrayList)17 JSONArray (org.json.simple.JSONArray)14 HashMap (java.util.HashMap)9 ProcessInfo (org.alfresco.rest.workflow.api.model.ProcessInfo)8 Calendar (java.util.Calendar)5 Date (java.util.Date)5 TestNetwork (org.alfresco.rest.api.tests.RepoService.TestNetwork)5 MemberOfSite (org.alfresco.rest.api.tests.client.data.MemberOfSite)5 NodeRef (org.alfresco.service.cmr.repository.NodeRef)4 HistoricTaskInstance (org.activiti.engine.history.HistoricTaskInstance)3 HashSet (java.util.HashSet)2 TaskService (org.activiti.engine.TaskService)2 Clock (org.activiti.engine.runtime.Clock)2