Example 36 with TasksClient
use of org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient in project alfresco-remote-api by Alfresco.
the class TaskWorkflowApiTest method testUpdateTaskVariablesAuthentication.
@Test
@SuppressWarnings("unchecked")
public void testUpdateTaskVariablesAuthentication() throws Exception {
RequestContext requestContext = initApiClientWithTestUser();
String initiator = getOtherPersonInNetwork(requestContext.getRunAsUser(), requestContext.getNetworkId()).getId();
// Start process by one user and try to access the task variables as the task assignee instead of the process
// initiator to see if the assignee is authorized to get the task
ProcessInstance processInstance = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
try {
JSONObject variableBody = new JSONObject();
variableBody.put("name", "newVariable");
variableBody.put("value", 1234);
variableBody.put("scope", "global");
Task task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInstance.getId()).singleResult();
assertNotNull(task);
TasksClient tasksClient = publicApiClient.tasksClient();
// Try updating task variables when NOT involved in the task
try {
tasksClient.updateTaskVariable(task.getId(), "newVariable", variableBody);
fail("Exception expected");
} catch (PublicApiException expected) {
assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
assertErrorSummary("Permission was denied", expected.getHttpResponse());
}
// Set assignee, task variables should be updatable now
activitiProcessEngine.getTaskService().setAssignee(task.getId(), requestContext.getRunAsUser());
JSONObject jsonObject = tasksClient.updateTaskVariable(task.getId(), "newVariable", variableBody);
assertNotNull(jsonObject);
// Updating task variables as admin should be possible
String tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + requestContext.getNetworkId();
publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
jsonObject = tasksClient.updateTaskVariable(task.getId(), "newVariable", variableBody);
assertNotNull(jsonObject);
// Updating the task variables as a admin from another tenant shouldn't be possible
TestNetwork anotherNetwork = getOtherNetwork(requestContext.getNetworkId());
tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + anotherNetwork.getId();
publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
try {
jsonObject = tasksClient.updateTaskVariable(task.getId(), "newVariable", variableBody);
fail("Exception expected");
} catch (PublicApiException expected) {
assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
assertErrorSummary("Permission was denied", expected.getHttpResponse());
}
} finally {
cleanupProcessInstance(processInstance);
}
}
Also used :
PublicApiException(org.alfresco.rest.api.tests.client.PublicApiException)
Task(org.activiti.engine.task.Task)
JSONObject(org.json.simple.JSONObject)
TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient)
TestNetwork(org.alfresco.rest.api.tests.RepoService.TestNetwork)
ProcessInstance(org.activiti.engine.runtime.ProcessInstance)
RequestContext(org.alfresco.rest.api.tests.client.RequestContext)
Test(org.junit.Test)
Example 37 with TasksClient
use of org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient in project alfresco-remote-api by Alfresco.
the class TaskWorkflowApiTest method testGetTaskCandidates.
@Test
public void testGetTaskCandidates() throws Exception {
RequestContext requestContext = initApiClientWithTestUser();
ProcessInstance processInstance = startAdhocProcess(requestContext.getRunAsUser(), requestContext.getNetworkId(), null);
try {
Task task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInstance.getId()).singleResult();
assertNotNull(task);
activitiProcessEngine.getTaskService().addCandidateUser(task.getId(), "testuser");
activitiProcessEngine.getTaskService().addCandidateUser(task.getId(), "testuser2");
activitiProcessEngine.getTaskService().addCandidateGroup(task.getId(), "testgroup");
TasksClient tasksClient = publicApiClient.tasksClient();
JSONObject taskCandidatesJSONObject = tasksClient.findTaskCandidates(task.getId());
assertNotNull(taskCandidatesJSONObject);
JSONArray candidateArrayJSON = (JSONArray) ((JSONObject) taskCandidatesJSONObject.get("list")).get("entries");
assertEquals(3, candidateArrayJSON.size());
boolean testUser1Found = false;
boolean testUser2Found = false;
boolean testGroupFound = false;
for (int i = 0; i < candidateArrayJSON.size(); i++) {
JSONObject entry = (JSONObject) ((JSONObject) candidateArrayJSON.get(i)).get("entry");
if ("group".equals(entry.get("candidateType"))) {
testGroupFound = true;
assertEquals("testgroup", entry.get("candidateId"));
} else if ("user".equals(entry.get("candidateType"))) {
if ("testuser".equals(entry.get("candidateId"))) {
testUser1Found = true;
} else if ("testuser2".equals(entry.get("candidateId"))) {
testUser2Found = true;
}
}
}
assertTrue(testUser1Found);
assertTrue(testUser2Found);
assertTrue(testGroupFound);
} finally {
cleanupProcessInstance(processInstance);
}
}
Also used :
Task(org.activiti.engine.task.Task)
JSONObject(org.json.simple.JSONObject)
TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient)
JSONArray(org.json.simple.JSONArray)
ProcessInstance(org.activiti.engine.runtime.ProcessInstance)
RequestContext(org.alfresco.rest.api.tests.client.RequestContext)
Test(org.junit.Test)
Example 38 with TasksClient
use of org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient in project alfresco-remote-api by Alfresco.
the class TaskWorkflowApiTest method testGetTaskByIdAuthorization.
@Test
public void testGetTaskByIdAuthorization() throws Exception {
RequestContext requestContext = initApiClientWithTestUser();
String initiator = getOtherPersonInNetwork(requestContext.getRunAsUser(), requestContext.getNetworkId()).getId();
// Start process by one user and try to access the task as the task assignee instead of the process
// initiator to see if the assignee is authorized to get the task
ProcessInstance processInstance = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
try {
Task task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInstance.getId()).singleResult();
assertNotNull(task);
TasksClient tasksClient = publicApiClient.tasksClient();
// Try accessing task when NOT involved in the task
try {
tasksClient.findTaskById(task.getId());
fail("Exception expected");
} catch (PublicApiException expected) {
assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
assertErrorSummary("Permission was denied", expected.getHttpResponse());
}
// Set assignee, task should be accessible now
activitiProcessEngine.getTaskService().setAssignee(task.getId(), requestContext.getRunAsUser());
JSONObject jsonObject = tasksClient.findTaskById(task.getId());
assertNotNull(jsonObject);
// Fetching task as admin should be possible
String tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + requestContext.getNetworkId();
publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
jsonObject = tasksClient.findTaskById(task.getId());
assertNotNull(jsonObject);
// Fetching the task as a admin from another tenant shouldn't be possible
TestNetwork anotherNetwork = getOtherNetwork(requestContext.getNetworkId());
tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + anotherNetwork.getId();
publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
try {
tasksClient.findTaskById(task.getId());
fail("Exception expected");
} catch (PublicApiException expected) {
assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
assertErrorSummary("Permission was denied", expected.getHttpResponse());
}
} finally {
cleanupProcessInstance(processInstance);
}
}
Also used :
PublicApiException(org.alfresco.rest.api.tests.client.PublicApiException)
Task(org.activiti.engine.task.Task)
JSONObject(org.json.simple.JSONObject)
TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient)
TestNetwork(org.alfresco.rest.api.tests.RepoService.TestNetwork)
ProcessInstance(org.activiti.engine.runtime.ProcessInstance)
RequestContext(org.alfresco.rest.api.tests.client.RequestContext)
Test(org.junit.Test)
Example 39 with TasksClient
use of org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient in project alfresco-remote-api by Alfresco.
the class TaskWorkflowApiTest method testCompleteTask.
@Test
@SuppressWarnings("unchecked")
public void testCompleteTask() throws Exception {
RequestContext requestContext = initApiClientWithTestUser();
String user = requestContext.getRunAsUser();
String initiator = getOtherPersonInNetwork(requestContext.getRunAsUser(), requestContext.getNetworkId()).getId();
ProcessInstance processCompleteAsAssignee = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
ProcessInstance processCompleteAsOwner = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
ProcessInstance processCompleteAsInitiator = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
ProcessInstance processCompleteAsAdmin = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
ProcessInstance processCompleteWithVariables = startAdhocProcess(initiator, requestContext.getNetworkId(), null);
try {
Task asAssigneeTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteAsAssignee.getId()).singleResult();
Task asOwnerTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteAsOwner.getId()).singleResult();
Task asInitiatorTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteAsInitiator.getId()).singleResult();
Task asAdminTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteAsAdmin.getId()).singleResult();
Task withVariablesTask = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processCompleteWithVariables.getId()).singleResult();
TasksClient tasksClient = publicApiClient.tasksClient();
// Unclaiming the task when NOT assignee, owner, initiator or admin results in error
JSONObject taskBody = new JSONObject();
taskBody.put("state", "completed");
List<String> selectedFields = new ArrayList<String>();
selectedFields.addAll(Arrays.asList(new String[] { "state" }));
try {
tasksClient.updateTask(asAssigneeTask.getId(), taskBody, selectedFields);
fail("Exception expected");
} catch (PublicApiException expected) {
assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
assertErrorSummary("Permission was denied", expected.getHttpResponse());
}
// Completing as assignee initiator
activitiProcessEngine.getTaskService().setAssignee(asAssigneeTask.getId(), user);
JSONObject result = tasksClient.updateTask(asAssigneeTask.getId(), taskBody, selectedFields);
assertEquals("completed", result.get("state"));
assertNotNull(result.get("endedAt"));
assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(asAssigneeTask.getId()).singleResult());
// Completing as process initiator
requestContext.setRunAsUser(initiator);
activitiProcessEngine.getTaskService().setAssignee(asInitiatorTask.getId(), null);
result = tasksClient.updateTask(asInitiatorTask.getId(), taskBody, selectedFields);
assertEquals("completed", result.get("state"));
assertNotNull(result.get("endedAt"));
assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(asInitiatorTask.getId()).singleResult());
// Completing as owner
requestContext.setRunAsUser(user);
asOwnerTask.setOwner(user);
activitiProcessEngine.getTaskService().saveTask(asOwnerTask);
result = tasksClient.updateTask(asOwnerTask.getId(), taskBody, selectedFields);
assertEquals("completed", result.get("state"));
assertNotNull(result.get("endedAt"));
assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(asOwnerTask.getId()).singleResult());
// Complete as admin
String tenantAdmin = AuthenticationUtil.getAdminUserName() + "@" + requestContext.getNetworkId();
publicApiClient.setRequestContext(new RequestContext(TenantUtil.DEFAULT_TENANT, tenantAdmin));
asAdminTask.setOwner(null);
activitiProcessEngine.getTaskService().saveTask(asAdminTask);
result = tasksClient.updateTask(asAdminTask.getId(), taskBody, selectedFields);
assertEquals("completed", result.get("state"));
assertNotNull(result.get("endedAt"));
assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(asAdminTask.getId()).singleResult());
// Complete with variables
requestContext.setRunAsUser(initiator);
activitiProcessEngine.getTaskService().setAssignee(withVariablesTask.getId(), null);
JSONArray variablesArray = new JSONArray();
JSONObject variableBody = new JSONObject();
variableBody.put("name", "newGlobalVariable");
variableBody.put("value", 1234);
variableBody.put("scope", "global");
variablesArray.add(variableBody);
variableBody = new JSONObject();
variableBody.put("name", "newLocalVariable");
variableBody.put("value", 5678);
variableBody.put("scope", "local");
variablesArray.add(variableBody);
taskBody.put("variables", variablesArray);
selectedFields.add("variables");
result = tasksClient.updateTask(withVariablesTask.getId(), taskBody, selectedFields);
assertEquals("completed", result.get("state"));
assertNotNull(result.get("endedAt"));
assertNull(activitiProcessEngine.getTaskService().createTaskQuery().taskId(withVariablesTask.getId()).singleResult());
HistoricTaskInstance historyTask = activitiProcessEngine.getHistoryService().createHistoricTaskInstanceQuery().taskId(withVariablesTask.getId()).includeProcessVariables().includeTaskLocalVariables().singleResult();
assertEquals(1234, historyTask.getProcessVariables().get("newGlobalVariable"));
assertEquals(5678, historyTask.getTaskLocalVariables().get("newLocalVariable"));
assertNotNull("The outcome should not be null for completed task.", historyTask.getTaskLocalVariables().get("bpm_outcome"));
JSONObject variables = tasksClient.findTaskVariables(withVariablesTask.getId());
assertNotNull(variables);
JSONObject list = (JSONObject) variables.get("list");
assertNotNull(list);
JSONArray entries = (JSONArray) list.get("entries");
assertNotNull(entries);
boolean foundGlobal = false;
boolean foundLocal = false;
for (Object entry : entries) {
JSONObject variableObject = (JSONObject) ((JSONObject) entry).get("entry");
if ("newGlobalVariable".equals(variableObject.get("name"))) {
assertEquals(1234L, variableObject.get("value"));
foundGlobal = true;
} else if ("newLocalVariable".equals(variableObject.get("name"))) {
assertEquals(5678L, variableObject.get("value"));
foundLocal = true;
}
}
assertTrue(foundGlobal);
assertTrue(foundLocal);
} finally {
cleanupProcessInstance(processCompleteAsAssignee, processCompleteAsAdmin, processCompleteAsInitiator, processCompleteAsOwner, processCompleteWithVariables);
}
}
Also used :
Task(org.activiti.engine.task.Task)
HistoricTaskInstance(org.activiti.engine.history.HistoricTaskInstance)
TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient)
ArrayList(java.util.ArrayList)
JSONArray(org.json.simple.JSONArray)
PublicApiException(org.alfresco.rest.api.tests.client.PublicApiException)
JSONObject(org.json.simple.JSONObject)
ProcessInstance(org.activiti.engine.runtime.ProcessInstance)
JSONObject(org.json.simple.JSONObject)
RequestContext(org.alfresco.rest.api.tests.client.RequestContext)
Test(org.junit.Test)
Example 40 with TasksClient
use of org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient in project alfresco-remote-api by Alfresco.
the class TaskWorkflowApiTest method testUpdateTaskMnt13276.
@Test
@SuppressWarnings("unchecked")
public void testUpdateTaskMnt13276() throws Exception {
RequestContext requestContext = initApiClientWithTestUser();
String initiatorId = requestContext.getRunAsUser();
ProcessInfo processInfo = startReviewPooledProcess(requestContext);
// create test users
final List<TestPerson> persons = transactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<List<TestPerson>>() {
@SuppressWarnings("synthetic-access")
public List<TestPerson> execute() throws Throwable {
ArrayList<TestPerson> persons = new ArrayList<TestPerson>();
String temp = "_" + System.currentTimeMillis();
persons.add(currentNetwork.createUser(new PersonInfo("user0", "user0", "user0" + temp, "password", null, "skype", "location", "telephone", "mob", "instant", "google")));
persons.add(currentNetwork.createUser(new PersonInfo("user1", "user1", "user1" + temp, "password", null, "skype", "location", "telephone", "mob", "instant", "google")));
persons.add(currentNetwork.createUser(new PersonInfo("user2", "user2", "user2" + temp, "password", null, "skype", "location", "telephone", "mob", "instant", "google")));
return persons;
}
}, false, true);
final MemberOfSite memberOfSite = currentNetwork.getSiteMemberships(initiatorId).get(0);
// startReviewPooledProcess() uses initiator's site id and role name for construct bpm_groupAssignee, thus we need appropriate things for created users
transactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>() {
public Void execute() throws Throwable {
TenantUtil.runAsUserTenant(new TenantRunAsWork<Void>() {
@Override
public Void doWork() throws Exception {
TestSite initiatorSite = (TestSite) memberOfSite.getSite();
initiatorSite.inviteToSite(persons.get(0).getId(), memberOfSite.getRole());
initiatorSite.inviteToSite(persons.get(1).getId(), memberOfSite.getRole());
// this user wouldn't be in group
initiatorSite.inviteToSite(persons.get(2).getId(), SiteRole.SiteConsumer == memberOfSite.getRole() ? SiteRole.SiteCollaborator : SiteRole.SiteConsumer);
return null;
}
}, AuthenticationUtil.getAdminUserName(), currentNetwork.getId());
return null;
}
}, false, true);
try {
Task task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInfo.getId()).singleResult();
TasksClient tasksClient = publicApiClient.tasksClient();
// Updating the task by user in group
JSONObject taskBody = new JSONObject();
taskBody.put("name", "Updated name by user in group");
List<String> selectedFields = new ArrayList<String>();
selectedFields.addAll(Arrays.asList(new String[] { "name" }));
requestContext.setRunAsUser(persons.get(0).getId());
JSONObject result = tasksClient.updateTask(task.getId(), taskBody, selectedFields);
assertEquals("Updated name by user in group", result.get("name"));
task = activitiProcessEngine.getTaskService().createTaskQuery().processInstanceId(processInfo.getId()).singleResult();
assertNotNull(task);
assertEquals("Updated name by user in group", task.getName());
// Updating the task by user not in group
try {
taskBody.put("name", "Updated name by user not in group");
requestContext.setRunAsUser(persons.get(2).getId());
tasksClient.updateTask(task.getId(), taskBody, selectedFields);
fail("User not from group should not see items.");
} catch (PublicApiException expected) {
assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
assertErrorSummary("Permission was denied", expected.getHttpResponse());
}
// claim task
TaskService taskService = activitiProcessEngine.getTaskService();
task = taskService.createTaskQuery().processInstanceId(processInfo.getId()).singleResult();
taskService.setAssignee(task.getId(), persons.get(1).getId());
// Updating by user in group for claimed task by another user
try {
taskBody = new JSONObject();
taskBody.put("name", "Updated name by user in group for claimed task");
selectedFields.addAll(Arrays.asList(new String[] { "name" }));
requestContext.setRunAsUser(persons.get(0).getId());
result = tasksClient.updateTask(task.getId(), taskBody, selectedFields);
fail("User from group should not see items for claimed task by another user.");
} catch (PublicApiException expected) {
assertEquals(HttpStatus.FORBIDDEN.value(), expected.getHttpResponse().getStatusCode());
assertErrorSummary("Permission was denied", expected.getHttpResponse());
}
} finally {
cleanupProcessInstance(processInfo.getId());
}
}
Also used :
Task(org.activiti.engine.task.Task)
PersonInfo(org.alfresco.rest.api.tests.PersonInfo)
RetryingTransactionHelper(org.alfresco.repo.transaction.RetryingTransactionHelper)
TestSite(org.alfresco.rest.api.tests.RepoService.TestSite)
TaskService(org.activiti.engine.TaskService)
TasksClient(org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient)
ArrayList(java.util.ArrayList)
MemberOfSite(org.alfresco.rest.api.tests.client.data.MemberOfSite)
ProcessInfo(org.alfresco.rest.workflow.api.model.ProcessInfo)
PublicApiException(org.alfresco.rest.api.tests.client.PublicApiException)
JSONObject(org.json.simple.JSONObject)
TenantRunAsWork(org.alfresco.repo.tenant.TenantUtil.TenantRunAsWork)
List(java.util.List)
ArrayList(java.util.ArrayList)
RequestContext(org.alfresco.rest.api.tests.client.RequestContext)
TestPerson(org.alfresco.rest.api.tests.RepoService.TestPerson)
Test(org.junit.Test)
Aggregations
TasksClient (org.alfresco.rest.workflow.api.tests.WorkflowApiClient.TasksClient)41
Test (org.junit.Test)41
RequestContext (org.alfresco.rest.api.tests.client.RequestContext)39
Task (org.activiti.engine.task.Task)38
JSONObject (org.json.simple.JSONObject)36
ProcessInstance (org.activiti.engine.runtime.ProcessInstance)32
PublicApiException (org.alfresco.rest.api.tests.client.PublicApiException)22
ArrayList (java.util.ArrayList)17
JSONArray (org.json.simple.JSONArray)14
HashMap (java.util.HashMap)9
ProcessInfo (org.alfresco.rest.workflow.api.model.ProcessInfo)8
Calendar (java.util.Calendar)5
Date (java.util.Date)5
TestNetwork (org.alfresco.rest.api.tests.RepoService.TestNetwork)5
MemberOfSite (org.alfresco.rest.api.tests.client.data.MemberOfSite)5
NodeRef (org.alfresco.service.cmr.repository.NodeRef)4
HistoricTaskInstance (org.activiti.engine.history.HistoricTaskInstance)3
HashSet (java.util.HashSet)2
TaskService (org.activiti.engine.TaskService)2
Clock (org.activiti.engine.runtime.Clock)2
