4 Replies Latest reply on Oct 12, 2007 8:16 AM by kukeltje

    Is JBPM authorization model broken ?

    tombrough
    tombrough Oct 11, 2007 9:59 AM

      Ok JBPM has gone from challenging to getting on my wick !

      Im using jbpm-jpdl-3.2.1 and it seems that no matter what I configure in my processdefinition.xml any user can see / act on any task.

      Consider this :-

      <?xml version="1.0" encoding="UTF-8"?>

<process-definition
 xmlns="urn:jbpm.org:jpdl-3.2"
 name="IT01">

 <!-- Nodes -->
 <!-- start-state -->
 <start-state name="start">
 <transition name="transition1" to="getDetails"></transition>
 </start-state>

 <!-- end-state -->
 <end-state name="end"></end-state>

 <!-- getDetails - get initial details of IT01 -->
 <task-node name="getDetails">
 <task name="getDetails">
 <assignment expression="user(manager)" />
 </task>
 <transition name="Transition2" to="Check Form">
 </transition>
 </task-node>

 <!-- Check Form - IT Manager checks form -->

 <task-node name="Check Form">
 <task name="ITManagerFormCheck">
 <assignment expression="user(manager)" />
 </task>
 <transition name="Transition3" to="end"></transition>
 </task-node>
</process-definition>


      You would expect 
      <assignment expression="user(manager)" />
      to assign the task to manager right ?

      when I log in as user, I can start a new process, this presents me with a Task, the task says its assigned to manager, which is what you would expect however when you click examine it goes on to let you fill in the associated form with the task (as user). You can then "submit" that task and transition to the next task (all done as user: user).






      • 1477 Views
      • Tags:
        • 1. Re: Is JBPM authorization model broken ?
          kukeltje
          kukeltje Oct 11, 2007 10:30 AM (in response to tombrough)

          if you are using the webconsole, this is an KNOW ISSUE (as intended by a developer) in current releases ... has been for several months and will be 'fixed' in 3.3. Has been discussed before in this forum, is in the Jira....

            • Actions
          • 2. Re: Is JBPM authorization model broken ?
            tombrough
            tombrough Oct 12, 2007 6:26 AM (in response to tombrough)

             

            "kukeltje" wrote:
            if you are using the webconsole, this is an KNOW ISSUE (as intended by a developer) in current releases ... has been for several months and will be 'fixed' in 3.3. Has been discussed before in this forum, is in the Jira....


            In the mean time is there a work around that I can use to get around the "issue" ? Or do I have to rewrite some of the jbpm-conosole ui to get it to behave ?



              • Actions
            • 3. Re: Is JBPM authorization model broken ?
              kukeltje
              kukeltje Oct 12, 2007 7:31 AM (in response to tombrough)

              yep, you have to rewrite some of the jbpm console code. I'll look up which ones... stay tuned

                • Actions
              • 4. Re: Is JBPM authorization model broken ?
                kukeltje
                kukeltje Oct 12, 2007 8:16 AM (in response to tombrough)

                there currently is a console/src/main/webapp/sa/tasks.xhtml page for te admin (sa=system administrator I assume). This page contains the jsf4jbpm tag listTasks. A copy of this page with which uses the tag listTasksForActor should give you what you want.

                Maybe some more work is needed, but that is the general idea.

                  • Actions