in general it looks good, just have one comment - is it ok to allow update queries on jBPM schema? What would be a use case for this? Shouldn't we protect it and expose api for accessing it?
I think the Hql/Sql activity is intended to used by developers. People who want to use these activities should be familiar with how to write a hql/sql query. And they must know the database structures.
So the developer-oriented activities could expose all of operations that hql/sql could do. Not only select, but also update/insert/delete.
In the testcase, I demostrated the hql/sql update operation by update jbpm schema. But in the production environment, I think commonly people will use it to update their business related schema. So I think it will be harmless.
In my opinion, if we provide this feature in jBPM 4, it will be only used by developer, not end-user. So I think we could wait for other people's advices.
Intuitively I agree with Maciej, although nothing prevents one from invoking EnvironmentImpl.getFromCurrent(Session.class).createQuery().executeUpdate() from a custom or java activity, which makes any protection quite easy to defeat. The update attribute in the hsql/sql activities is enough to prevent unintended updates.
fair enough, just wanted to check. It seems easier (does not require any knowledge of jBPM internals) to use hql/sql.
Either way it is certainly a nice feature.