2 Replies Latest reply on Jan 29, 2014 3:51 AM by Matteo Maguolo

    Groups and hierarchy

    Matteo Maguolo Newbie

      Hi,

      I'm a developer and I am trying to make a workflow jbpm (v6.0.0) based on groups and users definition.

      I'd like to know if exists any examples of project done in this direction or, if I have to create it from new if please you have any advice for it.

       

       

      By now I using a MySQL DB both for application and login, login tables are created with this code:

       

       

      CREATE TABLE PRINCIPLES ( principal_id VARCHAR(64) primary key,password VARCHAR(64));

      CREATE TABLE ROLES ( principal_id VARCHAR(64),user_role VARCHAR(64),role_group VARCHAR(64));

       

       

      My goal is to implement a geographical hierarchy as:

       

       

      user: pippo

      role: admin

      group: Europe

      -----------------------

      user: pluto

      role: analyst

      group: Italy

      ----------------------

      user:minnie

      role: analyst

      group: canada

       

       

      Using this user pippo should be able to see workflows (instances and tasks) inherit from son-group Italy but not property of MIninie (Canada)

      Also I would like that a user will not be able to modify or delete istances of other user's processes if he is not a superior member of the same group

       

       

      If hierarchy is not implemented, where should be created, in ibpm-console?

      Where can I find the jbpm-console's sources?

       

       

      Thanks for the help

       

       

      Kings Regards

      Matteo

        • 1. Re: Groups and hierarchy
          Maciej Swiderski Master

          access control is only available for user tasks and it is based on membership in the group, not hierarchical. There are some plan to provide access control on process level but currently this is not possible. You could try to extend the functionality of the console to use some sort of interceptor mechanism (as console is CDI based application) to get int the way of regular processing chain and resolve user roles and groups in advance before allowing to perform operations on the process.

           

          Source of console can be found here and here. Where first is the main part of console, where second is more of an assembly to provide both runtime and design time capabilities.

           

          HTH