CLOUD-1927: Start-task permissions take into account workflow-involvement + added test for this behaviour

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@53990 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2013-08-13 09:46:53 +00:00
parent d9ef85464d
commit 0a36e2af67
2 changed files with 111 additions and 3 deletions
--- a/source/java/org/alfresco/repo/workflow/activiti/ActivitiWorkflowServiceIntegrationTest.java
+++ b/source/java/org/alfresco/repo/workflow/activiti/ActivitiWorkflowServiceIntegrationTest.java
@@ -21,10 +21,12 @@ package org.alfresco.repo.workflow.activiti;

 import java.io.Serializable;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;

+import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.alfresco.repo.workflow.AbstractWorkflowServiceIntegrationTest;
 import org.alfresco.repo.workflow.WorkflowModel;
 import org.alfresco.service.cmr.dictionary.PropertyDefinition;
@@ -147,6 +149,68 @@ public class ActivitiWorkflowServiceIntegrationTest extends AbstractWorkflowServ
        assertEquals("wf:activitiReviewTask", taskDef.getId());
    }
    
+    public void testAccessStartTaskAsAssigneeFromTaskPartOfProcess()
+    {
+        // Test added to validate fix for CLOUD-1929 - start-task can be accesses by assignee of a task
+        // part of that process
+        WorkflowDefinition definition = deployDefinition(getAdhocDefinitionPath());
+        
+        // Start process as USER1
+        personManager.setUser(USER1);
+        
+        // Create workflow parameters
+        Map<QName, Serializable> params = new HashMap<QName, Serializable>();
+        Serializable wfPackage = workflowService.createPackage(null);
+        params.put(WorkflowModel.ASSOC_PACKAGE, wfPackage);
+        NodeRef assignee = personManager.get(USER2);
+        params.put(WorkflowModel.ASSOC_ASSIGNEE, assignee);  // task instance field
+
+        WorkflowPath path = workflowService.startWorkflow(definition.getId(), params);
+        String instanceId = path.getInstance().getId();
+        
+        WorkflowTask startTask = workflowService.getStartTask(instanceId);
+        workflowService.endTask(startTask.getId(), null);
+        
+        List<WorkflowTask> tasks = workflowService.getTasksForWorkflowPath(path.getId());
+        assertEquals(1, tasks.size());
+        
+        
+        // Assign task to user3
+        workflowService.updateTask(tasks.get(0).getId(), Collections.singletonMap(WorkflowModel.ASSOC_ASSIGNEE, 
+                    (Serializable) personManager.get(USER3)), null, null);
+        
+        // Authenticate as user3
+        personManager.setUser(USER3);
+        
+        // When fetchin the start-task, no exception should be thrown
+        startTask = workflowService.getStartTask(instanceId);
+        assertNotNull(startTask);
+        startTask = workflowService.getTaskById(startTask.getId());
+        assertNotNull(startTask);
+        
+        // Accessing by user4 shouldn't be possible
+        personManager.setUser(USER4);
+        try
+        {
+            workflowService.getStartTask(instanceId);
+            fail("AccessDeniedException expected");
+        }
+        catch(AccessDeniedException expected) 
+        {
+            // Expected excaption
+        }
+        
+        try
+        {
+            workflowService.getTaskById(startTask.getId());
+            fail("AccessDeniedException expected");
+        }
+        catch(AccessDeniedException expected) 
+        {
+            // Expected exception
+        }
+    }
+    
    
    @Override
    protected void checkTaskQueryStartTaskCompleted(String workflowInstanceId, WorkflowTask startTask)