diff --git a/config/alfresco/web-scripts-application-context.xml b/config/alfresco/web-scripts-application-context.xml index 62c494ab5a..8eb66239d0 100644 --- a/config/alfresco/web-scripts-application-context.xml +++ b/config/alfresco/web-scripts-application-context.xml @@ -782,11 +782,12 @@ class="org.alfresco.repo.web.scripts.workflow.AbstractWorkflowWebscript" parent="webscript" abstract="true"> - - - - - + + + + + + diff --git a/source/java/org/alfresco/repo/web/scripts/workflow/AbstractWorkflowWebscript.java b/source/java/org/alfresco/repo/web/scripts/workflow/AbstractWorkflowWebscript.java index 434845c8d7..018b915459 100644 --- a/source/java/org/alfresco/repo/web/scripts/workflow/AbstractWorkflowWebscript.java +++ b/source/java/org/alfresco/repo/web/scripts/workflow/AbstractWorkflowWebscript.java @@ -23,6 +23,7 @@ import java.util.Map; import org.alfresco.service.cmr.dictionary.DictionaryService; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.security.AuthenticationService; +import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.cmr.workflow.WorkflowService; import org.alfresco.service.namespace.NamespaceService; @@ -43,6 +44,7 @@ public abstract class AbstractWorkflowWebscript extends DeclarativeWebScript protected PersonService personService; protected DictionaryService dictionaryService; protected AuthenticationService authenticationService; + protected AuthorityService authorityService; protected WorkflowService workflowService; @Override @@ -77,6 +79,11 @@ public abstract class AbstractWorkflowWebscript extends DeclarativeWebScript this.authenticationService = authenticationService; } + public void setAuthorityService(AuthorityService authorityService) + { + this.authorityService = authorityService; + } + public void setWorkflowService(WorkflowService workflowService) { this.workflowService = workflowService; diff --git a/source/java/org/alfresco/repo/web/scripts/workflow/TaskInstancePut.java b/source/java/org/alfresco/repo/web/scripts/workflow/TaskInstancePut.java index 425e64aae8..d417e7611d 100644 --- a/source/java/org/alfresco/repo/web/scripts/workflow/TaskInstancePut.java +++ b/source/java/org/alfresco/repo/web/scripts/workflow/TaskInstancePut.java @@ -25,14 +25,17 @@ import java.util.Collection; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import javax.servlet.http.HttpServletResponse; import org.alfresco.model.ContentModel; +import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.workflow.WorkflowModel; import org.alfresco.service.cmr.dictionary.PropertyDefinition; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter; +import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.cmr.workflow.WorkflowTask; import org.alfresco.service.namespace.QName; import org.json.JSONArray; @@ -191,13 +194,27 @@ public class TaskInstancePut extends AbstractWorkflowWebscript { boolean result = false; - Collection actors = (Collection)task.getProperties().get(WorkflowModel.ASSOC_POOLED_ACTORS); + // get groups that the current user has to belong (at least one of them) + final Collection actors = (Collection)task.getProperties().get(WorkflowModel.ASSOC_POOLED_ACTORS); if (actors != null && !actors.isEmpty()) { - // TODO: determine whether the user is in any of the groups, for now allow - // pooled tasks to be updated. - - result = true; + for (Object actor : actors) + { + // retrieve the name of the group + Map props = nodeService.getProperties((NodeRef)actor); + String name = (String)props.get(ContentModel.PROP_AUTHORITY_NAME); + + // retrieve the users of the group + Set users = authorityService.getContainedAuthorities(AuthorityType.USER, name, true); + + // see if the user is one of the users in the group + if (users != null && !users.isEmpty() && users.contains(currentUser)) + { + // they are a member of the group so stop looking! + result = true; + break; + } + } } return result;