diff --git a/config/alfresco/web-scripts-application-context.xml b/config/alfresco/web-scripts-application-context.xml
index 62c494ab5a..8eb66239d0 100644
--- a/config/alfresco/web-scripts-application-context.xml
+++ b/config/alfresco/web-scripts-application-context.xml
@@ -782,11 +782,12 @@
class="org.alfresco.repo.web.scripts.workflow.AbstractWorkflowWebscript"
parent="webscript" abstract="true">
-
-
-
-
-
+
+
+
+
+
+
diff --git a/source/java/org/alfresco/repo/web/scripts/workflow/AbstractWorkflowWebscript.java b/source/java/org/alfresco/repo/web/scripts/workflow/AbstractWorkflowWebscript.java
index 434845c8d7..018b915459 100644
--- a/source/java/org/alfresco/repo/web/scripts/workflow/AbstractWorkflowWebscript.java
+++ b/source/java/org/alfresco/repo/web/scripts/workflow/AbstractWorkflowWebscript.java
@@ -23,6 +23,7 @@ import java.util.Map;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService;
+import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.workflow.WorkflowService;
import org.alfresco.service.namespace.NamespaceService;
@@ -43,6 +44,7 @@ public abstract class AbstractWorkflowWebscript extends DeclarativeWebScript
protected PersonService personService;
protected DictionaryService dictionaryService;
protected AuthenticationService authenticationService;
+ protected AuthorityService authorityService;
protected WorkflowService workflowService;
@Override
@@ -77,6 +79,11 @@ public abstract class AbstractWorkflowWebscript extends DeclarativeWebScript
this.authenticationService = authenticationService;
}
+ public void setAuthorityService(AuthorityService authorityService)
+ {
+ this.authorityService = authorityService;
+ }
+
public void setWorkflowService(WorkflowService workflowService)
{
this.workflowService = workflowService;
diff --git a/source/java/org/alfresco/repo/web/scripts/workflow/TaskInstancePut.java b/source/java/org/alfresco/repo/web/scripts/workflow/TaskInstancePut.java
index 425e64aae8..d417e7611d 100644
--- a/source/java/org/alfresco/repo/web/scripts/workflow/TaskInstancePut.java
+++ b/source/java/org/alfresco/repo/web/scripts/workflow/TaskInstancePut.java
@@ -25,14 +25,17 @@ import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.model.ContentModel;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.workflow.WorkflowModel;
import org.alfresco.service.cmr.dictionary.PropertyDefinition;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
+import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.workflow.WorkflowTask;
import org.alfresco.service.namespace.QName;
import org.json.JSONArray;
@@ -191,13 +194,27 @@ public class TaskInstancePut extends AbstractWorkflowWebscript
{
boolean result = false;
- Collection> actors = (Collection>)task.getProperties().get(WorkflowModel.ASSOC_POOLED_ACTORS);
+ // get groups that the current user has to belong (at least one of them)
+ final Collection> actors = (Collection>)task.getProperties().get(WorkflowModel.ASSOC_POOLED_ACTORS);
if (actors != null && !actors.isEmpty())
{
- // TODO: determine whether the user is in any of the groups, for now allow
- // pooled tasks to be updated.
-
- result = true;
+ for (Object actor : actors)
+ {
+ // retrieve the name of the group
+ Map props = nodeService.getProperties((NodeRef)actor);
+ String name = (String)props.get(ContentModel.PROP_AUTHORITY_NAME);
+
+ // retrieve the users of the group
+ Set users = authorityService.getContainedAuthorities(AuthorityType.USER, name, true);
+
+ // see if the user is one of the users in the group
+ if (users != null && !users.isEmpty() && users.contains(currentUser))
+ {
+ // they are a member of the group so stop looking!
+ result = true;
+ break;
+ }
+ }
}
return result;