From 7a008c3eb7220e4ace735712a6e30fc7f274720e Mon Sep 17 00:00:00 2001 From: Alan Davis Date: Sat, 7 Feb 2015 10:32:43 +0000 Subject: [PATCH] Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud) 96472: Merged 5.0.N (5.0.2) to HEAD-BUG-FIX (5.1/Cloud) 96359: Merged V4.2-BUG-FIX (4.2.5) to 5.0.N (5.0.2) 96305: MNT-13212: Merged DEV to V4.2-BUG-FIX (4.2.5) 96032: MNT-13212: Details of tasks assigned to any user are visible to all users via API call - Restore workflow permission check in interceptor for getAssignedTasks and getPooledTasks methods. Add unit test. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@96501 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../workflow/AbstractWorkflowRestApiTest.java | 34 ++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/source/test-java/org/alfresco/repo/web/scripts/workflow/AbstractWorkflowRestApiTest.java b/source/test-java/org/alfresco/repo/web/scripts/workflow/AbstractWorkflowRestApiTest.java index dc647bae45..e086bf5f03 100644 --- a/source/test-java/org/alfresco/repo/web/scripts/workflow/AbstractWorkflowRestApiTest.java +++ b/source/test-java/org/alfresco/repo/web/scripts/workflow/AbstractWorkflowRestApiTest.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2011 Alfresco Software Limited. + * Copyright (C) 2005-2015 Alfresco Software Limited. * * This file is part of Alfresco * @@ -299,6 +299,38 @@ public abstract class AbstractWorkflowRestApiTest extends BaseWebScriptTest assertEquals(0, resultArray.length()); } + public void testWorkflowPermissions() throws Exception + { + // Start workflow as USER1 and assign task to USER1. + personManager.setUser(USER1); + WorkflowDefinition adhocDef = workflowService.getDefinitionByName(getAdhocWorkflowDefinitionName()); + Map params = new HashMap(); + params.put(WorkflowModel.ASSOC_ASSIGNEE, personManager.get(USER1)); + Calendar dueDateCal = Calendar.getInstance(); + Date dueDate = dueDateCal.getTime(); + + params.put(WorkflowModel.PROP_DUE_DATE, dueDate); + params.put(WorkflowModel.PROP_PRIORITY, 1); + params.put(WorkflowModel.ASSOC_PACKAGE, packageRef); + + WorkflowPath adhocPath = workflowService.startWorkflow(adhocDef.getId(), params); + String workflowId = adhocPath.getInstance().getId(); + workflows.add(workflowId); + + WorkflowTask startTask = workflowService.getStartTask(workflowId); + workflowService.endTask(startTask.getId(), null); + + // Check tasks of USER1 from behalf of USER2 + personManager.setUser(USER2); + Response response = sendRequest(new GetRequest(MessageFormat.format(URL_USER_TASKS, USER1)), 200); + assertEquals(Status.STATUS_OK, response.getStatus()); + String jsonStr = response.getContentAsString(); + JSONObject json = new JSONObject(jsonStr); + JSONArray results = json.getJSONArray("data"); + assertNotNull(results); + assertTrue("User2 should not see any tasks if he is not initiator or assignee", results.length() == 0); + } + public void testTaskInstancesForWorkflowGet() throws Exception { // Check starts with no workflow.