inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)

Browse Source 
96472: Merged 5.0.N (5.0.2) to HEAD-BUG-FIX (5.1/Cloud)
      96359: Merged V4.2-BUG-FIX (4.2.5) to 5.0.N (5.0.2)
         96305: MNT-13212: Merged DEV to V4.2-BUG-FIX (4.2.5)
            96032: MNT-13212: Details of tasks assigned to any user are visible to all users via API call
               - Restore workflow permission check in interceptor for getAssignedTasks and getPooledTasks methods. Add unit test.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@96501 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2015-02-07 10:32:43 +00:00
parent 3b7e58c86a
commit 7a008c3eb7
1 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
source/test-java/org/alfresco/repo/web/scripts/workflow/AbstractWorkflowRestApiTest.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
* Copyright (C) 2005-2015 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -299,6 +299,38 @@ public abstract class AbstractWorkflowRestApiTest extends BaseWebScriptTest
assertEquals(0, resultArray.length());
}
public void testWorkflowPermissions() throws Exception
{
// Start workflow as USER1 and assign task to USER1.
personManager.setUser(USER1);
WorkflowDefinition adhocDef = workflowService.getDefinitionByName(getAdhocWorkflowDefinitionName());
Map<QName, Serializable> params = new HashMap<QName, Serializable>();
params.put(WorkflowModel.ASSOC_ASSIGNEE, personManager.get(USER1));
Calendar dueDateCal = Calendar.getInstance();
Date dueDate = dueDateCal.getTime();
params.put(WorkflowModel.PROP_DUE_DATE, dueDate);
params.put(WorkflowModel.PROP_PRIORITY, 1);
params.put(WorkflowModel.ASSOC_PACKAGE, packageRef);
WorkflowPath adhocPath = workflowService.startWorkflow(adhocDef.getId(), params);
String workflowId = adhocPath.getInstance().getId();
workflows.add(workflowId);
WorkflowTask startTask = workflowService.getStartTask(workflowId);
workflowService.endTask(startTask.getId(), null);
// Check tasks of USER1 from behalf of USER2
personManager.setUser(USER2);
Response response = sendRequest(new GetRequest(MessageFormat.format(URL_USER_TASKS, USER1)), 200);
assertEquals(Status.STATUS_OK, response.getStatus());
String jsonStr = response.getContentAsString();
JSONObject json = new JSONObject(jsonStr);
JSONArray results = json.getJSONArray("data");
assertNotNull(results);
assertTrue("User2 should not see any tasks if he is not initiator or assignee", results.length() == 0);
}
public void testTaskInstancesForWorkflowGet() throws Exception
{
// Check starts with no workflow.