This is an automated email from the ASF dual-hosted git repository.
egonzalez pushed a commit to branch main
in repository
https://gitbox.apache.org/repos/asf/incubator-kie-kogito-examples.git
The following commit(s) were added to refs/heads/main by this push:
new a51112ce6 incubator-kie-issues#1388: `UserTasks` without
Actors/Groups assignments can transition to any phase without checking any
security policy (#1985)
a51112ce6 is described below
commit a51112ce624db82bd128af7a5a9c71410141f184
Author: Pere Fernández <[email protected]>
AuthorDate: Tue Jul 23 08:38:48 2024 +0200
incubator-kie-issues#1388: `UserTasks` without Actors/Groups assignments
can transition to any phase without checking any security policy (#1985)
---
.../src/main/resources/service-desk.bpmn | 12 ++++++++-
.../example/quarkus/ServiceDeskProcessTest.java | 26 +++++++++++++------
.../src/main/resources/service-desk.bpmn | 14 +++++++++--
.../example/springboot/ServiceDeskProcessTest.java | 29 ++++++++++++++++------
4 files changed, 62 insertions(+), 19 deletions(-)
diff --git
a/kogito-quarkus-examples/flexible-process-quarkus/src/main/resources/service-desk.bpmn
b/kogito-quarkus-examples/flexible-process-quarkus/src/main/resources/service-desk.bpmn
index 7065f168e..264cf721c 100644
---
a/kogito-quarkus-examples/flexible-process-quarkus/src/main/resources/service-desk.bpmn
+++
b/kogito-quarkus-examples/flexible-process-quarkus/src/main/resources/service-desk.bpmn
@@ -1,4 +1,5 @@
-<bpmn2:definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:bpmn2="http://www.omg.org/spec/BPMN/20100524/MODEL";
xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI";
xmlns:bpsim="http://www.bpsim.org/schemas/1.0";
xmlns:dc="http://www.omg.org/spec/DD/20100524/DC";
xmlns:di="http://www.omg.org/spec/DD/20100524/DI";
xmlns:drools="http://www.jboss.org/drools"; id="_fswpMKJxEDiZN4UVlvQdCA"
exporter="jBPM Process Modeler" exporterVersion="2.0"
targetNamespace="http://www.omg. [...]
+<?xml version="1.0" encoding="UTF-8"?>
+<bpmn2:definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:bpmn2="http://www.omg.org/spec/BPMN/20100524/MODEL";
xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI";
xmlns:bpsim="http://www.bpsim.org/schemas/1.0";
xmlns:dc="http://www.omg.org/spec/DD/20100524/DC";
xmlns:di="http://www.omg.org/spec/DD/20100524/DI";
xmlns:drools="http://www.jboss.org/drools"; id="_pNgJkCgBED20EbaiDTNDeg"
xsi:schemaLocation="http://www.omg.org/spec/BPMN/20100524/MODEL BPMN20.xsd
http://www. [...]
<bpmn2:itemDefinition id="_supportCaseItem"
structureRef="org.kie.kogito.flexible.example.model.SupportCase"/>
<bpmn2:itemDefinition id="_supportGroupItem" structureRef="String"/>
<bpmn2:itemDefinition id="_commentItem"
structureRef="org.kie.kogito.flexible.example.model.Comment"/>
@@ -499,11 +500,13 @@
<bpmn2:ioSpecification>
<bpmn2:dataInput
id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_TaskNameInputX" drools:dtype="Object"
itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_TaskNameInputXItem"
name="TaskName"/>
<bpmn2:dataInput
id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputX"
drools:dtype="Object"
itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputXItem"
name="Skippable"/>
+ <bpmn2:dataInput
id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX" drools:dtype="Object"
itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputXItem"
name="GroupId"/>
<bpmn2:dataOutput
id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputX"
drools:dtype="Integer"
itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputXItem"
name="evaluation"/>
<bpmn2:dataOutput
id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_commentOutputX" drools:dtype="String"
itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_commentOutputXItem"
name="comment"/>
<bpmn2:inputSet>
<bpmn2:dataInputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_TaskNameInputX</bpmn2:dataInputRefs>
<bpmn2:dataInputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputX</bpmn2:dataInputRefs>
+
<bpmn2:dataInputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX</bpmn2:dataInputRefs>
</bpmn2:inputSet>
<bpmn2:outputSet>
<bpmn2:dataOutputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputX</bpmn2:dataOutputRefs>
@@ -524,6 +527,13 @@
<bpmn2:to
xsi:type="bpmn2:tFormalExpression"><![CDATA[_AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputX]]></bpmn2:to>
</bpmn2:assignment>
</bpmn2:dataInputAssociation>
+ <bpmn2:dataInputAssociation>
+
<bpmn2:targetRef>_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX</bpmn2:targetRef>
+ <bpmn2:assignment>
+ <bpmn2:from
xsi:type="bpmn2:tFormalExpression"><![CDATA[customer]]></bpmn2:from>
+ <bpmn2:to
xsi:type="bpmn2:tFormalExpression"><![CDATA[_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX]]></bpmn2:to>
+ </bpmn2:assignment>
+ </bpmn2:dataInputAssociation>
<bpmn2:dataOutputAssociation>
<bpmn2:sourceRef>_AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputX</bpmn2:sourceRef>
<bpmn2:targetRef>evaluation</bpmn2:targetRef>
diff --git
a/kogito-quarkus-examples/flexible-process-quarkus/src/test/java/org/kie/kogito/flexible/example/quarkus/ServiceDeskProcessTest.java
b/kogito-quarkus-examples/flexible-process-quarkus/src/test/java/org/kie/kogito/flexible/example/quarkus/ServiceDeskProcessTest.java
index 768afb787..a5f39fc5c 100644
---
a/kogito-quarkus-examples/flexible-process-quarkus/src/test/java/org/kie/kogito/flexible/example/quarkus/ServiceDeskProcessTest.java
+++
b/kogito-quarkus-examples/flexible-process-quarkus/src/test/java/org/kie/kogito/flexible/example/quarkus/ServiceDeskProcessTest.java
@@ -94,6 +94,7 @@ class ServiceDeskProcessTest {
String location = given()
.basePath(BASE_PATH)
.contentType(ContentType.JSON)
+ .queryParam("group", "support")
.when()
.post("/{id}/ReceiveSupportComment", id)
.then()
@@ -125,9 +126,11 @@ class ServiceDeskProcessTest {
private void addCustomerComment(String id) {
String location = given()
- .basePath(BASE_PATH + "/" + id).contentType(ContentType.JSON)
+ .basePath(BASE_PATH)
+ .contentType(ContentType.JSON)
+ .queryParam("group", "customer")
.when()
- .post("/ReceiveCustomerComment")
+ .post("/{id}/ReceiveCustomerComment", id)
.then()
.statusCode(201)
.header("Location", notNullValue())
@@ -156,16 +159,23 @@ class ServiceDeskProcessTest {
}
private void resolveCase(String id) {
- given().basePath(BASE_PATH + "/" +
id).contentType(ContentType.JSON).when().post("/Resolve_Case").then()
- .statusCode(200).body("supportCase.state",
is(State.RESOLVED.name()));
+ given()
+ .basePath(BASE_PATH)
+ .contentType(ContentType.JSON)
+ .when()
+ .post("/{id}/Resolve_Case", id)
+ .then()
+ .statusCode(200)
+ .body("supportCase.state", is(State.RESOLVED.name()));
}
private void sendQuestionnaire(String id) {
String taskId = given()
- .basePath(BASE_PATH + "/" + id)
+ .basePath(BASE_PATH)
.contentType(ContentType.JSON)
+ .queryParam("group", "customer")
.when()
- .get("/tasks")
+ .get("/{id}/tasks", id)
.then()
.statusCode(200)
.body("size()", is(1))
@@ -177,13 +187,13 @@ class ServiceDeskProcessTest {
params.put("evaluation", 10);
given()
- .basePath(BASE_PATH + "/" + id)
+ .basePath(BASE_PATH)
.queryParam("user", "Paco")
.queryParam("group", "customer")
.contentType(ContentType.JSON)
.when()
.body(params)
- .post("/Questionnaire/" + taskId)
+ .post("/{id}/Questionnaire/{taskId}/", id, taskId)
.then()
.statusCode(200)
.body("supportCase.state", is(State.CLOSED.name()))
diff --git
a/kogito-springboot-examples/flexible-process-springboot/src/main/resources/service-desk.bpmn
b/kogito-springboot-examples/flexible-process-springboot/src/main/resources/service-desk.bpmn
index 30e28de5b..264cf721c 100644
---
a/kogito-springboot-examples/flexible-process-springboot/src/main/resources/service-desk.bpmn
+++
b/kogito-springboot-examples/flexible-process-springboot/src/main/resources/service-desk.bpmn
@@ -1,4 +1,5 @@
-<bpmn2:definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:bpmn2="http://www.omg.org/spec/BPMN/20100524/MODEL";
xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI";
xmlns:bpsim="http://www.bpsim.org/schemas/1.0";
xmlns:dc="http://www.omg.org/spec/DD/20100524/DC";
xmlns:di="http://www.omg.org/spec/DD/20100524/DI";
xmlns:drools="http://www.jboss.org/drools"; id="_fswpMKJxEDiZN4UVlvQdCA"
exporter="jBPM Process Modeler" exporterVersion="2.0"
targetNamespace="http://www.omg. [...]
+<?xml version="1.0" encoding="UTF-8"?>
+<bpmn2:definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:bpmn2="http://www.omg.org/spec/BPMN/20100524/MODEL";
xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI";
xmlns:bpsim="http://www.bpsim.org/schemas/1.0";
xmlns:dc="http://www.omg.org/spec/DD/20100524/DC";
xmlns:di="http://www.omg.org/spec/DD/20100524/DI";
xmlns:drools="http://www.jboss.org/drools"; id="_pNgJkCgBED20EbaiDTNDeg"
xsi:schemaLocation="http://www.omg.org/spec/BPMN/20100524/MODEL BPMN20.xsd
http://www. [...]
<bpmn2:itemDefinition id="_supportCaseItem"
structureRef="org.kie.kogito.flexible.example.model.SupportCase"/>
<bpmn2:itemDefinition id="_supportGroupItem" structureRef="String"/>
<bpmn2:itemDefinition id="_commentItem"
structureRef="org.kie.kogito.flexible.example.model.Comment"/>
@@ -499,11 +500,13 @@
<bpmn2:ioSpecification>
<bpmn2:dataInput
id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_TaskNameInputX" drools:dtype="Object"
itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_TaskNameInputXItem"
name="TaskName"/>
<bpmn2:dataInput
id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputX"
drools:dtype="Object"
itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputXItem"
name="Skippable"/>
+ <bpmn2:dataInput
id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX" drools:dtype="Object"
itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputXItem"
name="GroupId"/>
<bpmn2:dataOutput
id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputX"
drools:dtype="Integer"
itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputXItem"
name="evaluation"/>
<bpmn2:dataOutput
id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_commentOutputX" drools:dtype="String"
itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_commentOutputXItem"
name="comment"/>
<bpmn2:inputSet>
<bpmn2:dataInputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_TaskNameInputX</bpmn2:dataInputRefs>
<bpmn2:dataInputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputX</bpmn2:dataInputRefs>
+
<bpmn2:dataInputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX</bpmn2:dataInputRefs>
</bpmn2:inputSet>
<bpmn2:outputSet>
<bpmn2:dataOutputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputX</bpmn2:dataOutputRefs>
@@ -524,6 +527,13 @@
<bpmn2:to
xsi:type="bpmn2:tFormalExpression"><![CDATA[_AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputX]]></bpmn2:to>
</bpmn2:assignment>
</bpmn2:dataInputAssociation>
+ <bpmn2:dataInputAssociation>
+
<bpmn2:targetRef>_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX</bpmn2:targetRef>
+ <bpmn2:assignment>
+ <bpmn2:from
xsi:type="bpmn2:tFormalExpression"><![CDATA[customer]]></bpmn2:from>
+ <bpmn2:to
xsi:type="bpmn2:tFormalExpression"><![CDATA[_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX]]></bpmn2:to>
+ </bpmn2:assignment>
+ </bpmn2:dataInputAssociation>
<bpmn2:dataOutputAssociation>
<bpmn2:sourceRef>_AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputX</bpmn2:sourceRef>
<bpmn2:targetRef>evaluation</bpmn2:targetRef>
@@ -902,4 +912,4 @@
<bpmn2:source>_fswpMKJxEDiZN4UVlvQdCA</bpmn2:source>
<bpmn2:target>_fswpMKJxEDiZN4UVlvQdCA</bpmn2:target>
</bpmn2:relationship>
-</bpmn2:definitions>
+</bpmn2:definitions>
\ No newline at end of file
diff --git
a/kogito-springboot-examples/flexible-process-springboot/src/test/java/org/kie/kogito/flexible/example/springboot/ServiceDeskProcessTest.java
b/kogito-springboot-examples/flexible-process-springboot/src/test/java/org/kie/kogito/flexible/example/springboot/ServiceDeskProcessTest.java
index ab8be3b91..d0f5da849 100644
---
a/kogito-springboot-examples/flexible-process-springboot/src/test/java/org/kie/kogito/flexible/example/springboot/ServiceDeskProcessTest.java
+++
b/kogito-springboot-examples/flexible-process-springboot/src/test/java/org/kie/kogito/flexible/example/springboot/ServiceDeskProcessTest.java
@@ -109,6 +109,8 @@ class ServiceDeskProcessTest {
String location = given()
.basePath(BASE_PATH)
.contentType(ContentType.JSON)
+ .queryParam("user", "kelly")
+ .queryParam("group", "support")
.when()
.post("/{id}/ReceiveSupportComment", id)
.then()
@@ -140,9 +142,12 @@ class ServiceDeskProcessTest {
private void addCustomerComment(String id) {
String location = given()
- .basePath(BASE_PATH + "/" + id).contentType(ContentType.JSON)
+ .basePath(BASE_PATH)
+ .contentType(ContentType.JSON)
+ .queryParam("user", "Paco")
+ .queryParam("group", "customer")
.when()
- .post("/ReceiveCustomerComment")
+ .post("/{id}/ReceiveCustomerComment", id)
.then()
.statusCode(201)
.header("Location", notNullValue())
@@ -171,17 +176,25 @@ class ServiceDeskProcessTest {
}
private void resolveCase(String id) {
- given().basePath(BASE_PATH + "/" +
id).contentType(ContentType.JSON).when().post("/Resolve_Case").then()
- .statusCode(200).body("supportCase.state",
is(State.RESOLVED.name()));
+ given()
+ .basePath(BASE_PATH)
+ .contentType(ContentType.JSON)
+ .when()
+ .post("/{id}/Resolve_Case", id)
+ .then()
+ .statusCode(200)
+ .body("supportCase.state", is(State.RESOLVED.name()));
}
@SuppressWarnings("unchecked")
private void sendQuestionnaire(String id) {
String taskId = given()
- .basePath(BASE_PATH + "/" + id)
+ .basePath(BASE_PATH)
.contentType(ContentType.JSON)
+ .queryParam("user", "Paco")
+ .queryParam("group", "customer")
.when()
- .get("/tasks")
+ .get("/{id}/tasks", id)
.then()
.statusCode(200)
.body("size()", is(1))
@@ -195,13 +208,13 @@ class ServiceDeskProcessTest {
params.put("evaluation", 10);
given()
- .basePath(BASE_PATH + "/" + id)
+ .basePath(BASE_PATH)
.queryParam("user", "Paco")
.queryParam("group", "customer")
.contentType(ContentType.JSON)
.when()
.body(params)
- .post("/Questionnaire/" + taskId)
+ .post("/{id}/Questionnaire/{taskId}", id, taskId)
.then()
.statusCode(200)
.body("supportCase.state", is(State.CLOSED.name()))
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
