Skip to content

Commit

Permalink
incubator-kie-issues#1388: UserTasks without Actors/Groups assignme…
Browse files Browse the repository at this point in the history
…nts can transition to any phase without checking any security policy (#1985)
  • Loading branch information
pefernan authored Jul 23, 2024
1 parent e79f1b5 commit a51112c
Show file tree
Hide file tree
Showing 4 changed files with 62 additions and 19 deletions.
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<bpmn2:definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:bpmn2="http://www.omg.org/spec/BPMN/20100524/MODEL" xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI" xmlns:bpsim="http://www.bpsim.org/schemas/1.0" xmlns:dc="http://www.omg.org/spec/DD/20100524/DC" xmlns:di="http://www.omg.org/spec/DD/20100524/DI" xmlns:drools="http://www.jboss.org/drools" id="_fswpMKJxEDiZN4UVlvQdCA" exporter="jBPM Process Modeler" exporterVersion="2.0" targetNamespace="http://www.omg.org/bpmn20">
<?xml version="1.0" encoding="UTF-8"?>
<bpmn2:definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:bpmn2="http://www.omg.org/spec/BPMN/20100524/MODEL" xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI" xmlns:bpsim="http://www.bpsim.org/schemas/1.0" xmlns:dc="http://www.omg.org/spec/DD/20100524/DC" xmlns:di="http://www.omg.org/spec/DD/20100524/DI" xmlns:drools="http://www.jboss.org/drools" id="_pNgJkCgBED20EbaiDTNDeg" xsi:schemaLocation="http://www.omg.org/spec/BPMN/20100524/MODEL BPMN20.xsd http://www.jboss.org/drools drools.xsd http://www.bpsim.org/schemas/1.0 bpsim.xsd http://www.omg.org/spec/DD/20100524/DC DC.xsd http://www.omg.org/spec/DD/20100524/DI DI.xsd " exporter="jBPM Process Modeler" exporterVersion="2.0" targetNamespace="http://www.omg.org/bpmn20">
<bpmn2:itemDefinition id="_supportCaseItem" structureRef="org.kie.kogito.flexible.example.model.SupportCase"/>
<bpmn2:itemDefinition id="_supportGroupItem" structureRef="String"/>
<bpmn2:itemDefinition id="_commentItem" structureRef="org.kie.kogito.flexible.example.model.Comment"/>
Expand Down Expand Up @@ -499,11 +500,13 @@
<bpmn2:ioSpecification>
<bpmn2:dataInput id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_TaskNameInputX" drools:dtype="Object" itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_TaskNameInputXItem" name="TaskName"/>
<bpmn2:dataInput id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputX" drools:dtype="Object" itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputXItem" name="Skippable"/>
<bpmn2:dataInput id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX" drools:dtype="Object" itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputXItem" name="GroupId"/>
<bpmn2:dataOutput id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputX" drools:dtype="Integer" itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputXItem" name="evaluation"/>
<bpmn2:dataOutput id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_commentOutputX" drools:dtype="String" itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_commentOutputXItem" name="comment"/>
<bpmn2:inputSet>
<bpmn2:dataInputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_TaskNameInputX</bpmn2:dataInputRefs>
<bpmn2:dataInputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputX</bpmn2:dataInputRefs>
<bpmn2:dataInputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX</bpmn2:dataInputRefs>
</bpmn2:inputSet>
<bpmn2:outputSet>
<bpmn2:dataOutputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputX</bpmn2:dataOutputRefs>
Expand All @@ -524,6 +527,13 @@
<bpmn2:to xsi:type="bpmn2:tFormalExpression"><![CDATA[_AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputX]]></bpmn2:to>
</bpmn2:assignment>
</bpmn2:dataInputAssociation>
<bpmn2:dataInputAssociation>
<bpmn2:targetRef>_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX</bpmn2:targetRef>
<bpmn2:assignment>
<bpmn2:from xsi:type="bpmn2:tFormalExpression"><![CDATA[customer]]></bpmn2:from>
<bpmn2:to xsi:type="bpmn2:tFormalExpression"><![CDATA[_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX]]></bpmn2:to>
</bpmn2:assignment>
</bpmn2:dataInputAssociation>
<bpmn2:dataOutputAssociation>
<bpmn2:sourceRef>_AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputX</bpmn2:sourceRef>
<bpmn2:targetRef>evaluation</bpmn2:targetRef>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ private void addSupportComment(String id) {
String location = given()
.basePath(BASE_PATH)
.contentType(ContentType.JSON)
.queryParam("group", "support")
.when()
.post("/{id}/ReceiveSupportComment", id)
.then()
Expand Down Expand Up @@ -125,9 +126,11 @@ private void addSupportComment(String id) {

private void addCustomerComment(String id) {
String location = given()
.basePath(BASE_PATH + "/" + id).contentType(ContentType.JSON)
.basePath(BASE_PATH)
.contentType(ContentType.JSON)
.queryParam("group", "customer")
.when()
.post("/ReceiveCustomerComment")
.post("/{id}/ReceiveCustomerComment", id)
.then()
.statusCode(201)
.header("Location", notNullValue())
Expand Down Expand Up @@ -156,16 +159,23 @@ private void addCustomerComment(String id) {
}

private void resolveCase(String id) {
given().basePath(BASE_PATH + "/" + id).contentType(ContentType.JSON).when().post("/Resolve_Case").then()
.statusCode(200).body("supportCase.state", is(State.RESOLVED.name()));
given()
.basePath(BASE_PATH)
.contentType(ContentType.JSON)
.when()
.post("/{id}/Resolve_Case", id)
.then()
.statusCode(200)
.body("supportCase.state", is(State.RESOLVED.name()));
}

private void sendQuestionnaire(String id) {
String taskId = given()
.basePath(BASE_PATH + "/" + id)
.basePath(BASE_PATH)
.contentType(ContentType.JSON)
.queryParam("group", "customer")
.when()
.get("/tasks")
.get("/{id}/tasks", id)
.then()
.statusCode(200)
.body("size()", is(1))
Expand All @@ -177,13 +187,13 @@ private void sendQuestionnaire(String id) {
params.put("evaluation", 10);

given()
.basePath(BASE_PATH + "/" + id)
.basePath(BASE_PATH)
.queryParam("user", "Paco")
.queryParam("group", "customer")
.contentType(ContentType.JSON)
.when()
.body(params)
.post("/Questionnaire/" + taskId)
.post("/{id}/Questionnaire/{taskId}/", id, taskId)
.then()
.statusCode(200)
.body("supportCase.state", is(State.CLOSED.name()))
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<bpmn2:definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:bpmn2="http://www.omg.org/spec/BPMN/20100524/MODEL" xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI" xmlns:bpsim="http://www.bpsim.org/schemas/1.0" xmlns:dc="http://www.omg.org/spec/DD/20100524/DC" xmlns:di="http://www.omg.org/spec/DD/20100524/DI" xmlns:drools="http://www.jboss.org/drools" id="_fswpMKJxEDiZN4UVlvQdCA" exporter="jBPM Process Modeler" exporterVersion="2.0" targetNamespace="http://www.omg.org/bpmn20">
<?xml version="1.0" encoding="UTF-8"?>
<bpmn2:definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:bpmn2="http://www.omg.org/spec/BPMN/20100524/MODEL" xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI" xmlns:bpsim="http://www.bpsim.org/schemas/1.0" xmlns:dc="http://www.omg.org/spec/DD/20100524/DC" xmlns:di="http://www.omg.org/spec/DD/20100524/DI" xmlns:drools="http://www.jboss.org/drools" id="_pNgJkCgBED20EbaiDTNDeg" xsi:schemaLocation="http://www.omg.org/spec/BPMN/20100524/MODEL BPMN20.xsd http://www.jboss.org/drools drools.xsd http://www.bpsim.org/schemas/1.0 bpsim.xsd http://www.omg.org/spec/DD/20100524/DC DC.xsd http://www.omg.org/spec/DD/20100524/DI DI.xsd " exporter="jBPM Process Modeler" exporterVersion="2.0" targetNamespace="http://www.omg.org/bpmn20">
<bpmn2:itemDefinition id="_supportCaseItem" structureRef="org.kie.kogito.flexible.example.model.SupportCase"/>
<bpmn2:itemDefinition id="_supportGroupItem" structureRef="String"/>
<bpmn2:itemDefinition id="_commentItem" structureRef="org.kie.kogito.flexible.example.model.Comment"/>
Expand Down Expand Up @@ -499,11 +500,13 @@
<bpmn2:ioSpecification>
<bpmn2:dataInput id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_TaskNameInputX" drools:dtype="Object" itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_TaskNameInputXItem" name="TaskName"/>
<bpmn2:dataInput id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputX" drools:dtype="Object" itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputXItem" name="Skippable"/>
<bpmn2:dataInput id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX" drools:dtype="Object" itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputXItem" name="GroupId"/>
<bpmn2:dataOutput id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputX" drools:dtype="Integer" itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputXItem" name="evaluation"/>
<bpmn2:dataOutput id="_AD768963-CBF7-4269-9D43-51FE0D5D2556_commentOutputX" drools:dtype="String" itemSubjectRef="__AD768963-CBF7-4269-9D43-51FE0D5D2556_commentOutputXItem" name="comment"/>
<bpmn2:inputSet>
<bpmn2:dataInputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_TaskNameInputX</bpmn2:dataInputRefs>
<bpmn2:dataInputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputX</bpmn2:dataInputRefs>
<bpmn2:dataInputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX</bpmn2:dataInputRefs>
</bpmn2:inputSet>
<bpmn2:outputSet>
<bpmn2:dataOutputRefs>_AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputX</bpmn2:dataOutputRefs>
Expand All @@ -524,6 +527,13 @@
<bpmn2:to xsi:type="bpmn2:tFormalExpression"><![CDATA[_AD768963-CBF7-4269-9D43-51FE0D5D2556_SkippableInputX]]></bpmn2:to>
</bpmn2:assignment>
</bpmn2:dataInputAssociation>
<bpmn2:dataInputAssociation>
<bpmn2:targetRef>_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX</bpmn2:targetRef>
<bpmn2:assignment>
<bpmn2:from xsi:type="bpmn2:tFormalExpression"><![CDATA[customer]]></bpmn2:from>
<bpmn2:to xsi:type="bpmn2:tFormalExpression"><![CDATA[_AD768963-CBF7-4269-9D43-51FE0D5D2556_GroupIdInputX]]></bpmn2:to>
</bpmn2:assignment>
</bpmn2:dataInputAssociation>
<bpmn2:dataOutputAssociation>
<bpmn2:sourceRef>_AD768963-CBF7-4269-9D43-51FE0D5D2556_evaluationOutputX</bpmn2:sourceRef>
<bpmn2:targetRef>evaluation</bpmn2:targetRef>
Expand Down Expand Up @@ -902,4 +912,4 @@
<bpmn2:source>_fswpMKJxEDiZN4UVlvQdCA</bpmn2:source>
<bpmn2:target>_fswpMKJxEDiZN4UVlvQdCA</bpmn2:target>
</bpmn2:relationship>
</bpmn2:definitions>
</bpmn2:definitions>
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,8 @@ private void addSupportComment(String id) {
String location = given()
.basePath(BASE_PATH)
.contentType(ContentType.JSON)
.queryParam("user", "kelly")
.queryParam("group", "support")
.when()
.post("/{id}/ReceiveSupportComment", id)
.then()
Expand Down Expand Up @@ -140,9 +142,12 @@ private void addSupportComment(String id) {

private void addCustomerComment(String id) {
String location = given()
.basePath(BASE_PATH + "/" + id).contentType(ContentType.JSON)
.basePath(BASE_PATH)
.contentType(ContentType.JSON)
.queryParam("user", "Paco")
.queryParam("group", "customer")
.when()
.post("/ReceiveCustomerComment")
.post("/{id}/ReceiveCustomerComment", id)
.then()
.statusCode(201)
.header("Location", notNullValue())
Expand Down Expand Up @@ -171,17 +176,25 @@ private void addCustomerComment(String id) {
}

private void resolveCase(String id) {
given().basePath(BASE_PATH + "/" + id).contentType(ContentType.JSON).when().post("/Resolve_Case").then()
.statusCode(200).body("supportCase.state", is(State.RESOLVED.name()));
given()
.basePath(BASE_PATH)
.contentType(ContentType.JSON)
.when()
.post("/{id}/Resolve_Case", id)
.then()
.statusCode(200)
.body("supportCase.state", is(State.RESOLVED.name()));
}

@SuppressWarnings("unchecked")
private void sendQuestionnaire(String id) {
String taskId = given()
.basePath(BASE_PATH + "/" + id)
.basePath(BASE_PATH)
.contentType(ContentType.JSON)
.queryParam("user", "Paco")
.queryParam("group", "customer")
.when()
.get("/tasks")
.get("/{id}/tasks", id)
.then()
.statusCode(200)
.body("size()", is(1))
Expand All @@ -195,13 +208,13 @@ private void sendQuestionnaire(String id) {
params.put("evaluation", 10);

given()
.basePath(BASE_PATH + "/" + id)
.basePath(BASE_PATH)
.queryParam("user", "Paco")
.queryParam("group", "customer")
.contentType(ContentType.JSON)
.when()
.body(params)
.post("/Questionnaire/" + taskId)
.post("/{id}/Questionnaire/{taskId}", id, taskId)
.then()
.statusCode(200)
.body("supportCase.state", is(State.CLOSED.name()))
Expand Down

0 comments on commit a51112c

Please sign in to comment.