Case overview authoriation

Submitted by hassan.gameil_1... on Tue, 05/05/2020 - 23:54
1
0
-1

Greetings,

As i understand Bonita's default behavior is to limit case overview access to users involved in the case & admins.

I followed the guide at the documentation here to override this behavior carefully, I even used the reference project mentioned there to make sure i wasn't doing anything wrong, However, Default behavior isn't affected at all, Using Bonita community v 7.9.0.

What i did:

  • Tried my own, documentation's and reference project code, Ignored business logic at some point to avoid any logical mistakes and just returned true for isAllowed().
  • Copied my JAR into webapps/bonita/WEB-INF/lib/.
  • Edited platform_conf/current/tenants/TENANT_ID/tenant_engine/bonita-tenant-custom.xml &platform_conf/current/tenants/TENANT_ID/tenant_engine/bonita-tenant-community-custom.properties.
  • Package and classes names are correct.
  • Copied new JAR, Used pull, push and restarted the server with each change i tried.
  • Tried using the already implemented pre 7.3 "allow managers of involved users" behavior.

However, I'm not getting any change in behavior at all, Logs is not showing any errors or warnings.

Does anyone know what the problem is or can propose a way to debug the issue, Thanks in advance.

Bellow is my conf files and classes.

platform_conf/current/tenants/TENANT_ID/tenant_engine/bonita-tenant-community-custom.properties

## Page and form mapping authorization rules
## you can customize this mapping by defining your own bean
## that implement org.bonitasoft.engine.core.form.AuthorizationRuleMapping
## and a set of org.bonitasoft.engine.page.AuthorizationRule
## to be declared in bonita-tenant-custom.xml
bonita.tenant.authorization.rule.mapping=customAuthorizationRuleMapping
#bonita.tenant.authorization.rule.mapping=defaultAuthorizationRuleMapping
## to restore pre-7.3.0 behavior (where manager of user involved in process instance could access Case Overview), use this implementation below instead:
#bonita.tenant.authorization.rule.mapping=managerInvolvedAuthorizationRuleMappingImpl

platform_conf/current/tenants/TENANT_ID/tenant_engine/bonita-tenant-custom.xml (registered the two beans) by adding:

<bean id="customAuthorizationRuleMapping" class="org.bonitasoft.pages.authorization.CustomAuthorizationRuleMapping"/>
<bean id="customRule" class="org.bonitasoft.pages.authorization
.CustomRule"> <constructor-arg name="processInstanceService" ref="processInstanceService" />
    <constructor-arg name="sessionService" ref="sessionService" />
    <constructor-arg name="sessionAccessor" ref="sessionAccessor" />
 </bean>
CustomRule.class
package org.bonitasoft.pages.authorization;

import java.io.Serializable;
import java.util.Map;

import org.bonitasoft.engine.commons.exceptions.SExecutionException;
import org.bonitasoft.engine.core.process.instance.api.ProcessInstanceService;
import org.bonitasoft.engine.page.AuthorizationRule;
import org.bonitasoft.engine.page.AuthorizationRuleWithParameters;
import org.bonitasoft.engine.session.SessionService;
import org.bonitasoft.engine.sessionaccessor.SessionAccessor;

public class CustomRule extends AuthorizationRuleWithParameters implements AuthorizationRule {
    private ProcessInstanceService processInstanceService;
    private SessionService sessionService;
    private SessionAccessor sessionAccessor;

    public CustomRule(ProcessInstanceService processInstanceService, SessionService sessionService, SessionAccessor sessionAccessor) {
        // some services autowired by spring
        this.processInstanceService = processInstanceService;
        this.sessionAccessor = sessionAccessor;
        this.sessionService = sessionService;
    }

    @Override
    public boolean isAllowed(String key, Map context) throws SExecutionException {
        //add business logic here
        return true;
    }

    @Override
    public String getId() {
        return "CUSTOM_RULE_1";
    }
}

CustomAuthorizationRuleMapping.class

package org.bonitasoft.pages.authorization;

import java.util.Arrays;
import java.util.List;

import org.bonitasoft.engine.core.form.AuthorizationRuleMapping;

public class CustomAuthorizationRuleMapping implements AuthorizationRuleMapping {

    @Override
    public List getProcessStartRuleKeys() {
        return Arrays.asList("CUSTOM_RULE_1");
    }

    @Override
    public List getProcessOverviewRuleKeys() {
        return Arrays.asList("CUSTOM_RULE_1");
    }

    @Override
    public List getTaskRuleKeys() {
        return Arrays.asList("CUSTOM_RULE_1");
    }
}
custom
authorization
Case
overview
permission

Comments

Submitted by Pierre-yves Monnet on Wed, 05/06/2020 - 21:42

Hello,

Could you copy the different files that you modify, in order to verify what you did?

Thanks

Permalink
Submitted by hassan.gameil_1... on Thu, 05/07/2020 - 15:57

Hello,

Added the files to the question, Thank you.

Permalink
1 answer

Submitted by hassan.gameil_1... on Tue, 05/12/2020 - 22:00
1
0
-1
This one is the BEST answer!

I figured out what was causing this behavior, After adding/changing an authorization rule, It will only affect processes installed later which is not mentioned in the documentation, So you need to reinstall the process/s targeted by this change, This is not very convenient as all cases of those processes will be lost, Any better suggestions?

Notifications