Hello,
What I'm trying to accomplish is allowing any user to access the case overview of any process, even when he didn't participate in it.
I found this documentation: https://documentation.bonitasoft.com/bonita/7.11/custom-authorization-rule-mapping and this github https://github.com/bonitasoft/bonita-page-authorization-rules that apparently does exactly what I need. However when I followed the steps provided it didn't work and it still said 403 Forbidden.
This are the steps I did:
-
Downloaded this github unzip and executed "mvn clean package". This generated a "target" folder and inside multiple folders and a page-authorization-rules-0.0.1-SNAPSHOT.jar which I copied "C:\Bonita\BonitaCommunity-7.11.2\server\webapps\bonita\WEB-INF\lib".
-
Next, using the setup tool inside I did setup.bat pull and inside platform_conf/current/tenants/1/tenant_engine I updated bonita-tenants-custom.xml adding this at the end:
- After that, at the same location I updated bonita-tenant-community-custom.properties adding:
bonita.tenant.authorization.rule.mapping=authorizationRuleMappingWithProfile
Finally I pushed the config with setup.bat push (with no errors) and restarted the server.
To test the changes I added a new user to the "User" profile and tried to access a case overview but I got the 403 Forbidden. If I try the same url with an Admin or a user who had a task in that case it works as it should.
I would appreciate any help. I'm using default tomcat version 7.11.2