Case overview authoriation

Q&A
1

Greetings,

As i understand Bonita's default behavior is to limit case overview access to users involved in the case & admins.

I followed the guide at the documentation here to override this behavior carefully, I even used the reference project mentioned there to make sure i wasn't doing anything wrong, However, Default behavior isn't affected at all, Using Bonita community v 7.9.0.

What i did:

  • Tried my own, documentation's and reference project code, Ignored business logic at some point to avoid any logical mistakes and just returned true for isAllowed().
  • Copied my JAR into webapps/bonita/WEB-INF/lib/.
  • Edited platform_conf/current/tenants/TENANT_ID/tenant_engine/bonita-tenant-custom.xml &platform_conf/current/tenants/TENANT_ID/tenant_engine/bonita-tenant-community-custom.properties.
  • Package and classes names are correct.
  • Copied new JAR, Used pull, push and restarted the server with each change i tried.
  • Tried using the already implemented pre 7.3 "allow managers of involved users" behavior.

However, I'm not getting any change in behavior at all, Logs is not showing any errors or warnings.

Does anyone know what the problem is or can propose a way to debug the issue, Thanks in advance.

Bellow is my conf files and classes.

platform_conf/current/tenants/TENANT_ID/tenant_engine/bonita-tenant-community-custom.properties

## Page and form mapping authorization rules
## you can customize this mapping by defining your own bean
## that implement org.bonitasoft.engine.core.form.AuthorizationRuleMapping
## and a set of org.bonitasoft.engine.page.AuthorizationRule
## to be declared in bonita-tenant-custom.xml
bonita.tenant.authorization.rule.mapping=customAuthorizationRuleMapping
#bonita.tenant.authorization.rule.mapping=defaultAuthorizationRuleMapping
## to restore pre-7.3.0 behavior (where manager of user involved in process instance could access Case Overview), use this implementation below instead:
#bonita.tenant.authorization.rule.mapping=managerInvolvedAuthorizationRuleMappingImpl

platform_conf/current/tenants/TENANT_ID/tenant_engine/bonita-tenant-custom.xml (registered the two beans)  by adding:

<bean id="customAuthorizationRuleMapping" class="org.bonitasoft.pages.authorization.CustomAuthorizationRuleMapping"/>
<bean id="customRule" class="org.bonitasoft.pages.authorization.CustomRule"> <constructor-arg name="processInstanceService" ref="processInstanceService" />
    <constructor-arg name="sessionService" ref="sessionService" />
    <constructor-arg name="sessionAccessor" ref="sessionAccessor" />
 </bean>
CustomRule.class
package org.bonitasoft.pages.authorization;

import java.io.Serializable;

import java.util.Map;


import org.bonitasoft.engine.commons.exceptions.SExecutionException;

import org.bonitasoft.engine.core.process.instance.api.ProcessInstanceService;

import org.bonitasoft.engine.page.AuthorizationRule;

import org.bonitasoft.engine.page.AuthorizationRuleWithParameters;

import org.bonitasoft.engine.session.SessionService;

import org.bonitasoft.engine.sessionaccessor.SessionAccessor;


public class CustomRule extends AuthorizationRuleWithParameters implements AuthorizationRule {

private ProcessInstanceService processInstanceService;

private SessionService sessionService;

private SessionAccessor sessionAccessor;


public CustomRule(ProcessInstanceService processInstanceService, SessionService sessionService, SessionAccessor sessionAccessor) {
    // some services autowired by spring
    this.processInstanceService = processInstanceService;
    this.sessionAccessor = sessionAccessor;
    this.sessionService = sessionService;
}

@Override
public boolean isAllowed(String key, Map&lt;String, Serializable&gt; context) throws SExecutionException {
    //add business logic here
    return true;
}

@Override
public String getId() {
    return "CUSTOM_RULE_1";
}



}

CustomAuthorizationRuleMapping.class

package org.bonitasoft.pages.authorization;

import java.util.Arrays;

import java.util.List;


import org.bonitasoft.engine.core.form.AuthorizationRuleMapping;


public class CustomAuthorizationRuleMapping implements AuthorizationRuleMapping {


@Override
public List&lt;String&gt; getProcessStartRuleKeys() {
    return Arrays.asList("CUSTOM_RULE_1");
}

@Override
public List&lt;String&gt; getProcessOverviewRuleKeys() {
    return Arrays.asList("CUSTOM_RULE_1");
}

@Override
public List&lt;String&gt; getTaskRuleKeys() {
    return Arrays.asList("CUSTOM_RULE_1");
}



}

2

I figured out what was causing this behavior, After adding/changing an authorization rule, It will only affect processes installed later which is not mentioned in the documentation, So you need to reinstall the process/s targeted by this change, This is not very convenient as all cases of those processes will be lost, Any better suggestions?

3

Hello,

Could you copy the different files that you modify, in order to verify what you did? 

Thanks

4

Hello,

Added the files to the question, Thank you.