fixed - patch 3.9

issue #248
imixs · Jan 25, 2017 · b73957c · b73957c
1 parent 5ae9335
commit b73957c
Show file tree

Hide file tree

Showing 3 changed files with 233 additions and 45 deletions.
diff --git a/imixs-workflow-engine/src/main/java/org/imixs/workflow/jee/ejb/WorkflowService.java b/imixs-workflow-engine/src/main/java/org/imixs/workflow/jee/ejb/WorkflowService.java
@@ -444,6 +444,32 @@ public List<ItemCollection> getEvents(ItemCollection workitem) throws ModelExcep
 			if ("0".equals(event.getItemValueString("keypublicresult"))) {
 				continue;
 			}
+
+			// test user access level
+			List<String> readAccessList = event.getItemValue("$readaccess");
+			if (!bManagerAccess && !readAccessList.isEmpty()) {
+				/**
+				 * check read access for current user
+				 */
+				boolean accessGranted = false;
+				// get user name list
+				List<String> auserNameList = getUserNameList();
+
+				// check each read access
+				for (String aReadAccess : readAccessList) {
+					if (aReadAccess != null && !aReadAccess.isEmpty()) {
+						if (auserNameList.indexOf(aReadAccess) > -1) {
+							accessGranted = true;
+							break;
+						}
+					}
+				}
+				if (!accessGranted) {
+					// user has no read access!
+					continue;
+				}
+			}
+
 			// test RestrictedVisibility
 			List<String> restrictedList = event.getItemValue("keyRestrictedVisibility");
 			if (!bManagerAccess && !restrictedList.isEmpty()) {
@@ -621,8 +647,6 @@ public EntityService getEntityService() {
 		return entityService;
 	}
 
-
-
 	public ReportService getReportService() {
 		return reportService;
 	}

diff --git a/imixs-workflow-engine/src/test/java/org/imixs/workflow/jee/ejb/TestWorkflowService.java b/imixs-workflow-engine/src/test/java/org/imixs/workflow/jee/ejb/TestWorkflowService.java
@@ -1,5 +1,8 @@
 package org.imixs.workflow.jee.ejb;
 
+import static org.mockito.Mockito.when;
+
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Vector;
 
@@ -11,6 +14,8 @@
 import org.imixs.workflow.exceptions.ProcessingErrorException;
 import org.junit.Before;
 import org.junit.Test;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
 
 import junit.framework.Assert;
 
@@ -24,12 +29,12 @@
  * @author rsoika
  */
 public class TestWorkflowService extends AbstractWorkflowEnvironment {
-	public static final String DEFAULT_MODEL_VERSION="1.0.0";
+	public static final String DEFAULT_MODEL_VERSION = "1.0.0";
 
 	@Before
 	public void setup() throws PluginException {
 		this.setModelPath("/bpmn/TestWorkflowService.bpmn");
-		
+
 		super.setup();
 	}
 
@@ -47,10 +52,9 @@ public void setup() throws PluginException {
 	public void testProcessSimple() throws AccessDeniedException, ProcessingErrorException, PluginException {
 		// load test workitem
 		ItemCollection workitem = database.get("W0000-00001");
-		workitem.replaceItemValue(WorkflowKernel.MODELVERSION,DEFAULT_MODEL_VERSION);
-		workitem.replaceItemValue(WorkflowKernel.PROCESSID,100);
-		workitem.replaceItemValue(WorkflowKernel.ACTIVITYID,10);
-
+		workitem.replaceItemValue(WorkflowKernel.MODELVERSION, DEFAULT_MODEL_VERSION);
+		workitem.replaceItemValue(WorkflowKernel.PROCESSID, 100);
+
 		workitem = workflowService.processWorkItem(workitem);
 
 		Assert.assertEquals("1.0.0", workitem.getItemValueString("$ModelVersion"));
@@ -62,13 +66,12 @@ public void testProcessSimple() throws AccessDeniedException, ProcessingErrorExc
 	 */
 	@Test
 	public void testGetEventsSimple() {
-	
+
 		// get workitem
 		ItemCollection workitem = database.get("W0000-00001");
 		workitem.replaceItemValue(WorkflowService.PROCESSID, 200);
-		workitem.replaceItemValue(WorkflowService.ACTIVITYID, 10);
 
-		List<ItemCollection> eventList=null;
+		List<ItemCollection> eventList = null;
 		try {
 			eventList = workflowService.getEvents(workitem);
 		} catch (ModelException e) {
@@ -80,17 +83,15 @@ public void testGetEventsSimple() {
 	}
 
 	/**
-	 * test if the method getEvents returns correct lists of public and restricted events.
-	 * User "manfred" is listed in current workitem namTeam.
+	 * test if the method getEvents returns correct lists of public and
+	 * restricted events. User "manfred" is listed in current workitem namTeam.
 	 */
 	@Test
 	public void testGetEventsComplex() {
 
-
 		// get workitem
 		ItemCollection workitem = database.get("W0000-00001");
 		workitem.replaceItemValue(WorkflowService.PROCESSID, 100);
-		workitem.replaceItemValue(WorkflowService.ACTIVITYID, 10);
 
 		Vector<String> members = new Vector<String>();
 		members.add("jo");
@@ -101,7 +102,7 @@ public void testGetEventsComplex() {
 		workitem.replaceItemValue("nammanager", members);
 		workitem.replaceItemValue("namassist", "");
 
-		List<ItemCollection> eventList=null;
+		List<ItemCollection> eventList = null;
 		try {
 			eventList = workflowService.getEvents(workitem);
 		} catch (ModelException e) {
@@ -111,20 +112,16 @@ public void testGetEventsComplex() {
 		Assert.assertEquals(3, eventList.size());
 	}
 
-
-
 	/**
 	 * test if the method getEvents returns correct lists of workflow events,
 	 * with a more complex setup. User 'manfred' is not listed in namManger!
 	 */
 	@Test
 	public void testGetEventsComplexRestricted() {
 
-
 		// get workitem
 		ItemCollection workitem = database.get("W0000-00001");
 		workitem.replaceItemValue(WorkflowService.PROCESSID, 100);
-		workitem.replaceItemValue(WorkflowService.ACTIVITYID, 10);
 
 		Vector<String> members = new Vector<String>();
 		members.add("jo");
@@ -133,7 +130,90 @@ public void testGetEventsComplexRestricted() {
 		workitem.replaceItemValue("nammanager", members);
 		workitem.replaceItemValue("namassist", "");
 
-		List<ItemCollection> eventList=null;
+		List<ItemCollection> eventList = null;
+		try {
+			eventList = workflowService.getEvents(workitem);
+		} catch (ModelException e) {
+			e.printStackTrace();
+			Assert.fail();
+		}
+		Assert.assertEquals(2, eventList.size());
+	}
+
+	/**
+	 * This test verifies if the method getEvents returns only events where the
+	 * current user has read access! In this case, the user "manfred" is not
+	 * granted to the event 300.20 which is restricted to rhe access role
+	 * 'org.imixs.ACCESSLEVEL.MANAGERACCESS'
+	 * 
+	 * So we expect only one event!
+	 */
+	@Test
+	public void testGetEventsReadRestrictedForSimpleUser() {
+
+		when(workflowService.getUserNameList()).thenAnswer(new Answer<List<String>>() {
+			@Override
+			public List<String> answer(InvocationOnMock invocation) throws Throwable {
+				List<String> result = new ArrayList<>();
+				result.add("manfred");
+				return result;
+			}
+		});
+
+		// get workitem
+		ItemCollection workitem = database.get("W0000-00001");
+		workitem.replaceItemValue(WorkflowService.PROCESSID, 300);
+
+		Vector<String> members = new Vector<String>();
+		members.add("jo");
+		members.add("alex");
+		workitem.replaceItemValue("nammteam", "tom");
+		workitem.replaceItemValue("nammanager", members);
+		workitem.replaceItemValue("namassist", "");
+
+		List<ItemCollection> eventList = null;
+		try {
+			eventList = workflowService.getEvents(workitem);
+		} catch (ModelException e) {
+			e.printStackTrace();
+			Assert.fail();
+		}
+		Assert.assertEquals(1, eventList.size());
+	}
+
+	/**
+	 * This test verifies if the method getEvents returns only events where the
+	 * current user has read access! In this case, the user "manfred" is in the
+	 * role 'org.imixs.ACCESSLEVEL.MANAGERACCESS' and granted to the event
+	 * 300.20
+	 * 
+	 * So we expect both events!
+	 */
+	@Test
+	public void testGetEventsReadRestrictedForManagerAccess() {
+
+		when(workflowService.getUserNameList()).thenAnswer(new Answer<List<String>>() {
+			@Override
+			public List<String> answer(InvocationOnMock invocation) throws Throwable {
+				List<String> result = new ArrayList<>();
+				result.add("manfred");
+				result.add("org.imixs.ACCESSLEVEL.MANAGERACCESS");
+				return result;
+			}
+		});
+
+		// get workitem
+		ItemCollection workitem = database.get("W0000-00001");
+		workitem.replaceItemValue(WorkflowService.PROCESSID, 300);
+
+		Vector<String> members = new Vector<String>();
+		members.add("jo");
+		members.add("alex");
+		workitem.replaceItemValue("nammteam", "tom");
+		workitem.replaceItemValue("nammanager", members);
+		workitem.replaceItemValue("namassist", "");
+
+		List<ItemCollection> eventList = null;
 		try {
 			eventList = workflowService.getEvents(workitem);
 		} catch (ModelException e) {
@@ -143,5 +223,4 @@ public void testGetEventsComplexRestricted() {
 		Assert.assertEquals(2, eventList.size());
 	}
 
-
 }