[jboss-user] [JBoss jBPM] - Is JBPM authorization model broken ?
Tom Brough
do-not-reply at jboss.com
Thu Oct 11 09:59:15 EDT 2007
Ok JBPM has gone from challenging to getting on my wick !
Im using jbpm-jpdl-3.2.1 and it seems that no matter what I configure in my processdefinition.xml any user can see / act on any task.
Consider this :-
| <?xml version="1.0" encoding="UTF-8"?>
|
| <process-definition
| xmlns="urn:jbpm.org:jpdl-3.2"
| name="IT01">
|
| <!-- Nodes -->
| <!-- start-state -->
| <start-state name="start">
| <transition name="transition1" to="getDetails"></transition>
| </start-state>
|
| <!-- end-state -->
| <end-state name="end"></end-state>
|
| <!-- getDetails - get initial details of IT01 -->
| <task-node name="getDetails">
| <task name="getDetails">
| <assignment expression="user(manager)" />
| </task>
| <transition name="Transition2" to="Check Form">
| </transition>
| </task-node>
|
| <!-- Check Form - IT Manager checks form -->
|
| <task-node name="Check Form">
| <task name="ITManagerFormCheck">
| <assignment expression="user(manager)" />
| </task>
| <transition name="Transition3" to="end"></transition>
| </task-node>
| </process-definition>
|
You would expect <assignment expression="user(manager)" /> to assign the task to manager right ?
when I log in as user, I can start a new process, this presents me with a Task, the task says its assigned to manager, which is what you would expect however when you click examine it goes on to let you fill in the associated form with the task (as user). You can then "submit" that task and transition to the next task (all done as user: user).
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4094099#4094099
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4094099
More information about the jboss-user
mailing list