0 Replies Latest reply: Jan 22, 2013 3:15 PM by 971922 RSS

    Task users assigned at runtime don't have permissions in process operations

    971922
      I'm trying to add comments and attachments at process level, and it is already working for users who are already in the roles mapped to the swinlanes, but I have a requirement where the user from the previous task will choose the person or group who will take the next task. This means any chosen specialist in the organization (5000+) can approve/review the next step of the process.

      To do that, I'm implementing the human task as
      <participants isAdhocRoutingSupported="false">
               <stage name="Stage1">
                  <participant name="Reviewer">
                     <resource type="XPATH" identityType="user">/task:task/task:payload/ns1:Assignee/ns1:user</resource>
                     <resource type="XPATH" identityType="group">/task:task/task:payload/ns1:Assignee/ns1:group</resource>
                  </participant>
               </stage>
      </participants>
      This is working as the user is getting the task in his inbox.

      However when I query the allowed process instance/global actions for that user, I get nothing, as user1 is not in the "Reviewer" app role.
      IBPMContext ctx = (IBPMContext) getTaskQueryService().getWorkflowContext(token);
      IProcessInstance processInstance = getInstanceQueryService().getProcessInstance(ctx, instanceId);
      
      List<String> allowedActions = getInstanceManagementService().getAllowedActions(ctx, processInstance);
      My temporary fix to this problem is to programmatically add every user to the application role anytime they try to comment or attach documents at process level. It's quite ugly and inneficient.

      I'm running Oracle BPM Source Tag: PCBPEL_11.1.1.6.0_GENERIC_111214.0600.1553