From a202344af4c8a1350f5657a1d13f9e8e06a49d1e Mon Sep 17 00:00:00 2001 From: Maciej Swiderski Date: Mon, 16 Dec 2019 15:09:41 +0100 Subject: [PATCH] KOGITO-774 - Enforce user task authorisation for any task that has users/groups assigned (#113) --- .../src/main/resources/application.properties | 2 +- .../kogito/examples/OrdersProcessTest.java | 13 +++++++---- .../kie/kogito/examples/OrdersRestTest.java | 6 ++--- .../kogito/examples/PersonProcessTest.java | 15 ++++++------- .../kie/kogito/examples/PersonsRestTest.java | 22 +++++++++---------- .../examples/demo/OrderServiceApiTest.java | 14 ++++++++---- .../examples/demo/OrderServiceRestTest.java | 6 ++--- .../examples/demo/PersonProcessTest.java | 18 +++++++-------- .../kogito/examples/demo/PersonsRestTest.java | 22 +++++++++---------- 9 files changed, 64 insertions(+), 54 deletions(-) diff --git a/jbpm-quarkus-example/src/main/resources/application.properties b/jbpm-quarkus-example/src/main/resources/application.properties index 31fc3c34fcd..b3ecf48b73f 100644 --- a/jbpm-quarkus-example/src/main/resources/application.properties +++ b/jbpm-quarkus-example/src/main/resources/application.properties @@ -1,2 +1,2 @@ quarkus.infinispan-client.server-list=localhost:11222 -quarkus.http.cors=true \ No newline at end of file +quarkus.http.cors=true diff --git a/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/OrdersProcessTest.java b/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/OrdersProcessTest.java index f02e3cf8d31..88426415f2f 100644 --- a/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/OrdersProcessTest.java +++ b/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/OrdersProcessTest.java @@ -5,6 +5,7 @@ import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertTrue; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -16,11 +17,13 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.kie.kogito.Model; +import org.kie.kogito.auth.SecurityPolicy; import org.kie.kogito.examples.demo.Order; import org.kie.kogito.process.Process; import org.kie.kogito.process.ProcessInstance; import org.kie.kogito.process.ProcessInstances; import org.kie.kogito.process.WorkItem; +import org.kie.kogito.services.identity.StaticIdentityProvider; import io.quarkus.test.junit.QuarkusTest; @@ -34,6 +37,8 @@ public class OrdersProcessTest { @Inject @Named("demo.orderItems") Process orderItemsProcess; + + private SecurityPolicy policy = SecurityPolicy.of(new StaticIdentityProvider("john", Collections.singletonList("managers"))); @BeforeEach public void setup() { @@ -68,10 +73,10 @@ public void testOrderProcess() { ProcessInstance childProcessInstance = orderItemProcesses.values().iterator().next(); - List workItems = childProcessInstance.workItems(); + List workItems = childProcessInstance.workItems(policy); assertEquals(1, workItems.size()); - childProcessInstance.completeWorkItem(workItems.get(0).getId(), null); + childProcessInstance.completeWorkItem(workItems.get(0).getId(), null, policy); assertEquals(ProcessInstance.STATE_COMPLETED, childProcessInstance.status()); Optional pi = orderProcess.instances().findById(processInstance.id()); @@ -115,10 +120,10 @@ public void testOrderProcessWithError() { ProcessInstance childProcessInstance = orderItemProcesses.values().iterator().next(); - List workItems = childProcessInstance.workItems(); + List workItems = childProcessInstance.workItems(policy); assertEquals(1, workItems.size()); - childProcessInstance.completeWorkItem(workItems.get(0).getId(), null); + childProcessInstance.completeWorkItem(workItems.get(0).getId(), null, policy); assertEquals(ProcessInstance.STATE_COMPLETED, childProcessInstance.status()); assertEquals(ProcessInstance.STATE_COMPLETED, processInstance.status()); diff --git a/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/OrdersRestTest.java b/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/OrdersRestTest.java index c4dcc87be0e..08d542c8e1f 100644 --- a/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/OrdersRestTest.java +++ b/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/OrdersRestTest.java @@ -131,7 +131,7 @@ public void testOrdersWithOrderItemsRest() { .statusCode(200).body("id", is(orderItemsId)); // test getting task - Map taskInfo = given().accept(ContentType.JSON).when().get("/orderItems/" + orderItemsId + "/tasks").then() + Map taskInfo = given().accept(ContentType.JSON).when().get("/orderItems/" + orderItemsId + "/tasks?user=john").then() .statusCode(200).extract().as(Map.class); assertEquals(1, taskInfo.size()); @@ -139,7 +139,7 @@ public void testOrdersWithOrderItemsRest() { // test completing task String payload = "{}"; - given().contentType(ContentType.JSON).accept(ContentType.JSON).body(payload).when().post("/orderItems/" + orderItemsId + "/Verify_order/" + taskInfo.keySet().iterator().next()).then() + given().contentType(ContentType.JSON).accept(ContentType.JSON).body(payload).when().post("/orderItems/" + orderItemsId + "/Verify_order/" + taskInfo.keySet().iterator().next() + "?user=john").then() .statusCode(200).body("id", is(orderItemsId)); // get all orders make sure there is zero @@ -177,7 +177,7 @@ public void testOrdersWithOrderItemsAbortedRest() { .statusCode(200).body("id", is(orderItemsId)); // test getting task - Map taskInfo = given().accept(ContentType.JSON).when().get("/orderItems/" + orderItemsId + "/tasks").then() + Map taskInfo = given().accept(ContentType.JSON).when().get("/orderItems/" + orderItemsId + "/tasks?user=john").then() .statusCode(200).extract().as(Map.class); assertEquals(1, taskInfo.size()); diff --git a/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/PersonProcessTest.java b/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/PersonProcessTest.java index 1a633f4035c..b8c57d462ae 100644 --- a/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/PersonProcessTest.java +++ b/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/PersonProcessTest.java @@ -5,6 +5,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.assertFalse; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -30,6 +31,8 @@ public class PersonProcessTest { @Inject @Named("persons") Process personProcess; + + private SecurityPolicy policy = SecurityPolicy.of(new StaticIdentityProvider("admin", Collections.singletonList("managers"))); @Test public void testAdult() { @@ -63,10 +66,10 @@ public void testChild() { assertEquals(1, result.toMap().size()); assertFalse(((Person)result.toMap().get("person")).isAdult()); - List workItems = processInstance.workItems(); + List workItems = processInstance.workItems(policy); assertEquals(1, workItems.size()); - processInstance.completeWorkItem(workItems.get(0).getId(), null); + processInstance.completeWorkItem(workItems.get(0).getId(), null, policy); assertEquals(ProcessInstance.STATE_COMPLETED, processInstance.status()); } @@ -86,9 +89,6 @@ public void testChildWithSecurityPolicy() { assertEquals(1, result.toMap().size()); assertFalse(((Person)result.toMap().get("person")).isAdult()); - StaticIdentityProvider identity = new StaticIdentityProvider("admin"); - SecurityPolicy policy = SecurityPolicy.of(identity); - List workItems = processInstance.workItems(policy); assertEquals(1, workItems.size()); @@ -112,10 +112,9 @@ public void testChildWithSecurityPolicyNotAuthorized() { assertEquals(1, result.toMap().size()); assertFalse(((Person)result.toMap().get("person")).isAdult()); - StaticIdentityProvider identity = new StaticIdentityProvider("john"); - SecurityPolicy policy = SecurityPolicy.of(identity); + SecurityPolicy johnPolicy = SecurityPolicy.of(new StaticIdentityProvider("john")); - List workItems = processInstance.workItems(policy); + List workItems = processInstance.workItems(johnPolicy); assertEquals(0, workItems.size()); processInstance.abort(); diff --git a/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/PersonsRestTest.java b/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/PersonsRestTest.java index 48384352a79..35500eb9d6f 100644 --- a/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/PersonsRestTest.java +++ b/jbpm-quarkus-example/src/test/java/org/kie/kogito/examples/PersonsRestTest.java @@ -65,7 +65,7 @@ public void testChildPersonsRest() { .body("$.size()", is(1), "[0].id", is(firstCreatedId)); // test getting task - Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks").then() + Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks?user=admin").then() .statusCode(200).extract().as(Map.class); assertEquals(1, taskInfo.size()); @@ -73,7 +73,7 @@ public void testChildPersonsRest() { // test completing task String fixedOrderPayload = "{}"; - given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next()).then() + given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next() + "?user=admin").then() .statusCode(200).body("id", is(firstCreatedId)); // get all persons make sure there is zero @@ -205,7 +205,7 @@ public void testPersonsRestStartFromUserTask() { .body("$.size()", is(1), "[0].id", is(firstCreatedId), "[0].person.adult", is(false)); // test getting task - Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks").then() + Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks?user=admin").then() .statusCode(200).extract().as(Map.class); assertEquals(1, taskInfo.size()); @@ -213,7 +213,7 @@ public void testPersonsRestStartFromUserTask() { // test completing task String fixedOrderPayload = "{}"; - given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next()).then() + given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next() + "?user=admin").then() .statusCode(200).body("id", is(firstCreatedId)); // get all persons make sure there is zero @@ -238,7 +238,7 @@ public void testChildPersonsRestAbortViaMgmtInterface() { .body("$.size()", is(1), "[0].id", is(firstCreatedId), "[0].person.adult", is(false)); // test getting task - Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks").then() + Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks?user=admin").then() .statusCode(200).extract().as(Map.class); assertEquals(1, taskInfo.size()); @@ -270,7 +270,7 @@ public void testChildPersonsRestRetriggerNodeViaMgmtInterface() { .body("$.size()", is(1), "[0].id", is(firstCreatedId), "[0].person.adult", is(false)); // test getting task - Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks").then() + Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks?user=admin").then() .statusCode(200).extract().as(Map.class); assertEquals(1, taskInfo.size()); @@ -283,7 +283,7 @@ public void testChildPersonsRestRetriggerNodeViaMgmtInterface() { given().contentType(ContentType.JSON).accept(ContentType.JSON).when().post("/management/processes/persons/instances/" + firstCreatedId + "/nodeInstances/" + nodeInstanceId).then() .statusCode(200); - taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks").then() + taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks?user=admin").then() .statusCode(200).extract().as(Map.class); String retriggeredNodeInstanceId = given().contentType(ContentType.JSON).accept(ContentType.JSON).when().get("/management/processes/persons/instances/" + firstCreatedId + "/nodeInstances").then() @@ -293,7 +293,7 @@ public void testChildPersonsRestRetriggerNodeViaMgmtInterface() { // test completing task String fixedOrderPayload = "{}"; - given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next()).then() + given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next() + "?user=admin").then() .statusCode(200).body("id", is(firstCreatedId)); // get all persons make sure there is zero @@ -318,7 +318,7 @@ public void testChildPersonsRestCancelAndTriggerNodeViaMgmtInterface() { .body("$.size()", is(1), "[0].id", is(firstCreatedId), "[0].person.adult", is(false)); // test getting task - Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks").then() + Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks?user=admin").then() .statusCode(200).extract().as(Map.class); assertEquals(1, taskInfo.size()); @@ -335,7 +335,7 @@ public void testChildPersonsRestCancelAndTriggerNodeViaMgmtInterface() { given().contentType(ContentType.JSON).accept(ContentType.JSON).when().post("/management/processes/persons/instances/" + firstCreatedId + "/nodes/UserTask_1").then() .statusCode(200); - taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks").then() + taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks?user=admin").then() .statusCode(200).extract().as(Map.class); String retriggeredNodeInstanceId = given().contentType(ContentType.JSON).accept(ContentType.JSON).when().get("/management/processes/persons/instances/" + firstCreatedId + "/nodeInstances").then() @@ -345,7 +345,7 @@ public void testChildPersonsRestCancelAndTriggerNodeViaMgmtInterface() { // test completing task String fixedOrderPayload = "{}"; - given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next()).then() + given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next() + "?user=admin").then() .statusCode(200).body("id", is(firstCreatedId)); // get all persons make sure there is zero diff --git a/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/OrderServiceApiTest.java b/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/OrderServiceApiTest.java index 6f51434ba62..c204445f420 100644 --- a/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/OrderServiceApiTest.java +++ b/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/OrderServiceApiTest.java @@ -4,6 +4,7 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -11,11 +12,13 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.kie.kogito.Model; +import org.kie.kogito.auth.SecurityPolicy; import org.kie.kogito.examples.DemoApplication; import org.kie.kogito.process.Process; import org.kie.kogito.process.ProcessInstance; import org.kie.kogito.process.ProcessInstances; import org.kie.kogito.process.WorkItem; +import org.kie.kogito.services.identity.StaticIdentityProvider; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.test.context.SpringBootTest; @@ -36,6 +39,8 @@ public class OrderServiceApiTest { @Autowired @Qualifier("demo.orderItems") Process orderItemsProcess; + + private SecurityPolicy policy = SecurityPolicy.of(new StaticIdentityProvider("john", Collections.singletonList("managers"))); @Test @@ -68,12 +73,13 @@ public void testOrderProcess() { ProcessInstance childProcessInstance = orderItemProcesses.values().iterator().next(); - List workItems = childProcessInstance.workItems(); + List workItems = childProcessInstance.workItems(policy); assertEquals(1, workItems.size()); childProcessInstance.completeWorkItem(workItems.get(0).getId(), - null); + null, + policy); assertEquals(ProcessInstance.STATE_COMPLETED, childProcessInstance.status()); @@ -120,10 +126,10 @@ public void testOrderProcessWithError() { ProcessInstance childProcessInstance = orderItemProcesses.values().iterator().next(); - List workItems = childProcessInstance.workItems(); + List workItems = childProcessInstance.workItems(policy); assertEquals(1, workItems.size()); - childProcessInstance.completeWorkItem(workItems.get(0).getId(), null); + childProcessInstance.completeWorkItem(workItems.get(0).getId(), null, policy); assertEquals(ProcessInstance.STATE_COMPLETED, childProcessInstance.status()); assertEquals(ProcessInstance.STATE_COMPLETED, processInstance.status()); diff --git a/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/OrderServiceRestTest.java b/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/OrderServiceRestTest.java index f5bd5cdac34..9d9dae06833 100644 --- a/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/OrderServiceRestTest.java +++ b/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/OrderServiceRestTest.java @@ -170,7 +170,7 @@ public void testOrdersWithOrderItemsRest() { .statusCode(200).body("id", is(orderItemsId)); // test getting task - Map taskInfo = given().accept(ContentType.JSON).when().get("/orderItems/" + orderItemsId + "/tasks").then() + Map taskInfo = given().accept(ContentType.JSON).when().get("/orderItems/" + orderItemsId + "/tasks?user=john").then() .statusCode(200).extract().as(Map.class); assertEquals(1, taskInfo.size()); @@ -178,7 +178,7 @@ public void testOrdersWithOrderItemsRest() { // test completing task String payload = "{}"; - given().contentType(ContentType.JSON).accept(ContentType.JSON).body(payload).when().post("/orderItems/" + orderItemsId + "/Verify_order/" + taskInfo.keySet().iterator().next()).then() + given().contentType(ContentType.JSON).accept(ContentType.JSON).body(payload).when().post("/orderItems/" + orderItemsId + "/Verify_order/" + taskInfo.keySet().iterator().next() + "?user=john").then() .statusCode(200).body("id", is(orderItemsId)); // get all orders make sure there is zero @@ -215,7 +215,7 @@ public void testOrdersWithOrderItemsAbortedRest() { .statusCode(200).body("id", is(orderItemsId)); // test getting task - Map taskInfo = given().accept(ContentType.JSON).when().get("/orderItems/" + orderItemsId + "/tasks").then() + Map taskInfo = given().accept(ContentType.JSON).when().get("/orderItems/" + orderItemsId + "/tasks?user=john").then() .statusCode(200).extract().as(Map.class); assertEquals(1, taskInfo.size()); diff --git a/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/PersonProcessTest.java b/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/PersonProcessTest.java index db33c2717ef..75dc2c6ed2b 100644 --- a/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/PersonProcessTest.java +++ b/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/PersonProcessTest.java @@ -5,6 +5,7 @@ import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -35,6 +36,8 @@ public class PersonProcessTest { @Autowired @Qualifier("persons") Process personProcess; + + private SecurityPolicy policy = SecurityPolicy.of(new StaticIdentityProvider("admin", Collections.singletonList("managers"))); @Test public void testPersonsProcessIsAdult() { @@ -75,12 +78,13 @@ public void testPersonsProcessIsChild() { result.toMap().size()); assertFalse(((Person) result.toMap().get("person")).isAdult()); - List workItems = processInstance.workItems(); + List workItems = processInstance.workItems(policy); assertEquals(1, workItems.size()); processInstance.completeWorkItem(workItems.get(0).getId(), - null); + null, + policy); assertEquals(ProcessInstance.STATE_COMPLETED, processInstance.status()); @@ -101,10 +105,7 @@ public void testChildWithSecurityPolicy() { Model result = (Model)processInstance.variables(); assertEquals(1, result.toMap().size()); assertFalse(((Person)result.toMap().get("person")).isAdult()); - - StaticIdentityProvider identity = new StaticIdentityProvider("admin"); - SecurityPolicy policy = SecurityPolicy.of(identity); - + List workItems = processInstance.workItems(policy); assertEquals(1, workItems.size()); @@ -128,10 +129,9 @@ public void testChildWithSecurityPolicyNotAuthorized() { assertEquals(1, result.toMap().size()); assertFalse(((Person)result.toMap().get("person")).isAdult()); - StaticIdentityProvider identity = new StaticIdentityProvider("john"); - SecurityPolicy policy = SecurityPolicy.of(identity); + SecurityPolicy johnPolicy = SecurityPolicy.of(new StaticIdentityProvider("john")); - List workItems = processInstance.workItems(policy); + List workItems = processInstance.workItems(johnPolicy); assertEquals(0, workItems.size()); processInstance.abort(); diff --git a/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/PersonsRestTest.java b/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/PersonsRestTest.java index 997b28b8b16..407fea9d367 100644 --- a/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/PersonsRestTest.java +++ b/jbpm-springboot-example/src/test/java/org/kie/kogito/examples/demo/PersonsRestTest.java @@ -64,7 +64,7 @@ public void testChildPersonsRest() { .body("$.size()", is(1), "[0].id", is(firstCreatedId)); // test getting task - Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks").then() + Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks?user=admin").then() .statusCode(200).extract().as(Map.class); assertEquals(1, taskInfo.size()); @@ -72,7 +72,7 @@ public void testChildPersonsRest() { // test completing task String fixedOrderPayload = "{}"; - given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next()).then() + given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next() + "?user=admin").then() .statusCode(200).body("id", is(firstCreatedId)); // get all persons make sure there is zero @@ -203,7 +203,7 @@ public void testPersonsRestStartFromUserTask() { .body("$.size()", is(1), "[0].id", is(firstCreatedId), "[0].person.adult", is(false)); // test getting task - Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks").then() + Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks?user=admin").then() .statusCode(200).extract().as(Map.class); assertEquals(1, taskInfo.size()); @@ -211,7 +211,7 @@ public void testPersonsRestStartFromUserTask() { // test completing task String fixedOrderPayload = "{}"; - given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next()).then() + given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next() + "?user=admin").then() .statusCode(200).body("id", is(firstCreatedId)); // get all persons make sure there is zero @@ -236,7 +236,7 @@ public void testChildPersonsRestAbortViaMgmtInterface() { .body("$.size()", is(1), "[0].id", is(firstCreatedId), "[0].person.adult", is(false)); // test getting task - Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks").then() + Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks?user=admin").then() .statusCode(200).extract().as(Map.class); assertEquals(1, taskInfo.size()); @@ -267,7 +267,7 @@ public void testChildPersonsRestRetriggerNodeViaMgmtInterface() { .body("$.size()", is(1), "[0].id", is(firstCreatedId), "[0].person.adult", is(false)); // test getting task - Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks").then() + Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks?user=admin").then() .statusCode(200).extract().as(Map.class); assertEquals(1, taskInfo.size()); @@ -280,7 +280,7 @@ public void testChildPersonsRestRetriggerNodeViaMgmtInterface() { given().contentType(ContentType.JSON).accept(ContentType.JSON).when().post("/management/processes/persons/instances/" + firstCreatedId + "/nodeInstances/" + nodeInstanceId).then() .statusCode(200); - taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks").then() + taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks?user=admin").then() .statusCode(200).extract().as(Map.class); String retriggeredNodeInstanceId = given().contentType(ContentType.JSON).accept(ContentType.JSON).when().get("/management/processes/persons/instances/" + firstCreatedId + "/nodeInstances").then() @@ -290,7 +290,7 @@ public void testChildPersonsRestRetriggerNodeViaMgmtInterface() { // test completing task String fixedOrderPayload = "{}"; - given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next()).then() + given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next()+ "?user=admin").then() .statusCode(200).body("id", is(firstCreatedId)); // get all persons make sure there is zero @@ -314,7 +314,7 @@ public void testChildPersonsRestCancelAndTriggerNodeViaMgmtInterface() { .body("$.size()", is(1), "[0].id", is(firstCreatedId), "[0].person.adult", is(false)); // test getting task - Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks").then() + Map taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks?user=admin").then() .statusCode(200).extract().as(Map.class); assertEquals(1, taskInfo.size()); @@ -331,7 +331,7 @@ public void testChildPersonsRestCancelAndTriggerNodeViaMgmtInterface() { given().contentType(ContentType.JSON).accept(ContentType.JSON).when().post("/management/processes/persons/instances/" + firstCreatedId + "/nodes/UserTask_1").then() .statusCode(200); - taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks").then() + taskInfo = given().accept(ContentType.JSON).when().get("/persons/" + firstCreatedId + "/tasks?user=admin").then() .statusCode(200).extract().as(Map.class); String retriggeredNodeInstanceId = given().contentType(ContentType.JSON).accept(ContentType.JSON).when().get("/management/processes/persons/instances/" + firstCreatedId + "/nodeInstances").then() @@ -341,7 +341,7 @@ public void testChildPersonsRestCancelAndTriggerNodeViaMgmtInterface() { // test completing task String fixedOrderPayload = "{}"; - given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next()).then() + given().contentType(ContentType.JSON).accept(ContentType.JSON).body(fixedOrderPayload).when().post("/persons/" + firstCreatedId + "/ChildrenHandling/" + taskInfo.keySet().iterator().next() + "?user=admin").then() .statusCode(200).body("id", is(firstCreatedId)); // get all persons make sure there is zero