flowable-engine icon indicating copy to clipboard operation
flowable-engine copied to clipboard
verified publisher icon flowable

add REST API interceptors for handling more diverse permissions (identity links, variables, conditional events)

Open tiffmaelite opened this issue 4 years ago • 5 comments

I extended the CMMN REST API interceptor and the BPMN REST API interceptor such that it becomes possible to react on a request to access, create, edit or delete identity links for cases, processes and tasks. In the first draft, I also made the new method generic enough to be able to use it in the future for other kinds of action intercepting, if it were to become a use case (e.g. need to intercept requests to alter entity links, comments or attachments)

Check List:

  • Unit tests: NO
  • Documentation: NA

tiffmaelite avatar Dec 10 '21 15:12 tiffmaelite

I now applied the style settings files of the project, which I had forgotten to use.

tiffmaelite avatar Dec 13 '21 08:12 tiffmaelite

Thanks for the PR @tiffmaelite.

I also made the new method generic enough to be able to use it in the future for other kinds of action intercepting, if it were to become a use case (e.g. need to intercept requests to alter entity links, comments or attachments)

I understand where you are coming from. However, we are not using that pattern in the interceptors anywhere else. Therefore, can we please use dedicated methods for each action. e.g.

  • accessTaskIdentityLinks
  • updateTaskIdentityLinks
  • deleteTaskIdentityLinks
  • createTaskIdentityLinks

In addition to that some of the endpoints are invoking the access instance info by id interceptor, e.g. when getting the case instance identity links. Perhaps here we should not invoke that interceptor and only invoke the access identity links one.

filiphr avatar Dec 13 '21 14:12 filiphr

@filiphr : API was changed as requested I am not sure whether any additional permission check on the task/process/case is actually necessary (they still can be done in the new methods if needed), so I removed all of them, but let me know if you disagree

tiffmaelite avatar Dec 13 '21 16:12 tiffmaelite

Thanks for the PR @tiffmaelite.

I also made the new method generic enough to be able to use it in the future for other kinds of action intercepting, if it were to become a use case (e.g. need to intercept requests to alter entity links, comments or attachments)

I understand where you are coming from. However, we are not using that pattern in the interceptors anywhere else. Therefore, can we please use dedicated methods for each action. e.g.

  • accessTaskIdentityLinks
  • updateTaskIdentityLinks
  • deleteTaskIdentityLinks
  • createTaskIdentityLinks

In addition to that some of the endpoints are invoking the access instance info by id interceptor, e.g. when getting the case instance identity links. Perhaps here we should not invoke that interceptor and only invoke the access identity links one.

fixed

tiffmaelite avatar Dec 14 '21 08:12 tiffmaelite

Thanks for the changes @tiffmaelite. I've added some more comments where we can make some things more granular. Can you please have a look at my last comments and let me know what you think

done

tiffmaelite avatar Apr 19 '22 08:04 tiffmaelite

replaced by https://github.com/flowable/flowable-engine/commit/022b6ac1c06db92aaad3490e2b8be7c396782b74

tiffmaelite avatar May 04 '23 18:05 tiffmaelite