JBPM-5071 - support for query service to allow filtering by user's as…

…signed projects (#491)

jbpm-services/jbpm-kie-services/src/main/java/org/jbpm/kie/services/impl/query/QueryServiceImpl.java

@@ -17,6 +17,8 @@
 package org.jbpm.kie.services.impl.query;
 
 import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -34,10 +36,16 @@
 import org.dashbuilder.dataset.def.DataSetDefRegistry;
 import org.dashbuilder.dataset.def.SQLDataSetDefBuilder;
 import org.dashbuilder.dataset.filter.ColumnFilter;
+import org.jbpm.kie.services.impl.model.ProcessAssetDesc;
 import org.jbpm.kie.services.impl.query.persistence.PersistDataSetListener;
 import org.jbpm.kie.services.impl.query.persistence.QueryDefinitionEntity;
 import org.jbpm.kie.services.impl.query.preprocessor.BusinessAdminTasksPreprocessor;
+import org.jbpm.kie.services.impl.query.preprocessor.DeploymentIdsPreprocessor;
 import org.jbpm.kie.services.impl.query.preprocessor.PotOwnerTasksPreprocessor;
+import org.jbpm.kie.services.impl.security.DeploymentRolesManager;
+import org.jbpm.services.api.DeploymentEvent;
+import org.jbpm.services.api.DeploymentEventListener;
+import org.jbpm.services.api.model.DeployedAsset;
 import org.jbpm.services.api.query.QueryAlreadyRegisteredException;
 import org.jbpm.services.api.query.QueryNotFoundException;
 import org.jbpm.services.api.query.QueryParamBuilder;
@@ -55,7 +63,7 @@
 import org.slf4j.LoggerFactory;
 
 
-public class QueryServiceImpl implements QueryService {
+public class QueryServiceImpl implements QueryService, DeploymentEventListener {
 
     private static final Logger logger = LoggerFactory.getLogger(QueryServiceImpl.class);
 
@@ -66,6 +74,13 @@ public class QueryServiceImpl implements QueryService {
 
     private IdentityProvider identityProvider;
     private TransactionalCommandService commandService;
+
+    private DeploymentRolesManager deploymentRolesManager = new DeploymentRolesManager();
+
+
+    public void setDeploymentRolesManager(DeploymentRolesManager deploymentRolesManager) {
+        this.deploymentRolesManager = deploymentRolesManager;
+    }
 
     public void setIdentityProvider(IdentityProvider identityProvider) {
         this.identityProvider = identityProvider;
@@ -146,6 +161,8 @@ public void replaceQuery(QueryDefinition queryDefinition) {
                 dataSetDefRegistry.registerPreprocessor(sqlDef.getUUID(), new BusinessAdminTasksPreprocessor(identityProvider));
             } else if (queryDefinition.getTarget().equals(Target.PO_TASK)) {
                 dataSetDefRegistry.registerPreprocessor(sqlDef.getUUID(), new PotOwnerTasksPreprocessor(identityProvider));
+            } else if (queryDefinition.getTarget().equals(Target.FILTERED_PROCESS)) {
+                dataSetDefRegistry.registerPreprocessor(sqlDef.getUUID(), new DeploymentIdsPreprocessor(deploymentRolesManager, identityProvider));
             }
             DataSetMetadata metadata = dataSetManager.getDataSetMetadata(sqlDef.getUUID());
             for (String columnId : metadata.getColumnIds()) {
@@ -268,4 +285,36 @@ protected void applyQueryContext(Map<String, Object> params, QueryContext queryC
             }
         }
     }
+
+    public void onDeploy(DeploymentEvent event) {
+        Collection<DeployedAsset> assets = event.getDeployedUnit().getDeployedAssets();
+        List<String> roles = null;
+        for( DeployedAsset asset : assets ) {
+            if( asset instanceof ProcessAssetDesc ) {                
+                if (roles == null) {
+                    roles = ((ProcessAssetDesc) asset).getRoles();
+                }
+            }
+        }
+        if (roles == null) {
+            roles = Collections.emptyList();
+        }
+        deploymentRolesManager.addRolesForDeployment(event.getDeploymentId(), roles);
+    }
+
+    public void onUnDeploy(DeploymentEvent event) {
+
+        deploymentRolesManager.removeRolesForDeployment(event.getDeploymentId());
+    }
+
+    @Override
+    public void onActivate(DeploymentEvent event) {
+        // no op
+    }
+
+    @Override
+    public void onDeactivate(DeploymentEvent event) {
+        // no op
+
+    }
 }

jbpm-services/jbpm-kie-services/src/main/java/org/jbpm/kie/services/impl/query/preprocessor/DeploymentIdsPreprocessor.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jbpm.kie.services.impl.query.preprocessor;
+
+import static org.dashbuilder.dataset.filter.FilterFactory.in;
+import static org.jbpm.services.api.query.QueryResultMapper.COLUMN_EXTERNALID;
+
+import java.util.List;
+
+import org.dashbuilder.dataset.DataSetLookup;
+import org.dashbuilder.dataset.def.DataSetPreprocessor;
+import org.dashbuilder.dataset.filter.DataSetFilter;
+import org.jbpm.kie.services.impl.security.DeploymentRolesManager;
+import org.kie.internal.identity.IdentityProvider;
+
+public class DeploymentIdsPreprocessor implements DataSetPreprocessor {
+
+    private DeploymentRolesManager deploymentRolesManager;
+
+    private IdentityProvider identityProvider;
+
+    public DeploymentIdsPreprocessor(DeploymentRolesManager deploymentRolesManager, IdentityProvider identityProvider) {
+        this.deploymentRolesManager = deploymentRolesManager;
+        this.identityProvider = identityProvider;
+    }
+
+    @Override
+    public void preprocess(DataSetLookup lookup) {
+        if (identityProvider == null) {
+            return;
+        }
+        List<String> deploymentIds = deploymentRolesManager.getDeploymentsForUser(identityProvider);
+
+
+        if (lookup.getFirstFilterOp() != null) {
+            lookup.getFirstFilterOp().addFilterColumn(in(COLUMN_EXTERNALID, deploymentIds));
+        } else {
+            DataSetFilter filter = new DataSetFilter();
+            filter.addFilterColumn(in(COLUMN_EXTERNALID, deploymentIds));
+            lookup.addOperation(filter);
+        }
+    }
+}

jbpm-services/jbpm-kie-services/src/test/java/org/jbpm/kie/services/test/QueryServiceImplTest.java

@@ -52,6 +52,7 @@
 import org.jbpm.kie.services.impl.query.mapper.UserTaskInstanceWithVarsQueryMapper;
 import org.jbpm.kie.services.test.objects.TestQueryParamBuilderFactory;
 import org.jbpm.kie.test.util.AbstractKieServicesBaseTest;
+import org.jbpm.runtime.manager.impl.deploy.DeploymentDescriptorImpl;
 import org.jbpm.services.api.ProcessInstanceNotFoundException;
 import org.jbpm.services.api.model.DeploymentUnit;
 import org.jbpm.services.api.model.ProcessInstanceDesc;
@@ -75,6 +76,7 @@
 import org.kie.api.runtime.process.ProcessInstance;
 import org.kie.api.runtime.query.QueryContext;
 import org.kie.api.task.model.TaskSummary;
+import org.kie.internal.runtime.conf.DeploymentDescriptor;
 import org.kie.internal.runtime.manager.InternalRuntimeManager;
 import org.kie.scanner.MavenRepository;
 import org.slf4j.Logger;
@@ -109,8 +111,16 @@ public void prepare() {
         processes.add("repo/processes/general/BPMN2-UserTask.bpmn2");
         processes.add("repo/processes/general/SimpleHTProcess.bpmn2");
         processes.add("repo/processes/general/AdHocSubProcess.bpmn2");
+
+        DeploymentDescriptor customDescriptor = new DeploymentDescriptorImpl("org.jbpm.domain");
+        customDescriptor.getBuilder()
+        .addRequiredRole("view:managers");
+
+        Map<String, String> resources = new HashMap<String, String>();
+        resources.put("src/main/resources/" + DeploymentDescriptor.META_INF_LOCATION, customDescriptor.toXml());
+
 
-        InternalKieModule kJar1 = createKieJar(ks, releaseId, processes);
+        InternalKieModule kJar1 = createKieJar(ks, releaseId, processes, resources);
         File pom = new File("target/kmodule", "pom.xml");
         pom.getParentFile().mkdir();
         try {
@@ -882,6 +892,55 @@ public void testGetProcessInstancesCountAndGroup() {
 
     }
 
+    @Test
+    public void testGetFilteredProcessInstances() {
+
+        // let's grant managers role so process can be started
+        List<String> roles = new ArrayList<String>();
+        roles.add("managers");
+        identityProvider.setRoles(roles);
+
+        query = new SqlQueryDefinition("getAllProcessInstances", dataSourceJNDIname, Target.FILTERED_PROCESS);
+        query.setExpression("select * from processinstancelog");
+
+
+        queryService.registerQuery(query);
+
+        List<QueryDefinition> queries = queryService.getQueries(new QueryContext());
+        assertNotNull(queries);
+        assertEquals(1, queries.size());
+
+        QueryDefinition registeredQuery = queryService.getQuery(query.getName());
+
+        assertNotNull(registeredQuery);
+        assertEquals(query.getName(), registeredQuery.getName());
+        assertEquals(query.getSource(), registeredQuery.getSource());
+        assertEquals(query.getExpression(), registeredQuery.getExpression());
+        assertEquals(query.getTarget(), registeredQuery.getTarget());
+
+        Collection<ProcessInstanceDesc> instances = queryService.query(query.getName(), ProcessInstanceQueryMapper.get(), new QueryContext());
+        assertNotNull(instances);
+        assertEquals(0, instances.size());
+
+        processInstanceId = processService.startProcess(deploymentUnit.getIdentifier(), "org.jbpm.writedocument");
+        assertNotNull(processInstanceId);
+
+        instances = queryService.query(query.getName(), ProcessInstanceQueryMapper.get(), new QueryContext());
+        assertNotNull(instances);
+        assertEquals(1, instances.size());
+        assertEquals(1, (int)instances.iterator().next().getState());
+
+        // let's now change the roles so user should not see instances
+        roles.clear();
+        roles.add("employees");
+        identityProvider.setRoles(roles);
+        identityProvider.setName("anotherUser");
+
+        instances = queryService.query(query.getName(), ProcessInstanceQueryMapper.get(), new QueryContext());
+        assertNotNull(instances);
+        assertEquals(0, instances.size());
+    }
+
     protected void setFieldValue(Object instance, String fieldName, Object value) {
         try {
             Field f = instance.getClass().getDeclaredField(fieldName);            

jbpm-services/jbpm-kie-services/src/test/java/org/jbpm/kie/test/util/AbstractKieServicesBaseTest.java

@@ -144,6 +144,7 @@ protected void configureServices() {
 		// set runtime data service as listener on deployment service
 		((KModuleDeploymentService)deploymentService).addListener(((RuntimeDataServiceImpl) runtimeDataService));
 		((KModuleDeploymentService)deploymentService).addListener(((BPMN2DataServiceImpl) bpmn2Service));
+		((KModuleDeploymentService)deploymentService).addListener(((QueryServiceImpl) queryService));
 
 		// build process service
 		processService = new ProcessServiceImpl();

jbpm-services/jbpm-services-api/src/main/java/org/jbpm/services/api/query/model/QueryDefinition.java

@@ -29,6 +29,7 @@ public enum Target {
         BA_TASK,
         PO_TASK,
         JOBS,
+        FILTERED_PROCESS,
         CUSTOM;
     }
 

jbpm-services/jbpm-services-cdi/src/main/java/org/jbpm/services/cdi/impl/query/QueryServiceCDIImpl.java

@@ -18,6 +18,7 @@
 
 import javax.annotation.PostConstruct;
 import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.event.Observes;
 import javax.enterprise.inject.Instance;
 import javax.inject.Inject;
 import javax.inject.Named;
@@ -26,6 +27,12 @@
 import org.dashbuilder.dataset.DataSetManager;
 import org.dashbuilder.dataset.def.DataSetDefRegistry;
 import org.jbpm.kie.services.impl.query.QueryServiceImpl;
+import org.jbpm.kie.services.impl.security.DeploymentRolesManager;
+import org.jbpm.services.api.DeploymentEvent;
+import org.jbpm.services.cdi.Activate;
+import org.jbpm.services.cdi.Deactivate;
+import org.jbpm.services.cdi.Deploy;
+import org.jbpm.services.cdi.Undeploy;
 import org.jbpm.shared.services.impl.TransactionalCommandService;
 import org.kie.internal.identity.IdentityProvider;
 import org.kie.internal.runtime.cdi.BootOnLoad;
@@ -54,6 +61,12 @@ public void setCommandService(TransactionalCommandService commandService) {
         super.setCommandService(commandService);
     }
 
+    @Inject
+    @Override
+    public void setDeploymentRolesManager(DeploymentRolesManager deploymentRolesManager) {
+        super.setDeploymentRolesManager(deploymentRolesManager);
+    }
+
     @PostConstruct
     @Override
     public void init() {
@@ -68,5 +81,25 @@ public void init() {
         }
         super.init();
     }
+
+    @Override
+    public void onDeploy(@Observes@Deploy DeploymentEvent event) {
+        super.onDeploy(event);
+    }
+
+    @Override
+    public void onUnDeploy(@Observes@Undeploy DeploymentEvent event) {
+        super.onUnDeploy(event);
+    }
+
+    @Override
+    public void onActivate(@Observes@Activate DeploymentEvent event) {
+        super.onActivate(event);
+    }
+
+    @Override
+    public void onDeactivate(@Observes@Deactivate DeploymentEvent event) {
+        super.onDeactivate(event);
+    }
 
 }