Bug 1125905

Summary: [Admin] No permission control on the build project.
Product: [Retired] JBoss BPMS Platform 6 Reporter: yuli wang <yulwang>
Component: Business CentralAssignee: Marco Rietveld <mrietvel>
Status: CLOSED EOL QA Contact: Lukáš Petrovický <lpetrovi>
Severity: high Docs Contact:
Priority: high    
Version: 6.0.1CC: kverlaen, manstis, mbaluch, mwinkler, rzhang, xiabai
Target Milestone: ER4   
Target Release: 6.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-27 20:02:25 UTC Type: Enhancement
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
permission need control none

Description yuli wang 2014-08-01 10:10:05 UTC 
Description of problem:
As analyst, I can build and deploy the project&Process.

Version-Release number of selected component (if applicable):
6.0.1

How reproducible:
100%

Steps to Reproduce:
1.Go to Authoring->Project Authoring as analyst.
2.Design a new process and try to build and deploy it.

Actual results:
Any one can build and deploy the project/process

Expected results:
There is permission control on the build/deploy project.

Additional info:
Comment 1 yuli wang 2014-08-01 10:10:31 UTC 
Created attachment 923203 [details]
permission need control
Comment 3 Marek Winkler 2014-08-01 10:44:30 UTC 
I actually believe this is expected behaviour (analyst can build and deploy), see analyst role description from web.xml:

Analyst - Responsible for creating and designing processes
      into the system. Creates process flows and handles
      process change requests. Needs to test processes that
      they create. Also creates forms and dashboards.

Kris, please correct me, if I am wrong, thanks!
Comment 6 cory 2014-08-04 02:23:59 UTC 
We just need a mechanism so that we can customize the permissions(save,delete,cpoy.rename,buildanddeploy). So, i will let analyst can build and deploy.
Comment 9 manstis 2014-08-05 09:18:33 UTC 
The changes add role based permissions to the operations on the Project Editor screen (Save, Rename, Copy, Delete and Build&Deploy). The roles are defined in workbench-policy.properties (as are the permissions for the Home page etc). Default permissions grant all operations to all roles (i.e. no visible change to users).
Comment 10 Tomas Livora 2014-10-06 13:23:27 UTC 
Verified on BPMS 6.1.0 DR3
Comment 11 cory 2014-12-10 04:45:07 UTC 
In last version of master, we can not control Build&Deploy use KieAcl.

I find some change in here (https://github.com/droolsjbpm/kie-wb-common/blob/6.2.0.CR3/kie-wb-common-screens/kie-wb-common-project-editor/kie-wb-common-project-editor-client/src/main/java/org/kie/workbench/common/screens/projecteditor/client/editor/ProjectScreenPresenter.java#L343)

in this place , i can not use withRoles method.
Comment 12 Kris Verlaenen 2014-12-10 13:50:08 UTC 
Maciej, it seems your build menu change might have interfered with this feature?
Comment 13 Maciej Swiderski 2014-12-12 17:17:14 UTC 
correct, it was missing feature but now it's added back

kie-wb-common
master:
https://github.com/droolsjbpm/kie-wb-common/commit/305406d255a66c13e543e51c320c1b8cdad49bfb

6.2.x:
https://github.com/droolsjbpm/kie-wb-common/commit/83145e9a5b1aa52c7fa6b75851515dca2aafb3b3
Comment 14 Tomas Livora 2015-01-26 15:02:12 UTC 
Verified on BPMS 6.1.0 ER4