I’m working on CAF project which uses BPM.
I have many tasks on my project,and I want to set the following behavior:
If the task is assigned to a role, the members of this role should be able to view the task and modify it.But the other users that are not assigned to this task should be able to view the task without being able to modify the task.
When I try to set the permissions to “View Task Data” & “View Task Info”, the task view is not diplayed and I get the following error:
Failed to evaluate binding expression: #{[view].[task].canUserViewTaskData}
But when I set the permission to “Task Administration”, the task view is displayed and unfortunately it’s possible to make modifications on the task, what is not required.
I think you cannot do that since its not possible to make a portlet task read only by assigning permissions. Instead you may try to assign the task to two roles and programmatically change the portlet to make read only the required parts or sections.
I see your point. The task porlet view should be viewed by a role and viewed and modified by other.
And this concerns all the sections of the view.
Can you please provide me with more details about how can this be programatically done, since as you said this can’t be done with permission management.
So if I inderstood well, I’ll use this boolean vaiable in the ‘Disabled’ property of all updatebale components of the view.
Is it the best way to do so, because I’ ve got many roles that are involved in a task.
Is it necessary to have as many variables as many roles or only one variable for all? (supposing of course that I cannot assign the roles in one role)
If only one variable is required, how can I modify the example you provided to manage many roles?
The actual implementation depends on your requirements.
For example, if all the users would have read-only access to the task, then what would you choose:
all editable fields disabled
use a Disableable Panel CAF component that contains the other components
all editable fields read-only (there is also this property)
only the Save-like buttons to be disabled (the user can change fields, but can not actually invoke applyChanges())
the user can click Save, but he will receive an error message. Task not updated
The #{securityRoles[…]} expression can be used also directly on the CAF components.
Regarding role organization, I would have a technical parent role that contains all the “read-only” roles.
It is easier to manage and you do not have to change the code if one of the sub-roles is removed/added/renamed.
Thanks a lot for the clarifications. They are very usefull.
The problem I’ve got is that I want to apply this behavior for all the tasks of my process.
And for every task, the assigned role should be able to view and modify, and the other assigned roles for the other tasks should be able to view noly this task.
It means I cannot regroup all the roles in one, since the read only roles are not the same for all the tasks, they change from a task to another.
In this case I’ll need to have a read-only role for every task. And I’ll end with as many read-only roles as many tasks and I’ve got too many tasks in my processes . Is that the only way?
Another question is that since the method you proposed returns a boolean and not a string I’m not able to visualise it in the binding view. So how will I do to bind it to the “Disabled” property? Should I insert it manually or use the #{securityRoles[…]} expression?
If the expression should be used, what does it return?
Thanks a lot for the clarifications. They are very usefull.
The problem I’ve got is that I want to apply this behavior for all the tasks of my process.
And for every task, the assigned role should be able to view and modify, and the other assigned roles for the other tasks should be able to view noly this task.
It means I cannot regroup all the roles in one, since the read only roles are not the same for all the tasks, they change from a task to another.
In this case I’ll need to have a read-only role for every task. And I’ll end with as many read-only roles as many tasks and I’ve got too many tasks in my processes . Is that the only way?
Another question is that since the method you proposed returns a boolean and not a string I’m not able to visualise it in the binding view. So how will I do to bind it to the “Disabled” property? Should I insert it manually or use the #{securityRoles[…]} expression?
If the expression should be used, what does it return?
Your clarifications were very helpful. But I’m still facing some issues when trying to implement this solution for one of my tasks.
I’ve created the read-only role in MWS.
I’ve created the associated security role for the task portlet I’m working with.
I’ve binded the Read-Only and Disabled properties to the expression #{portletSecurityRoles[“MyReadOnlyRole”]} one by one and made some tests witha user from “MyReadOnlyRole” role.
The resulted behavior is the folowing:
Read-Only: no impact, nothing has changed
Disabled: The component is disabled but not for the required user only but for all of them.
Can you help me please. Am I doing something wrong?
I’m also confused about which privilege to set when creating the security role for task portlet (Role link property).
I’ve investigated to discover what is wrong, and I’ve found in MWS log that the expression #{portletSecurityRoles[“MyReadOnlyRole”]} always returns true.
Even if I use the method you provided, it’s the same result, the value returned is always true as well.
I’ve investigated to discover what is wrong, and I’ve found in MWS log that the expression #{portletSecurityRoles[“MyReadOnlyRole”]} always returns true.
Even if I use the method you provided, it’s the same result, the value returned is always true as well.
The people who see the task in the inbox can view and modify the task, this is by design, that’s why you can’t restrict the task and need to change the controls.
Another approach is for view and query purposes you may build a custom query portlet, give access who you need and display the info what you need.
I’m interested with the first point that you mentioned that is “The people who see the task in the inbox can view and modify the task, this is by design, that’s why you can’t restrict the task and need to change the controls”.
The users that see the task in the inbox are the assignees for the task.The role that I want to grant read-only rights are not assigned to the task.
So what I did is to use expression #{portletSecurityRoles[“MyReadOnlyRole”]} and bind it to Disabled property of the controls in the view. The role “MyReadOnlyRole” is not assigned to the task.
But what I don’t understand is why does this expression always returns true for all the roles the assigned one and the MyReadOnlyRole role.
I’m interested with the first point that you mentioned that is “The people who see the task in the inbox can view and modify the task, this is by design, that’s why you can’t restrict the task and need to change the controls”.
The users that see the task in the inbox are the assignees for the task.The role that I want to grant read-only rights are not assigned to the task.
So what I did is to use expression #{portletSecurityRoles[“MyReadOnlyRole”]} and bind it to Disabled property of the controls in the view. The role “MyReadOnlyRole” is not assigned to the task.
But what I don’t understand is why does this expression always returns true for all the roles the assigned one and the MyReadOnlyRole role.
I meant it returned true for all the users the ones from the assigned role and the ones from MyReadOnlyRole.
And as a result, the controls are disabled for all.
I meant it returned true for all the users the ones from the assigned role and the ones from MyReadOnlyRole.
And as a result, the controls are disabled for all.
What’s the effect of setting the Read Only property to true on a radio button group?
Because I’m not seeing any difference between both values true and false.
What’s the effect of setting the Read Only property to true on a radio button group?
Because I’m not seeing any difference between both values true and false.
What’s the effect of setting the Read Only property to true on a radio button group?
Because I’m not seeing any difference between both values true and false.
. Is that the only way?