Hi guys,
I need to retrive by rest the processes that are startable by a user.
Authorizations are correct.
I’ve tried with this endpoint
/engine-rest/engine/default/process-definition?startableBy=john
but no result returns.
Can you help me
Thank you
AP
Hi @APelle,
I think there is no such endpoint implemented yet. You can find full description here
https://docs.camunda.org/manual/7.5/reference/rest/process-definition/get/
and you can always create a feature request in our JIRA
https://app.camunda.com/jira/secure/Dashboard.jspa
Cheers,
Askar
I’ll take a shot here, but your best option may be to make a direct query to the database where such permissions are maintained. The challenge may be capturing the precise query needed to retrieve what you are looking for. If you have a MySQL database, you could stop all workflows on the Camunda server so that it is “quiet”, then turn on the general log in MySQL. Then, attempt to start a process as the user. You should see any queries executed to process the request and the query you need to determine user permissions could be in those.
If you have that query, then you’ve a few options:
You can directly query MySQL from your client.
You can write write a process that will run the query for you and return a list.
You can write a small REST service to execute the query for you and return rows with the results.
Hope this helps.
Thank you,
But then, the parameter StartableBy what is it?
In the documentation it says: “Filter by a user name who is allowed to start the process”.
That seems to me exactly what I need.
But it isn’t working.
It returns exactly 0 items.
The documentation is misleading here. The query does not check authorizations, but checks the identity link table for links of between the given user and the process definition. These links are created during process deployment based on the (I think undocumented) attribute camunda:candidateStarterUsers, see for example https://github.com/camunda/camunda-bpm-platform/blob/7.6.0-alpha4/engine/src/test/resources/org/camunda/bpm/engine/test/bpmn/authorization/StartAuthorizationTest.testProcessDefinitionList.bpmn20.xml#L10
I think there is no API functionality for what you want and therefore agree with @mppfor_manu’s comment.
Cheers,
Thorben
hey @thorben, just to confirm your comment, there is an implementation here (java source) and here (ORM xml query mapping).
we can link identity to a task by calling POST /task/{id}/identity-links but there is no API to link user/group to an activity in a process definition. maybe possible at deployment time