in the process, the most important participant is the user. The process defines when users need to participate in the task and what users can participate.
group can be understood as the role we often say.
a simple set of support for users and groups, identity management (IDM), is built into Flowable, but from Flowable V6, this component is extracted from the Flowable engine module. This is because it is not the core content of Flowable engine, and in many enterprise applications, it often needs to combine users and groups of existing application systems, and does not use or need users and groups provided by Flowable.
1, BPMN2 0 assign users and groups
users and groups are mainly used in user tasks. When the process execution reaches the user task, a new task is added to the task list of the user or group assigned to the task.
1.1 assign users
user tasks can be directly assign ed to users.
<userTask id="theTask" name="important mission">
<humanPerformer>
<resourceAssignmentExpression>
<formalExpression>jinyangjie</formalExpression>
</resourceAssignmentExpression>
</humanPerformer>
</userTask>only one user can be specified as the humanPerformer of the task. In Flowable terms, this user is called an assignee. The task with the handler is not visible in the task list of others, but can only be seen in the personal task list of the handler.
the above standard usage is cumbersome. Use Flowable custom extension to reduce complexity.
<userTask id="theTask" name="important mission" flowable:assignee="jinyangjie"/>
obtain the tasks to be handled by the specified user through TaskService
List<Task> tasks = taskService.createTaskQuery().taskAssignee("jinyangjie").list();1.2 assign potential users
sometimes, we don't know who is the specific handler of the task, but we know who is the potential handler. For example, when applying for leave, we can apply to the Department Manager or project manager, as long as one of them handles the approval.
in the process, use the potential owner structure to assign the user's candidate task list.
<userTask id='theTask' name='important mission' >
<potentialOwner>
<resourceAssignmentExpression>
<formalExpression>user(jinyangjie)</formalExpression>
</resourceAssignmentExpression>
</potentialOwner>
</userTask>Flowable custom extension:
<userTask id="theTask" name="important mission" flowable:candidateUsers="jinyangjie, zhangsan" />
method for obtaining potential tasks or candidate task list:
List<Task> tasks = taskService.createTaskQuery().taskCandidateUser("jinyangjie");in the candidate list, when one of the potential users applies for a claim task, it means that the task has been designated to be handled by the applicant.
1.3 assigning potential groups
<userTask id='theTask' name='important mission' >
<potentialOwner>
<resourceAssignmentExpression>
<formalExpression>group(leader)</formalExpression>
</resourceAssignmentExpression>
</potentialOwner>
</userTask>Flowable custom extension:
<userTask id="theTask" name="important mission" flowable:candidateGroups="leader, manager" />
method for obtaining potential group task list:
List<Task> tasks = taskService.createTaskQuery().taskCandidateGroup("leader");1.4 assigning potential users and groups
<userTask id='theTask' name='important mission' >
<potentialOwner>
<resourceAssignmentExpression>
<formalExpression>user(jinyangjie), group(leader)</formalExpression>
</resourceAssignmentExpression>
</potentialOwner>
</userTask>if the given string is not specified as user or group, the engine defaults to group.
2, IDM
IDM (IDentity Management) is the management component of users and groups provided by Flowable.
by default, the IDM engine is initialized and started when the Flowable engine starts. The IDM engine manages its own database table structure and the following entities:
- User and UserEntity, user information.
- Group and GroupEntity, group information.
- MembershipEntity, the user member in the group.
- Privilege and PrivilegeEntity, permission definition (for example, in Flowable Modeler and Flowable Task applications, it is used to control the access to the application interface).
- Privilege mappingentity, which associates users and / or groups with permissions.
- Token and TokenEntity are authentication tokens used by the application interface program.
both historical and current process instances save historical entities in the database. Therefore, you can choose to query the history table directly to reduce access to process instance data at run time and improve the performance of execution at run time.
3, Custom assigned users and groups
in practical application, we need to customize the assignment of users and groups. Next, we implement the custom assignment through the task listener.
add a listener of create event type on the user task and call the custom assignment logic:
<userTask id="task1" name="My mission" >
<extensionElements>
<flowable:taskListener event="create" class="org.flowable.MyAssignmentHandler" />
</extensionElements>
</userTask>the DelegateTask passed to the TaskListener can be used to set the handler and candidate users / groups:
public class MyAssignmentHandler implements TaskListener {
public void notify(DelegateTask delegateTask) {
// Perform custom identity query here
// Then call the following command:
delegateTask.setAssignee("jinyangjie");
delegateTask.addCandidateUser("zhangsan");
delegateTask.addCandidateGroup("leader");
...
}
}4, Summary
in fact, Flowable does not do any user checks at runtime. For example, a task can be assigned to any user, and the engine does not verify that the user exists in the system. This leaves us a lot of room to customize users and groups. In this way, when we embed Flowable into the application, it can be used in combination with the existing users and groups of the application, as well as LDAP, Active Directory and other services. In the following chapters, we will introduce the integration of Flowable and LDAP.