12.13.0 (backend only)

New features - GZAC edition

Access control for Objects

Access Control checks have been implemented for interaction with the Objecten API. Because the Objects and Objecttypes are not part of the GZAC database, the permissions are limited to include only an action. The following actions are available:

  • view

  • view_list

  • create

  • modify

  • delete

An example of Object permissions look as follows:

"permissions": [
        {
            "resourceType": "com.ritense.objectenapi.security.Object",
            "action": "create"
        },
        {
            "resourceType": "com.ritense.objectenapi.security.Object",
            "action": "modify"
        },
        {
            "resourceType": "com.ritense.objectenapi.security.Object",
            "action": "view"
        },
        {
            "resourceType": "com.ritense.objectenapi.security.Object",
            "action": "view_list"
        },
        {
            "resourceType": "com.ritense.objectenapi.security.Object",
            "action": "delete"
        }
    ]

To reduce the impact of this breaking change, an application property has been added to disable the access control checks for Objects. The following properties can be set to false :

  • valtimo.authorization.objectenapi.enabled (application property), or

  • VALTIMO_AUTHORIZATION_OBJECTENAPI_ENABLED (environment variable)

BPMN Modeling Improvements

Several enhancements have been made to improve the stability and default behavior when modeling BPMN processes:

  • Default ServiceTask expression

    • When a ServiceTask expression is left empty, it is now automatically set to ${null}.

    • This prevents errors when saving the process model.

  • Default SendTask expression

    • Similarly, when a SendTask expression is left empty, it is now set to ${null} by default.

  • Default timer configuration

    • Timers without a defined value are now automatically set to 60 seconds.

    • This ensures timers always have a valid fallback configuration.

  • CallActivity business key propagation

    • New CallActivity elements are now automatically configured to propagate the business key.

    • This avoids common modeling issues where the document ID would otherwise be lost.

  • MessageSendEvent correlation behavior

    • When a MessageSendEvent expression is left empty but a message is defined, it now defaults to correlating all.

    • This provides a safer and more predictable default behavior.

Stop All Processes for a Case

It is now possible to terminate all running processes that are associated with a specific case. This can be achieved by configuring a BPMN ServiceTask expression:

${processService.deleteAllProcessInstancesForThisDocument(execution, "Test deletion process")}

Details

  • The expression stops all active process instances related to the current case/document.

  • A reason can be provided as a parameter (in the example above: "Test deletion process").

  • Once invoked, all processes for the case are stopped immediately.

Bugfixes

CallActivity Execution with StartEvent

Previously, when a BPMN process was modeled such that a CallActivity was triggered synchronously with the StartEvent, the process would fail during execution and result in an error.

This issue has now been resolved:

  • CallActivities can safely be modeled to start directly with the StartEvent.

  • Processes that use this pattern will now execute correctly without requiring workarounds.

Last updated