From 26b632c2e98cd3329aade10431776a4a4ffb2234 Mon Sep 17 00:00:00 2001 From: Ivar Nesje Date: Fri, 16 Jan 2026 10:49:41 +0100 Subject: [PATCH 1/2] Allow any action to be checked with ["authContext"] expression Previously the only allowed actions were 'instantiate' | 'confirm' | 'sign' | 'reject' | 'read' | 'write' | 'complete'. Now any action that backend think is relevant for the task (based on proces.pbmn). Unknown actions triggers a warning (even thogh they are on the previously accepted list). This is a change in behaviour for previously buggy apps that used eg. `["authContext", "reject"]` without specifying `reject` as an action in bpmn. Previously authContext returned false, but now the whole expression fails. I tested that vsCode understands the trick with `"anyOf": ["enum", "string"]` and provides suggestions from the enum but accept any action. --- schemas/json/layout/expression.schema.v1.json | 6 ++++- .../expressions/expression-functions.ts | 26 +++++++++---------- .../authContext/error-unknown-action.json | 15 +++++++++++ .../functions/authContext/read-sign.json | 3 ++- 4 files changed, 34 insertions(+), 16 deletions(-) create mode 100644 src/features/expressions/shared-tests/functions/authContext/error-unknown-action.json diff --git a/schemas/json/layout/expression.schema.v1.json b/schemas/json/layout/expression.schema.v1.json index 1fe72c015a..2dd61724fc 100644 --- a/schemas/json/layout/expression.schema.v1.json +++ b/schemas/json/layout/expression.schema.v1.json @@ -235,7 +235,11 @@ "type": "array", "items": [ { "const": "authContext" }, - { "enum": ["read", "write", "instantiate", "confirm", "sign", "reject"] } + { "anyOf": [ + { "enum": ["read", "write", "instantiate", "confirm", "sign", "reject"] }, + { "type": "string" } + ]} + ], "additionalItems": false }, diff --git a/src/features/expressions/expression-functions.ts b/src/features/expressions/expression-functions.ts index c5bd4b424a..39174725d5 100644 --- a/src/features/expressions/expression-functions.ts +++ b/src/features/expressions/expression-functions.ts @@ -23,7 +23,7 @@ import type { } from 'src/features/expressions/types'; import type { ValidationContext } from 'src/features/expressions/validation'; import type { IDataModelReference } from 'src/layout/common.generated'; -import type { IAuthContext, IInstanceDataSources } from 'src/types/shared'; +import type { IInstanceDataSources } from 'src/types/shared'; import type { ExpressionDataSources } from 'src/utils/layout/useExpressionDataSources'; type ArgsToActual = { @@ -407,22 +407,20 @@ export const ExprFunctionImplementations: { [K in ExprFunctionName]: Implementat return (this.dataSources.applicationSettings && this.dataSources.applicationSettings[key]) || null; }, authContext(key) { - const authContextKeys: { [key in keyof IAuthContext]: true } = { - read: true, - write: true, - instantiate: true, - confirm: true, - sign: true, - reject: true, - complete: true, - }; - - if (key === null || authContextKeys[key] !== true) { - throw new ExprRuntimeError(this.expr, this.path, `Unknown auth context property ${key}`); + if (key === null) { + throw new ExprRuntimeError(this.expr, this.path, `Auth context key cannot be null`); } const authContext = buildAuthContext(this.dataSources.process?.currentTask); - return Boolean(authContext?.[key]); + const hasAction = authContext?.[key]; + if (hasAction === undefined) { + throw new ExprRuntimeError( + this.expr, + this.path, + `Unknown Auth context property ${key} for task ${this.dataSources.process?.currentTask?.elementId} (allowed keys are {${Object.keys(authContext).join(', ')}})`, + ); + } + return Boolean(hasAction); }, component(id) { if (id === null) { diff --git a/src/features/expressions/shared-tests/functions/authContext/error-unknown-action.json b/src/features/expressions/shared-tests/functions/authContext/error-unknown-action.json new file mode 100644 index 0000000000..1ceae6d3d6 --- /dev/null +++ b/src/features/expressions/shared-tests/functions/authContext/error-unknown-action.json @@ -0,0 +1,15 @@ +{ + "name": "error unknown action", + "expression": ["authContext", "unknown_action"], + "expects": null, + "permissions": { + "read": true, + "write": false, + "actions": { + "instantiate": true, + "confirm": true, + "sign": false, + "reject": false + } + } +} diff --git a/src/features/expressions/shared-tests/functions/authContext/read-sign.json b/src/features/expressions/shared-tests/functions/authContext/read-sign.json index a674b8a053..31dbba3b66 100644 --- a/src/features/expressions/shared-tests/functions/authContext/read-sign.json +++ b/src/features/expressions/shared-tests/functions/authContext/read-sign.json @@ -14,7 +14,8 @@ "actions": { "instantiate": true, "confirm": false, - "sign": true + "sign": true, + "reject": false } } } From 9502fcd76ff64992d925d8ca340d45057ed8055b Mon Sep 17 00:00:00 2001 From: Ivar Nesje Date: Mon, 2 Feb 2026 11:15:52 +0100 Subject: [PATCH 2/2] Fix test to actually expect an error --- .../functions/authContext/error-unknown-action.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/features/expressions/shared-tests/functions/authContext/error-unknown-action.json b/src/features/expressions/shared-tests/functions/authContext/error-unknown-action.json index 1ceae6d3d6..1e935209a0 100644 --- a/src/features/expressions/shared-tests/functions/authContext/error-unknown-action.json +++ b/src/features/expressions/shared-tests/functions/authContext/error-unknown-action.json @@ -1,7 +1,7 @@ { "name": "error unknown action", "expression": ["authContext", "unknown_action"], - "expects": null, + "expectsFailure": "Unknown Auth context property unknown_action for task Task_1", "permissions": { "read": true, "write": false, @@ -9,7 +9,8 @@ "instantiate": true, "confirm": true, "sign": false, - "reject": false + "reject": false, + "asdf":false } } }