Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-11624

Some historic task instance reports have redundant auth checks

XMLWordPrintable

    • Icon: Bug Report Bug Report
    • Resolution: Fixed
    • Icon: L3 - Default L3 - Default
    • 7.13.0, 7.13.0-alpha3
    • 7.13.0, 7.11.10, 7.10.16, 7.12.3
    • None
    • None

      Problem

      • The HistoryService#createHistoricTaskInstanceReport needs READ_HISTORY on ANY TASK for the following API calls: 
        • HistoryService#createHistoricTaskInstanceReport#countByTaskName
        • HistoryService#createHistoricTaskInstanceReport#countByProcessDefinitionKey
        • HistoryService#createHistoricTaskInstanceReport#duration
      • Before the authentication check is performed, another check is performed which requires READ_HISTORY on ANY PROCESS_DEFINITION
      • This means a user needs both authentications to call the API methods
      • This behavior is wrong since a user already has access to historic task instances when READ_HISTORY on ANY PROCESS_DEFINITION is granted

      Solution
      Remove redundant auth check: READ_HISTORY on ANY TASK

      AT

      • Remove redundant auth check: READ_HISTORY on ANY TASK
      • Deprecation javadocs for Permissions on READ_HISTORY is in place
      • Annotate TaskPermissions#READ_HISTORY with @Deprecated

      Cleanup

      • Remove never called CommandChecker#checkReadHistoryAnyTaskInstance
      • Adjust HistoricTaskInstanceAuthorizationTest

        This is the controller panel for Smart Panels app

              nikola.koevski Nikola Koevski
              tassilo.weidner Tassilo Weidner
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: