Details
-
Bug Report
-
Resolution: Fixed
-
L3 - Default
-
7.13.0, 7.11.10, 7.10.16, 7.12.3
-
None
-
None
Description
Problem
- The HistoryService#createHistoricTaskInstanceReport needs READ_HISTORY on ANY TASK for the following API calls:
HistoryService#createHistoricTaskInstanceReport#countByTaskName
HistoryService#createHistoricTaskInstanceReport#countByProcessDefinitionKey
HistoryService#createHistoricTaskInstanceReport#duration
- Before the authentication check is performed, another check is performed which requires READ_HISTORY on ANY PROCESS_DEFINITION
- This means a user needs both authentications to call the API methods
- This behavior is wrong since a user already has access to historic task instances when READ_HISTORY on ANY PROCESS_DEFINITION is granted
Solution
Remove redundant auth check: READ_HISTORY on ANY TASK
AT
- Remove redundant auth check: READ_HISTORY on ANY TASK
- Deprecation javadocs for Permissions on READ_HISTORY is in place
- Annotate TaskPermissions#READ_HISTORY with @Deprecated
Cleanup
- Remove never called CommandChecker#checkReadHistoryAnyTaskInstance
- Adjust HistoricTaskInstanceAuthorizationTest