Some historic task instance reports have redundant auth checks

XMLWordPrintable

    • Type: Bug Report
    • Resolution: Fixed
    • Priority: L3 - Default
    • 7.13.0, 7.13.0-alpha3
    • Affects Version/s: 7.13.0, 7.11.10, 7.10.16, 7.12.3
    • Component/s: None
    • None

      Problem

      • The HistoryService#createHistoricTaskInstanceReport needs READ_HISTORY on ANY TASK for the following API calls: 
        • HistoryService#createHistoricTaskInstanceReport#countByTaskName
        • HistoryService#createHistoricTaskInstanceReport#countByProcessDefinitionKey
        • HistoryService#createHistoricTaskInstanceReport#duration
      • Before the authentication check is performed, another check is performed which requires READ_HISTORY on ANY PROCESS_DEFINITION
      • This means a user needs both authentications to call the API methods
      • This behavior is wrong since a user already has access to historic task instances when READ_HISTORY on ANY PROCESS_DEFINITION is granted

      Solution
      Remove redundant auth check: READ_HISTORY on ANY TASK

      AT

      • Remove redundant auth check: READ_HISTORY on ANY TASK
      • Deprecation javadocs for Permissions on READ_HISTORY is in place
      • Annotate TaskPermissions#READ_HISTORY with @Deprecated

      Cleanup

      • Remove never called CommandChecker#checkReadHistoryAnyTaskInstance
      • Adjust HistoricTaskInstanceAuthorizationTest

        This is the controller panel for Smart Panels app

              Assignee:
              Nikola Koevski
              Reporter:
              Tassilo Weidner-Mühl
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: