We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.
Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-12400

Perform access checks in Tasklist also on submit POST requests

    • Icon: Feature Request Feature Request
    • Resolution: Won't Fix
    • Icon: L3 - Default L3 - Default
    • None
    • None
    • None

      User story

      When submitting a submit POST request and adding variables, I want the access checks from Tasklist to apply so that users cannot submit unwanted variables or actions.

      Background

      End-users can submit-form POST requests to add and modify any variables of a process. 

      The desired implementation would be to apply access checks in the Tasklist also via the submit-form POST request to prevent end-users from altering variables they are not supposed to.

      Steps to reproduce

      Steps to reproduce (with a local installation):

      1. Use any BPMN Diagram with a "User Task" after some other tasks (Service Task, DMN ...).
      2. Claim the task in the Tasklist.
      3. Use any Rest Client and make a POST request to: `
        http://localhost:8080/camunda/api/engine/engine/default/task/{task-uuid}/submit-form`

      Headers: 

       

      content-type: application/json
       cookie: JSESSIONID=A8E3063D1BBBE60365029F414D0EE348; XSRF-TOKEN=906749563BBA83155426C47F77637E85
       x-xsrf-token: 906749563BBA83155426C47F77637E85

       

      Body:

      {
         "variables":{
            "comment":{
               "value": "This would be the only form field"
            },
            "some-other-variable":{
               "value":"modified"
            },
            "some-dmn-result":{
               "value": "100"
            }
         }
      

       

      Acceptance criteria

      • End user's can only submit variables according to the form-fields of the assigned task.
        • Perform access checks to prevent unwanted submission of variables 

        This is the controller panel for Smart Panels app

            Loading...
            Uploaded image for project: 'camunda BPM'
            1. camunda BPM
            2. CAM-12400

            Perform access checks in Tasklist also on submit POST requests

              • Icon: Feature Request Feature Request
              • Resolution: Won't Fix
              • Icon: L3 - Default L3 - Default
              • None
              • None
              • None

                User story

                When submitting a submit POST request and adding variables, I want the access checks from Tasklist to apply so that users cannot submit unwanted variables or actions.

                Background

                End-users can submit-form POST requests to add and modify any variables of a process. 

                The desired implementation would be to apply access checks in the Tasklist also via the submit-form POST request to prevent end-users from altering variables they are not supposed to.

                Steps to reproduce

                Steps to reproduce (with a local installation):

                1. Use any BPMN Diagram with a "User Task" after some other tasks (Service Task, DMN ...).
                2. Claim the task in the Tasklist.
                3. Use any Rest Client and make a POST request to: `
                  http://localhost:8080/camunda/api/engine/engine/default/task/{task-uuid}/submit-form`

                Headers: 

                 

                content-type: application/json
                 cookie: JSESSIONID=A8E3063D1BBBE60365029F414D0EE348; XSRF-TOKEN=906749563BBA83155426C47F77637E85
                 x-xsrf-token: 906749563BBA83155426C47F77637E85

                 

                Body:

                {
                   "variables":{
                      "comment":{
                         "value": "This would be the only form field"
                      },
                      "some-other-variable":{
                         "value":"modified"
                      },
                      "some-dmn-result":{
                         "value": "100"
                      }
                   }
                

                 

                Acceptance criteria

                • End user's can only submit variables according to the form-fields of the assigned task.
                  • Perform access checks to prevent unwanted submission of variables 

                  This is the controller panel for Smart Panels app

                        Unassigned Unassigned
                        andre.bappert Andre
                        Votes:
                        1 Vote for this issue
                        Watchers:
                        2 Start watching this issue

                          Created:
                          Updated:
                          Resolved:

                              Unassigned Unassigned
                              andre.bappert Andre
                              Votes:
                              1 Vote for this issue
                              Watchers:
                              2 Start watching this issue

                                Created:
                                Updated:
                                Resolved: