Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-2768

REST API authorizations not saved correctly

    XMLWordPrintable

    Details

    • Type: Bug Report
    • Status: Closed
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.2.0, 7.2.0-alpha5
    • Component/s: None
    • Labels:
    • Title Keywords:
      REST

      Description

      When saving an authorization with type 2 (DENY) and a single permission like UPDATE, the backend saves the permission with an additional ALL permission.
      This is happening only on DENY authorizations, at creation or update.

      Expected behavior:
      The backend saves only the wanted permission.

      Note: This isn't a bug cause the ALL permission has a different meaning in the backend. ALL is returned cause if at least one permission is revoked you no longer
      have ALL permissions.

      But in the frontend this logic is hard to understand and do explain so we decided to handle the ALL permission in a different way in the REST API. The permissions
      list will now only contain the ALL permission if really all permissions are granted or revoked, otherwise the single permissions will be listed.

      Additionally we filter the NONE permission because it is always granted.

        Attachments

          Activity

            People

            Assignee:
            michael.schoettes Michael Schoettes
            Reporter:
            valentin.vago Valentin Vago
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: