Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-2768

REST API authorizations not saved correctly

XMLWordPrintable

    • Icon: Bug Report Bug Report
    • Resolution: Fixed
    • Icon: L3 - Default L3 - Default
    • 7.2.0, 7.2.0-alpha5
    • None
    • None

      When saving an authorization with type 2 (DENY) and a single permission like UPDATE, the backend saves the permission with an additional ALL permission.
      This is happening only on DENY authorizations, at creation or update.

      Expected behavior:
      The backend saves only the wanted permission.

      Note: This isn't a bug cause the ALL permission has a different meaning in the backend. ALL is returned cause if at least one permission is revoked you no longer
      have ALL permissions.

      But in the frontend this logic is hard to understand and do explain so we decided to handle the ALL permission in a different way in the REST API. The permissions
      list will now only contain the ALL permission if really all permissions are granted or revoked, otherwise the single permissions will be listed.

      Additionally we filter the NONE permission because it is always granted.

        This is the controller panel for Smart Panels app

              michael.schoettes Michael Schoettes
              valentin.vago Valentin
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: