Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-4261

Authorization exception properties are inconsistently populated

XMLWordPrintable

    • Icon: Bug Report Bug Report
    • Resolution: Fixed
    • Icon: L3 - Default L3 - Default
    • 7.4.0, 7.4.0-alpha1
    • None
    • engine
    • None

      AuthorizationExceptions are part of the engine API. They offer methods to cleanly determine which permission is missing, see https://github.com/camunda/camunda-bpm-platform/blob/master/engine/src/main/java/org/camunda/bpm/engine/AuthorizationException.java

      However, this is only used when there is exactly one missing permission. In case of more than one permission (of which the user must have any), only the error message is populated but not the properties. See https://github.com/camunda/camunda-bpm-platform/blob/master/engine/src/main/java/org/camunda/bpm/engine/impl/persistence/entity/AuthorizationManager.java#L163-L188

      Impact for us: Our authorization tests rely on strings present in the error message whereas a structured exception would improve assertions.

      Solution idea:

      • AuthorizationException should contain a list of missing permissions of which the user must have at least one for the engine to proceed beyond the point where it threw the exception
      • deprecate the current getter methods in the exception class

        This is the controller panel for Smart Panels app

              thorben.lindhauer Thorben Lindhauer
              thorben.lindhauer Thorben Lindhauer
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: