Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-4261

Authorization exception properties are inconsistently populated

    XMLWordPrintable

Details

    • Bug Report
    • Status: Closed
    • L3 - Default
    • Resolution: Fixed
    • None
    • 7.4.0, 7.4.0-alpha1
    • engine
    • None

    Description

      AuthorizationExceptions are part of the engine API. They offer methods to cleanly determine which permission is missing, see https://github.com/camunda/camunda-bpm-platform/blob/master/engine/src/main/java/org/camunda/bpm/engine/AuthorizationException.java

      However, this is only used when there is exactly one missing permission. In case of more than one permission (of which the user must have any), only the error message is populated but not the properties. See https://github.com/camunda/camunda-bpm-platform/blob/master/engine/src/main/java/org/camunda/bpm/engine/impl/persistence/entity/AuthorizationManager.java#L163-L188

      Impact for us: Our authorization tests rely on strings present in the error message whereas a structured exception would improve assertions.

      Solution idea:

      • AuthorizationException should contain a list of missing permissions of which the user must have at least one for the engine to proceed beyond the point where it threw the exception
      • deprecate the current getter methods in the exception class

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Activity

            People

              thorben.lindhauer Thorben Lindhauer
              thorben.lindhauer Thorben Lindhauer
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Salesforce