Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-5239

No authorization checks when creating/saving/reading task attachments

    XMLWordPrintable

Details

    • Bug Report
    • Resolution: Unresolved
    • L3 - Default
    • None
    • 7.3.0, 7.4.0
    • engine
    • None

    Description

      Authorization checks should be performed based on the related task resource.

      Note that attachments are stored in the history tables and therefore not coupled to the lifetime of the runtime task entity.

      Forum post: https://groups.google.com/forum/#!topic/camunda-bpm-users/WWQyHusFZ9k

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            is related to

            Feature Request - A new feature of the product, which has yet to be developed. CAM-3710 TaskService api methods are restricted through authorizations

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Bug Report - A problem which impairs or prevents the functions of the product. CAM-6562 Task attachments should not be made for any process instance

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Open

            Bug Report - A problem which impairs or prevents the functions of the product. CAM-6558 Task attachments should not be made for the deleted tasks

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed
            links to

            Web Link https://github.com/camunda/camunda-bpm-platform/issues/2238

            Activity

              People

                Unassigned Unassigned
                thorben.lindhauer Thorben Lindhauer
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:

                  Salesforce