Authorizations are being checked when evaluating conditional start events

XMLWordPrintable

    • Type: Feature Request
    • Resolution: Fixed
    • Priority: L3 - Default
    • 7.9.0, 7.9.0-alpha2
    • Affects Version/s: None
    • Component/s: engine
    • None

      EventSubscriptionManager#findConditionalStartEventSubscriptionByTenantId and EventSubscriptionManager#findConditionalStartEventSubscription must return only subscribtions that belong to the process definition the user has READ permission for (+ tenantId check if needed).

      So that

      • the user can't receive error, that he does not have permission to start process instance for those process definition, that he can't even read.

        This is the controller panel for Smart Panels app

              Assignee:
              Unassigned
              Reporter:
              Svetlana Dorokhova
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: