Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-8735

Authorizations are being checked when evaluating conditional start events

    XMLWordPrintable

    Details

    • Type: Feature Request
    • Status: Closed
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.9.0, 7.9.0-alpha2
    • Component/s: engine
    • Labels:
      None

      Description

      EventSubscriptionManager#findConditionalStartEventSubscriptionByTenantId and EventSubscriptionManager#findConditionalStartEventSubscription must return only subscribtions that belong to the process definition the user has READ permission for (+ tenantId check if needed).

      So that

      • the user can't receive error, that he does not have permission to start process instance for those process definition, that he can't even read.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              svetlana.dorokhova Svetlana Dorokhova
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: