A user can see variables in Tasklist even that they are not supposed to

XMLWordPrintable

    • Type: Bug Report
    • Resolution: Fixed
    • Priority: L3 - Default
    • 7.11.0, 7.11.0-alpha3
    • Affects Version/s: 7.11.0-alpha2
    • Component/s: engine
    • None

      Given:

      • process engine configuration introduced in CAM-9591 is enabled - ProcessEngineConfiguration#enforceSpecificVariablePermission
      • user does not have permissions to see variables - no READ_*_VARIABLE
      • filter defines variables

      Observed Behavior:

      • user can see variables in Tasklist (in the list of tasks)

      Expected Behavior:

      • user cannot see variables in Tasklist (in the list of tasks)

      Hints:
      Currently, the authorization check is disabled for this query, please have a look at CAM-6082

        This is the controller panel for Smart Panels app

              Assignee:
              Michael Schoettes
              Reporter:
              Yana Vasileva
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: