Currently every user who has access to optimize can access any xml no matter if he is authorized to.
AT:
- decision and process definition endpoints are only accessible if the user is authorized to read the particular definition
- as part of refactoring aling the implementation of ProcessDefinitionReader and DecisionDefinitionReader:
- throw NotFoundexception from RestService instead from reader
- return Optional<String> for get*DefinitionXml don't throw exception on just missing xml
- is related to
-
OPT-1686 Refactor ProcessDefinitionReader to align it with DecisionDefinitionReader
-
- Done
-