Uploaded image for project: 'jBPM'
  1. jBPM
  2. JBPM-7542

Create better response for user without permissions to do REST Forward task operation

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Done
    • Icon: Minor Minor
    • None
    • 7.9.0.Final
    • KieServer
    • None
    • NEW
    • NEW

      When user without permission to the task try to forward it. He gets response code from Kie Server 404 Not Found and message "Could not find task instance with id "1"".
      In Kie Server log is warning message

      WARN  [org.jbpm.services.task.persistence.TaskTransactionInterceptor] (default task-50) Could not commit session: org.jbpm.services.task.exception.PermissionDeniedException: User '[UserImpl:'1637c1a7-414a-4c75-a4b4-ad206962511a']' does not have permissions to execute operation 'Forward' on task id 1

      You can see the whole stacktrace in attached file.

      REST cmd

      curl -X PUT -H 'Accept: application/xml' -H 'Authorization: Basic eW9kYTp1c2V0aGVmb3JjZTEyM0A=' -i 'http://a1b8-kieserver.project.openshiftdomain/services/rest/server/containers/cont-id/tasks/1/states/forwarded?targetUser=9459a244-c20a-4e45-90f9-d7cb52a8dc21'

      Checks if user is allowed to forward task is handl by method isAllow in class MVELLifeCycleManager

      Expected HTTP code for the user without the permissions should be 403 Forbidden. Also the message in REST response should be changed.

        1. fullWarnLog.txt
          9 kB
          María Civantos

              mcivantos_jira María Civantos (Inactive)
              mcivantos_jira María Civantos (Inactive)
              Marian Macik Marian Macik
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: