Uploaded image for project: 'JBoss BPMS Platform'
  1. JBoss BPMS Platform
  2. RHBPMS-3353

[GSS][6.1.z]Task query /query/task endpoint returns all the tasks for the authenticated user and ignores potentialOwner parameter

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • 6.1.0
    • Business Central
    • None
    • Release Notes
    • Hide
      Cause:

      The results of the REST /query/task or /task/query (operational synonyms) operations do not contain the potential owners information.

      Consequence:

      Even though the field (or XML/JSON element) is empty or null, this does not mean the task in question does not have potential owners. On the contrary, the problem is that the field has not being filled.

      The database query and server side logic are processing the query correctly: however, the results are lacking the potential owner information.

      Workaround (if any):

      Retrieve the enter Task instance in order to view the potential owners information via the ../rest/task/{taskId} operation.
      Show
      Cause: The results of the REST /query/task or /task/query (operational synonyms) operations do not contain the potential owners information. Consequence: Even though the field (or XML/JSON element) is empty or null, this does not mean the task in question does not have potential owners. On the contrary, the problem is that the field has not being filled. The database query and server side logic are processing the query correctly: however, the results are lacking the potential owner information. Workaround (if any): Retrieve the enter Task instance in order to view the potential owners information via the ../rest/task/{taskId} operation.

      +++ This bug was initially created as a clone of Bug #1262036 +++

      Description of problem:

      If an user is used to authenticate against the "/query/task" endpoint and when querying for tasks using potentialOwner parameter, does not matter the value for the potential owner parameter, it returns all the task considering the authenticated user as the potential owner.

      Version-Release number of selected component (if applicable):
      n/a

      How reproducible:
      always

      Steps to Reproduce:
      1. Create an user with roles admin, g1 and g2
      2. Deploy process with human tasks with group g1 and g2
      3. Use the query/task endpoint to query for tasks using potentialOwner with a random value:

      curl -X GET -u 'g1g2user:redhat2014!' http://localhost:8080/business-central/rest/query/task?potentialOwner=somerandomvalue

      Actual results:

      It returns all tasks where the user is potential owner:

      $ curl -X GET -u 'g1g2user:redhat2014!' http://localhost:8080/business-central/rest/query/task?potentialOwner=somerandomvalue
      <?xml version="1.0" encoding="UTF-8" standalone="yes"?><task-summary-list-response><task-summary><id>9</id><name>G2 HT</name><subject>G2 HT</subject><description></description><status>Ready</status><priority>0</priority><skipable>true</skipable><created-on>2015-09-10T13:07:36.050-03:00</created-on><activation-time>2015-09-10T13:07:36.050-03:00</activation-time><process-instance-id>16</process-instance-id><process-id>ht_tests.proc2_ht</process-id><process-session-id>16</process-session-id><deployment-id>example:ht_tests:1.0</deployment-id><quick-task-summary>false</quick-task-summary><parent-id>-1</parent-id></task-summary><task-summary><id>10</id><name>ht</name><subject>ht</subject><description></description><status>Ready</status><priority>0</priority><skipable>true</skipable><created-on>2015-09-10T13:07:40.217-03:00</created-on><activation-time>2015-09-10T13:07:40.217-03:00</activation-time><process-instance-id>17</process-instance-id><process-id>ht_tests.proc_ht</process-id><process-session-id>17</process-session-id><deployment-id>example:ht_tests:1.0</deployment-id><quick-task-summary>false</quick-task-summary><parent-id>-1</parent-id></task-summary></task-summary-list-response>

      Expected results:

      Only the tasks with potential owner equal the parameter should be returned.

      Additional info:

      This does not happen when we use other parameters such as processId.

      — Additional comment from JBoss Product and Program Management on 2015-09-10 12:50:07 EDT —

      Since this issue was entered in Red Hat Bugzilla, the release flag has been
      set to ? to ensure that it is properly evaluated for this release.

              marco.rietveld Marco Rietveld (Inactive)
              rhn-support-wsiqueir William Siqueira
              Lukáš Petrovický Lukáš Petrovický (Inactive)
              Lukáš Petrovický Lukáš Petrovický (Inactive)
              Kris Verlaenen, Lukáš Petrovický (Inactive), Marco Rietveld (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: