Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-2810

Non potential owner of task able to update task variable through REST api

    Details

    • Target Release:
    • Steps to Reproduce:
      Hide
      • Deploy attached BPMN process, Human task is assigned to 'bpmsAdmin' user. Modify if required.
      • Start process, goto Task-Inbox page.
      • Start task, and assign some values to task output variables and save.
      • Update taskoutput variable using REST API:
      curl -X PUT -u "user2:admin12@"  -H 'Content-type: application/json'  -d '{"taskout2":"value1","taskout":"value2"}' "http://localhost:8080/kie-server/services/rest/server/containers/project1_02608417_1.0.0-SNAPSHOT/tasks/1/contents/output"
      
      Show
      Deploy attached BPMN process, Human task is assigned to 'bpmsAdmin' user. Modify if required. Start process, goto Task-Inbox page. Start task, and assign some values to task output variables and save. Update taskoutput variable using REST API: curl -X PUT -u "user2:admin12@" -H 'Content-type: application/json' -d '{ "taskout2" : "value1" , "taskout" : "value2" }' "http: //localhost:8080/kie-server/services/ rest /server/containers/project1_02608417_1.0.0-SNAPSHOT/tasks/1/contents/output"
    • Sprint:
      2020 Week 10-12 (from Mar 2), 2020 Week 13-15 (from Mar 23)

      Description

      Non potential owner of Human Task also able to update the Task output variable using REST API

      http://localhost:8080/kie-server/services/rest/server/containers/DeploymentID/tasks/TaskID/contents/output

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                elguardian Enrique González Martínez
                Reporter:
                abhumbe Abhijit Humbe
                Tester:
                Gonzalo Muñoz Fernández
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: