Bug 107812
| Summary: | Workflow alerts spam users regardless of whether they have permission on the item | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Enterprise CMS | Reporter: | Daniel Berrangé <berrange> |
| Component: | other | Assignee: | Scott Seago <sseago> |
| Status: | CLOSED RAWHIDE | QA Contact: | Jon Orris <jorris> |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | nightly | CC: | archit.shah |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2004-01-26 20:49:36 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 100952, 106481, 108949 | ||
We fixed this in London 5.2-dev branch at p4 33198. There is one issue with the fix at 33198. Filtering is done based on CMS_EDIT_ITEM permissions only. This is the right permission for Authoring and Approval tasks. Deploy task needs to filter on CMS_PUBLISH_ITEM permissions |
From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.9 (X11; Linux i686; U;) Gecko/20030314 Description of problem: The workflow alerts system sends email alerts to all users assigned to a workflow task regardless of whether they have edit permission on the item associated with the workflow. The recommended (and only feasible) way of setting up CMS is to have a single workflow & assign all users &/ roles to appropriate tasks & then control access with folder permissions. So in the common scenario a workflow task may have 100's of assigned users, only 5-10 of whom actually have permission to edit the item. The workflow alerts will spam all 100 users rather than the 5-10 whom can actually do something about the alert. Thus the CMS alerts system is essentially useless in a typical deployment. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Create two users 2. Assign both users to 'author' role 3. Create two folders 4. Give folders custom permissions, so each user created in step 1 can only access one of the folders 5. Create an item in one folder 6. Complete the authoring task Actual Results: Both users are spammed Expected Results: Only user with permission on the folder is spammed Additional info: