Bug 1265568

Summary: Remote API: cannot get tasks assigned to different users
Product: [Retired] JBoss BPMS Platform 6 Reporter: Tomas Livora <tlivora>
Component: Business CentralAssignee: Marco Rietveld <mrietvel>
Status: CLOSED NOTABUG QA Contact: Tomas Livora <tlivora>
Severity: medium Docs Contact:
Priority: high    
Version: 6.2.0CC: kverlaen, mh, smcgowan, tlivora
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-09 11:57:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Livora 2015-09-23 09:01:12 UTC
Description of problem:
It is not possible to get tasks assigned to different users through remote APIs.

Version-Release number of selected component (if applicable):
6.2.0 ER2

Steps to Reproduce:
1. Use one user credentials when using remote APIs
2. Try to get tasks for another users.

Actual results:
org.kie.remote.client.api.exception.RemoteApiException: The user id used when retrieving task information (user1) must match the authenticating user (user2)!

Expected results:
It should be possible somehow bypass this check to allow testing processes with tasks assigned to different users.

Additional info:
This influences many tests in our remote APIs test suite.

Comment 1 Kris Verlaenen 2015-09-23 15:15:41 UTC
This is done on purpose, otherwise people can get access to other people's tasks, which is something we need to prevent.  How are you suggesting we should bypass this (as obviously we then don't want users to be able to do this as well)?

Comment 2 Tomas Livora 2015-09-24 06:34:33 UTC
Kris, I know people should not be able to get access to other people's tasks. However, especially for test purposes, it is essential to be able to execute tasks that are assigned to various people. I have discussed this with Marco and we agreed on creating a special property which will disable this check if set to true. He has already implemented it:

(master)
https://github.com/droolsjbpm/droolsjbpm-integration/commit/a64f2168a39ded5caf57bda9b444ff2950169bd0
https://github.com/droolsjbpm/droolsjbpm-integration/commit/fbac57ded8f48e164ee175a22213a01f89c718eb

Comment 3 Tomas Livora 2015-09-24 08:28:53 UTC
This is not a test blocker anymore. I have found a way how to use several users when executing task commands in our test suite.

Comment 4 Marco Rietveld 2015-12-09 11:57:12 UTC
Since Tomas has found a workaround, I'm closing this bug.

Comment 5 Miloslav Havrda 2017-03-08 12:39:00 UTC
Could you implement the workaround for the Remote JMS API too?
When I call it, it throws the IllegalStateException.

org.kie.remote.client.api.exception.RemoteApiException: IllegalStateException thrown with message 'The user id used when retrieving task information (nino) must match the authenticating user (admin)!':
java.lang.IllegalStateException: The user id used when retrieving task information (nino) must match the authenticating user (admin)!
	at org.kie.remote.services.jms.RequestMessageBean.jmsProcessJaxbCommandsRequest(RequestMessageBean.java:391)
	at org.kie.remote.services.jms.RequestMessageBean.onMessage(RequestMessageBean.java:219)

Tested on the jBPM 6.4.0 version.