Bug 1312742

Summary: Not able to claim human task through Remote REST API's.
Product: [Retired] JBoss BPMS Platform 6 Reporter: Abhijit humbe <abhumbe>
Component: Business CentralAssignee: Marco Rietveld <mrietvel>
Status: CLOSED EOL QA Contact: Lukáš Petrovický <lpetrovi>
Severity: high Docs Contact:
Priority: urgent    
Version: 6.2.0CC: abhumbe, kverlaen, lpetrovi
Target Milestone: ---Flags: abhumbe: needinfo-
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1313328 (view as bug list) Environment:
Last Closed: 2020-03-27 20:13:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1313328    
Attachments:
Description Flags
reproducer none

Description Abhijit humbe 2016-02-29 07:29:14 UTC 
Description of problem:
If human task is assigned to group(Group1) and user "User1" is part of Group1. User1 is able to claim and complete human task through console without any issue. But it fails with permission denied exception when we try to claim task through Remote REST API. It fails with same exception with /execute endpoint as well.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Create process with Human Task which is assigned to Group. 
2. Start process and try to claim Task which is part of assigned Group, through Remote REST API or through /execute endpoint.
3. It fails with exception:
~~~
PermissionDeniedException thrown with message 'User '[UserImpl:'User1']' does not have permissions to execute operation 'Claim' on task id 15
~~~

Actual results:
User is not able to claim task through Remote REST API or through /execute endpoint.

Expected results:
User should be able to claim task through Remote REST API or through /execute endpoint.

Additional info:
Comment 2 Marco Rietveld 2016-03-02 12:46:47 UTC 
Could QA or Abhijit provide a (psuedo)reproducer, including the following: 

1. (bpmn2) process definition
2. URL's or otherwise java code that show the operations that fail. 
3. The stack trace generated as well as other information about the error's returned. 

The problem seems to be fairly straightforward, but providing this information gives me a good basis on which to figure out the problem, and also makes sure that I don't waste time searching for the actual problem. 

Thanks!
Comment 3 Lukáš Petrovický 2016-03-02 12:56:07 UTC 
Leaving this to Abhijit, as he's the original reporter and therefore has the most information about this.
Comment 4 Abhijit humbe 2016-03-03 14:26:44 UTC 
Hi all,
Reproducer with complete stack trace attached.
Comment 5 Abhijit humbe 2016-03-03 14:27:25 UTC 
Created attachment 1132808 [details]
reproducer
Comment 6 Maciej Swiderski 2016-03-15 18:13:22 UTC 
I believe we have bit of misunderstanding here. When looking at the reproducer you use two users:
- first bpmsAdmin that is used for authentication
- user1 that you try to claim task for

this won't work out of the box as always user that is authenticated is used for performing task service operations. Thus when using bpmsAdmin (which most likely is not member of the group) is not allowed to perform the operation.

You might take a look at this BZ-1310510 that will allow you to use the given user instead of authenticated user.

I suggest to close it as it's not a bug but expected behavior.
Comment 7 Abhijit humbe 2016-05-10 13:08:55 UTC 
Hi Maciej,

user1 should be able to claim task if we are using -Dorg.kie.task.insecure=true option. what you think on this ?
Comment 10 Red Hat Bugzilla 2023-09-14 03:18:40 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days