Bug 1321291

Summary: unable to forward the task as Business Administrator
Product: [Retired] JBoss BPMS Platform 6 Reporter: Hiroko Miura <hmiura>
Component: jBPM CoreAssignee: Alessandro Lazarotti <alazarot>
Status: CLOSED EOL QA Contact: Radovan Synek <rsynek>
Severity: high Docs Contact:
Priority: high    
Version: 6.2.0CC: rrajasek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-27 20:04:47 UTC Type: Enhancement
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
sample code of task forwarding which fails none

Description Hiroko Miura 2016-03-25 09:09:45 UTC 
Description of problem:
According to WS-HumanTask specification (WS-HT),
Business Administrator(e.g. user named Administrator) can forward active task.

Reference: https://access.redhat.com/solutions/784453


However, Business Administrator fails to forward the task with the following exception by all of kie-api/Rest API/Remote Java API.


org.jbpm.services.task.exception.PermissionDeniedException: User '[UserImpl:'Administrator']' does not have permissions to execute operation 'Forward' on task id 21
	at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.evalCommand(MVELLifeCycleManager.java:119)
	at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.taskOperation(MVELLifeCycleManager.java:369)
	at org.jbpm.services.task.impl.TaskInstanceServiceImpl.forward(TaskInstanceServiceImpl.java:224)
   :



Version-Release number of selected component (if applicable):
6.2.0


How reproducible:
sample code of kie-api/Remote rest API are attached.

Steps to Reproduce with Rest API.

1. create user named 'Administrator' with role 'admin' and 'rest-api'
   ./add-user.sh -a -g 'admin,rest-all' -u Administrator -p Password1!

2. start business process which contains human task

3. perform REST query with authenticating as user 'Administrator' by any REST client

   POST http://localhost:8080/business-central/rest/task/xx/forward?targetEntityId=john
   

Actual results:

forwarding failes with the following PermissionDeniedException

org.jbpm.services.task.exception.PermissionDeniedException: User '[UserImpl:'Administrator']' does not have permissions to execute operation 'Forward' on task id 21


Expected results:

task get forwarded successfully.

Additional info:
Comment 1 Hiroko Miura 2016-03-25 09:12:47 UTC 
Created attachment 1140291 [details]
sample code of task forwarding which fails