Bug 1259981 - Does jBPM6 really authorize the Initiator,Stakeholder,Potential people to "Release" a Task ?
Summary: Does jBPM6 really authorize the Initiator,Stakeholder,Potential people to "Re...
Keywords:
Status: CLOSED EOL
Alias: None
Product: JBoss BPMS Platform 6
Classification: Retired
Component: Documentation
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: brms-docs@redhat.com
QA Contact: Lukáš Petrovický
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-09-04 03:00 UTC by Hiroko Miura
Modified: 2020-03-27 19:04 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-27 19:04:41 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Hiroko Miura 2015-09-04 03:00:08 UTC
Title: Task Permissions Matrix

Describe the issue:
- As per the "Table 12.2. Main Operations Permissions Matrix" from our BPMS 6.1 Development Guide [1] the people like "Initiator,Stakeholder,Potential" can perform "release" operation on a Task. (i.e. all roles are marked as "+")

- As per the WS-HT 1.1 specification [2] this is what it says about who can perform "release".

~~~
4.10.2 Releasing a Human Task

The current actual owner of a human task can release a task to again make 
it available for all potential owners. A task can be released from active
states that have an actual owner (Reserved, InProgress), 
transitioning it into the Ready state
~~~
and
~~~
7.1.5 Operation Authorization

In the table in Page 91,

only Actual Owner is marks as "+".
Initiator and Administrator are marked as "MAY".
Potential Owner is marked as "n/a"
~~~

- our jBPM6 code allows only Owner and BusinessAdministrator to perform "release" operation.

./jbpm-6.2.0.Final-redhat-4/jbpm-human-task/jbpm-human-task-core/src/main/resources/operations-dsl.mvel
~~~
...
    Operation.Release
        : [ new OperationCommand().{
                status = [ Status.Reserved, Status.InProgress ],
                allowed = [Allowed.Owner, Allowed.BusinessAdministrator ],
                setNewOwnerToNull = true,
                newStatus = Status.Ready
            } ],
...
~~~

[1] https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BPM_Suite/6.1/html/Development_Guide/sect-Task_Permissions.html#Task_Permissions_Matrix
[2] http://docs.oasis-open.org/bpel4people/ws-humantask-1.1-spec-cs-01.pdf

Suggestions for improvement:
- Please check it from respective SME and correct the statement in our document.

Additional information:


Note You need to log in before you can comment on or make changes to this bug.