Bug 1262036
| Summary: | Task query /query/task endpoint returns all the tasks for the authenticated user and ignores potentialOwner parameter | |||
|---|---|---|---|---|
| Product: | [Retired] JBoss BPMS Platform 6 | Reporter: | William Antônio <wsiqueir> | |
| Component: | Business Central | Assignee: | Marco Rietveld <mrietvel> | |
| Status: | CLOSED WONTFIX | QA Contact: | Lukáš Petrovický <lpetrovi> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | urgent | |||
| Version: | 6.1.0 | CC: | kverlaen, smcgowan | |
| Target Milestone: | --- | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Known Issue | ||
| Doc Text: |
Cause:
The results of the REST /query/task or /task/query (operational synonyms) operations do not contain the potential owners information.
Consequence:
Even though the field (or XML/JSON element) is empty or null, this does not mean the task in question does not have potential owners. On the contrary, the problem is that the field has not being filled.
The database query and server side logic are processing the query correctly: however, the results are lacking the potential owner information.
Workaround (if any):
Retrieve the enter Task instance in order to view the potential owners information via the ../rest/task/{taskId} operation.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1262105 (view as bug list) | Environment: | ||
| Last Closed: | 2015-09-29 14:54:27 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1262105 | |||
|
Description
William Antônio
2015-09-10 16:43:04 UTC
William, The expected results for this operation: http://localhost:8080/business-central/rest/query/task?potentialOwner=john when done by user mary are the following: Tasks that 1. have john as a potential owner 2. AND that mary is allowed to see If john is a potential owner for tasks that mary is not permitted to see, then these tasks will not be returned by the above operation. Given the above, is there still a bug here? William, Thanks, I'll write some tests to make sure that the potenialOwner parameter is not being ignored. If that is the case, I'll make sure to fix it. Configuring Mary to see tasks that she's not allowed to see (John's tasks that do not involve Mary) is not possible at the moment. However, implementing a "integration user" role that users can use in these cases is on the roadmap. Hello Marco, This is the input from our customer: --- The below query is returning bunch of tasks where as none of the tasks have xyz as potential owner. We think it's a bug. --- Then I asked them if the behavior you mention is okay, and here is their response: --- Yes. If Mary is the user and filters a search by groups, then the result set should only include tasks that match the group filter AND that she has access to view. --- Ahh.. I believe this might unfortunately be very stupid problem: When the TaskSummary was first created by Mauricio, he added a "potentialOwners" field that he then used a second query to fill. Years later, I used the TaskSummary, unaware that he had used a hack (that we were also no longer using) to fill that field. The problem here is (AFAICT), not that the wrong tasks are retrieved: the problem is that the field in the TaskSummary info returned to the client is not filled! |