Bug 1265568 - Remote API: cannot get tasks assigned to different users
Remote API: cannot get tasks assigned to different users
Product: JBoss BPMS Platform 6
Classification: JBoss
Component: Business Central (Show other bugs)
Unspecified Unspecified
high Severity medium
: ---
: ---
Assigned To: Marco Rietveld
Tomas Livora
Depends On:
  Show dependency treegraph
Reported: 2015-09-23 05:01 EDT by Tomas Livora
Modified: 2017-03-08 07:39 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-12-09 06:57:12 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tomas Livora 2015-09-23 05:01:12 EDT
Description of problem:
It is not possible to get tasks assigned to different users through remote APIs.

Version-Release number of selected component (if applicable):
6.2.0 ER2

Steps to Reproduce:
1. Use one user credentials when using remote APIs
2. Try to get tasks for another users.

Actual results:
org.kie.remote.client.api.exception.RemoteApiException: The user id used when retrieving task information (user1) must match the authenticating user (user2)!

Expected results:
It should be possible somehow bypass this check to allow testing processes with tasks assigned to different users.

Additional info:
This influences many tests in our remote APIs test suite.
Comment 1 Kris Verlaenen 2015-09-23 11:15:41 EDT
This is done on purpose, otherwise people can get access to other people's tasks, which is something we need to prevent.  How are you suggesting we should bypass this (as obviously we then don't want users to be able to do this as well)?
Comment 2 Tomas Livora 2015-09-24 02:34:33 EDT
Kris, I know people should not be able to get access to other people's tasks. However, especially for test purposes, it is essential to be able to execute tasks that are assigned to various people. I have discussed this with Marco and we agreed on creating a special property which will disable this check if set to true. He has already implemented it:

Comment 3 Tomas Livora 2015-09-24 04:28:53 EDT
This is not a test blocker anymore. I have found a way how to use several users when executing task commands in our test suite.
Comment 4 Marco Rietveld 2015-12-09 06:57:12 EST
Since Tomas has found a workaround, I'm closing this bug.
Comment 5 Miloslav Havrda 2017-03-08 07:39:00 EST
Could you implement the workaround for the Remote JMS API too?
When I call it, it throws the IllegalStateException.

org.kie.remote.client.api.exception.RemoteApiException: IllegalStateException thrown with message 'The user id used when retrieving task information (nino) must match the authenticating user (admin)!':
java.lang.IllegalStateException: The user id used when retrieving task information (nino) must match the authenticating user (admin)!
	at org.kie.remote.services.jms.RequestMessageBean.jmsProcessJaxbCommandsRequest(RequestMessageBean.java:391)
	at org.kie.remote.services.jms.RequestMessageBean.onMessage(RequestMessageBean.java:219)

Tested on the jBPM 6.4.0 version.

Note You need to log in before you can comment on or make changes to this bug.