1265568 – Remote API: cannot get tasks assigned to different users

Bug 1265568 - Remote API: cannot get tasks assigned to different users

Summary: Remote API: cannot get tasks assigned to different users

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	JBoss BPMS Platform 6
Classification:	Retired
Component:	Business Central
Sub Component:
Version:	6.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Marco Rietveld
QA Contact:	Tomas Livora
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-09-23 09:01 UTC by Tomas Livora
Modified:	2017-03-08 12:39 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-12-09 11:57:12 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Tomas Livora 2015-09-23 09:01:12 UTC

Description of problem:
It is not possible to get tasks assigned to different users through remote APIs.

Version-Release number of selected component (if applicable):
6.2.0 ER2

Steps to Reproduce:
1. Use one user credentials when using remote APIs
2. Try to get tasks for another users.

Actual results:
org.kie.remote.client.api.exception.RemoteApiException: The user id used when retrieving task information (user1) must match the authenticating user (user2)!

Expected results:
It should be possible somehow bypass this check to allow testing processes with tasks assigned to different users.

Additional info:
This influences many tests in our remote APIs test suite.

Comment 1 Kris Verlaenen 2015-09-23 15:15:41 UTC

This is done on purpose, otherwise people can get access to other people's tasks, which is something we need to prevent.  How are you suggesting we should bypass this (as obviously we then don't want users to be able to do this as well)?

Comment 2 Tomas Livora 2015-09-24 06:34:33 UTC

Kris, I know people should not be able to get access to other people's tasks. However, especially for test purposes, it is essential to be able to execute tasks that are assigned to various people. I have discussed this with Marco and we agreed on creating a special property which will disable this check if set to true. He has already implemented it:

(master)
https://github.com/droolsjbpm/droolsjbpm-integration/commit/a64f2168a39ded5caf57bda9b444ff2950169bd0
https://github.com/droolsjbpm/droolsjbpm-integration/commit/fbac57ded8f48e164ee175a22213a01f89c718eb

Comment 3 Tomas Livora 2015-09-24 08:28:53 UTC

This is not a test blocker anymore. I have found a way how to use several users when executing task commands in our test suite.

Comment 4 Marco Rietveld 2015-12-09 11:57:12 UTC

Since Tomas has found a workaround, I'm closing this bug.

Comment 5 Miloslav Havrda 2017-03-08 12:39:00 UTC

Could you implement the workaround for the Remote JMS API too?
When I call it, it throws the IllegalStateException.

org.kie.remote.client.api.exception.RemoteApiException: IllegalStateException thrown with message 'The user id used when retrieving task information (nino) must match the authenticating user (admin)!':
java.lang.IllegalStateException: The user id used when retrieving task information (nino) must match the authenticating user (admin)!
	at org.kie.remote.services.jms.RequestMessageBean.jmsProcessJaxbCommandsRequest(RequestMessageBean.java:391)
	at org.kie.remote.services.jms.RequestMessageBean.onMessage(RequestMessageBean.java:219)

Tested on the jBPM 6.4.0 version.

Note You need to log in before you can comment on or make changes to this bug.