Description of problem: If human task is assigned to group(Group1) and user "User1" is part of Group1. User1 is able to claim and complete human task through console without any issue. But it fails with permission denied exception when we try to claim task through Remote REST API. It fails with same exception with /execute endpoint as well. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Create process with Human Task which is assigned to Group. 2. Start process and try to claim Task which is part of assigned Group, through Remote REST API or through /execute endpoint. 3. It fails with exception: ~~~ PermissionDeniedException thrown with message 'User '[UserImpl:'User1']' does not have permissions to execute operation 'Claim' on task id 15 ~~~ Actual results: User is not able to claim task through Remote REST API or through /execute endpoint. Expected results: User should be able to claim task through Remote REST API or through /execute endpoint. Additional info:
Could QA or Abhijit provide a (psuedo)reproducer, including the following: 1. (bpmn2) process definition 2. URL's or otherwise java code that show the operations that fail. 3. The stack trace generated as well as other information about the error's returned. The problem seems to be fairly straightforward, but providing this information gives me a good basis on which to figure out the problem, and also makes sure that I don't waste time searching for the actual problem. Thanks!
Leaving this to Abhijit, as he's the original reporter and therefore has the most information about this.
Hi all, Reproducer with complete stack trace attached.
Created attachment 1132808 [details] reproducer
I believe we have bit of misunderstanding here. When looking at the reproducer you use two users: - first bpmsAdmin that is used for authentication - user1 that you try to claim task for this won't work out of the box as always user that is authenticated is used for performing task service operations. Thus when using bpmsAdmin (which most likely is not member of the group) is not allowed to perform the operation. You might take a look at this BZ-1310510 that will allow you to use the given user instead of authenticated user. I suggest to close it as it's not a bug but expected behavior.
Hi Maciej, user1 should be able to claim task if we are using -Dorg.kie.task.insecure=true option. what you think on this ?
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days