[jboss-user] [jBPM] - jBPM 5.4 : forwarding task PermissionDeniedException when user is actualOwner but not in potential owners

gonzalad do-not-reply at jboss.com
Tue Feb 19 09:13:03 EST 2013


gonzalad [https://community.jboss.org/people/gonzalad] created the discussion

"jBPM 5.4 : forwarding task PermissionDeniedException when user is actualOwner but not in potential owners"

To view the discussion, visit: https://community.jboss.org/message/798352#798352

--------------------------------------------------------------
Hello,

I have the following scenario :
 * user admin creates a task for group businessGroup and user admin.
 * user demo (belonging to businessGroup) starts working on the task (taskService.start).
* user demo forwards the task to another group.

I get :

Caused by: org.jbpm.task.service.PermissionDeniedException: User '[User:'demo']' does not have permissions to execution operation 'Forward' on task id 35
  at org.jbpm.task.service.TaskServiceSession.evalCommand(TaskServiceSession.java:281) [classes:]
  at org.jbpm.task.service.TaskServiceSession.taskOperation(TaskServiceSession.java:428) [classes:]
  at org.jbpm.task.service.local.LocalTaskService.forward(LocalTaskService.java:141) [jbpm-human-task-core-5.4.0.Final.jar:5.4.0.Final]
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_24]
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_24]
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_24]
  at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_24]
  at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:44) [weld-core-1.1.9.Final.jar:2012-08-06 19:12]
  at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:105) [weld-core-1.1.9.Final.jar:2012-08-06 19:12]
  at org.jboss.weld.proxies.TaskService$161873013$Proxy$_$$_WeldClientProxy.forward(TaskService$161873013$Proxy$_$$_WeldClientProxy.java) [weld-core-1.1.9.Final.jar:]
  at com.natixis.odeon.process.SampleProcessService.forward(SampleProcessService.java:103) [classes:]
 


>From what I understood, Operation.Forward controls if userIsExplicitPotentialOwner. If it's not the case, jBPM considers that the user doesn't have the permissions to forward the task - even if the user is the owner of the task.

Is it a bug ? (I'm considering as normal that the actualOwner can forward the task on which he is working).

If yes, what should be done ?
 * add the owner of the task in potentialOwner list ?
 * on Operation.Forward check if the user is in the portentialOwner list or if he is the actualOwner.

Thanks !

P.S. sorry for the flood today ;(
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/798352#798352]

Start a new discussion in jBPM at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2034]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20130219/fd46406b/attachment.html 


More information about the jboss-user mailing list