[incubator-kie-issues : 2059] Workflow Engine- User in a task Excluded users can still claim and complete the task #4016
Conversation
| throw new UserTaskInstanceNotAuthorizedException(message); | ||
| } | ||
| } | ||
|
|
||
| private void checkPermission(UserTaskInstance userTaskInstance, IdentityProvider identityProvider) { |
There was a problem hiding this comment.
this needs to change to
private void checkPermission(UserTaskInstance userTaskInstance, String user name) {
There was a problem hiding this comment.
Updated the PR accordingly.
| @@ -221,6 +222,15 @@ private String assignStrategy(UserTaskInstance userTaskInstance, IdentityProvide | |||
| return assignmentStrategy.computeAssignment(userTaskInstance, identityProvider).orElse(null); | |||
| } | |||
|
|
|||
| private void checkUserHasPermission(UserTaskInstance userTaskInstance, String identityProviderName) { | |||
There was a problem hiding this comment.
private void checkPermission(UserTaskInstance userTaskInstance, IdentityProvider identityProvider) {
this.checkPermission(userTaskInstance, identityProvider.getName())
}
There was a problem hiding this comment.
Review Comments addressed.
| @@ -173,6 +173,7 @@ public Optional<UserTaskTransitionToken> claim(UserTaskInstance userTaskInstance | |||
| defaultUserTaskInstance.setActualOwner(identityProvider.getName()); | |||
| } | |||
| } | |||
| checkPermission(userTaskInstance, identityProvider); | |||
There was a problem hiding this comment.
you need to check with the parameter as well.
Signed-off-by: christinejose <[email protected]>
Signed-off-by: christinejose <[email protected]>
Thank you for the detailed explanation Enrique !! As discussed I have updated the PR by removing the checkPermission() from claim() method and also have created a jira for taking up the pending tasks. |
There was a problem hiding this comment.
@Christine-Jose please make sure that UserTaskIT.testApprovalWithExcludedOwnerViaPhases tests these changes by catching the UserTaskInstanceNotAuthorizedException in case the second task is claimed/completed by the excluded user manager.
Otherwise, this looks good. Thanks!
Changes are added and verifed in the UserTaskIT class. |
Christine-Jose
force-pushed
the
excluded-users-issue
branch
from
46db8ab to
e998a82
Compare
|
PR job Reproducerbuild-chain build full_downstream -f 'https://raw.githubusercontent.com/${AUTHOR:apache}/incubator-kie-kogito-pipelines/${BRANCH:main}/.ci/buildchain-config-pr-cdb.yaml' -o 'bc' -p apache/incubator-kie-kogito-runtimes -u #4016 --skipParallelCheckout NOTE: To install the build-chain tool, please refer to https://github.com/kiegroup/github-action-build-chain#local-execution Please look here: https://ci-builds.apache.org/job/KIE/job/kogito/job/main/job/pullrequest_jobs/job/kogito-runtimes-pr/job/PR-4016/6/display/redirect Test results:
Those are the test failures: org.kie.kogito.addon.quarkus.messaging.common.QuarkusEventThreadPoolTest.testQuarkusEventThreadPoolMultiThreadTestexpected: <100> but was: <99> |
Workflow Engine- User in a task Excluded users can still claim and complete the task
Closes apache/incubator-kie-issues#2059
Many thanks for submitting your Pull Request ❤️!
Closes/Fixes/Resolves #ISSUE-NUMBER
Description:
Please make sure that your PR meets the following requirements:
Issue-XYZ Subject[0.9.x] Issue-XYZ SubjectHow to replicate CI configuration locally?
Build Chain tool does "simple" maven build(s), the builds are just Maven commands, but because the repositories relates and depends on each other and any change in API or class method could affect several of those repositories there is a need to use build-chain tool to handle cross repository builds and be sure that we always use latest version of the code for each repository.
build-chain tool is a build tool which can be used on command line locally or in Github Actions workflow(s), in case you need to change multiple repositories and send multiple dependent pull requests related with a change you can easily reproduce the same build by executing it on Github hosted environment or locally in your development environment. See local execution details to get more information about it.