Re: [Dev] (BPS-680) Unauthorized error message is not showing for Excluded owner in HumanTask web app
Hi Vinod, On Mon, Jun 8, 2015 at 12:07 PM, Vinod Kavinda vi...@wso2.com wrote: Hi Hasitha, Further more, I think we have three options, 1. Leave this as it is, allowing to the excluded owner to see task info. 2. Add authorisation to the loadTask() API method. (we may be violating the specs). Yes, we are violating spec. Since Load task is equivalent to getMyTaskAbstracts. Excluded owner can't perform getMyTaskAbstracts ( or any of the operation listed in Spec 7.1.5 Operation Authorizations.) We need to introduce authorization into load task operation. Thanks, Hasitha. Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +1 201 887 1971, +94 718 210 200 3. Handle excluded owner case inside web app without changing API. WDYT? Thanks, Vinod On Mon, Jun 8, 2015 at 9:32 PM, Vinod Kavinda vi...@wso2.com wrote: Hi Hasitha, Yes I did check the error message in management console. That particular error is coming from a getInput() request. In the management UI it calls both loadTask() and getInput() methods to show task info. But in the webApp, we only use loadTask(). That is the reason for not having any errors. I thought of adding role based authorisation to loadTask() method and checked the spec. According to the spec any role is allowed for this operation. Thanks, Vinod On Mon, Jun 8, 2015 at 6:47 PM, Hasitha Aravinda hasi...@wso2.com wrote: Hi Vinod, Even we show only SimpleQuery search result in HumanTask web app, there are some scenarios, where excluded owners task are shows under claimable task. This happens when task definition has complex users/roles definitions, because simple query can't search users in role using a DB query. In that case, problem is HumanTask Webapp doesn't show any error message in when you click on a task ID. If you check HumanTask UI in management console you will see this error msg. Hence Reopening this Jira. Thanks, Hasitha. Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +1 201 887 1971, +94 718 210 200 -- Vinod Kavinda Software Engineer, *WSO2, Inc http://www.wso2.com.* Mobile : +94 (0) 712 415544 vi...@wso2.com -- Vinod Kavinda Software Engineer, *WSO2, Inc http://www.wso2.com.* Mobile : +94 (0) 712 415544 vi...@wso2.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] (BPS-680) Unauthorized error message is not showing for Excluded owner in HumanTask web app
Thanks Hasitha. You are correct. (I was referring only the 7.1.2 Simple Query Operations which says authorisation ANY). I'll introduce authorisation to the loadTask() operation. Thanks, Vinod On Tue, Jun 9, 2015 at 12:37 AM, Hasitha Aravinda hasi...@wso2.com wrote: Hi Vinod, On Mon, Jun 8, 2015 at 12:07 PM, Vinod Kavinda vi...@wso2.com wrote: Hi Hasitha, Further more, I think we have three options, 1. Leave this as it is, allowing to the excluded owner to see task info. 2. Add authorisation to the loadTask() API method. (we may be violating the specs). Yes, we are violating spec. Since Load task is equivalent to getMyTaskAbstracts. Excluded owner can't perform getMyTaskAbstracts ( or any of the operation listed in Spec 7.1.5 Operation Authorizations.) We need to introduce authorization into load task operation. Thanks, Hasitha. Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +1 201 887 1971, +94 718 210 200 3. Handle excluded owner case inside web app without changing API. WDYT? Thanks, Vinod On Mon, Jun 8, 2015 at 9:32 PM, Vinod Kavinda vi...@wso2.com wrote: Hi Hasitha, Yes I did check the error message in management console. That particular error is coming from a getInput() request. In the management UI it calls both loadTask() and getInput() methods to show task info. But in the webApp, we only use loadTask(). That is the reason for not having any errors. I thought of adding role based authorisation to loadTask() method and checked the spec. According to the spec any role is allowed for this operation. Thanks, Vinod On Mon, Jun 8, 2015 at 6:47 PM, Hasitha Aravinda hasi...@wso2.com wrote: Hi Vinod, Even we show only SimpleQuery search result in HumanTask web app, there are some scenarios, where excluded owners task are shows under claimable task. This happens when task definition has complex users/roles definitions, because simple query can't search users in role using a DB query. In that case, problem is HumanTask Webapp doesn't show any error message in when you click on a task ID. If you check HumanTask UI in management console you will see this error msg. Hence Reopening this Jira. Thanks, Hasitha. Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +1 201 887 1971, +94 718 210 200 -- Vinod Kavinda Software Engineer, *WSO2, Inc http://www.wso2.com.* Mobile : +94 (0) 712 415544 vi...@wso2.com -- Vinod Kavinda Software Engineer, *WSO2, Inc http://www.wso2.com.* Mobile : +94 (0) 712 415544 vi...@wso2.com -- Vinod Kavinda Software Engineer, *WSO2, Inc http://www.wso2.com.* Mobile : +94 (0) 712 415544 vi...@wso2.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] (BPS-680) Unauthorized error message is not showing for Excluded owner in HumanTask web app
Hi Vinod, Even we show only SimpleQuery search result in HumanTask web app, there are some scenarios, where excluded owners task are shows under claimable task. This happens when task definition has complex users/roles definitions, because simple query can't search users in role using a DB query. In that case, problem is HumanTask Webapp doesn't show any error message in when you click on a task ID. If you check HumanTask UI in management console you will see this error msg. Hence Reopening this Jira. Thanks, Hasitha. Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +1 201 887 1971, +94 718 210 200 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] (BPS-680) Unauthorized error message is not showing for Excluded owner in HumanTask web app
Hi Vinod, According to the Spec, Excluded owner should not be able to perform any operation or shouldn't see any task related information. We have a bug in simple query where in some cases it shows excluded tasks. We need to work on that (which is a big fix) Problem is we are not showing any error msg in Web UI ( No visual feedback), when user click on a Claim button on a excluded task. You can see error in logs saying user is not authorized to perform task. Problem is we are not showing that error msg in UI. Thanks, Hasitha. Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +1 201 887 1971, +94 718 210 200 On Mon, Jun 8, 2015 at 12:02 PM, Vinod Kavinda vi...@wso2.com wrote: Hi Hasitha, Yes I did check the error message in management console. That particular error is coming from a getInput() request. In the management UI it calls both loadTask() and getInput() methods to show task info. But in the webApp, we only use loadTask(). That is the reason for not having any errors. I thought of adding role based authorisation to loadTask() method and checked the spec. According to the spec any role is allowed for this operation. Thanks, Vinod On Mon, Jun 8, 2015 at 6:47 PM, Hasitha Aravinda hasi...@wso2.com wrote: Hi Vinod, Even we show only SimpleQuery search result in HumanTask web app, there are some scenarios, where excluded owners task are shows under claimable task. This happens when task definition has complex users/roles definitions, because simple query can't search users in role using a DB query. In that case, problem is HumanTask Webapp doesn't show any error message in when you click on a task ID. If you check HumanTask UI in management console you will see this error msg. Hence Reopening this Jira. Thanks, Hasitha. Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +1 201 887 1971, +94 718 210 200 -- Vinod Kavinda Software Engineer, *WSO2, Inc http://www.wso2.com.* Mobile : +94 (0) 712 415544 vi...@wso2.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] (BPS-680) Unauthorized error message is not showing for Excluded owner in HumanTask web app
Hi Hasitha, Are you referring to a latest build pack? We are only showing the buttons that are allowed for the particular user. So claim task should not be shown for excluded owners since they are not allowed. We have included these changes in alpha release. Anyway i'll double check these scenarios that we should give better visual feedback. Thanks, Vinod On Mon, Jun 8, 2015 at 9:43 PM, Hasitha Aravinda hasi...@wso2.com wrote: Hi Vinod, According to the Spec, Excluded owner should not be able to perform any operation or shouldn't see any task related information. We have a bug in simple query where in some cases it shows excluded tasks. We need to work on that (which is a big fix) Problem is we are not showing any error msg in Web UI ( No visual feedback), when user click on a Claim button on a excluded task. You can see error in logs saying user is not authorized to perform task. Problem is we are not showing that error msg in UI. Thanks, Hasitha. Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +1 201 887 1971, +94 718 210 200 On Mon, Jun 8, 2015 at 12:02 PM, Vinod Kavinda vi...@wso2.com wrote: Hi Hasitha, Yes I did check the error message in management console. That particular error is coming from a getInput() request. In the management UI it calls both loadTask() and getInput() methods to show task info. But in the webApp, we only use loadTask(). That is the reason for not having any errors. I thought of adding role based authorisation to loadTask() method and checked the spec. According to the spec any role is allowed for this operation. Thanks, Vinod On Mon, Jun 8, 2015 at 6:47 PM, Hasitha Aravinda hasi...@wso2.com wrote: Hi Vinod, Even we show only SimpleQuery search result in HumanTask web app, there are some scenarios, where excluded owners task are shows under claimable task. This happens when task definition has complex users/roles definitions, because simple query can't search users in role using a DB query. In that case, problem is HumanTask Webapp doesn't show any error message in when you click on a task ID. If you check HumanTask UI in management console you will see this error msg. Hence Reopening this Jira. Thanks, Hasitha. Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +1 201 887 1971, +94 718 210 200 -- Vinod Kavinda Software Engineer, *WSO2, Inc http://www.wso2.com.* Mobile : +94 (0) 712 415544 vi...@wso2.com -- Vinod Kavinda Software Engineer, *WSO2, Inc http://www.wso2.com.* Mobile : +94 (0) 712 415544 vi...@wso2.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] (BPS-680) Unauthorized error message is not showing for Excluded owner in HumanTask web app
Hi Hasitha, Further more, I think we have three options, 1. Leave this as it is, allowing to the excluded owner to see task info. 2. Add authorisation to the loadTask() API method. (we may be violating the specs). 3. Handle excluded owner case inside web app without changing API. WDYT? Thanks, Vinod On Mon, Jun 8, 2015 at 9:32 PM, Vinod Kavinda vi...@wso2.com wrote: Hi Hasitha, Yes I did check the error message in management console. That particular error is coming from a getInput() request. In the management UI it calls both loadTask() and getInput() methods to show task info. But in the webApp, we only use loadTask(). That is the reason for not having any errors. I thought of adding role based authorisation to loadTask() method and checked the spec. According to the spec any role is allowed for this operation. Thanks, Vinod On Mon, Jun 8, 2015 at 6:47 PM, Hasitha Aravinda hasi...@wso2.com wrote: Hi Vinod, Even we show only SimpleQuery search result in HumanTask web app, there are some scenarios, where excluded owners task are shows under claimable task. This happens when task definition has complex users/roles definitions, because simple query can't search users in role using a DB query. In that case, problem is HumanTask Webapp doesn't show any error message in when you click on a task ID. If you check HumanTask UI in management console you will see this error msg. Hence Reopening this Jira. Thanks, Hasitha. Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +1 201 887 1971, +94 718 210 200 -- Vinod Kavinda Software Engineer, *WSO2, Inc http://www.wso2.com.* Mobile : +94 (0) 712 415544 vi...@wso2.com -- Vinod Kavinda Software Engineer, *WSO2, Inc http://www.wso2.com.* Mobile : +94 (0) 712 415544 vi...@wso2.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] (BPS-680) Unauthorized error message is not showing for Excluded owner in HumanTask web app
Hi Vinod, Thanks Vinod, I will also check what is root cause for excluded owner issue in server side. seem like it is broken with SimpleQuery. I build fresh pack with latest changes. I was testing HumanTask rendering and found those issues. Thanks, Hasitha. Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +1 201 887 1971, +94 718 210 200 On Mon, Jun 8, 2015 at 12:27 PM, Vinod Kavinda vi...@wso2.com wrote: Hi Hasitha, Are you referring to a latest build pack? We are only showing the buttons that are allowed for the particular user. So claim task should not be shown for excluded owners since they are not allowed. We have included these changes in alpha release. Anyway i'll double check these scenarios that we should give better visual feedback. Thanks, Vinod On Mon, Jun 8, 2015 at 9:43 PM, Hasitha Aravinda hasi...@wso2.com wrote: Hi Vinod, According to the Spec, Excluded owner should not be able to perform any operation or shouldn't see any task related information. We have a bug in simple query where in some cases it shows excluded tasks. We need to work on that (which is a big fix) Problem is we are not showing any error msg in Web UI ( No visual feedback), when user click on a Claim button on a excluded task. You can see error in logs saying user is not authorized to perform task. Problem is we are not showing that error msg in UI. Thanks, Hasitha. Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +1 201 887 1971, +94 718 210 200 On Mon, Jun 8, 2015 at 12:02 PM, Vinod Kavinda vi...@wso2.com wrote: Hi Hasitha, Yes I did check the error message in management console. That particular error is coming from a getInput() request. In the management UI it calls both loadTask() and getInput() methods to show task info. But in the webApp, we only use loadTask(). That is the reason for not having any errors. I thought of adding role based authorisation to loadTask() method and checked the spec. According to the spec any role is allowed for this operation. Thanks, Vinod On Mon, Jun 8, 2015 at 6:47 PM, Hasitha Aravinda hasi...@wso2.com wrote: Hi Vinod, Even we show only SimpleQuery search result in HumanTask web app, there are some scenarios, where excluded owners task are shows under claimable task. This happens when task definition has complex users/roles definitions, because simple query can't search users in role using a DB query. In that case, problem is HumanTask Webapp doesn't show any error message in when you click on a task ID. If you check HumanTask UI in management console you will see this error msg. Hence Reopening this Jira. Thanks, Hasitha. Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +1 201 887 1971, +94 718 210 200 -- Vinod Kavinda Software Engineer, *WSO2, Inc http://www.wso2.com.* Mobile : +94 (0) 712 415544 vi...@wso2.com -- Vinod Kavinda Software Engineer, *WSO2, Inc http://www.wso2.com.* Mobile : +94 (0) 712 415544 vi...@wso2.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev