Hi Vinod,
On Mon, Jun 8, 2015 at 12:07 PM, Vinod Kavinda vi...@wso2.com wrote:
Hi Hasitha,
Further more,
I think we have three options,
1. Leave this as it is, allowing to the excluded owner to see task info.
2. Add authorisation to the loadTask() API method. (we may be violating
the
Thanks Hasitha. You are correct.
(I was referring only the 7.1.2 Simple Query Operations which says
authorisation ANY). I'll introduce authorisation to the loadTask()
operation.
Thanks,
Vinod
On Tue, Jun 9, 2015 at 12:37 AM, Hasitha Aravinda hasi...@wso2.com wrote:
Hi Vinod,
On Mon, Jun 8,
Hi Vinod,
Even we show only SimpleQuery search result in HumanTask web app, there are
some scenarios, where excluded owners task are shows under claimable task.
This happens when task definition has complex users/roles definitions,
because simple query can't search users in role using a DB query.
Hi Vinod,
According to the Spec, Excluded owner should not be able to perform any
operation or shouldn't see any task related information. We have a bug in
simple query where in some cases it shows excluded tasks. We need to work
on that (which is a big fix)
Problem is we are not showing any
Hi Hasitha,
Are you referring to a latest build pack? We are only showing the buttons
that are allowed for the particular user. So claim task should not be shown
for excluded owners since they are not allowed. We have included these
changes in alpha release.
Anyway i'll double check these
Hi Hasitha,
Further more,
I think we have three options,
1. Leave this as it is, allowing to the excluded owner to see task info.
2. Add authorisation to the loadTask() API method. (we may be violating the
specs).
3. Handle excluded owner case inside web app without changing API.
WDYT?
Thanks,
Hi Vinod,
Thanks Vinod, I will also check what is root cause for excluded owner issue
in server side. seem like it is broken with SimpleQuery. I build fresh pack
with latest changes. I was testing HumanTask rendering and found those
issues.
Thanks,
Hasitha.
Hasitha Aravinda,
Senior Software