Hi Vinod, On Mon, Jun 8, 2015 at 12:07 PM, Vinod Kavinda <vi...@wso2.com> wrote:
> Hi Hasitha, > Further more, > I think we have three options, > 1. Leave this as it is, allowing to the excluded owner to see task info. > 2. Add authorisation to the loadTask() API method. (we may be violating > the specs). > Yes, we are violating spec. Since Load task is equivalent to getMyTaskAbstracts. Excluded owner can't perform getMyTaskAbstracts ( or any of the operation listed in Spec 7.1.5 Operation Authorizations.) We need to introduce authorization into load task operation. Thanks, Hasitha. Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +1 201 887 1971, +94 718 210 200 3. Handle excluded owner case inside web app without changing API. > > WDYT? > > Thanks, > Vinod > > On Mon, Jun 8, 2015 at 9:32 PM, Vinod Kavinda <vi...@wso2.com> wrote: > >> Hi Hasitha, >> Yes I did check the error message in management console. That particular >> error is coming from a getInput() request. In the management UI it calls >> both loadTask() and getInput() methods to show task info. But in the >> webApp, we only use loadTask(). That is the reason for not having any >> errors. >> >> I thought of adding role based authorisation to loadTask() method and >> checked the spec. According to the spec any role is allowed for this >> operation. >> >> Thanks, >> Vinod >> >> On Mon, Jun 8, 2015 at 6:47 PM, Hasitha Aravinda <hasi...@wso2.com> >> wrote: >> >>> Hi Vinod, >>> >>> Even we show only SimpleQuery search result in HumanTask web app, there >>> are some scenarios, where excluded owners task are shows under claimable >>> task. This happens when task definition has complex users/roles >>> definitions, because simple query can't search users in role using a DB >>> query. >>> >>> In that case, problem is HumanTask Webapp doesn't show any error message >>> in when you click on a task ID. If you check HumanTask UI in management >>> console you will see this error msg. >>> >>> Hence Reopening this Jira. >>> >>> Thanks, >>> Hasitha. >>> >>> >>> Hasitha Aravinda, >>> Senior Software Engineer, >>> WSO2 Inc. >>> Email: hasi...@wso2.com >>> Mobile : +1 201 887 1971, +94 718 210 200 >>> >> >> >> >> -- >> Vinod Kavinda >> Software Engineer, *WSO2, Inc <http://www.wso2.com>.* >> Mobile : +94 (0) 712 415544 >> vi...@wso2.com >> > > > > -- > Vinod Kavinda > Software Engineer, *WSO2, Inc <http://www.wso2.com>.* > Mobile : +94 (0) 712 415544 > vi...@wso2.com >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
