Thanks Hasitha. You are correct. (I was referring only the 7.1.2 Simple Query Operations which says authorisation ANY). I'll introduce authorisation to the loadTask() operation.
Thanks, Vinod On Tue, Jun 9, 2015 at 12:37 AM, Hasitha Aravinda <hasi...@wso2.com> wrote: > Hi Vinod, > > On Mon, Jun 8, 2015 at 12:07 PM, Vinod Kavinda <vi...@wso2.com> wrote: > >> Hi Hasitha, >> Further more, >> I think we have three options, >> 1. Leave this as it is, allowing to the excluded owner to see task info. >> 2. Add authorisation to the loadTask() API method. (we may be violating >> the specs). >> > > Yes, we are violating spec. Since Load task is equivalent to > getMyTaskAbstracts. > Excluded owner can't perform getMyTaskAbstracts ( or any of the operation > listed in Spec 7.1.5 Operation Authorizations.) > > We need to introduce authorization into load task operation. > > Thanks, > Hasitha. > > Hasitha Aravinda, > Senior Software Engineer, > WSO2 Inc. > Email: hasi...@wso2.com > Mobile : +1 201 887 1971, +94 718 210 200 > > 3. Handle excluded owner case inside web app without changing API. >> >> WDYT? >> >> Thanks, >> Vinod >> >> On Mon, Jun 8, 2015 at 9:32 PM, Vinod Kavinda <vi...@wso2.com> wrote: >> >>> Hi Hasitha, >>> Yes I did check the error message in management console. That particular >>> error is coming from a getInput() request. In the management UI it calls >>> both loadTask() and getInput() methods to show task info. But in the >>> webApp, we only use loadTask(). That is the reason for not having any >>> errors. >>> >>> I thought of adding role based authorisation to loadTask() method and >>> checked the spec. According to the spec any role is allowed for this >>> operation. >>> >>> Thanks, >>> Vinod >>> >>> On Mon, Jun 8, 2015 at 6:47 PM, Hasitha Aravinda <hasi...@wso2.com> >>> wrote: >>> >>>> Hi Vinod, >>>> >>>> Even we show only SimpleQuery search result in HumanTask web app, there >>>> are some scenarios, where excluded owners task are shows under claimable >>>> task. This happens when task definition has complex users/roles >>>> definitions, because simple query can't search users in role using a DB >>>> query. >>>> >>>> In that case, problem is HumanTask Webapp doesn't show any error >>>> message in when you click on a task ID. If you check HumanTask UI in >>>> management console you will see this error msg. >>>> >>>> Hence Reopening this Jira. >>>> >>>> Thanks, >>>> Hasitha. >>>> >>>> >>>> Hasitha Aravinda, >>>> Senior Software Engineer, >>>> WSO2 Inc. >>>> Email: hasi...@wso2.com >>>> Mobile : +1 201 887 1971, +94 718 210 200 >>>> >>> >>> >>> >>> -- >>> Vinod Kavinda >>> Software Engineer, *WSO2, Inc <http://www.wso2.com>.* >>> Mobile : +94 (0) 712 415544 >>> vi...@wso2.com >>> >> >> >> >> -- >> Vinod Kavinda >> Software Engineer, *WSO2, Inc <http://www.wso2.com>.* >> Mobile : +94 (0) 712 415544 >> vi...@wso2.com >> > > -- Vinod Kavinda Software Engineer, *WSO2, Inc <http://www.wso2.com>.* Mobile : +94 (0) 712 415544 vi...@wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
