Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-8735

Authorizations are being checked when evaluating conditional start events

    Details

    • Type: Feature Request
    • Status: Closed
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.9.0, 7.9.0-alpha2
    • Component/s: engine
    • Labels:
      None

      Description

      EventSubscriptionManager#findConditionalStartEventSubscriptionByTenantId and EventSubscriptionManager#findConditionalStartEventSubscription must return only subscribtions that belong to the process definition the user has READ permission for (+ tenantId check if needed).

      So that

      • the user can't receive error, that he does not have permission to start process instance for those process definition, that he can't even read.

        Issue Links

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              Unassigned
              Reporter:
              svetlana.dorokhova Svetlana Dorokhova
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development