Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-9122

Using the Rest-API Optimize can't perform custom queries against the engine

    Details

      Description

      AT:

      • Using the Rest-API Optimize can perform custom queries against the engine for the following entities:
        • historic activity instances
        • historic variable instances
        • historic process instances
      • the custom SQL-queries work on all databases (e.g. in Oracle there is not LIMIT keyword)
      • the whole implementation is not in the public package and should not be documented
      • if authorization is enabled and the request is done with basic authentication, only users that have admin rights or READ_HISTORY/ALL permission on the Process definition and Process Instance resource can perform queries. If the use is not authorized, he receives an appropriate response telling the user that.
      • all the Optimize specific files are in the impl packages and not exposed via public api

      Context:
      Currently, Optimize uses the standard REST-API of the engine. However, those perform authorization checks against the database, distinct selects and do other stuff that make the sql queries very complicated and for a lot of scenarios very slow. To speed that up Optimize should get its own endpoint, where the queries are a lot simpler.

        Issue Links

          Activity

          Hide
          johannes.heinemann Johannes Heinemann added a comment -

          Nikola Koevski: I realized it would be better if the query parameter finsihedAfter, startedAfter and occurredAfter perform the operation > instead of >=. Even if you don't have anything else to remark, please return the ticket to me so I can change that.

          Show
          johannes.heinemann Johannes Heinemann added a comment - Nikola Koevski : I realized it would be better if the query parameter finsihedAfter, startedAfter and occurredAfter perform the operation > instead of >= . Even if you don't have anything else to remark, please return the ticket to me so I can change that.
          Hide
          johannes.heinemann Johannes Heinemann added a comment -

          Nikola Koevski: I added also that the result of the variable updates contains the sequence counter, such that we know in Optimize what is the latest update of the variable. Also if everything is fine, please assign this ticket to Roman for a review in terms of possible security holes.

          Show
          johannes.heinemann Johannes Heinemann added a comment - Nikola Koevski : I added also that the result of the variable updates contains the sequence counter, such that we know in Optimize what is the latest update of the variable. Also if everything is fine, please assign this ticket to Roman for a review in terms of possible security holes.

            People

            • Assignee:
              roman.smirnov Smirnov Roman
              Reporter:
              johannes.heinemann Johannes Heinemann
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development