Uploaded image for project: '[Read Only] - Hippo Repository'
  1. [Read Only] - Hippo Repository
  2. REPO-925

WorkflowManager permission checks fixes

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Low
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.26.00
    • Component/s: None
    • Labels:
      None

      Description

      The #getWorkflowDescription(String, Document) incorrectly performs the permissions check using the workflow session instead of the user session.
      In practice this means the check will always succeed.

      For initiating the workflow logging, it uses the user session to check access on the /hippo:log folder, while in this case it actually should use the workflow user session.

        Attachments

          Activity

            People

            Assignee:
            jsheriff Junaidh Kadhar Sheriff
            Reporter:
            adouma Ate Douma
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: