[REPO-925] WorkflowManager permission checks fixes - Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Low
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.26.00
Component/s: None
Labels:
None

Description

The #getWorkflowDescription(String, Document) incorrectly performs the permissions check using the workflow session instead of the user session.
In practice this means the check will always succeed.

For initiating the workflow logging, it uses the user session to check access on the /hippo:log folder, while in this case it actually should use the workflow user session.

Attachments

Activity

People

Assignee:: Junaidh Kadhar Sheriff

Reporter:: Ate Douma

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 20/Feb/14 3:54 PM

Updated:: 26/Mar/14 12:19 PM

Resolved:: 20/Feb/14 4:13 PM