Uploaded image for project: '[Read Only] - Hippo Repository'
  1. [Read Only] - Hippo Repository
  2. REPO-926

Expose the Workflow subject its session through the WorkflowContext

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 2.26.00
    • Fix Version/s: 2.26.00
    • Component/s: None
    • Labels:
    • Epic Link:
    • Sprint:
      Sprint 74

      Description

      A Workflow instance is created under the privileges of the invoker (user session) or possibly the session of the provided JCR Node as 'subject' of the workflow, or (if invoked through another workflow) the internal workflow session.

      The actual subject (Node) passed into the workflow is always managed by (retrieved through) the internal workflow session.

      If within such a workflow additional permission checks needs to be done you typically can/should do so against the user session (available through the WorkflowContext).

      However, if a workflow invokes another workflow (like the TranslationWorkflow invoking CopyWorkflow), then the 'subject' session to be used is the internal workflow session (meaning: in practice all restrictions lifted).
      But the invoked workflow has no way of determining how it was invoked, so which session should it use?

      For this purpose, the WorkflowContext will be enhanced and also provide separately access to the subject session, which is the session used to check the instantiation of the workflow itself.
      This subject session therefore will always be the correct one to use for subsequent permission checks within the workflow itself.

        Attachments

          Activity

            People

            Assignee:
            abanck Arent-Jan Banck
            Reporter:
            adouma Ate Douma
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: