Christine-Jose opened a new issue, #2059: URL: https://github.com/apache/incubator-kie-issues/issues/2059
If we have a process with a user task with an excluded user configured (input assignment `ExcludedOwnerId` -> jdoe), we'll see that the `jdoe` user can still claim the task unless `jdoe` is part of the potential users list. The actual policy check algorithm is basically verifying that the task excluded users aren't part of the potentialUsers list (configured with the actors fields in the bpmn editor), but if the user is excluded and not present in the potential users BUT belongs to any of the potential groups defined in the task, he'd be allowed to operate with the task. I think the right behaviour would be making the user exclusion have more priority over potentialUsers/groups. So if the user that tries to operate with a task is an excluded user it shouldn't be allowed to work with it regardless of So if we have a task like: potentialUsers: jdoe, potentialGroups: HR, excludedUsers: alice If we try to claim the task with user alice and group HR, alice will be allowed to reserve the task. This issue is reported after verifying the 2 level approval processes we have in some of our examples (and IT tests) with the new tasks api. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
