[TASKMGMT-30] TasksStoreImpl.findPendingTasksByUser if user have no group assigned, the query is incorrect and returns all open tasks Created: 23/Oct/17  Updated: 12/Jul/23  Resolved: 12/Jul/23

Status: Closed
Project: Task Management
Component/s: None
Affects Version/s: 1.2.2
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Viet Nguyen Assignee: Unassigned
Resolution: Outdated Votes: 0
Labels: maintenance
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
causality
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Epic Link: AuthorX Support
Team: AuthorX

 Description   

Please reference to linked ticket for more detail, basically this is affected:

Query with groups:
SELECT * FROM [mgnl:task] WHERE ((actorId IS NULL AND (groupIds = 'publishers') OR (actorIds = 'superuser')) AND status LIKE '%Created%') OR ((actorId = 'superuser' OR actorIds = 'superuser' ) AND status LIKE '%Failed%')
Query without groups:
SELECT * FROM [mgnl:task] WHERE ((actorId IS NULL OR (actorIds = 'bos-test-technical')) AND status LIKE '%Created%') OR ((actorId = 'bos-test-technical' OR actorIds = 'bos-test-technical' ) AND status LIKE '%Failed%')

This count value is used to generate small red icon above pulse app, anyway then user can't see them.



 Comments   
Comment by Viet Nguyen [ 23/Oct/17 ]

From customer side:

User can have no groups assigned, but roles only. And we have mupliple roles, that can, for example only do configuration or only change security, but they can't see pages app / change / approve tasks.
When I login using one of those users, I see (5) in pulse, but can't see any tasks in list. It's becasue of this query, when I changed query, to always add groupId predicate (when no groups -> groupId IS NULL), it's better.

I was also mis-taken between groups and roles as we always set our mind working with role-based user management but in this case it was group-based then that's a real issue when working with group-based security.

Comment by Laura Delnevo [ 12/Jul/23 ]

Hello, 

This ticket is now marked as closed due to one of the following reasons: 

  • A long period of inactivity 
  • Uses an old or Beta version of an application, module, or framework that we no longer support 
  • The issue is no longer reproducible or has been fixed in later versions 

If you are still facing a problem or consider this issue still relevant, please feel free to re-open the ticket and we will reach out to you. 

Thank you, 

The Magnolia Team

Generated at Mon Feb 12 11:02:24 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.