Hi,
When I make a rest call like below:
process-definition?sortOrder=asc&firstResult=0&maxResults=50&sortBy=name&page=1&latest=true
I was following the call sequence in the debug mode. I don’t see any call for ‘Authorization checks’ right from the ProcessDefinitionRestServiceImpl methods to the query executions. I thought every ‘get’ call should either filter out the non-accessible from the query result or the query itself include the authorization check.
Can someone point me where does this ‘authorization’ checks take place for the ‘GET’ calls like above ?
Thank you
@1damunda what’s your deploment model? Have you enabled the authorization check for camunda?
From where did you got these attributes? page=1&latest=true
Did you exposed your own custom rest api?
From docs, Camunda Automation Platform 7.21.0-SNAPSHOT REST API
Name |
Description |
firstResult |
Pagination of results. Specifies the index of the first result to return. |
maxResults |
Pagination of results. Specifies the maximum number of results to return. Will return less results if there are no more results left. |
That was my bad.
Now I see that the GET calls translate into queries with Authorization conditions embedded.
I see that AuthorizationManager class has the relevant code.