Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-19948

Incorrect auditing behaviour if a task assignee is set to inactive after having completed a task

    Details

    • Bug Priority:
      Category 1
    • ACT Numbers:

      00971353

      Description

      Summary
      There is incorrect auditing behaviour, when a user that completed a task is set to inactive afterwards. Note, that this can happen under normal circumstances in a real world scenario, where a user worked/completed a task and at some point is leaving the company. That user would then be removed from the corporate LDAP/AD and APS would set this user to inactive automatically with the next LDAP/AD sync happening. For such an inactive user, the task/process audit log will show the user as "<unknown>" but also the activiti-app UI would show the task as having been assigned to "nobody".

      Steps to reproduce
      1. Login to activiti-app as admin and via Identity Management create a new user (e.g. first name: remove, last name: me, email: remove.me@alfresco.com, password: RemoveMe)
      2. Create a new simple process: start event -> user task (assigned to user created in previous step) -> user task (assigned to initiator) -> end event
      3. Publish this process as part of an app
      4. Start such a process from the published app
      5. Let the user created in step 1 complete the user task assigned to him/her
      6. Review the task audit log: It correctly says: "Task "" was completed by Remove Me" (see auditLogCorrect.png)
      7. Review the process history and completed tasks in the UI: It correctly says "Assigned to Remove Me" (see processHistoryCorrect.png).
      8. Now simulate the scenario where user created in step 1 is leaving the company by setting this user to inactive via Identity Management
      9. Inspect the process history and process/task audit log

      Expected behaviour
      As the user still exists in the database, the history and audit log should still show user "Remove Me" as assignee and user who completed the task.

      Current behaviour
      The process history now shows that the task was assigned to "nobody". (see processHistoryIncorrect.png).
      The audit log shows that the task was completed by "<unknown>". (see auditLogIncorrect.png)

      Supporting evidence

      • Reproduced with current latest APS 1.9 release
      • Issue can be seen in activiti-app UI as well as in Process Workspace UI as well as in the audit log being generated in both UIs.
      • Looking at the code, cause for incorrect audit log looks like the user name is tried to be pulled from user cache, but apparently we do not cache inactive users. See also com/activiti/service/common/AbstractPdfService.java:
      protected String userIdToName(String userIdString) {
              if (StringUtils.isNotEmpty(userIdString)) {
                  try {
                      UserCache.CachedUser cachedUser = userCache.getUser(userIdString);
                      if (cachedUser != null) {
                          return cachedUser.getUser().getFullName();
                      }
                  } catch (Exception e) {
                  }
              }
      
              return "<unknown>";
      }
      

        Attachments

          Structure

            Activity

              People

              • Assignee:
                apsteam APS Team
                Reporter:
                dkoch Dennis Koch
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Structure Helper Panel