We have an enterprise REST API endpoint to cancel/delete a process instance, see also http://docs.alfresco.com/process-services1.9/topics/delete_a_process_instance.html. It seems that this endpoint can only be used successfully by the related process initiator, but is not behaving correct while executing as admin user, who should always be able to cancel/delete a process instance.
Steps to reproduce
1. Login to activiti-app as any user other than the inbuilt admin user
2. Start any process instance and determine the process instance ID (e.g. via activit-admin)
3. Via REST client (e.g. Postman) or api-explorer execute the following API call as admin:
4. Inspect the response
The API replies with an code in the 200 region and the process instance for the passed process instance ID was cancelled or deleted.
As the admin user is not the initiator of the process, the response is like the following:
This is incorrect behaviour as an admin user should always be able to cancel/delete a process instance.
- Reproduced with current latest APS 22.214.171.124 version
- Workaround: Deleting or cancelling a process instance works fine with activiti-admin, which uses an engine API call, e.g.