[MNT-19948] Incorrect auditing behaviour if a task assignee is set to inactive after having completed a task Created: 23-Aug-18  Updated: 26-Jul-19

Status: Open
Project: Service Packs and Hot Fixes
Component/s: APS End User App, APS Kickstart/Studio
Affects Version/s: Alfresco Process Services 1.9
Fix Version/s: Alfresco Process Services .N

Type: Service Pack Request
Reporter: Dennis Koch Assignee: APS Team
Resolution: Unresolved Votes: 0
Labels: Atlanta, End-User, triaged_Jul2019
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File auditLogCorrect.png     PNG File auditLogIncorrect.png     PNG File processHistoryCorrect.png     PNG File processHistoryIncorrect.png    
Bug Priority:
Category 1
ACT Numbers:

00971353


 Description   

Summary
There is incorrect auditing behaviour, when a user that completed a task is set to inactive afterwards. Note, that this can happen under normal circumstances in a real world scenario, where a user worked/completed a task and at some point is leaving the company. That user would then be removed from the corporate LDAP/AD and APS would set this user to inactive automatically with the next LDAP/AD sync happening. For such an inactive user, the task/process audit log will show the user as "<unknown>" but also the activiti-app UI would show the task as having been assigned to "nobody".

Steps to reproduce
1. Login to activiti-app as admin and via Identity Management create a new user (e.g. first name: remove, last name: me, email: remove.me@alfresco.com, password: RemoveMe)
2. Create a new simple process: start event -> user task (assigned to user created in previous step) -> user task (assigned to initiator) -> end event
3. Publish this process as part of an app
4. Start such a process from the published app
5. Let the user created in step 1 complete the user task assigned to him/her
6. Review the task audit log: It correctly says: "Task "" was completed by Remove Me" (see auditLogCorrect.png)
7. Review the process history and completed tasks in the UI: It correctly says "Assigned to Remove Me" (see processHistoryCorrect.png).
8. Now simulate the scenario where user created in step 1 is leaving the company by setting this user to inactive via Identity Management
9. Inspect the process history and process/task audit log

Expected behaviour
As the user still exists in the database, the history and audit log should still show user "Remove Me" as assignee and user who completed the task.

Current behaviour
The process history now shows that the task was assigned to "nobody". (see processHistoryIncorrect.png).
The audit log shows that the task was completed by "<unknown>". (see auditLogIncorrect.png)

Supporting evidence

  • Reproduced with current latest APS 1.9 release
  • Issue can be seen in activiti-app UI as well as in Process Workspace UI as well as in the audit log being generated in both UIs.
  • Looking at the code, cause for incorrect audit log looks like the user name is tried to be pulled from user cache, but apparently we do not cache inactive users. See also com/activiti/service/common/AbstractPdfService.java:
protected String userIdToName(String userIdString) {
        if (StringUtils.isNotEmpty(userIdString)) {
            try {
                UserCache.CachedUser cachedUser = userCache.getUser(userIdString);
                if (cachedUser != null) {
                    return cachedUser.getUser().getFullName();
                }
            } catch (Exception e) {
            }
        }

        return "<unknown>";
}

Generated at Mon Jul 13 20:27:23 BST 2020 using JIRA 7.6.3#76005-sha1:8a4e38d34af948780dbf52044e7aafb13a7cae58.