Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tasklist - Users can complete a task no longer assigned to them. #4865

Open
alessandrocavalli opened this issue Dec 20, 2024 · 0 comments
Open

Tasklist - Users can complete a task no longer assigned to them. #4865

alessandrocavalli opened this issue Dec 20, 2024 · 0 comments
Assignees
@psavidis
Labels
group:support All requests that are linked to a customer request. DRI: Tassilo type:bug Issues that describe a user-facing bug in the project.

Comments

@alessandrocavalli
Copy link

Environment (Required on creation)

7.22

Description

Under certain circumstances a user is able to complete a task no longer assigned to them.

Steps to reproduce

  • Two browsers are required.
  • A user task is assingned to user Alpha.
  • Alpha User opens the task and can see that he is the assignee, they stay in that page.
  • Bravo User opens their browser and the Tasklist webapp. They unassign that usertask and leave this unassigned or even assign it to someone else.
  • Alpha, who was in the previous page in their browser, click "complete". The task is completed even if it was no longer assigned to them

Observed Behavior

  • User Alpha can complete the task.
  • The History tables do not contain Alpha as assignee, but they contain null (if task was unassigned) or the new assignee.

Expected behavior

Completing the task should be forbidden to Alpha.

Root Cause

  • The Submit Task API is agnostic regarding the user who is submitting.
  • The SubmitTaskFormCmd command does nor check that the user who is preforming the operation, is also the task assignee

Solution Ideas

Check if who is completing the task is also the assignee.

Hints

Links
@alessandrocavalli alessandrocavalli added the type:bug Issues that describe a user-facing bug in the project. label Dec 20, 2024
@valeriaportolesicamunda valeriaportolesicamunda added the group:support All requests that are linked to a customer request. DRI: Tassilo label Dec 20, 2024
@psavidis psavidis self-assigned this Jan 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@psavidis psavidis

Labels
group:support All requests that are linked to a customer request. DRI: Tassilo type:bug Issues that describe a user-facing bug in the project.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@psavidis @alessandrocavalli @valeriaportolesicamunda