plainblack.com
Username Password
search
Bookmark and Share

    

Workflow/Activity permission issue

User vanjwilson
Date 4/27/2012 10:02 am
Views 3415
Rating -1    Rate [
|
]
Previous · Next
User Message
vanjwilson

I have a problem with workflow/activity permissions:

I built a custom workflow to archive events nightly in our event calendar, which looks at a custom field with the epoch time of start of event. I wrote tests as I was developing, and they are passing on the production server.

But in the production environment, it's failing at $thread->canEdit test.

Here's the whole loop where the permissions are causing the issue (based on the archiveAll routine in WebGUI core):

    ASSET: while ( 1 ) {
        my $thread;
        eval { $thread = $threadIter->() };
        if ( my $x = WebGUI::Error->caught('WebGUI::Error::ObjectNotFound') ) {
            $session->log->error($x->full_message);
            next;
        }
        last unless $thread;
        if ( !$thread->canEdit ) {
            $session->log->error( "Cannot edit thread when archiving past event, " . ref($self) );
            next;
        }

        my $userDefined1 = $thread->get('userDefined1');
        $log->warn('Is ' . $userDefined1 . ' < ' . $now . '?');

        if ( $thread->get('userDefined1') < $now ) {
            $thread->archive;
            $log->warn('Archiving this thread');
        }
    }

(The threads in question are all "owned" by Admin and have Edit group of "Admins".)

What user does a Workflow run as?

--- (Edited on 4/27/2012 10:02 am [GMT-0500] by vanjwilson) ---



Back to Top
Rate [
|
]
 
 
daviddelikat

 

to change the user that runs the activity add this code to the activity script:

$session->user({userId => 3});

it will set the current user to Admin for the duration of the script.

--- (Edited on 4/27/2012 12:34:53 [GMT-0500] by daviddelikat) ---



Back to Top
Rate [
|
]
 
 
scottwalters

A few notes...

If you change $session->user, you may want to change it back when you're done.  Just fetch the value and store it in a variable, set it to what you want, then, when you're done, re-set it.

But I don't think you need to do that.  Permission checks are done almost exclusively in the www_ methods.  I think the answer here is just to not call canEdit().  Get rid of the if() that calls it and just always run the body of the if() statement.  API methods always, or very nearly, do what they state, regardless of the user invoking them.

Workflows can be tricky.  If it runs "in real time", it runs as the user who made the HTTP request that triggered it, as part of the request.  If it gets queued, then it runs from an HTTP request initiated by Spectre.  The request parameters won't be there, $session->user won't be the same (probably), and so on and so forth.

Hope this helps!

--- (Edited on 4/27/2012 12:56 pm [GMT-0500] by scottwalters) ---



Back to Top
Rate [
|
]
 
 
vanjwilson

@daviddelikat, @scottwalters

I ended up removing the check of canEdit(), and that worked.


Thank to both of you for your help.

--- (Edited on 4/30/2012 8:29 am [GMT-0500] by vanjwilson) ---



Back to Top
Rate [
|
]
 
 
    



© 2019 Plain Black Corporation | All Rights Reserved