[Case Management framework] [CMf] Activity_CheckUserAccess and Case_CheckActivityAccess give different output
Forge component by OutSystems R&D
Application Type
Reactive

Hello

I'm using the CMf to create an approval flow for a business. At its core the CMf works perfectly for the cases we needed to implement. The problem comes when we needed Delegation functions.
So in a practical example if an approver of certain task would be on vacation we would need someone to approve in his/her place.

So I've looked into the documentation and found that there is an entity that stores Delegations from User A to User B in CMf, Delegation entity in CM_Delegation_CS module. I've created records on the table so that User B could access tasks from User A and noticed the following:

  • Delegations do not work for groups (this is referenced in the documentation)
  • If User A is in a group associated with a Human Activity, when checking User B access with Case_CheckActivityAccess it tells me that the User B as access, correct. Although if I use Activity_CheckUserAccess it tells me that user B does not have access
  • If a Human Activity is assigned to User A, and I check if User B has access with Case_CheckActivityAccess it tells me that it does not have access, but if I use Activity_CheckUserAccess it tells me that User B has access in fact.
  • Other thing I notice, If I try to use Case_CheckActivityAccess to valid if an user has access, providing an UserId, dispite the description saying its non mandatory and it will use the logged user, it seems to be always using the logged user, because if I don't have an user logged and pass a userId with access it still returns that the user does not have access.

Is this supposed to work like this? Was anyone able to effectively build a delegation process using CMf actions and entities?

Hi @Leopoldo Ismael,


Thank you for the feedback. I will try to clarify some of your questions:
You can delegate all the work (and not only some tasks or cases) from a User A to a User B, or just A’s work in the context of a given group (if you fill in the FromGroup input parameter), during a certain period, using the actions to create a Delegation from the CaseConfigurarions_API.

As you said, delegations require a FromUserId, and to validate if User A has access to an activity (either directly assigned or through a valid delegation from a user B) you can use both the Activity_ValidateUserAccess or the Activity_CheckUserAccess (CaseServices_API module). The main difference between the two is that the first one throws an exception if the user does not have access.
The Case_CheckActivityAccess action has a misleading description since it only validates if the provided user is directly assigned to the activity (userid or groupid), without validating delegations. We will change its description to better clarify this.

Taking this into account:

  • If User A is in a group associated with a Human Activity, when checking User B access with Case_CheckActivityAccess it tells me that the User B as access.

      This shouldn’t work, since groups do not apply in this case, could you please double check? 

  • If a Human Activity is assigned to User A, and I check if User B has access with Case_CheckActivityAccess it tells me that it does not have access, but if I use Activity_CheckUserAccess it tells me that User B has access in fact.

      This is indeed the default behavior 

  • Other thing I notice, If I try to use Case_CheckActivityAccess to valid if an user has access, providing an UserId, dispite the description saying its non mandatory and it will use the logged user, it seems to be always using the logged user, because if I don't have an user logged and pass a userId with access it still returns that the user does not have access.

      I validated and it is using the user you send in as input.


Hope I was able to answer your questions,

Nuno  


Hello

Thanks for your explanation @Nuno Pulido it cleared some things.

So just to be sure, if User A is assigned to a Human Activity (either by Group or Individually), and User B has an entry in Delegation entity to access User A tasks, using Activity_CheckUserAccess should return that the User B has access correct?

Thanks

Hi,

Activity_CheckUserAccess is going to return True only if User A (the one who is delegating) is directly assigned to the Human Activity (by UserId). If the human activity is assigned to a group to which User A belongs but is not assigned to anyone or is assigned to another person (other than user A), then the action will return false. The human activity must be assigned to someone for the delegation to be validated with the Activity_CheckUserAccess action, at least for now.

Feedback to continue improving our features is always welcome.

I hope I was able to help,

Nuno


Hi Nuno

So in that case this does not fit my needs, as I have a group of users assigned to a Human Activity, and one of them might have a Delegation, which forces me to check for access in a different way.

Any plans for future inclusion of this check in any of CMf actions?

Thanks

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.