alanbarrett
commented
8 years ago In authUserOrOrgForTask() Middleware for API the test for Organisation Membership should be for current user, not Task claimer Commit d0104d2695e6946e5043fb0dc3ff092fa171c89b fixes.
Without this fix when a POST to /task/:task_id/org-feedback/ is processed, the API fails to call "public function unclaimTask($userId, $taskId, $feedback)". So although the task is updated to PENDING and the Organisation Feedback is sent (in "public function taskOrgFeedback($task_id)"), the TaskClaims record is not removed in "public static function unClaimTask($taskId, $userId, $userFeedback = null, $revokeByAdmin = false)". A TaskUnclaims record is not added. And notifications are not sent in public static function userUnClaimTask($userId, $taskId, $format = ".json").
Note the other cases using authUserOrOrgForTask(), whether calling userUnClaimTask() or not, always have $userId == Current User (or are from the Site Admin), so do not fail. Although I think this in theory is wrong and I will raise an issue about it.
I found and fixed a number of cases where the unclaim has not worked (including the one Alba reported)...
SELECT * FROM Tasks t, TaskClaims tc WHERE t.id=tc.task_id AND t.task-status_id=2;
...
DELETE FROM TaskClaims WHERE task_id IN (11160, 13711, 13768, 13896, 13900, 13949, 13961, 14047);
Alan.
SELECT * FROM Tasks t, TaskClaims tc WHERE t.id=tc.task_id AND t.
task-status_id=2; Shows some Tasks on the dev server. I have fixed all those (7) on the live server.I cannot see how this can be the case after much checking of the code. I am adding some more logging.