Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-12455

User not able to access batch operation menu

XMLWordPrintable

    • Icon: Bug Report Bug Report
    • Resolution: Fixed
    • Icon: L3 - Default L3 - Default
    • 7.14.0, 7.14.0-alpha4
    • 7.14.0, 7.14.0-alpha3
    • None
    • None

      Steps to reproduce

      1. Create a new user and provide him full access through admin for 'Application', 'Authorizations' & 'Batch'
      2. Login with the user into Cockpit and access 'Batch Operation'

      Expected outcome:

      A user should be able to see the batch operation menu. Seems to be a license check issue as shown in the logs

      Observed behavior

      The loading spinner is displayed and the user cannot see the batch operation menu

      Root cause

      • The React part of Cockpit uses the endpoint /camunda/api/admin/plugin/license/default/key to perform the license check. This requires Admin permissions.
      • See the affected code on GitHub [1]

      Solutions

      1. Add endpoint that only returns the information if a valid license is available and make it accessible for all users without granting a specific permission
      2. Remove admin permission check from license key endpoint (this might expose sensitive information: customerId, invalidMessage, licenseProvided, unlimited, valid, validUntil)

      [1] https://github.com/camunda/camunda-bpm-webapp/blob/master/ui/cockpit/src/modules/components/EnterpriseComponent/EnterpriseComponent.js#L27-L32

        This is the controller panel for Smart Panels app

          1. Screenshot 2020-09-16 at 13.23.10.png
            Screenshot 2020-09-16 at 13.23.10.png
            535 kB
          2. server-log.txt
            8 kB

              michael.schoettes Michael Schoettes
              hariharan.parasuraman Hariharan Parasuraman
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: