User not able to access batch operation menu

XMLWordPrintable

    • Type: Bug Report
    • Resolution: Fixed
    • Priority: L3 - Default
    • 7.14.0, 7.14.0-alpha4
    • Affects Version/s: 7.14.0, 7.14.0-alpha3
    • Component/s: None
    • None

      Steps to reproduce

      1. Create a new user and provide him full access through admin for 'Application', 'Authorizations' & 'Batch'
      2. Login with the user into Cockpit and access 'Batch Operation'

      Expected outcome:

      A user should be able to see the batch operation menu. Seems to be a license check issue as shown in the logs

      Observed behavior

      The loading spinner is displayed and the user cannot see the batch operation menu

      Root cause

      • The React part of Cockpit uses the endpoint /camunda/api/admin/plugin/license/default/key to perform the license check. This requires Admin permissions.
      • See the affected code on GitHub [1]

      Solutions

      1. Add endpoint that only returns the information if a valid license is available and make it accessible for all users without granting a specific permission
      2. Remove admin permission check from license key endpoint (this might expose sensitive information: customerId, invalidMessage, licenseProvided, unlimited, valid, validUntil)

      [1] https://github.com/camunda/camunda-bpm-webapp/blob/master/ui/cockpit/src/modules/components/EnterpriseComponent/EnterpriseComponent.js#L27-L32

        1. Screenshot 2020-09-16 at 13.23.10.png
          Screenshot 2020-09-16 at 13.23.10.png
          535 kB
        2. server-log.txt
          8 kB

            Assignee:
            Michael Schoettes
            Reporter:
            Hariharan Parasuraman
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: