-
Bug Report
-
Resolution: Fixed
-
L3 - Default
-
7.9.0-alpha3
-
None
Steps to reproduce:
1) create a user account that has access to Cockpit with read permissions
2) login with new account
3) select a process instance
4) try to cancel that process instance
Observed Behavior:
- The following error is thrown
TypeError: Cannot read property 'toLowerCase' of null at handleHttpError (index.js:95) at Scope.$broadcast (deps.js?bust=1521746712272:17835) at error (index.js:65) at wrappedErrback (deps.js?bust=1521746712272:16433) at deps.js?bust=1521746712272:16566 at Scope.$eval (deps.js?bust=1521746712272:17553) at Scope.$digest (deps.js?bust=1521746712272:17365) at Scope.$apply (deps.js?bust=1521746712272:17657) at done (deps.js?bust=1521746712272:13168) at completeRequest (deps.js?bust=1521746712272:13382)
Expected Behavior:
- The error is not thrown.
Hint:
- The implementation [1] does not respect that an AuthorizationException can have a list of missing authorizations, see
{ "type": "AuthorizationException", "message": "The user with id 'foo' does not have one of the following permissions: 'DELETE' permission on resource '20a70c83-2e06-11e8-afca-34f39a5086d3' of type 'ProcessInstance' or 'DELETE_INSTANCE' permission on resource 'invoice' of type 'ProcessDefinition'", "userId": "foo", "resourceName": null, "resourceId": null, "permissionName": null, "missingAuthorizations": [ { "permissionName": "DELETE", "resourceName": "ProcessInstance", "resourceId": "20a70c83-2e06-11e8-afca-34f39a5086d3" }, { "permissionName": "DELETE_INSTANCE", "resourceName": "ProcessDefinition", "resourceId": "invoice" } ] }