Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-6406

READ only user can create collections/dashboard with using magic link

    XMLWordPrintable

Details

    • Not defined

    Description

      Brief summary of the bug. What is it ? Where is it ?

      Steps to reproduce:

      1. Create a process, deploy and start an instance.
      2. Give Read only user authorization to Optimize user
      entity:  # which users are authorized to create/edit/delete Optimize entities outside of a collection.  # Available options: 'all', 'superuser', 'none'  
 authorizedEditors: "all"

            3. Login to Optimize 

            4. Create a collection/dashboard using magic link 

      https://<OPTIMIZE_ROOT_URL>/#/collection/<PROCESS-DEF-KEY>/dashboard/<PROCESS-DEF-KEY>

      Actual result:

      Magic link is hidden on the Processes page but Read only user can create collection/dashboard using the magic link on browser.

      Expected result:

      Read only user shouldn't be able to create collection/dashboard using magic link on browser. We can show an error message and navigate the user to the main page of Optimize or Processes page(can be discussed).

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            is related to

            Sub-task - The sub-task of the issue OPT-6334 Validate against entity creation for READ users

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Done

            Activity

              People

                Unassigned Unassigned
                cigdem.ilhan Cigdem Ilhan
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Salesforce