Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-6406

READ only user can create collections/dashboard with using magic link

XMLWordPrintable

    • Icon: Bug Report Bug Report
    • Resolution: Fixed
    • Icon: L3 - Default L3 - Default
    • 3.10.0-alpha1, 3.10.0
    • None
    • backend
    • None
    • Not defined

      Brief summary of the bug. What is it ? Where is it ?

      Steps to reproduce:

      1. Create a process, deploy and start an instance.
      2. Give Read only user authorization to Optimize user
      entity:  # which users are authorized to create/edit/delete Optimize entities outside of a collection.  # Available options: 'all', 'superuser', 'none'  
 authorizedEditors: "all"

            3. Login to Optimize 

            4. Create a collection/dashboard using magic link 

      https://<OPTIMIZE_ROOT_URL>/#/collection/<PROCESS-DEF-KEY>/dashboard/<PROCESS-DEF-KEY>

      Actual result:

      Magic link is hidden on the Processes page but Read only user can create collection/dashboard using the magic link on browser.

      Expected result:

      Read only user shouldn't be able to create collection/dashboard using magic link on browser. We can show an error message and navigate the user to the main page of Optimize or Processes page(can be discussed).

        This is the controller panel for Smart Panels app

              Unassigned Unassigned
              cigdem.ilhan Cigdem Ilhan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: