Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-8905

Translation of AuthorizationException fails

    Details

    • Type: Bug Report
    • Status: Closed
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: 7.9.0-alpha3
    • Fix Version/s: 7.9.0, 7.9.0-alpha5
    • Component/s: cockpit
    • Labels:
      None

      Description

      Steps to reproduce:
      1) create a user account that has access to Cockpit with read permissions
      2) login with new account
      3) select a process instance
      4) try to cancel that process instance

      Observed Behavior:

      • The following error is thrown
        TypeError: Cannot read property 'toLowerCase' of null
            at handleHttpError (index.js:95)
            at Scope.$broadcast (deps.js?bust=1521746712272:17835)
            at error (index.js:65)
            at wrappedErrback (deps.js?bust=1521746712272:16433)
            at deps.js?bust=1521746712272:16566
            at Scope.$eval (deps.js?bust=1521746712272:17553)
            at Scope.$digest (deps.js?bust=1521746712272:17365)
            at Scope.$apply (deps.js?bust=1521746712272:17657)
            at done (deps.js?bust=1521746712272:13168)
            at completeRequest (deps.js?bust=1521746712272:13382)
        

      Expected Behavior:

      • The error is not thrown.

      Hint:

      • The implementation [1] does not respect that an AuthorizationException can have a list of missing authorizations, see
        {
          "type": "AuthorizationException",
          "message": "The user with id 'foo' does not have one of the following permissions: 'DELETE' permission on resource '20a70c83-2e06-11e8-afca-34f39a5086d3' of type 'ProcessInstance' or 'DELETE_INSTANCE' permission on resource 'invoice' of type 'ProcessDefinition'",
          "userId": "foo",
          "resourceName": null,
          "resourceId": null,
          "permissionName": null,
          "missingAuthorizations": [
            {
              "permissionName": "DELETE",
              "resourceName": "ProcessInstance",
              "resourceId": "20a70c83-2e06-11e8-afca-34f39a5086d3"
            },
            {
              "permissionName": "DELETE_INSTANCE",
              "resourceName": "ProcessDefinition",
              "resourceId": "invoice"
            }
          ]
        }
        

      [1]: https://github.com/camunda/camunda-commons-ui/blob/a6ce42aa50cffbc85b26d494114dbe5bae26c3ee/lib/pages/index.js#L85-L110

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            michael.schoettes Michael Schoettes
            Reporter:
            roman.smirnov Smirnov Roman
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development