Bug 1320502

Summary: AdministrationPerspective not loading for administrative user whose roles is not defined as "admin"
Product: [Retired] JBoss BPMS Platform 6 Reporter: Oscar Molina <omolinab>
Component: Business CentralAssignee: Paulo Rego <prego>
Status: CLOSED EOL QA Contact: Tomas David <tdavid>
Severity: urgent Docs Contact:
Priority: high    
Version: 6.3.0CC: agiertli, dgutierr, etirelli, lpetrovi, manstis, rrajasek, wsiqueir
Target Milestone: CR1   
Target Release: 6.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1322878 (view as bug list) Environment:
Last Closed: 2020-03-27 19:01:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1322878    
Attachments:
Description Flags
Activity not found error none

Description Oscar Molina 2016-03-23 11:11:13 UTC 
Created attachment 1139509 [details]
Activity not found error

Description of problem:

Sometimes customers need change the "admin" and "analyst" roles names because of naming norms. Customizing built-in permissions and roles is possible by editing "jboss-eap-6.1/standalone/deployments/business-central.war/WEB-INF/web.xml" and "jboss-eap-6.1/standalone/deployments/business-central.war/WEB-INF/classes/workbench-policy.properties" files. However, when trying to access the administration, we get "Activity not found" message in a dialog box. It is because of role "admin" text is hardcoded into AdministrationPerspective [1].

[1] https://github.com/droolsjbpm/kie-wb-distributions/blob/6.3.x/kie-drools-wb/kie-drools-wb-webapp/src/main/java/org/kie/workbench/drools/client/perspectives/AdministrationPerspective.java#L52


Version-Release number of selected component (if applicable):

BxMS 6.x

How reproducible:

When you create a new role say "superuser" with all privileges and setup exactly as we have for default "admin" role in descriptor file, all features are displayed  as directed on workbench-policy.properties file in home page. However, when trying to access the administration, we get "Activity not found" message in a dialog box.

Steps to Reproduce:

1. Adding a new role "superuser" for a user in "jboss-eap-6.1/standalone/configuration/configuration/application-roles.properties". This role should be equivalent to "admin".

2. Adding the new role "superuser" in the different section of "jboss-eap-6.1/standalone/deployments/business-central.war/WEB-INF/web.xml" file:

~~~
...
  <!-- security settings -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>download</web-resource-name>
      ...
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
      <role-name>analyst</role-name>
      <role-name>superuser</role-name>
    </auth-constraint>
  </security-constraint>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>console</web-resource-name>
      ...
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
      <role-name>analyst</role-name>
      <role-name>superuser</role-name>
    </auth-constraint>
  </security-constraint>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>formModeler</web-resource-name>
      ...
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
      <role-name>analyst</role-name>
      <role-name>superuser</role-name>
    </auth-constraint>
  </security-constraint>
...
  <security-role>
    <description>Administrator - Administrates the BRMS system. Has full access
      rights to make any changes necessary. Also has the
      ability to add and remove users from the system.
    </description>
    <role-name>superuser</role-name>
  </security-role>
...
~~~

3. Modifying the property "roles.wb_everything" value changing to the new role "superuser" in the different section of "jboss-eap-6.1/standalone/deployments/business-central.war/WEB-INF/classes/workbench-policy.properties" file:

~~~
#roles.wb_everything=admin
roles.wb_everything=superuser
~~~

4. Start application.

5. Login to business-central with the user/password which has the new admin role ("superuser").

6. Go to Authoring/Administration.

Actual results:

When you go to Authoring/Administration, you get an error Activity not found.   

Expected results:

Going to Authoring/Administration without error with the new admin role.
Comment 3 William Antônio 2016-04-01 00:53:38 UTC 
If the fix for this issue is simply removing the annotation that brings the hardcode, here's the PR :) 

https://github.com/droolsjbpm/kie-wb-distributions/pull/257
Comment 5 Paulo Rego 2016-04-20 13:17:12 UTC 
[6.3.x] https://github.com/droolsjbpm/kie-wb-distributions/commit/75a18024cc98a22f8e36b966e2380325a6a59abc

[6.4.x] https://github.com/droolsjbpm/kie-wb-distributions/commit/697f675e06487703b359abffaeac060b7ffc367b

[master] https://github.com/droolsjbpm/kie-wb-distributions/commit/9714177eefbbe7959a5a5baebab5c8f5e8886914
Comment 6 Tomas David 2016-04-28 06:18:28 UTC 
Verified with BRMS and BPMS 6.3.0.CR1.
Comment 7 Lukáš Petrovický 2016-04-29 07:30:41 UTC 
Removing roll-up flag, since this was included in CR1.