Context:
After role authorization was done on collections with OPT-2552 their enforcement needs to apply to reports/dashboards contained in those collections too.
AT:
- users can only access reports/dashboards:
- when they have at least the VIEWER role on the associated collection
- if they are the owner if there is no collection set
- users can only edit/delete reports/dashboards:
- when they have at least the EDITOR role on the associated collection
- if they are the owner if there is no collection set
- the owner field of reports & dashboard cannot be updated (as this would be a move semantic for private reports)
- the reports list endpoint returns all reports a user has access to, regardless if they are private entities or originate from a collection the user has access to
- the dashboard list endpoint is not needed anymore and is removed
- dashboard delete conflict endpoint is not needed anymore and is removed
- the API indicates the role of the current user on a report/dashboard similiar to done for collections itself with
OPT-2552 - Dashboard api https://app.camunda.com/confluence/display/CO/Dashboards is updated to not contain conflict information
This is the controller panel for Smart Panels app
- depends on
-
OPT-2552 Collection role authorization
-
- Done
-