Details

    • Type: Sub-task
    • Status: Done
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.6.0
    • Component/s: backend
    • Labels:
      None

      Description

      Context:
      After role authorization was done on collections with OPT-2552 their enforcement needs to apply to reports/dashboards contained in those collections too.

      AT:

      • users can only access reports/dashboards:
        • when they have at least the VIEWER role on the associated collection
        • if they are the owner if there is no collection set
      • users can only edit/delete reports/dashboards:
        • when they have at least the EDITOR role on the associated collection
        • if they are the owner if there is no collection set
      • the owner field of reports & dashboard cannot be updated (as this would be a move semantic for private reports)
      • the reports list endpoint returns all reports a user has access to, regardless if they are private entities or originate from a collection the user has access to
      • the dashboard list endpoint is not needed anymore and is removed
      • dashboard delete conflict endpoint is not needed anymore and is removed
      • the API indicates the role of the current user on a report/dashboard similiar to done for collections itself with OPT-2552
      • Dashboard api https://app.camunda.com/confluence/display/CO/Dashboards is updated to not contain conflict information

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              sebastian.bathke Sebastian Bathke
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: