Details

    • Type: Sub-task
    • Status: Done
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.6.0
    • Component/s: backend
    • Labels:
      None

      Description

      Context:
      After role authorization was done on collections with OPT-2552 their enforcement needs to apply to reports/dashboards contained in those collections too.

      AT:

      • users can only access reports/dashboards:
        • when they have at least the VIEWER role on the associated collection
        • if they are the owner if there is no collection set
      • users can only edit/delete reports/dashboards:
        • when they have at least the EDITOR role on the associated collection
        • if they are the owner if there is no collection set
      • the owner field of reports & dashboard cannot be updated (as this would be a move semantic for private reports)
      • the reports list endpoint returns all reports a user has access to, regardless if they are private entities or originate from a collection the user has access to
      • the dashboard list endpoint is not needed anymore and is removed
      • dashboard delete conflict endpoint is not needed anymore and is removed
      • the API indicates the role of the current user on a report/dashboard similiar to done for collections itself with OPT-2552
      • Dashboard api https://app.camunda.com/confluence/display/CO/Dashboards is updated to not contain conflict information

        mgm-controller-panel

        This is the controller panel for Smart Panels app

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                Unassigned Unassigned
                Reporter:
                sebastian.bathke Sebastian Bathke
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Salesforce