Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-6244

KPI report evaluation in process overview retrieval leading to ForbiddenExceptions

    XMLWordPrintable

Details

    • Bug Report
    • Resolution: Fixed
    • L3 - Default
    • 3.9.0, 3.9.0-preview-1
    • 3.9.0-alpha2
    • backend
    • None
    • Not defined

    Description

      Brief summary of the bug. What is it ? Where is it ?

      Context:

      The KPI report retrieval retrieves all reports of a given process regardless of authorization, yet the KPI report evaluation uses an evaluation method that performs an authorization check. This means if a user is authorized to see a process, but not authorized to access all of that processes KPI reports, the processes page breaks.

      Instead, the KPI report evaluation should not perform a report authorization check.

      Steps to reproduce:

      Given: Both userA and userB have access to processA.

      1. Log in as userA and create a private KPI report for processA
      2. Log in as userB and go to the processes page.

      Actual result:

      The process overview retrieval will throw a ForbiddenException, leading to the page displaying an "You are not authorized to perform the requested action" error message and failing to load the process overview.

      Expected result:

      The process overview page should load without errors and display the KPI report result that userA created.

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                helene.waechtler Helene Waechtler
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Salesforce