Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-6244

KPI report evaluation in process overview retrieval leading to ForbiddenExceptions

XMLWordPrintable

    • Icon: Bug Report Bug Report
    • Resolution: Fixed
    • Icon: L3 - Default L3 - Default
    • 3.9.0, 3.9.0-preview-1
    • 3.9.0-alpha2
    • backend
    • None
    • Not defined

      Brief summary of the bug. What is it ? Where is it ?

      Context:

      The KPI report retrieval retrieves all reports of a given process regardless of authorization, yet the KPI report evaluation uses an evaluation method that performs an authorization check. This means if a user is authorized to see a process, but not authorized to access all of that processes KPI reports, the processes page breaks.

      Instead, the KPI report evaluation should not perform a report authorization check.

      Steps to reproduce:

      Given: Both userA and userB have access to processA.

      1. Log in as userA and create a private KPI report for processA
      2. Log in as userB and go to the processes page.

      Actual result:

      The process overview retrieval will throw a ForbiddenException, leading to the page displaying an "You are not authorized to perform the requested action" error message and failing to load the process overview.

      Expected result:

      The process overview page should load without errors and display the KPI report result that userA created.

        This is the controller panel for Smart Panels app

          1. screenshot-1.png
            screenshot-1.png
            18 kB

            [OPT-6244] KPI report evaluation in process overview retrieval leading to ForbiddenExceptions

            Helene Waechtler created issue -
            Helene Waechtler made changes -
            Link New: This issue is caused by OPT-6155 [ OPT-6155 ]
            Helene Waechtler made changes -
            Link New: This issue is depended on by OPT-6145 [ OPT-6145 ]
            Helene Waechtler made changes -
            Affects Version/s New: 3.9.0-alpha2 [ 17703 ]
            Helene Waechtler made changes -
            Attachment New: screenshot-1.png [ 52557 ]
            Helene Waechtler made changes -
            Status Original: Open [ 1 ] New: In Development [ 10312 ]
            Helene Waechtler made changes -
            Rank New: Ranked higher
            Helene Waechtler made changes -
            Summary Original: KPI report evaluation may lead to ForbiddenExceptions New: KPI report evaluation in process overview retrieval leading to ForbiddenExceptions
            Andromachi Rozaki made changes -
            Assignee Original: Andromachi Rozaki [ andromachi.rozaki ] New: Helene Waechtler [ helene.waechtler ]
            Status Original: In Development [ 10312 ] New: In Review [ 10212 ]
            Helene Waechtler made changes -
            Assignee Original: Helene Waechtler [ helene.waechtler ] New: Andromachi Rozaki [ andromachi.rozaki ]
            Status Original: In Review [ 10212 ] New: Rework [ 11413 ]

              Unassigned Unassigned
              helene.waechtler Helene Waechtler
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: