[OPT-6244] KPI report evaluation in process overview retrieval leading to ForbiddenExceptions

Type: Bug Report
Resolution: Fixed
Priority: L3 - Default
Fix Version/s: 3.9.0, 3.9.0-preview-1
Affects Version/s: 3.9.0-alpha2
Component/s: backend
Labels:
None

Effort:
Not defined

Brief summary of the bug. What is it ? Where is it ?

Context:

The KPI report retrieval retrieves all reports of a given process regardless of authorization, yet the KPI report evaluation uses an evaluation method that performs an authorization check. This means if a user is authorized to see a process, but not authorized to access all of that processes KPI reports, the processes page breaks.

Instead, the KPI report evaluation should not perform a report authorization check.

Steps to reproduce:

Given: Both userA and userB have access to processA.

Actual result:

The process overview retrieval will throw a ForbiddenException, leading to the page displaying an "You are not authorized to perform the requested action" error message and failing to load the process overview.

Expected result:

The process overview page should load without errors and display the KPI report result that userA created.

This is the controller panel for Smart Panels app

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

screenshot-1.png
18 kB
09/Jun/22 1:23 PM

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: Helene Waechtler

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 09/Jun/22 1:22 PM

Updated:: 05/Oct/22 1:16 PM

Resolved:: 04/Jul/22 7:54 PM

Details

Description

Brief summary of the bug. What is it ? Where is it ?

Context:

Steps to reproduce:

Actual result:

Expected result:

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Attachments

Activity

People

Dates

Salesforce