- Have two Optimize Users A and B, as well as a process definition P. User A has access to P, User B does not
- Login with user A
- Create a Bar Chart Report for P
- Create a Combined Report that contains the Bar Chart Report
- Login with user B
- List of Reports is displayed with the combined report (accessing the combined report would not return any results as user B does not have permissions to access P)
- Optimize crashes with error message "Cannot read property 'data' of undefined"
To determine which Icon to display for a combined report, we evaluate the visualization of the first report in the combined report. If that first report is not available for a user, this visualization cannot be determined, causing the crash.
This specific issue can be solved in the frontend by trying to find any report that is accessible to get the visualization info. It can also be solved in the backend by not returning inaccessible reports in the reportIds field. With both solutions however, we need to discuss how to deal with combined reports which already contain reports, but none of them is accessible to the currently logged in user.
|Create visualization field for combined report||Done||Unassigned|
|Combined report contains ids of unathorized reports||Done||Unassigned|
|Read visualization type of combined report from dedicated field||Done||Unassigned|