Issue Summary

In OKR Hub (Objectives Tree), users can see goals and children objectives that they don't normally have permission to see based on their team membership.

Steps to Reproduce

1. Login as a user that has only 1 portfolio team and program team membership
2. Go to Portfolio → OKR Hub 
3. Switch from Portfolio to Yearly Goal in the tier dropdown
4. Observe that goals from other portfolios are shown - this is expected since the user is able to open the goals
5. Observe that the goals can be expanded and the user can see the children objectives from other portfolios
6. Observe that when clicking on objectives, the user gets a red popup saying they don't have permissions, blank details panel opens that can't be closed

Expected Results

Normally, these users will not have access to objectives from other portfolios that they are not members of, which is confirmed by the red popup when trying to open these objectives.

So it is expected that the OKR Hub will not show these objectives to these users.

Actual Results

Users with access to OKR Hub are able to see goals' children objectives that they don't normally have permission to see.

Workaround

Currently, there is no known workaround for this behavior. A workaround will be added here when available.