-
Bug
-
Resolution: Fixed
-
Low
-
None
-
9
-
Severity 3 - Minor
-
1
-
Issue Summary
This is reproducible on Data Center: (no)
A Schema Manager / Assets Admin may configure different roles on the object type level - so Users may not have permission to view these object types, nor the Attributes referencing them.
An object may reference several object types by configuring its attribute to reference a Parent Object Type, and set "Include Children" to true in the Attribute's configuration.
If an object type contains such an attribute, and there is at least one object with a reference to an Object which the User does not have permission to view - the User will see an error "Failed to load objects" when attempting to access the object type.
Steps to Reproduce
- As a Schema Manager / Assets admin - Create 3 object types: a Parent and two children:
ParentOT
|----CHILD1OT
|----CHILD2OT - On the ParentOT create an attribute of the type "Object" to reference itself (ParentOT).
- Click to open the Attribute's configuration, in the General Tab check the option "Include Children", and on the Cardinality tab - set the Cardinality max to be >1
- As the Schema Manager / Assets Admin - navigate to the Schema Configuration > Roles tab and ensure that User X is either a Schema User or a Schema Developer
- As the Schema Manager / Assets Admin - navigate to the CHILD2OT Configuration > Roles tab and ensure that User X Schema role is revoked for this object type, e.g. set the jira-administrators group to all 3 roles, assuming User X is not a member of this group
- Create one Child object per Child OT
- Create a few Parent objects with no references, and one Parent object with a reference to CHILD1OT object - log in as User X and view the Parent objects - ALL objects should be visible, CHILD1OT is visible, and CHILD2OT is not.
- As the Admin - edit the Parent object by adding a reference to the CHILD2OT object - log in as User X and navigate to the Parent object type
Expected Results
User X will be able to see the objects in the Parent object type.
When attempting to view the Parent Object with references to CHILD2OT - the Attribute will only show the reference to CHILD1OT object, and not CHILD2OT object as the User is not allowed to view it.
Actual Results
An Error message "Failed to load objects" blocks the view of the Parent OT.
...
Workaround
Exclude object types that are restricted from an attribute that may reference multiple object type - by adding a filter to the attribute (e.g. objectType != CHILD2OT) - and set the reference to the restricted object in its own, different attribute.