Roadmap
Help Center
Changelog
Back to all posts

Allow sharing Reports Hub saved reports with inspectors (Access Permissions)

Objective

  • Users with Reports Hub (data-exports) permission should be able to receive restricted saved reports (non-public allowedUserIds) the same way office staff can—including inspectors.
  • Today inspectors can see public reports when they have the permission, but the share UI does not let creators add them to the allowed list.

Background

  • Public saved reports (allowedUserIds empty) are visible to everyone in the company who can call GET /data-exports; list filtering treats empty lists as company-wide (attik-backend/src/routes/dataExport.ts).
  • Restricted reports require the viewer’s id in allowedUserIds (or they are the creator). Access checks use res.locals.membership?.employeeId || res.locals.membership?._officeStaffId in several places—not _inspectorId (dataExport.ts).
  • The Access Permissions control in the report builder uses UserSelector, which only loads active office staff from office-staff and never lists inspectors (attik-frontend/src/components/data-exports/UserSelector.tsx).
  • The Reports Hub list page also only fetches office staff for related UI (attik-frontend/src/app/tools/data-exports/page.tsx).
  • Membership employeeId may point to either office staff or inspector per schema (attik-backend/src/models/membershipSchema.ts); align UI and API so inspector recipients work end-to-end.

Scope (for implementer)

  • Frontend: Extend user picking for allowedUserIds to include inspectors (e.g. merge office staff + inspectors, clear labeling, same active/relevant filters as elsewhere). Any list/detail UI that assumes “office staff only” for share display may need updates.
  • Backend: Ensure userCanAccessReport and all data-exports routes that gate on currentUserEmployeeId resolve the current user consistently for inspector memberships (employeeId and/or _inspectorId as needed) so shared reports are visible, editable, and exportable per existing rules.
  • Tests: Add or extend integration coverage analogous to tests/integration/dataExport.sharedAccess.test.ts for an inspector recipient.

References

  • attik-frontend/src/components/data-exports/UserSelector.tsx
  • attik-frontend/src/app/tools/data-exports/CreateReportForm.tsx (Access Permissions)
  • attik-backend/src/routes/dataExport.ts (userCanAccessReport, GET /, GET /:id, export routes)
  • attik-backend/src/models/membershipSchema.ts

Please authenticate to join the conversation.

Upvoters
Status

Completed

Board
🏠

Main App

Date

19 days ago

Author

Linear

Subscribe to post

Get notified by email when there are changes.