When creating an Export to CSV attachment with impersonation, the notification is generated as successful, however the attachment is not accessible for download by either impersonating or impersonated user. Permissions seem missing to access/generate the attachment.
STEPS TO REPRODUCE:
- In Clarity, have two users – admin and another user that has MUX permissions ‘test’
- Connect as test user, go to MUX Project Grid – Export to CSV
- Note the export is in Progress and then there is Notification in the Bell icon “Export Complete”
- Click on the Notification - you are able to download and open the CSV file
- Now connect as admin user
- Go to MUX Avatar – Impersonate a user
- Pick the same user ‘Test’
- Connect to Project Grid
- Click Export to CSV
- File gets generated, attempt to open it
- Also, connect with Test user, notice the notification is there from the impersonation, and open it
Expected Results: There should be a notification that Impersonation does not support CSV export or the download of the export should be successful
Actual Results: The Export shows as Complete. If either admin or the target user click on the notification, it shows error in browser:
This site can’t be reached
The webpage at http://SERVERNAME:PORT/ppm/rest/v1/virtual/attachments/eyJyZXNvdXJjZUlkIjoiNTAyMDIwMCIsInZlcnNpb25JZCI6NTAyNjc1OSwicmVzb3VyY2VOYW1lIjoiY3N2RXhwb3J0IiwiZmlsZUlkIjo1MDI2NzU4fQ might be temporarily down or it may have moved permanently to a new web address.
ERR_INVALID_RESPONSE
In PostgreSQL, error is the below
WARN 2025-05-21 12:36:00,889 [http-nio-80-exec-11] ppm.rest (clarity:admin:9762950__14F7CC72-3D2C-4CCB-8FB8-AFB80D3E6ADA:PPM_REST_API) (236ed73a-0ada-4121-80cb-c7f80c320e21) User admin tried to access attachment for object csvExport, but does not have permission.
ERROR 2025-05-21 12:36:00,890 [http-nio-80-exec-11] ppm.rest (clarity:admin:9762950__14F7CC72-3D2C-4CCB-8FB8-AFB80D3E6ADA:PPM_REST_API) (236ed73a-0ada-4121-80cb-c7f80c320e21)
com.ca.ppm.rest.exception.AuthException: API-1007 : You are not authorized to process request. Contact your system administrator for necessary security rights.
ERROR 2025-05-21 12:36:24,530 [http-nio-80-exec-14] ppm.rest (clarity:test:9763008__C24FED8A-298D-4E99-9ADE-814250CB5317:PPM_REST_API) (719a32e0-6e09-4620-a444-56b74527c15e) {"attributeCode":"login_logo","resourceId":1,"versionId":5206647,"resourceName":"odf_brand","fileId":5206646}
ERROR 2025-05-21 12:36:24,530 [http-nio-80-exec-14] ppm.rest (clarity:test:9763008__C24FED8A-298D-4E99-9ADE-814250CB5317:PPM_REST_API) (719a32e0-6e09-4620-a444-56b74527c15e)
com.ca.ppm.rest.exception.APIAppException: API-1004 : Invalid resource identifier eyJhdHRyaWJ1dGVDb2RlIjoibG9naW5fbG9nbyIsInJlc291cmNlSWQiOjEsInZlcnNpb25JZCI6NTIwNjY0NywicmVzb3VyY2VOYW1lIjoib2RmX2JyYW5kIiwiZmlsZUlkIjo1MjA2NjQ2fQ.
at com.ca.platform.osf.object.rest.function.AttachmentFunctionResource.getAttachmentResource(AttachmentFunctionResource.java:322)
at com.ca.platform.osf.object.rest.function.AttachmentFunctionResource.getResource(AttachmentFunctionResource.java:103)
at com.ca.ppm.rest.provider.FunctionResourceProvider.getResource(FunctionResourceProvider.java:66)
at com.ca.ppm.rest.provider.FunctionResourceProvider.getEntities(FunctionResourceProvider.java:92)
at com.ca.ppm.rest.resource.BaseResourceHandler.retrieveAttachmentResource(BaseResourceHandler.java:769)
at com.ca.ppm.rest.resource.AttachmentResourceHandler.getAttachmentViewer(AttachmentResourceHandler.java:53)
at jdk.internal.reflect.GeneratedMethodAccessor278.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:134)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:177)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
