Details
-
Bug
-
Resolution: Fixed
-
Medium
-
3.12
-
Tested in JIRA 3.12 Enterprise and JIRA 3.12.2 Enterprise
-
3.12
-
Description
The Problem
The fix to JRA-13469 only works for the View Issue screen. It does not work in the following screens accessed from the View Issue screen:
- Manage Attachments
- Manage Links
- Manage Trackbacks
I produced this behaviour by setting a permission scheme that grants all permissions to only User A and to the current assignee; no permissions to anyone else. I made User B the assignee of a sub-task, but he was not the assignee of the super-task, and as such did not have permission to view it.
You also get the following stack trace in the log file when accessing those screens for any sub-task:
2008-04-09 10:55:14,575 http-8090-Processor3 ERROR [webwork.util.ServletValueStack] METHOD: "issueVisible", exception: java.lang.IllegalArgumentException: The issue must not be null! at com.atlassian.jira.web.bean.PermissionCheckBean.isIssueVisible(PermissionCheckBean.java:52) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at webwork.util.InjectionUtils$DefaultInjectionImpl.invoke(InjectionUtils.java:61) at webwork.util.InjectionUtils.invoke(InjectionUtils.java:52) at webwork.util.ValueStack.findValue(ValueStack.java:426) at webwork.util.SimpleTest.test(SimpleTest.java:391) at webwork.util.ValueStack.test(ValueStack.java:129) at webwork.view.taglib.IfTag.doStartTag(IfTag.java:38) at org.apache.jsp.includes.panels.issue_005fheadertable_jsp._jspx_meth_webwork_if_1(issue_005fheadertable_jsp.java:757) at org.apache.jsp.includes.panels.issue_005fheadertable_jsp._jspService(issue_005fheadertable_jsp.java:176) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
Why it is Happening
The method getParentIssueObject() is used in issue_headertable.jsp, in this fragment:
<webwork:property value="/parentIssue"> <img src="<%= request.getContextPath() %>/images/icons/link_out_bot.gif" width="16" height="16" border="0" alt="" align="absmiddle" /> <webwork:if test="@permissionCheck/issueVisible(/parentIssueObject) == false"> <span class="smallgrey"><webwork:property value="./string('key')"/></span> </webwork:if> <webwork:else> <b><a id="parent_issue_summary" href="<%= request.getContextPath() %>/browse/<webwork:property value="./string('key')"/>"><webwork:property value="./string('summary')"/></a></b> <span style="font-size: 9px">(<a id="parent_issue_key" href="<%= request.getContextPath() %>/browse/<webwork:property value="./string('key')"/>"><webwork:property value="./string('key')"/></a>)</span> </webwork:else> </webwork:property>
issue_headertable.jsp is included from four JSPs:
- viewissue.jsp
- manageattachments.jsp
- managelinks.jsp
- managetrackbacks.jsp
However the associated WebWorks actions for three of these JSPs (all except viewissue.jsp) do not have a getParentIssueObject() method. They all have a getParentIssue() method returning a GenericValue, but only the ViewIssue action has a getParentIssueObject() returning an Issue.
It looks like <webwork:if> tag above is always evaluating to false because the method is missing, hence the <webwork:else> tag is always evaluated, including when the user does not have permission.