Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-5854

PopService automatic assignment skips permission checking

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Medium
    • 3.1.1
    • 3.0.3
    • Project Administration - Permissions, Scheduled Tasks
    • None

    Description

      We're using PopService to create issues automatically in JIRA. We also allow the reporting end users to be automatically created within JIRA.

      The service is configured like this:

      Name: Support Create/Comment
      com.atlassian.jira.service.services.pop.PopService
      handler: Create Or Comment Handler
      popserver: Support Mail
      handler.params: project=SUP, issuetype=8,
      catchemail=support <at> <our company> <dot> com, createusers=true

      The SUP project is defined like this:

      > > Key: SUP
      > > URL: No URL
      > > Lead: Michael
      > > Default Assignee: Project Lead
      > > Notification Scheme: Support Notification Scheme ( select scheme | edit notifications )
      > > Permission Scheme: Support Permission Scheme ( select scheme | edit permissions )
      > > CVS Modules: None ( select modules ) Mail Configuration: Mail notifications from this project will come
      > > from 'support <at> <our company> <dot> com' ( edit configuration )

      The problem is that SOMETIMES the issue are not assigned to our Project Lead (Michael) but to a (as it seems random) JIRA user.

      This "random JIRA user" seems to always be the same as the first user specified in a To: field of in the incoming email. The problem is that the To: field can origin from a quoted mail or from the mail thread of the inbound email!

      For example see this inbound email creating a ticket which have incorrectly assigned to the end user Naseem.

      > > "Hi Michael,
      > >
      > > Can I ask why 1 and 2 would cause the ""customer's pc hangs on "The
      > > program is communicating with the server" issue?
      > >
      > > Thanks,
      > >
      > > Glenn
      > >
      > > ----Original Message----
      > > From: support
      > > Sent: 26 January 2005 08:24
      > > To: Naseem
      > > Cc: Glenn;
      > > Subject: Re: Error when sending messages [P3] [Ref.450757]
      > >
      > > Hi Naseem,
      > > ..."

      As you can see it is the original message that has the To: field set to Naseem. And the automatic assignment can be completed as Naseem himself DOES HAVE a user account in JIRA (from earlier reports), but he should never be assigned any issues.

      It seems that the PopService is looking for the first To: field it can find and tries to assign accordingly. If this fails it assigns to default assignee.

      It's a cool feature if it can assign according to the To: field, but it should never be To: fields of quoted emails. It would also be good if this feature could be turned off, so that default assignee is always used. <-- Feature Request!

      Also the To: field sometimes is replaced with a localized field ("Till:" in Swedish) and this could perhaps affect this problem. So it would be good if you could define what fields to detect!

      I have actually ensured this already AND the PopService violates the permission scheme!!! Users - like Nassim below - was actually assigned to an issue eventhough he's only a "jira-user". We have set the "Assignable User" user permission to "jira-developers" group for all our permission schemes.

      So it seems like a bug that the PopService by-pass the permission enforcement!

      Attachments

        Activity

          People

            brian@atlassian.com BrianH
            ee1b92e060f8 Anders Eriksson
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: