Bamboo reports "You don't have ADMINISTRATION permission to environment with id..." when using REST calls even when the user has full access to the Environment

XMLWordPrintable

    • 1
    • Severity 2 - Major

      Problem

      This is reproducible on Data Center: 

      Bamboo reports "You don't have ADMINISTRATION permission to environment with id..." when using REST API calls even when the user has full access to the Environment.

      {
  "message": "You don't have ADMINISTRATION permission to environment with id 21,790,727",
  "status-code": 403
}

      Environment

      Bamboo 8, 9

      Steps to Reproduce

      1. Add a non-admin user (and optionally a group) to Bamboo
      2. Grant that user (or group) Full access to a Deployment Project and an Environment
      3. Try to modify, for example, a variable in the Environment. E.g. 
        curl -v -u nonadmin:nonadmin -X PUT -H 'Accept: application/json' -H 'Content-Type: application/json' "https://bamboo825.mydomain.net/rest/api/latest/deploy/environment/21790727/variable/Foo123" --data '{ "name": "Foo123", "value": "abc123" }'

      Expected Results

      The variable should be changed with an HTTP 200 response:

      {
  "key": "Foo123",
  "value": "abc123",
  "variableType": "ENVIRONMENT",
  "isPassword": false
}

      Actual Results

      The REST calls with an HTTP 403 permission denied error:

      {
  "message": "You don't have ADMINISTRATION permission to environment with id 21,790,727",
  "status-code": 403
}

      Workaround

      Option 1:

      Option 2:

      • Use the Bamboo Web UI and modify the setting in the Environment

      Option 3:

      • Use a specially crafted curl script. This is just a wrapper to the Bamboo UI and is NOT an API call and may not work on future Bamboo releases:
        List the variables and their variableId to be used on the next call
        $ curl -u nonadmin:nonadmin \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  "https://bamboo825.mydomain.net/deploy/config/configureEnvironmentVariables.action?environmentId=21790727" \ 
    | grep -oP "value=\".*\" id=\"environmentVariables_key_\\d+\"
        Submit the change assigning environmentId, variableId and the new value for the variable
        $ curl -u nonadmin:nonadmin \
  -H 'x-atlassian-token: no-check' \
  -H 'x-requested-with: XMLHttpRequest' \
  --data-raw 'variableId=25591809&variableKey=Foo123&variableValue=abc123&bamboo.successReturnMode=json&decorator=nothing&confirm=true' \
  --compressed \
'https://bamboo825.mydomain.net/deploy/config/updateEnvironmentVariable.action?environmentId=21790727'

              Assignee:
              Mateusz Szmal
              Reporter:
              Eduardo Alvarenga (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: