-
Bug
-
Resolution: Cannot Reproduce
-
Low
-
7
-
Severity 3 - Minor
-
0
-
Summary
Currently, if page access is granted via email link and the page restriction was due to parents, then the page will be blocked from access.
Customer Story
A user receives a link to a page and when trying to view it receives a message stating that the page is restricted and he can "Request access".
<<image>>
That button triggers an email to the creator of the page with a button to "Grant Access" to the page. The email says:
<<image>>
When the creator clicks the button a page restriction is added to the page to grant access but because there were not previous restrictions on that specific page (the restriction was on the parent) the page is restricted to all users. User is still blocked by parent restrictions and creator is also now blocked due to individual page restrictions.
Example
A page "Child" has two level parent pages "Parent-1" & "Parent-2" then setting page restrictions on "Child" via email link wont' work as "Child" is really unable to be accessed due to inherited restrictions from "Parent-1" & "Parent-2".
Cause
The "Request Access" email feature is not checking for parent restrictions.
More information at Permissions and Restrictions - Atlassian Documentation
Customer Impact
Customer loses access to the page although to their understanding they have only granted access to another user and they are the creator of the page. Not even admins will have access.
Steps to Reproduce
- Create a Parent Page and a nested Child Page.
- Restrict Parent Page to your user.
- Ask any user (other than the one who has access to parent page) to access the Child Page via link.
- User is denied access and given the option to request access to the Child Page. Hit Request Access button.
- An email is triggered and sent to the page owner(s) with a link to grant access to the Child Page.
- Clicking on the "Grant Access" button
- Both the owner and requester check to see if they can access the Child Page.
Expected Results
Requester should be given access to the Child Page and everyone who previously had access still has access to it.
Actual Results
Child Page is completely blocked. Everyone who had access to the page including creator, is blocked from accessing it.
Suggestion:
The wording of the email could be:
"User X requested access to page Y but access to this page is restricted by the parent page Z. In order to grant the user access to the page, please modify the parent page restrictions."
and not show a "Grant Access" button.
Workaround
To recover access to the page: as a space admin navigate to "Space Tools" -> "Permissions" -> "Page Restrictions" and remove the page restrictions.
To prevent this from happening: manually ensure that the page does not have any inherited access restrictions from parent page(s). If page inherits restrictions, grant access on the parent page.