Permission error trying to add an attachment to a Draft page

XMLWordPrintable

    • Severity 3 - Minor

      I am trying to add an attachment to a draft by using the new REST API (i.e. status=draft) and JWT authentication

      If I use the basic authentication (i.e. curl -u admin:admin) the call succeed.

      If I use the JWT authentication on a saved page (i.e. not draft) the call succeed.

      If I use the JWT authentication on a draft the call fail (403)

      curl -D- -X POST -H "Authorization: JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJjb20uYmFsc2FtaXEubW9ja3Vwcy5jb25mbHVlbmNlLnN0YWdpbmciLCJpYXQiOjE0NTczNDMyNTEsImV4cCI6MTQ1NzM0MzU1MSwicXNoIjoiYWMyOTc4NzdiYjVjOTg4OGNmYWUyODM5MDc0ODA2MDNiNzE1MTA5OGQxMzI1NDgyNzJlNjA4NjI1ZmY0MGJhZSIsImF1ZCI6WyJDb25mbHVlbmNlOjgzNzU0MzU3NzgiXX0.Q8AvOv9IOPq9OIzWcnI9nvtWEc-h24L8K9ySHvW5dcI" -H "X-Atlassian-Token: nocheck" -F "file=@test1.txt" http://Salvatores-MacBook-Pro.local:1990/confluence/rest/api/content/983043/child/attachment?status=draft
HTTP/1.1 100 Continue

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=347FC8EED16B6EAC6A44AE7BED33E916; Path=/confluence/; HttpOnly
X-Seraph-LoginReason: OK
X-AUSERNAME: addon_com.balsamiq.mockups.confluence.staging
Cache-Control: no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 07 Mar 2016 09:34:33 GMT

{"statusCode":403,"data":{"authorized":false,"valid":true,"errors":[]},"message":"User not permitted to create attachments for content: ContentId{id=983043}"}

      Command line used to launch the local server

      atlas-run-standalone --container tomcat7x --product confluence --version 6.0.0-OD-2016.10.0-1054 --data-version 6.0.0-OD-2016.10.0-1054 --bundled-plugins com.atlassian.bundles:json-schema-validator-atlassian-bundle:1.0.4,com.atlassian.upm:atlassian-universal-plugin-manager-plugin:2.21-D20160128T024330,com.atlassian.jwt:jwt-plugin:1.5.9-0019,com.atlassian.plugins:atlassian-connect-plugin:1.1.78 --jvmargs -Datlassian.upm.on.demand=true

            Assignee:
            Christian Iacullo (Inactive)
            Reporter:
            Salvatore "Sax" Cammarata
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: