Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-65993

Permission check not working for custom content when listing custom content via /wiki/rest/api/content

    XMLWordPrintable

Details

    Description

      Issue Summary

      Getting custom contents via GET /wiki/rest/api/content returns restricted ones.

      Steps to Reproduce

      1. Create custom content
      2. Restrict the custom content to the author
      3. List contents via GET /wiki/rest/api/content using a different user as the author

      Expected Results

      Restricted content does not show up.

      Actual Results

      Restricted content shows up in the list.

      Notes

      • Calling Get content by ID using a different user returns a 403 which is the expected behavior.

      Workaround

      Currently, there is no known workaround for this behavior. A workaround will be added here when available.

      Attachments

        Activity

          People

            87ad26c727aa Jatin Chopra
            728734eca0bb Maximilian Hilbert (K15t)
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: