Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
1
-
Severity 3 - Minor
-
Description
Issue Summary
When creating a space using the Create space (POST /wiki/rest/api/space) REST API endpoint as a non admin user:
- Setting no permissions in the request payload works fine since the default permissions are added.
- If you try to set some custom space permissions in the request payload, those are not taken into account and therefore the created space has no permissions set at all (due to the behavior documented in:
CONFCLOUD-60439)
Everything works fine when doing the same as a site-admin/org-admin user.
Steps to Reproduce
- As a site admin create a group, for example test-confluence-group
- Add the site admin and another non admin user to the group
- Send a POST request to the Create space (POST /wiki/rest/api/space) endpoint, having below payload and see (in the response payload) that the space is created with those permissions only (as per
CONFCLOUD-60439):{ "key": "SP1", "name": "Space1", "permissions": [ { "operation": { "operation": "create", "targetType": "page" }, "subjects": { "group": { "results": [ { "type": "group", "name": "group1" } ], "size": 1 } }, "annonymousAccess": false, "unlicensedAccess": false } ] }
- Now repeat the same test (changing the space name and key) but this time authenticate the REST API call as the non admin user
Expected Results
The space is created with the same permissions as step #3
Actual Results
The space is created with no permissions at all. Indeed, in the response payload you can see that the permission array is empty:
{ "id": 2039119874, "key": "SP2", "name": "Space2", "description": { [..removed..] "type": "global", "permissions": [], "status": "current", [...removed...] }
Workaround
Create a space with an empty permissions parameter, which will create a space with the default permissions. Next, the user can add and remove permissions to the newly created space using the below REST API endpoints:
Attachments
Issue Links
- relates to
-
CONFCLOUD-60439 Creating Space with Permissions Not Working (REST API)
- Closed
- mentioned in
-
Page Loading...