Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
5.10.2, 5.10.8, 6.4.3
-
10
-
Severity 3 - Minor
-
2
-
Description
Summary
When consulting restrictions of a child page through the REST API, it returns in an empty response even though it inherits restrictions from the parent page.
Steps to Reproduce
- Create a parent and a child page
- Apply group restrictions to the parent page
- Restrictions are inherited by the child page as expected (see attached screenshot)
- Perform a REST call to check the restrictions of the child:
http://{host}:{port}/{context-path}/rest/api/content/{id}/restriction/byOperation/read
Expected Results
The inherited restrictions are listed, just as they are when you read the parent page restrictions. Output example from the parent page:
{ "operation": "read", "restrictions": { "user": { "results": [ { "type": "known", "profilePicture": { "path": "/{context-path}/images/icons/profilepics/default.png", "width": 48, "height": 48, "isDefault": true }, "username": "admin", "displayName": "Admin User [Local]", "userKey": "ff8080815917ff18015917ff679d0002" } ], "start": 0, "limit": 100, "size": 1 }, "group": { "results": [ { "type": "group", "name": "confluence-users" } ], "start": 0, "limit": 100, "size": 1 } }, "_links": { "base": "http://{host}:{port}/{context-path}", "context": "{context-path}", "self": "http://{host}:{port}/{context-path}/rest/api/content/65575/restriction/byOperation/read" }, "_expandable": { "content": "/rest/api/content/65575" } }
Actual Results
No restrictions are listed for the child page. Here is the output for the child:
{ "operation": "read", "restrictions": { "user": { "results": [], "start": 0, "limit": 100, "size": 0 }, "group": { "results": [], "start": 0, "limit": 100, "size": 0 } }, "_links": { "base": "http://{host}:{port}/{context-path}", "context": "{context-path}", "self": "http://{host}:{port}/{context-path}/rest/api/content/65577/restriction/byOperation/read" }, "_expandable": { "content": "/rest/api/content/65577" } }
Workaround
Option 1
Consult the parent page to check for restrictions.
Option 2
Run the same request that the web UI does, with a little help of jq and sed commands, then we get the users that have read access to a target page:
ADMIN_USRNAME=admin ADMIN_PWD=admin CONFBASEURL=http://localhost:8090/confluence TGT_PAGEID=6553611 TGT_PAGE_SPCKEY=~admin PARENT_PAGEID=6553609 $ curl -u $ADMIN_USRNAME:$ADMIN_PWD $CONFBASEURL'/pages/getcontentpermissions.action?contentId='$TGT_PAGEID'&parentPageId='$PARENT_PAGEID'&spaceKey='$TGT_PAGE_SPCKEY 2>/dev/null | jq -r '.users[] | select(.report==null) | (.entity.name)' | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/,/g' user001,admin