Details
-
Bug
-
Resolution: Answered
-
Low
-
4.1.2
-
None
-
Severity 3 - Minor
-
1
-
Description
See https://answers.atlassian.com/questions/40350709/answers/40351843
Basically FeCru REST (experimental as of 4.1) endpoints to remove global permissions:
- DELETE /rest-service-fecru/admin/global-permissions/users/{name}
- DELETE /rest-service-fecru/admin/global-permissions/groups/{name}
expect list of permission types to be deleted from a list. But ApplicationLinks API doesn't allow request body to be specified for DELETE requests, making it impossible to use this integration point.
Sending DELETE request with empty body ends up with 500 error and
Uncaught exception thrown by REST service: No content to map to Object due to end of input error in the log.
We either need to change the API to not expect body in DELETE request (this doesn't seem forbidden by the HTTP spec though), improve ApplicationLinks API to allow body (it may take time for all the products to include this change) or simply allow empty body for those methods.
Workaround
Use PUT allowLoggedIn:true and then PUT allowLoggedIn:false to reset all permitted groups, then perform a POST for each group permissions should be granted for, see https://answers.atlassian.com/questions/40350709/answers/40351843/comments/40353837