Uploaded image for project: 'Jira Align'
  1. Jira Align
  2. JIRAALIGN-1610

[JIRAALIGN-1610] API 2.0 : Deactivating a user via PATCH call towards /align/api/2/Users/id endpoint produces inconsistent results

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 10.79
    • 10.70, 10.71, 10.72, 10.73
    • REST API
    • 1
    • Severity 3 - Minor
    • Batman! - TART5
    • None

      Issue Summary

      Deactivating a user via PATCH call towards /align/api/2/Users/id endpoint produces the following inconsistent results.

      1. Missing audit logs
      2. Discrepant locked value
      3. Discrepant status value
      4. Discrepant action button

      Steps to Reproduce

      1. Obtain a valid token
      2. The corresponding user must be either Super Admin or has enough privileges in the UI to perform user deactivation
      3. Make a GET call towards /align/api/2/Users/id endpoint, for validating the token
      4. Make a PATCH call towards /align/api/2/Users/id endpoint, using the document below

        Use the following JSON patch document (as per https://json-patch-builder-online.github.io/): 

        [
    {
        "op": "replace",
        "path": "/locked",
        "value": -1
    }
]

      5. Make a GET call towards /align/api/2/Users/id endpoint, for validating results

      Expected Results

      • In PATCH call, the "value" parameter should equals to "-1" for deactivating a user, instead of "1" (in accordance to when the user is deactivated via UI)
      • In UI, "action" button should be labeled "Activate", rather than "Deactivate"
      • The "userEndDate" parameter should be filled adequately, rather than "NULL"
      • Corresponding Audit Log entry is missing for activate/deactivate operations performed via API – as apposed to when the same actions are performed in the UI

      Actual Results

      Visual Differences

      Deactivated via UI Deactivated via API
      Padlock closed Padlock closed
      Match filter Deactivated = Yes Match filter Deactivated = Yes
      Match Status = Inactive Match Status = Inactive
      Action button Activate Action button Deactivate

      JSON Differences 1

      Deactivated via UI Deactivated via API 
        "userEndDate": "2020-06-03T00:00:00Z",
      		OK 
        "userEndDate": null,
      		 Null 
        "locked": -1,
      		OK 
         "locked": 1,
      		Inconsistent with UI results
      and with source code style 
         "status": "Active",
      		Should be
      Inactive      		 
         "status": "Inactive",
      		OK

      Audit Log

      Operation UI API
      Activation
      Deactivation

      Caption:

      Expected/Present Unexpected/Absent

      NOTES

      1. Just relevant objects are shown

      Workaround

      • For deactivating a user via API 2.0
        • Use "value": 1 instead of "value": -1 when making the PATCH call
      • For the other remaining symptoms:
        • Currently there is no known workaround for this behavior. A workaround will be added here when available.

        1. locked-via-UI.png
          locked-via-UI.png
          80 kB
        2. locked-via-API.png
          locked-via-API.png
          81 kB

              kforeman@atlassian.com Kyle Foreman
              rcortez@atlassian.com Rodrigo Cortez
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: