Uploaded image for project: 'Jira Align'
  1. Jira Align
  2. JIRAALIGN-1610

[JIRAALIGN-1610] API 2.0 : Deactivating a user via PATCH call towards /align/api/2/Users/id endpoint produces inconsistent results

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 10.79
    • 10.70, 10.71, 10.72, 10.73
    • REST API
    • 1
    • Severity 3 - Minor
    • Batman! - TART5

      Issue Summary

      Deactivating a user via PATCH call towards /align/api/2/Users/id endpoint produces the following inconsistent results.

      1. Missing audit logs
      2. Discrepant locked value
      3. Discrepant status value
      4. Discrepant action button

      Steps to Reproduce

      1. Obtain a valid token
      2. The corresponding user must be either Super Admin or has enough privileges in the UI to perform user deactivation
      3. Make a GET call towards /align/api/2/Users/id endpoint, for validating the token
      4. Make a PATCH call towards /align/api/2/Users/id endpoint, using the document below

        Use the following JSON patch document (as per https://json-patch-builder-online.github.io/):

        [
            {
                "op": "replace",
                "path": "/locked",
                "value": -1
            }
        ]
        

      5. Make a GET call towards /align/api/2/Users/id endpoint, for validating results

      Expected Results

      • In PATCH call, the "value" parameter should equals to "-1" for deactivating a user, instead of "1" (in accordance to when the user is deactivated via UI)
      • In UI, "action" button should be labeled "Activate", rather than "Deactivate"
      • The "userEndDate" parameter should be filled adequately, rather than "NULL"
      • Corresponding Audit Log entry is missing for activate/deactivate operations performed via API – as apposed to when the same actions are performed in the UI

      Actual Results

      Visual Differences

      Deactivated via UI Deactivated via API
      Padlock closed Padlock closed
      Match filter Deactivated = Yes Match filter Deactivated = Yes
      Match Status = Inactive Match Status = Inactive
      Action button Activate Action button Deactivate

      JSON Differences 1

      Deactivated via UI Deactivated via API
        "userEndDate": "2020-06-03T00:00:00Z", 
      OK
        "userEndDate": null,
      Null
        "locked": -1, 
      OK
         "locked": 1, 
      Inconsistent with UI results
      and with source code style
         "status": "Active", 
      Should be
      Inactive
         "status": "Inactive", 
      OK

      Audit Log

      Operation UI API
      Activation
      Deactivation

      Caption:

      Expected/Present Unexpected/Absent

      NOTES

      1. Just relevant objects are shown

      Workaround

      • For deactivating a user via API 2.0
        • Use "value": 1 instead of "value": -1 when making the PATCH call
      • For the other remaining symptoms:
        • Currently there is no known workaround for this behavior. A workaround will be added here when available.

        1. locked-via-API.png
          81 kB
          Rodrigo Cortez
        2. locked-via-UI.png
          80 kB
          Rodrigo Cortez

              kforeman@atlassian.com Kyle Foreman
              rcortez@atlassian.com Rodrigo Cortez
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: