User cannot create an issue in a project when not having the "Edit Issue" permission

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • 3
    • Severity 3 - Minor
    • 22

      Issue Summary

      A single user can't create issues in a specific project when any of the Portfolio fields Team, Target start, target end etc. are present on the Create Issue screen.

      Environment

      Looking into this it seems the component IssuePropertyServiceBridge74 from Portfolio (and also IssuePropertyServiceBridge80) do not check the result from IssuePropertyService.validateSetProperty().
      The invalid result should have the reason for its invalidness attached.
      The bridges should at least log the reason when !SetPropertyValidationResult.isValid(), as otherwise we get this unactionable exception.

      This is in fact caused two bugs:

      1a) IssuePropertyServiceBridge tries to perform the property update even though the validation said it was invalid. Instead it should either log an error or throw a proper exception with details
      1b) com.atlassian.rm.teams.customfields.team.TeamCustomFieldType.createValue() should not validate permissions when creating the property. The IssuePropertyService does allow for that, but it's not completely exposed in the Portfolio components. This should be done.

      Steps to Reproduce

      A user with Create permissions in the project and without Edit Issue permission tries to create an issue.

      Expected Results

      The user is able to create an issue.

      Actual Results

      Issue creation fails, and the the following messages are printed in the logs:

      2019-10-09 11:54:40,270 catalina-exec-169 ERROR tmoller 714x7342621x6 1m1nsp2 172.16.238.122,172.16.141.223 /secure/QuickCreateIssue.jspa [c.a.j.bc.issue.DefaultIssueService] Error creating issue:
com.atlassian.jira.exception.CreateException
at com.atlassian.jira.issue.managers.DefaultIssueManager.createIssue(DefaultIssueManager.java:588)
at com.atlassian.jira.issue.managers.DefaultIssueManager.createIssue(DefaultIssueManager.java:494)
at com.atlassian.jira.issue.managers.RequestCachingIssueManager.createIssue(RequestCachingIssueManager.java:192)
at com.atlassian.jira.bc.issue.DefaultIssueService.create(DefaultIssueService.java:238)
at com.atlassian.jira.bc.issue.DefaultIssueService.create(DefaultIssueService.java:207)
... 2 filtered
at java.lang.reflect.Method.invoke(Method.java:498)
at com.atlassian.plugin.util.ContextClassLoaderSettingInvocationHandler.invoke(ContextClassLoaderSettingInvocationHandler.java:26)
at com.sun.proxy.$Proxy72.create(Unknown Source)
... 2 filtered
at java.lang.reflect.Method.invoke(Method.java:498)
at com.atlassian.plugin.osgi.bridge.external.HostComponentFactoryBean$DynamicServiceInvocationHandler.invoke(HostComponentFactoryBean.java:136)
at com.sun.proxy.$Proxy72.create(Unknown Source)
at com.atlassian.jira.quickedit.action.QuickCreateIssue.doExecute(QuickCreateIssue.java:308)
... 1 filtered
at com.atlassian.jira.action.JiraActionSupport.execute(JiraActionSupport.java:63)
... 7 filtered
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
... 48 filtered
at com.atlassian.greenhopper.jira.filters.ClassicBoardRouter.doFilter(ClassicBoardRouter.java:62)
... 12 filtered
at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
... 58 filtered
at com.atlassian.jira.security.JiraSecurityFilter.lambda$doFilter$0(JiraSecurityFilter.java:66)
... 1 filtered
at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:64)
... 39 filtered
at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)
... 10 filtered
at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
... 4 filtered
at com.atlassian.web.servlet.plugin.LocationCleanerFilter.doFilter(LocationCleanerFilter.java:36)
... 26 filtered
at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25)
... 26 filtered
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.atlassian.jira.workflow.WorkflowException
at com.atlassian.jira.workflow.OSWorkflowManager.createIssue(OSWorkflowManager.java:768)
at com.atlassian.jira.issue.managers.DefaultIssueManager.createIssue(DefaultIssueManager.java:580)
... 261 more
Caused by: java.lang.IllegalArgumentException
at com.google.common.base.Preconditions.checkArgument(Preconditions.java:108)
at com.atlassian.jira.entity.property.DelegatingEntityPropertyService.setProperty(DelegatingEntityPropertyService.java:41)
... 2 filtered
at java.lang.reflect.Method.invoke(Method.java:498)
at com.atlassian.plugin.util.ContextClassLoaderSettingInvocationHandler.invoke(ContextClassLoaderSettingInvocationHandler.java:26)
at com.sun.proxy.$Proxy444.setProperty(Unknown Source)
... 2 filtered
at java.lang.reflect.Method.invoke(Method.java:498)
at com.atlassian.plugin.osgi.bridge.external.HostComponentFactoryBean$DynamicServiceInvocationHandler.invoke(HostComponentFactoryBean.java:136)
at com.sun.proxy.$Proxy444.setProperty(Unknown Source)
at com.atlassian.rm.common.bridges.jira.issue.properties.IssuePropertyServiceBridge74.setProperty(IssuePropertyServiceBridge74.java:52)
at com.atlassian.rm.common.env.issues.JiraIssuePropertyService.setProperty(JiraIssuePropertyService.java:263)
at com.atlassian.rm.common.env.issues.JiraIssuePropertyService.set(JiraIssuePropertyService.java:104)
at com.atlassian.rm.teams.customfields.team.TeamIssuePropertyService.setTeamId(TeamIssuePropertyService.java:30)
at com.atlassian.rm.teams.customfields.team.IssueTeamService.setTeam(IssueTeamService.java:46)
at com.atlassian.rm.teams.customfields.team.TeamCustomFieldTypeHelper.setTeamOnIssue(TeamCustomFieldTypeHelper.java:105)
at com.atlassian.rm.teams.customfields.team.TeamCustomFieldType.createValue(TeamCustomFieldType.java:69)
at com.atlassian.rm.teams.customfields.team.TeamCustomFieldType.createValue(TeamCustomFieldType.java:22)
at com.atlassian.jira.issue.fields.ImmutableCustomField.createValue(ImmutableCustomField.java:693)
at com.atlassian.jira.workflow.function.issue.IssueCreateFunction.execute(IssueCreateFunction.java:81)
at com.opensymphony.workflow.AbstractWorkflow.executeFunction(AbstractWorkflow.java:1014)
at com.opensymphony.workflow.AbstractWorkflow.transitionWorkflow(AbstractWorkflow.java:1407)
at com.opensymphony.workflow.AbstractWorkflow.initialize(AbstractWorkflow.java:606)
at com.atlassian.jira.workflow.OSWorkflowManager.createIssue(OSWorkflowManager.java:742)
... 262 more

      Notes

      Please note that there is no call to Preconditions.checkArgument inside DelegatingEntityPropertyService.setProperty().
      I think the stacktrace is missing one frame (for whatever reason), see: https://jira.atlassian.com/browse/JRASERVER-70114
      When manually executing IssuePropertyService.setProperty(user, invalidValidationResult) I get the following stacktrace which makes more sense and which I assume would also be the correct stacktrace for the mentioned issue:

      java.lang.IllegalArgumentException at com.google.common.base.Preconditions.checkArgument(Preconditions.java:108)
at com.atlassian.jira.entity.property.BaseEntityPropertyService.setProperty(BaseEntityPropertyService.java:97)
at com.atlassian.jira.entity.property.DelegatingEntityPropertyService.setProperty(DelegatingEntityPropertyService.java:41)

      Workaround

      Option1 : The user needs to be assigned Edit Issue permission.
      Option2 : Remove Portfolio fields from the Create issue screen.

            Assignee:
            Anne Jang
            Reporter:
            Eduard M (Inactive)
            Archiver:
            Aakrity Tibrewal

              Created:
              Updated:
              Resolved:
              Archived: