Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-67739

Anonymous Users Unable to Add Attachments to Public Project

    XMLWordPrintable

Details

    Description

      Summary

      Anonymous Users are unable to upload Attachment when Creating Issues in a Publicly Accessible Project in Jira

      Environment

      • Cloud

      Steps to Reproduce

      1. Update the Permissions to a Jira Project so that Anonymous Users can Create and Add Attachments (eg Create Issue and Create Attachment Permission for Group Anyone)
      2. As an Anonymous User, try to upload an Attachment during the Issue Creation (https://INSTANCE.atlassian.net/secure/CreateIssue.jspa)

      Expected Results

      Attachment Uploads or a message is shown stating Attachment Upload Status

      Actual Results

      No Errors are shown screen, however viewing the Browser Console

      batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1171 GET https://INSTANCE.atlassian.net/rest/api/2/attachment/upload/project/10001/credentials 404 ()
window.fetch @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1171
j @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147
Promise resolved (async)
T @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147
Promise resolved (async)
(anonymous) @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147
get @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147
Promise resolved (async)
getTemporaryAttachmentUploadToken @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147
(anonymous) @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1156
t @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147
r @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1156
t @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1161
value @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1155
onFilesAdded @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1159
i.fire @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160
(anonymous) @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160
setTimeout (async)
f @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160
c @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160
(anonymous) @ batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160
batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147 token_fetch_fail: {} 
 Error
    at Object.t.handleError (https://d8baqcx46fbgi.cloudfront.net/atl-vertigo--shard-jira-prod-us-12--3--jres.atlassian.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/ak8tew/b/1/e0bf089fd01d43fabc02e3fd96d9dcec/_/download/contextbatch/js/jira.create.issue,atl.general,jira.global,jira.general,atl.global,-_super/batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1147:29442)
    at e.value (https://d8baqcx46fbgi.cloudfront.net/atl-vertigo--shard-jira-prod-us-12--3--jres.atlassian.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/ak8tew/b/1/e0bf089fd01d43fabc02e3fd96d9dcec/_/download/contextbatch/js/jira.create.issue,atl.general,jira.global,jira.general,atl.global,-_super/batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1160:319)
    at https://d8baqcx46fbgi.cloudfront.net/atl-vertigo--shard-jira-prod-us-12--3--jres.atlassian.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/ak8tew/b/1/e0bf089fd01d43fabc02e3fd96d9dcec/_/download/contextbatch/js/jira.create.issue,atl.general,jira.global,jira.general,atl.global,-_super/batch.js?agile_global_admin_condition=true&devsummary=true&jag=true&locale=en-US&sd_operational=true:1159:27358
    at <anonymous>

      Notes

      Found that if Group Anyone has Browse Project permissions in the project, they are able to upload attachments; this would not be recommended if Jira is being used as an anonymous collection/feedback tool

      Workaround

      None

      Attachments

        Issue Links

          relates to

          CRANE-1521 Loading...

          Activity

            People

              Unassigned Unassigned
              scranford Shawn C
              Votes:
              2 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: