Details
-
Bug
-
Resolution: Not a bug
-
Low
-
None
-
Severity 3 - Minor
-
Description
Issue Summary
Upon completion of a request that changed the field permission on the `duedate` field, which is one of several fields that our Jira add-on app will sometimes update, all PUT payloads to Jira API `/rest/api/3/issue/{issue-key}` that included `duedate` in the payload failed with Jira responding with 400.
Steps to Reproduce
- Restrict the permissions of an issue field, in this case `duedate`, so that it does not appear on the edit screen of an issue
- Attempt to perform a PUT update on that field using the Jira API from you Jira add-on app
- Receive the following error:
PUT https://asecurityteam.atlassian.net/rest/api/3/issue/VULN-283408
Payload:
```
{
"fields": {
"customfield_10607": [
,
{ "accountId": "557057:51b1c618-8a53-4fb5-83d1-c5de6f231e5a" }],
"customfield_10273": {
"value": "Confluence Server",
"child":
},
"customfield_10599":
,
"customfield_10609": "2021-02-23",
"duedate": "2021-05-24"
}
}
```
Response was 400 with:
```
{
"errorMessages": [],
"errors":
}
```
Expected Results
The permissions of the edit screen of an issue should not affect the permissions of the Jira API.
Actual Results
The below exception is thrown in the xxxxxxx.log file:
{
"errorMessages": [],
"errors": {
"duedate": "Field 'duedate' cannot be set. It is not on the appropriate screen, or unknown."
}
}
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
Attachments
Issue Links
- was cloned as
-
-
- Closed
-