Details
-
Suggestion
-
Resolution: Unresolved
-
2
-
Description
Issue Summary
If a user restricts the visibility to any of the profile information (e.g. timezone), apps don't have access to such informations.
This limits the ability for apps to provide the functionalities required by the users.
Suggested solution
User have the option to provide consent to apps to access the user profile information. If the consent is not given, apps are provided a mechanism to understand if the information for that user profile is restricted.
Notes about the current behaviour
The current behaviour is described on the https://developer.atlassian.com/cloud/jira/platform/profile-visibility/ documentation for Jira.
This applies to cases where the profile information is restricted in either of the two ways: Organization and Only you
Difference between calling the same REST API from the browser or from an app
This behaviour only applies to requests done by apps. Requests done directly from the browser (e.g. for a GET when the user is entering the URL in the browser address bar) or via curl without the header below are not affected.
The difference is that, for a connect app, the request is performed with the additional 'ap-client-key: {existing_and_installed_app_key}' header. When this header is present, the profile visibility rules applied to apps will restrict the visibility of the profile information.
Attachments
Issue Links
- is related to
-
CONFCLOUD-73528 User profile picture visibility settings not respected in Connect Apps for Confluence
- Closed
-
ECO-29 Connect apps for Jira always show masked avatars (the user's initials) while the the visibility settings are respected in apps for Confluence
- Gathering Impact
-
ACJIRA-2484 Loading...
- relates to
-
JRACLOUD-76910 Jira APIs return an incorrect timezone value when the user profile restricted the visibility
- Gathering Interest
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...