Details
-
Suggestion
-
Resolution: Duplicate
-
1
-
Description
Nowadays, if you upload a project avatar (custom) you can't view it anonymously (as it happens with default system avatars). This is important because if you export that information from Jira the Avatar URL will be exported but it won't be displayed in external systems because of the permissions restriction.
You can replicate this by uploading a custom project avatar from the Project Settings configuration. Then you can get the project avatar URL from the browser and try to access them from Incognito mode:
In my case, this system avatar is visible: https://amirafranco.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10415?size=small
And this custom avatar is not visible: https://amirafranco.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10558?size=small
As I'm getting the error:
{"errorMessages":["You do not have permission to view the avatar."],"errors":{}}
Please note that the user profile avatars (including those uploaded by users) are accessible anonymously, unlike project custom avatars. This suggests that the restriction around visibility of custom project avatars may be unnecessary, because if this was due to privacy then surely user profile avatars should also be inaccessible anonymously as they would be deemed more private than project avatars.
Attachments
Issue Links
- duplicates
-
JRACLOUD-78948 Projects' custom avatars should be accessible publicly
- Gathering Interest