Using REST API to update a subtask security level returns SUCCESS 204

XMLWordPrintable

    • Severity 3 - Minor

      Issue Summary

      It is impossible to update a subtask security level; it is only inherited from the parent issue. However, if you use the REST API endpoint "Edit issue" to do it, it will return 204, even though the subtask wasn't updated

      Steps to Reproduce

      1. Use the "Edit issue" endpoint /rest/api/3/issue/ with the PUT method as the following example: 
      curl --location --request PUT 'https://<INSTANCE>.atlassian.net/rest/api/3/issue/<ISSUE-KEY>' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Basic <AUTHORIZATION TOKEN>' \
--data '{
  "fields": {
    "security":{
        "name": "<SECURITY_LEVEL_NAME>"
    } 
  }
}
'
      1. Send the above request with your instance, your issue key (must be a subtask), your credentials, and your security level name. 

      Expected Results

      • The response should not be successful, like a 400 error, since setting the security level for subtasks is impossible.

      Actual Results

      • The response threw a 204 "204 No Content" success status. 

      This is also possibly the root cause of an automation bug:

      • AUTO-1033: Updating the security level on subtasks returns "Issues edited successfully" when no actions are performed 

      Workaround

      Currently, there is no known workaround for this behavior. 

            Assignee:
            Unassigned
            Reporter:
            Eliseu Pedro
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: