Issue Summary

The Get bulk permissions API returns incorrect result in some cases, because it lacks particular checks, such as product specific permission overrides. Meanwhile, the Get my permissions API returns correct result.

Steps to Reproduce

1. Create Jira Discovery Project
2. Settings → Access. Set Project Access to Open
3. Settings → Access → Add people. Invite User and set access level as Contributor
4. User Management → Users. Chose previously added user, Grant Access to Jira product with product role set to User
5. Login by a user, access project in UI, verify user cannot create issues.
6. Call Get Bulk Permission endpoint.

Expected Results

Call Get Bulk Permission endpoint, expect no access to CREATE_ISSUES

Actual Results

1. Call Get Bulk Permission endpoint: it shows the user has access to CREATE_ISSUES, which is not expected.
2. Call My permissions endpoint: it shows the user does not access to CREATE_ISSUES, which is expected.

Workaround

Use Get my permissions API instead, but bad performance for bulk operation.