Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-84892

Incorrect HTTP Response Code for unauthorised access to Team Custom Field in Connect app

XMLWordPrintable

      Issue Summary

      When accessing a Team custom field via the /rest/api/3/jql/autocompletedata/suggestions REST API endpoint in a Connect app, the API incorrectly returns a 500 Internal Server Error instead of the expected 403 Forbidden error when the app user lacks the necessary permissions.

      Steps to Reproduce

      1. Use the /rest/api/3/jql/autocompletedata/suggestions endpoint in a Connect app.
      2. Try to access Team custom field in Connect app without having the 'Browse users and groups' global permission.
      3. Observe the HTTP response code and message.

      Expected Results

      The API should return an HTTP 403 Forbidden response, indicating that the user does not have the necessary permissions to access the Team custom field.

      Actual Results

      The API returns a 500 Internal Server Error with the message "Forbidden," which is misleading and does not accurately describe the permission issue. The below exception is thrown in the app log file:

      "response": "{\"message\":\"Forbidden\",\"status-code\":500,\"stack-trace\":\"\"}",

"stack": "Error: Request GET /rest/api/3/jql/autocompletedata/suggestions?fieldName=:fieldName&fieldValue=:fieldValue failed unexpectedly with status 500:

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

              e4ec752162f8 Winston Kint
              54bf2707b706 Deepak Pandey
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: