Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
4.1.2, 5.2.6
-
All where JIRA runs. Currently using Standalone on JDK 1.5 with Linux FC5.
-
4.01
-
1
-
Severity 3 - Minor
-
1
-
Description
When performing creation validation through the new IssueService (which incidentally is a fantastic API change that has long been needed) some checks are not performed using the supplied user, but instead using the JiraAuthenticationContext.
For example, attempting to create issues from a scheduled task using this api results in a validation error saying that anonymous users are not allowed to create issues in the project (in our case anonymous creation is prohibited) despite having supplied a valid user to the validateCreate method.
In our case, this can be tracked down to ProjectSystemField which has the following method for determining allowed projects:
public Collection getAllowedProjects() { return getPermissionManager().getProjects(Permissions.CREATE_ISSUE, getAuthenticationContext().getUser()); }
Clearly this won't take into account the user that was passed into validateCreate.
There is an obvious work around for us, which is to override the authentication context temporarily but this should really be an implementation detail as part of DefaultIssueService.
For example, our code now reads:
// Setup IssueInputParameters IssueInputParameters issueInputParamters = new IssueInputParametersImpl().setProjectId( 12345L ); ... // override AuthenticationContext JiraAuthenticationContext authContext = ComponentManager.getInstance().getJiraAuthenticationContext(); User oldUser = authContext.getUser(); authContext.setUser( reporter ); // validate ValidateCreateResult result = issueService.validateCreate( reporter, issueInputParams ); .... // hopefully all goes well and you get to actually creating IssueResult result2 = issueService.create( reporter, result ); // clear the authentication context authContext.setUser( oldUser );