Summary

When using the JQL function membersOf it's possible to return invalid results if the user is a member of the group being selected in one user directory, but not the current one. For example:

• User captain.planet in the JIRA Internal Directory (JIT) is a member of the group eco-warrior.
• That user captain.planet is not a member of that group in the Active Directory (AD).
• Active Directory is above JIRA Internal Directory, so the user is referenced from AD rather than the JIT.
• The membersOf("eco-warrior") JQL will return issues as if that user was in the group.

Steps to Reproduce

1. Add a user to the JIT and AD (e.g.: captain-planet).
2. Give them a group in the JIT and not the AD (or the other way around), for example eco-warrior.
3. Move the user directory that they are not a member of the group to the top.
4. Create an issue with them as the reporter.
5. Run the following JQL:

   reporter = captain.planet and reporter in membersOf("eco-warrior")
   

Expected Results

The issue is not returned as they are not a member of that group.

Actual Results

The issue is returned, as the other User Directory has them in that group.

Notes

This can be worked around by:

1. Swapping the order of the user directories.
2. Removing the user from the group.
3. Restoring the original order.