Context

When using JQL with auto-complete switched on, searching for fields will always list global values. For instance, when using the IN operator in JQL, auto-complete will "give away" values for the majority of fields. Given that for each individual project there are schemes restricting or limiting the available fields, only context-specific values should be accessible for the user.
The current behaviour seems to be potentially problematic with regard to usability or security concerns.

Objective

As a user, I want the auto-complete function to only present field values relevant for my context.

With "my context" meaning:

1. Projects, I have permission to browse; or
2. Values for fields that are configured/enabled via a scheme configuration for that project.

In other words: the behaviour and underlying logic of JIRA's JQL search capabilities should respect project configuration and permissions to not reveal global field values.

Steps to reproduce

1. Create a user that has access only to one particular project.
2. Configure the project in the following way:
   1. A basic workflow (eg. only with three statuses TODO, DOING, DONE).
   2. No Custom Fields used on any screen or any scheme;
3. In JIRA, browse to "Search for issues" in Advanced mode and try the following:
   1. status IN (
      -> Auto-complete will display a preview of all existing statuses (in addition to our three).
   2. project IN ("My Project") AND
      -> A preview of globally existing custom fields will be displayed.

Other fields which are affected by the described behaviour as well are:

• Issue Type
• Status
• Assignee
• Resolution
• Component
• FixVersion
• Custom Fields

Footnote

• The search for projects does respect the configuration. As a user, auto-complete only displays a list of projects I am authorised to browse:

  project IN (