REST API createmeta returns 200 response code incorrectly

XMLWordPrintable

    • 5.02
    • Severity 3 - Minor
    • Hide
      Atlassian Update – 28 May 2018

      Hi everyone,

      We have recently reviewed this issue and the overall interest in the problem. As the issue hasn't collect votes, watchers, comments, or support cases from many customers during its lifetime, it's very low on our priority list, and will not be fixed in the foreseeable future. That's why we've decided to resolve it as Time Out.

      Although we're aware the issue is still important to those of you who were involved in the conversations around it, we want to be clear in managing your expectations. The Jira team is focusing on issues that have broad impact and high value, reflected by the number of comments, votes, support cases, and customers interested. Please consult the Atlassian Bugfix Policy for more details.

      We understand how disappointing this decision may be, but we hope you'll appreciate our transparent approach and communication.
      Atlassian will continue to watch this issue for further updates, so please feel free to share your thoughts in the comments.

      Thank you,
      Ignat Alexeyenko
      Jira Bugmaster

      Show
      Atlassian Update – 28 May 2018 Hi everyone, We have recently reviewed this issue and the overall interest in the problem. As the issue hasn't collect votes, watchers, comments, or support cases from many customers during its lifetime, it's very low on our priority list, and will not be fixed in the foreseeable future. That's why we've decided to resolve it as Time Out . Although we're aware the issue is still important to those of you who were involved in the conversations around it, we want to be clear in managing your expectations. The Jira team is focusing on issues that have broad impact and high value, reflected by the number of comments, votes, support cases, and customers interested. Please consult the Atlassian Bugfix Policy for more details. We understand how disappointing this decision may be, but we hope you'll appreciate our transparent approach and communication. Atlassian will continue to watch this issue for further updates, so please feel free to share your thoughts in the comments. Thank you, Ignat Alexeyenko Jira Bugmaster

      According to https://docs.atlassian.com/jira/REST/latest/#d2e2710

      • 403 Forbidden will be returned if the user does not have permission to view any of the requested projects

      However, this is not true. The real scenario is like this - taking project A for example:

      • If user has Create Issues permission in project A, project A will be returned with "200 OK" - this is expected
      • If user does not have Create Issues permission in project A, project A won't be returned, still with "200 OK" - this should be changed in case the returned result is empty  "expand":"projects","projects":[]}  i.e. user does not have Create Issues permission in all projects
      • If user does not also have Browse Projects permission in project A, project A won't be returned, but still with "200 OK", though it's stated that 403 should be returned
        I don't think Browse Projects permission has something to do here, and 403 is also not a correct response in this case

      Upon further testing:

      • 401 will be returned if username or password is wrong
      • 403 will be returned if user does not have permission to log in JIRA
        these are expected

      So, the documentation needs updating and the HTTP responses might need reviewing to give users clearer information on the result they get.

            Assignee:
            Unassigned
            Reporter:
            Andy Nguyen (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: