I am writing an Atlassian Connect addon and I want to be able to say things like:

• Who are all of the users that have PROJECT_ADMIN in this project?
• Does this user have the permissions that they need?

This seems to be the only permission url that I can find that will do the job and it seems to be completely buggy.

• It returns 401's when I think it means 403's.
• If I don't provide a username filter then, instead of not filtering at all (like the docs suggest), it returns the error message "The username query parameter was not provided".
• The URL does not seem to obey permission checks correctly. When my user had PROJECT_ADMIN then it returned no results, but when I gave that user ADMIN then I started getting 401 errors back.

All in all this rest resource is currently completely unuseable.

And, to make matters worse, when I looked at the JIRA code then I saw that there is not one single test in com.atlassian.jira.rest.v2.issue.UserResourceTest that excercises this rest call.

The bottom line is this:

• This is a critical REST call that must work for Atlassian Connect addons.
• It is completely untested and that needs to be rectified immediately and the tests need to be extensive.
• There are permission and functionality issues this this rest resource that need immediate attention.

Please put this at the top of the backlog or somewhere high. Cheers.