Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-44003

The error returned from create issue REST endpoint when the user doesn't have create permission is bad.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Low Low
    • None
    • 6.3, 6.4, 7.0.0
    • REST API

      Overview

      When creating the issue through REST API and user doesn't have permission to perform this action 
      **

      Steps to reproduce

      1. Create new user - UserA
      2. Remove from UserA "Create Issues" permission
      3. When being logged as {}UserA try to create an issue through REST endpoint (i.e. POST to /rest/api/2/issue).
        I used this JSON on my instance: 
        {
    fields: {
       project: {key: "DESK"},
       summary: "REST ye merry gentlemen.",
       description: "Creating of an issue using project keys and issue type names using the REST API",
       issuetype: {name: "Task"}
   }
}

      Current behaviour

      HTTP 400 code is returned with the message:

      {    
"errorMessages": [],    
"errors": {        
          "summary": "Field 'summary' cannot be set. It is not on the         appropriate screen, or unknown.",        
           "description": "Field 'description' cannot be set. It is not on the appropriate screen, or unknown."    
           }
}

       

      Expected behaviour

      Proper HTTP error code and message are returned when the user doesn't have permission to create the issue. 

      Workaround

      none

            Unassigned Unassigned
            bbain bain
            Votes:
            13 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated: