Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-44003

The error returned from create issue REST endpoint when the user doesn't have create permission is bad.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Low
    • None
    • 6.3, 6.4, 7.0.0
    • REST API

    Description

      Overview

      When creating the issue through REST API and user doesn't have permission to perform this action 
      **

      Steps to reproduce

      1. Create new user - UserA
      2. Remove from UserA "Create Issues" permission
      3. When being logged as {}UserA try to create an issue through REST endpoint (i.e. POST to /rest/api/2/issue).
        I used this JSON on my instance: 
        {
    fields: {
       project: {key: "DESK"},
       summary: "REST ye merry gentlemen.",
       description: "Creating of an issue using project keys and issue type names using the REST API",
       issuetype: {name: "Task"}
   }
}

      Current behaviour

      HTTP 400 code is returned with the message:

      {    
"errorMessages": [],    
"errors": {        
          "summary": "Field 'summary' cannot be set. It is not on the         appropriate screen, or unknown.",        
           "description": "Field 'description' cannot be set. It is not on the appropriate screen, or unknown."    
           }
}

       

      Expected behaviour

      Proper HTTP error code and message are returned when the user doesn't have permission to create the issue. 

      Workaround

      none

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRACLOUD-67725 Misleading error while creating issue using REST API

          • Low - Low priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-67013 REST API returns 400 error with misleading message when editing issues

          • Low - Low priority issues
          • Gathering Impact

          Suggestion - JRASERVER-66840 Error message returned on editing an issue when a user does not have permission is bad

          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-67652 Using jira.permission.createclone.denied on Initial Workflow Status breaks Issue Creation via REST API

          • Low - Low priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              bbain bain
              Votes:
              13 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated: