Description
Summary
The documented responses for issue-editIssue are:
- STATUS 400 - Returned if the requested issue update failed.
- STATUS 204 - Returned if it updated the issue successfully.
- STATUS 403 - Returned if the user doesn't have permissions to disable users notification.
There're a few problems with these:
- If the user authentication fails, 401 is returned but not documented (perhaps a common sense)
- For 400, the error message is misleading in certain cases
Steps to reproduce
- Send a REST call to edit an issue. For example, to update Priority and Time Tracking:
{ "fields": { "priority": { "name": "High" }, "timetracking": { "originalEstimate": "1h", "remainingEstimate": "30m" } } }
Priority and Time Tracking are available on the Edit Issue screen. - Supply the valid credentials of a user who doesn't have Edit Issues permission in the respective project
Expected behavior
The response message tells that the user doesn't have the permission to Edit the issue
Actual behavior
The response message says:
{
"errorMessages": [],
"errors": {
"priority": "Field 'priority' cannot be set. It is not on the appropriate screen, or unknown.",
"timetracking": "Field 'timetracking' cannot be set. It is not on the appropriate screen, or unknown."
}
}
This message is correct when the field names are incorrect or the fields are not on Edit Issue screen.
Suggestion
When the field names are correct and the fields are on Edit Issue screen, Jira should check if the user has Edit Issues permission and return a correct error message.
Attachments
Issue Links
- is duplicated by
-
JRASERVER-66840 Error message returned on editing an issue when a user does not have permission is bad
- Closed
- relates to
-
JRACLOUD-67725 Misleading error while creating issue using REST API
-
- Closed
-
-
-
- Closed
-
-
-
- Gathering Impact
-