Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-67812

SecurityLevelSystemField validateParams does not check issue security level is valid for the project

XMLWordPrintable

      Summary

      • When creating an issue the issue will be validated (issueService.validateCreate).
      • Part of this validation checks the issue fields, one of those fields being the Security Level (SecurityLevelSystemField.validateParams).
      • SecurityLevelSystemField.validateParams only checks that the selected security level exists, not that it is valid for the project the issue is created in.
      • SecurityLevelSystemField.validateParams does not return an error when the security level is not valid for the project.

      Steps to Reproduce

      JIRA API:

      1. Set up project + one security scheme
      2. Create an issue, set security to a valid level in the scheme, no problems
        • Do this using the JIRA API
      3. Change to a different scheme with different levels
      4. Create issue using same level as before
        • issue is created and is not accessible to any user (because of invalid security level)

      JSD Steps:

      1. Set up security on the project
      2. Change request type to have security level field, hidden, default value is a valid level
        • Create issue, works fine, security level is correct
      3. Change to a different security scheme with different levels
      4. Create issue using JSD portal - issue is created but cannot be viewed by anyone because of invalid security level
        • Note that if you go back to the request type and configure the default value for hidden field - You will be presented with the correct options to choose from. No warning or error. (should show "The security level is invalid.")
        • If the security level did not exist then there would be an error in the portal and when viewing the default value

      Expected Results

      Jira will validate Security Level and will return an error (SecurityLevelSystemField.validateParams returns an error when the security level is not valid for the project).

      Actual Results

      • An issues being created with an invalid security level.
      • These issues are not accessible by any user through the JIRA UI. Database modification is required to fix these issues.

      Workaround

      • None.
      • Database modification is required to fix these issues.

              Unassigned Unassigned
              tevans Tim Evans (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: