In a script listener, the IssueService validateSubTaskCreate fails on the reporter permission check, despite the API being given a user which is authorized to do so.

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Medium
    • None
    • Affects Version/s: 8.13.6
    • Component/s: Java API
    • 8.13
    • 3
    • Severity 3 - Minor

      Issue Summary

      In a Scriptrunner Script Listener (Groovy) the IssueService validateSubTaskCreate fails on the reporter permission check, despite the API being given a user which is authorized to do so.

      In this example, the username is "userBranching".  

       

      MutableIssue issue = event.issue
UserManager userManager = ComponentAccessor.getUserManager()
// "<username>" is the user being authorized to create subtasks and modify the reporter

def userBranching = userManager.getUserByName("<username>")
def issue_type = constantManager.getAllIssueTypeObjects().find
{it.getName() == "some issue type"}
def issueSubtaskParams = issueService.newIssueInputParameters()
issueSubtaskParams.with {
setSkipScreenCheck(true)
setIssueTypeId(issue_type.id)
setProjectId(issue.getProjectId())
setPriorityId(issue.getPriority().getId())
setReporterId(issue.getReporterId())
setDescription(issue.getDescription())
setSummary("some title")
}
def validationResult = issueService.validateSubTaskCreate(userBranching,issue.getId(), issueSubtaskParams)
validationResult.isValid()

       

      This results in a validation error of:

      reporter:You do not have permission to modify the issue reporter.

      If I add in a leading JAC context user change, it passes:

      def authContext = ComponentAccessor.getJiraAuthenticationContext();
authContext.setLoggedInUser(userBranching)

      According to the API documentation this should not be necessary, validateSubTaskCreate() should validate against the user's permission given in the method call:
      https://docs.atlassian.com/software/jira/docs/api/8.13.6/com/atlassian/jira/bc/issue/IssueService.html#validateSubTaskCreate-com.atlassian.jira.user.ApplicationUser-java.lang.Long-com.atlassian.jira.issue.IssueInputParameters-

      Steps to Reproduce

      1. execute the script above

      Expected Results

      Jira respects the user permissions for the Reporter.

      Actual Results

      Jira does not respect the user permissions for the Reporter and the following error is thrown:

      reporter:You do not have permission to modify the issue reporter.

      Workaround

      add in a leading JAC context user change

      def authContext = ComponentAccessor.getJiraAuthenticationContext();
authContext.setLoggedInUser(userBranching)

            Assignee:
            Unassigned
            Reporter:
            Sarah A
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: