Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
9.4.3
-
None
-
9.04
-
2
-
Severity 3 - Minor
-
0
-
Description
Issue Summary
Jira users can create personal filters (search requests) and grant edit access to a specific user via the manage filters (ManageFilters.jspa) page. If that user granted access is deleted, the admin filters page (admin/filters/ViewSharedFilters.jspa) will correctly indicate the user is invalid. However, if an admin tries to re-assign ownership of that filter, an error is displayed, and the operation is aborted.
This is reproducible on Data Center: yes
Steps to Reproduce
- User A saves a filter (search request).
- From manage filters, user A grants edit access to user B.
- User B is ungracefully deleted (directory is removed, or user is manually removed from cwd_user table).
- Admin attempts to transfer ownership to user C via the filters admin page.
Expected Results
Filter ownership is transferred to user C, ignoring user B's status.
Actual Results
The following error is displayed in the change owner modal:
User: 'JIRAUSER123' does not exist.
JIRAUSER123 is the internal user key of user B.
Workaround
Filter sharing properties are stored in the sharepermissions table. We can query and delete records where the share recipient doesn't exist.
- Query for affected share records:
SELECT * FROM sharepermissions sp LEFT OUTER JOIN app_user au ON sp.param1 = au.user_key LEFT OUTER JOIN cwd_user u ON au.lower_user_name = u.lower_user_name WHERE sp.entitytype = 'SearchRequest' AND sp.sharetype = 'user' AND u.directory_id IS NULL;
- Delete these records:
DELETE FROM sharepermissions WHERE id IN (SELECT sp.id FROM sharepermissions sp LEFT OUTER JOIN app_user au ON sp.param1 = au.user_key LEFT OUTER JOIN cwd_user u ON au.lower_user_name = u.lower_user_name WHERE sp.entitytype = 'SearchRequest' AND sp.sharetype = 'user' AND u.directory_id IS NULL);
- Always back up your data before performing any modifications to the database. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.
- Restart Jira. This is required to flush the filters cache. A DC rolling restart is not sufficient.
- Proceed with changing filter ownership.
Technical explanation
Internally, Jira uses identical validators in the edit current filter modal on the user manage filters page and the change owner modal on the filters admin page. For each share permission (view/edit), this includes checking that the target entity is valid. Since the target entity was deleted, the operation fails. This cancels the ownership change request.
Attachments
Issue Links
- mentioned in
-
Page Loading...