-
Suggestion
-
Resolution: Fixed
-
None
NOTE: This suggestion is for JIRA Service Desk Server. Using JIRA Service Desk Cloud? See the corresponding suggestion.
JIRA Service Desk 2.0 introduced the role "Customers". Users with this role are banned from accessing JIRA functionality. That is for sure reasonable. The problem is that JIRA also deny request to the REST API's.
As add-on developers we would like the "Customer" role to have access to the plugins REST API's. If not, our Insight add-on will be impossible to enable on the Customer Portal for the "Customer" role. We can of course have simple custom field rendered from the server side, but our more advanced Insight custom field acts from the user behaviour and wouldn't scale if doing this from the server side
We have been asked why we like to share information/content to ServiceDesk "Customers". There are several reasons for that, but one example is if you are a company renting out video cameras, you want the customers to report bugs on those assets via the ServiceDesk portal. The assets is of course within the Insight plugin.
As of right now, our add-on works perfectly for users that have the USE permission but it doesn't work for users of the Customer role. We have several customers that really needs the Insight Custom Field to work for the "Customer" role so we hope you will make the REST-API open for the plugin developers to decide who can access the plugin services or not.
The client request: https://domainname:port/rest/.. gets a HTTP 302. We cannot see any drawbacks by allowing access to the REST API's where you as today, are redirecting all requests. The authorization should be handled by the plugin developers as we do in any other case.
Let me know if you have any questions or more information you need. This is very urgent for us. Thanks
- relates to
-
- Closed
- depends on
-
SDECO-318 Failed to load
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[JSDSERVER-920] Service Desk 2.0 - "Customers" are banned from accessing JIRA and Plugin REST API's
Dortiz
added a comment - Hi @Mathias Edblom,
can you explain your solution?? where can I locale that annotations??
I'm trying to apply the solution, but that does not work.
thanks in advance.
Regards.
Dortiz
added a comment - Hi @Mathias Edblom,
can you explain your solution?? where can I locale that annotations??
I'm trying to apply the solution, but that does not work.
thanks in advance.
Regards. This is just great! I have tested and this works flawlessly. Now I can finally remove my "back-door" solutions. Thanks //Mathias [RIADA]
In order for a plugin's REST paths to be available to customers, the plugin need this in atlassian-plugin.xml:
<!-- Allow the REST paths to run in customer context by default. We can opt out specifically inside it --> <customercontext key="<some key>" path="/rest/<foo-bar>"> <uri regex="/.*"/> </customercontext>
There are also two annotations that can be used to control whether a Resource or Resource Method is run in CustomerContext or not:
com.atlassian.servicedesk.api.rest.annotations.RunInCustomerContext
and
com.atlassian.servicedesk.api.rest.annotations.RunOutOfCustomerContext
See https://answers.atlassian.com/questions/11962341
This is preventing us to use the current-user / current-reporter in DBCF plugin.
For future ref if anyone needs this:
cfr https://answers.atlassian.com/questions/41462550/where-can-i-get-the-jira-service-desk-public-rest-api-plugin-jar