We don't have an end point to use for JSM projects to check the permissions of users. Using the Jira REST API endpoint /rest/api/3/mypermissions doesn't explain how some users have access to projects (in case of Portal access as customers) and it actually returns results that are contradicting the ones you get by calling:
- Create a JSM project and make sure that Browse Project permissions have been granted to Service Project Customer - Portal Access and that Customer permissions - Service Project access configuration is set to Anyone on the web
- As Jira user that has no access to this project, send a GET request to "/rest/api/3/mypermissions?permissions=BROWSE_PROJECTS&projectId=<projectId>" where <projectId> is the ID of the project created in previous step. See that the user has browse project permission.
- Now, as the same user, send a REST API request to the POST /rest/api/3/permissions/project endpoint
The outcome is consistent with the one of the previous REST API call and the project created in step #1 is returned
The project created in step #1 is not returned.
Add a JSM REST API endpoint that would retrieve and point out portal access browse permissions if any.