Issue Summary

At the moment, even if we set any JSM project as Restricted, if any account using external channel like Slack etc. to interact with Assist bot, the bot can perform following actions:

• In case account already exists in the site, it will create the work item and also add the portal account as the customer in the Restricted project. 
• In case account does not exist, it will create the account, add the account in the Restricted project along with creating the work item in the project.

Steps to Reproduce

1. Integrate any JSM project with Slack using chat/VSA services.
2. Use any account in the Help channel and create the ticket.
3. Bot will create the account (if not already exists in the site), add the account in the Restricted project as well as create the work item.

Expected Results

Assist bot should respect the Project settings set as Restricted and not add the portal account in the Restricted project as only authorised accounts should be able add other accounts in the restricted project. 

This behaviour is not present when external portal accounts uses other channels like portal/HC since Restricted projects are not displayed to such accounts until authorised account adds the external account inside the project.

Same behaviour with email handlers where it rejects the email.

Actual Results

Bot will create the account (if not already exists in the site), add the account in the Restricted project as well as create the work item.

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available