Details
-
Bug
-
Resolution: Timed out
-
Low
-
4
-
Severity 3 - Minor
-
Description
Summary
A customer logged in on the Customer Portal should be able see the JIRA issues on the macro of a Linked KB from Confluence on the customer portal after allowing All logged in users to the 'Browse Projects' permission. However, Once the page loads, the issues will be shown, but if you click on the refresh button of the macro, the alert will come: "JIRA project doesn't exist or you don't have permission to view it.". Permission Helper shows that customer's user has the 'Browse Projects' permission.
Also, if convert the customers to Atlassian Account, it Throws the follwoing error: "Data cannot be retrieved due to an unexpected error."
"timestamp":"2017-07-27T13:17:51,984Z" "level":"WARN" "product":"jira" "logger":"com.atlassian.applinks.internal.capabilities.DefaultRemoteCapabilitiesService" "message":"Exception trying to get Applink for manifest with ID 669ecc51-3b86-3b2f-bcec-aa91c3e60b0a" "tenantId":"1af07e44-6eea-4691-8cae-33c0bcb2552e" "location":{"class":"com.atlassian.applinks.internal.capabilities.DefaultRemoteCapabilitiesService","method":"getApplinkSafe","line":"271"} "url":"/servicedesk/customer/kb/view/327685" "username":"rodrigo.becker@e-core.com"
Environment
Cloud
Confluence 1000.0.0-e91264e
JIRA Service Desk Application v3.3.0-OD-1000.1731.0
Steps to Reproduce
- Allow any logged in user to the 'Browse Projects' permission for the project tested.
- Get to the project's 'Knowledge Base' section and check the box to allow anyone to read articles without a Confluence license.
- Have a knowledge base created using the JIRA issue macro listing issues from any project. (ie: The own JSD project)
- Log in to the customer portal with a portal-only customer account.
- Search for the knowledge base and open it.
Expected Results
Issues are listed.
Actual Results
Once the page loads, the issues will be shown, but if you click on the refresh button of the macro, the same alert will come: "JIRA project doesn't exist or you don't have permission to view it."
If convert the customers to Atlassian Account, it Throws the follwoing error: "Data cannot be retrieved due to an unexpected error."
"timestamp":"2017-07-27T13:17:51,984Z" "level":"WARN" "product":"jira" "logger":"com.atlassian.applinks.internal.capabilities.DefaultRemoteCapabilitiesService" "message":"Exception trying to get Applink for manifest with ID 669ecc51-3b86-3b2f-bcec-aa91c3e60b0a" "tenantId":"1af07e44-6eea-4691-8cae-33c0bcb2552e" "location":{"class":"com.atlassian.applinks.internal.capabilities.DefaultRemoteCapabilitiesService","method":"getApplinkSafe","line":"271"} "url":"/servicedesk/customer/kb/view/327685" "username":"rodrigo.becker@e-core.com"
Workaround
Allow Anyone group to the 'Browse Projects' permission, but from a security perspective, it is highly not recommended as anybody logged in or anonymous will be able to search through the project's issues, both on Confluence as well as on the JIRA project.