-
Suggestion
-
Resolution: Unresolved
-
None
-
5
-
5
-
The "Share" button of the Customer portal requests should respect the current configuration of the Customer Portal. If the portal is not configured for New Customers, the "Share" function shouldn't allow the creation of new customers, as it currently does.
- This is currently possible if Project admin, Jira administrator or Jira System Administrator share to new customer from portal.
Steps to reproduce:
- Login to Customer portal as either Project admin, Jira administrator or Jira System Administrator.
- Configure a Customer Portal with the permission that should not allow anyone to create the account
- Create a Service Desk request
- Share it with an e-mail that doesn't belong to any other account
- You'll notice that the E-mail will be added as a customer on the portal
Workaround
The following workaround may or may not be suitable for your team. It disables Jira service desk "Share" feature for any user input, even those inside your organisation. The share button will show, but the Share button will do nothing.
Please note that this workaround does not affect Jira's inbuilt Share feature, which is not affected by this unwanted behavior ( 
)
- Edit JIRA_INST/atlassian-jira/WEB-INF/urlrewrite.xml
- Insert the following block immediately before the final </urlrewrite> tag:
<!--Workaround for JSDSERVER-5531 --> <rule> <from>^/rest/servicedesk/1/customer/participants/.*/share$</from> <condition type="method">PUT</condition> <set type="status">403</set> <to>null</to> </rule>
- Restart the application for the changes to take effect
- relates to
-
- Gathering Interest
- links to
Customer portal "Share" unwanted customer creation when login using Admin user
-
-
Resolution: Unresolved
-
None
-
5
-
5
-
The "Share" button of the Customer portal requests should respect the current configuration of the Customer Portal. If the portal is not configured for New Customers, the "Share" function shouldn't allow the creation of new customers, as it currently does.
- This is currently possible if Project admin, Jira administrator or Jira System Administrator share to new customer from portal.
Steps to reproduce:
- Login to Customer portal as either Project admin, Jira administrator or Jira System Administrator.
- Configure a Customer Portal with the permission that should not allow anyone to create the account
- Create a Service Desk request
- Share it with an e-mail that doesn't belong to any other account
- You'll notice that the E-mail will be added as a customer on the portal
Workaround
The following workaround may or may not be suitable for your team. It disables Jira service desk "Share" feature for any user input, even those inside your organisation. The share button will show, but the Share button will do nothing.
Please note that this workaround does not affect Jira's inbuilt Share feature, which is not affected by this unwanted behavior ( )
- Edit JIRA_INST/atlassian-jira/WEB-INF/urlrewrite.xml
- Insert the following block immediately before the final </urlrewrite> tag:
<!--Workaround for JSDSERVER-5531 --> <rule> <from>^/rest/servicedesk/1/customer/participants/.*/share$</from> <condition type="method">PUT</condition> <set type="status">403</set> <to>null</to> </rule>
- Restart the application for the changes to take effect
- relates to
-
- Gathering Interest
- links to
-
Dhanapal Mohanasamy
-
- Votes:
-
20 Vote for this issue
- Watchers:
-
25 Start watching this issue
- Created:
- Updated: