Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-6858

Searching by Customer request type in background thread with override security results in wrong search results

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Low Low
    • None
    • 3.16.0
    • Create Request

      Issue Summary

      Searching by Customer request type in background thread with override security results in wrong search results. 

      I have an issue while running searchProvider.searchCountOverrideSecurity(query, null)  from my plugin. It is expected to override security restrictions, but it doesn't. Queries that return issues in browser, return nothing if run via API. I also pass null for user here because I don't want user permissions to be used in the search. How can I run JQL query from my plugin with no any permission restrictions applied?The same is reproducible with searchProvider.getHitCount(SearchQuery.create(query, caller)) . I wrap the search with jiraThreadLocalUtil.preCall()/postCall(), but it doesn't help to make search ignore permissions of the current user.
      The query is "Customer Request Type" = "IT help (SD)" and key=SD-1

      Steps to Reproduce

      Running the following event listener will result in wrong count in background thread.

      @EventListener
public void onIssueEvent(IssueEvent event) throws Exception {
    Issue issue = event.getIssue();
    log.error("Issue event happened. Issue [{}], event type [{}]", issue, event.getEventTypeId());

    String jqlQuery = "\"Customer Request Type\" = \"IT help (SD)\" ";
    SearchService.ParseResult parseResult = searchService.parseQuery(jiraAuthenticationContext.getLoggedInUser(), jqlQuery);
    Query query = JqlQueryBuilder.newBuilder(parseResult.getQuery())
            .where()
            .and()
            .issue()
            .eq(issue.getKey())
            .buildQuery();
    log.error("Issues found for query (main thread) [{}] and user [{}]: {}",
            query.toString(), null, searchCountOverrideSecurity(query, null));

    executorService.submit(() -> {
        log.error("Issues found for query (background thread) [{}] and user [{}]: {}",
                query.toString(), null, searchCountOverrideSecurity(query, null));
    });
}

private long searchCountOverrideSecurity(Query query, ApplicationUser user) {
    try {
        return searchProvider.searchCountOverrideSecurity(query, user);
    } catch (SearchException e) {
        throw new RuntimeException(e);
    }
}

      Expected Results

      The Count in background thread should be 1.

      Actual Results

      The below exception is thrown in the xxxxxxx.log file:

      [c.atlassian.impl.MyEventListener] Issue event happened. Issue [SD-2], event type [13]
[c.atlassian.impl.MyEventListener] Issues found for query (main thread) [{Customer Request Type = "IT help (SD)"} AND {key = "SD-2"}] and user [null]: 1
[c.atlassian.impl.MyEventListener] Issues found for query (background thread) [{Customer Request Type = "IT help (SD)"} AND {key = "SD-2"}] and user [null]: 0

      Workaround

      • Search using portalkey/requestTypeKey 
        String jqlQuery = "\"Customer Request Type\" = \"sd/getithelp\" ";

          Form Name

            [JSDSERVER-6858] Searching by Customer request type in background thread with override security results in wrong search results

            Marc Dacanay made changes -
            Labels New: ril
            Marc Dacanay made changes -
            Remote Link New: This issue links to "Internal ticket (Web Link)" [ 955196 ]
            SET Analytics Bot made changes -
            UIS Original: 1 New: 0
            SET Analytics Bot made changes -
            UIS Original: 0 New: 1
            SET Analytics Bot made changes -
            UIS Original: 1 New: 0
            SET Analytics Bot made changes -
            UIS Original: 0 New: 1
            SET Analytics Bot made changes -
            UIS Original: 1 New: 0
            SET Analytics Bot made changes -
            UIS New: 1
            Mykhailo Vlasov (Inactive) made changes -
            Remote Link New: This issue links to "JSS-41 (Web Link)" [ 485958 ]
            Kunal Kanojia made changes -
            Description Original: h3. Issue Summary

            Searching by Customer request type in background thread with override security results in wrong search results. 

            I have an issue while running {{searchProvider.searchCountOverrideSecurity(query, null)}}  from my plugin. It is expected to override security restrictions, but it doesn't. Queries that return issues in browser, return nothing if run via API. I also pass {{null}} for user here because I don't want user permissions to be used in the search. How can I run JQL query from my plugin with no any permission restrictions applied?The same is reproducible with {{searchProvider.getHitCount(SearchQuery.create(query, caller))}} . I wrap the search with {{jiraThreadLocalUtil.preCall()/postCall()}}, but it doesn't help to make search ignore permissions of the current user.
            The query is {{"Customer Request Type" = "IT help (SD)" and key=SD-1}}
            h3. Steps to Reproduce

            Running the following event listener will result in wrong count in background thread.
            {noformat}
            @EventListener
            public void onIssueEvent(IssueEvent event) throws Exception {
                Issue issue = event.getIssue();
                log.error("Issue event happened. Issue [{}], event type [{}]", issue, event.getEventTypeId());

                String jqlQuery = "\"Customer Request Type\" = \"IT help (SD)\" ";
                SearchService.ParseResult parseResult = searchService.parseQuery(jiraAuthenticationContext.getLoggedInUser(), jqlQuery);
                Query query = JqlQueryBuilder.newBuilder(parseResult.getQuery())
                        .where()
                        .and()
                        .issue()
                        .eq(issue.getKey())
                        .buildQuery();
                log.error("Issues found for query (main thread) [{}] and user [{}]: {}",
                        query.toString(), null, searchCountOverrideSecurity(query, null));

                executorService.submit(() -> {
                    log.error("Issues found for query (background thread) [{}] and user [{}]: {}",
                            query.toString(), null, searchCountOverrideSecurity(query, null));
                });
            }

            private long searchCountOverrideSecurity(Query query, ApplicationUser user) {
                try {
                    return searchProvider.searchCountOverrideSecurity(query, user);
                } catch (SearchException e) {
                    throw new RuntimeException(e);
                }
            }{noformat}
            h3. Expected Results

            The Count in background thread should be 1.
            h3. Actual Results

            The below exception is thrown in the xxxxxxx.log file:
            {noformat}
            [c.atlassian.impl.MyEventListener] Issue event happened. Issue [SD-2], event type [13]
            [c.atlassian.impl.MyEventListener] Issues found for query (main thread) [{Customer Request Type = "IT help (SD)"} AND {key = "SD-2"}] and user [null]: 1
            [c.atlassian.impl.MyEventListener] Issues found for query (background thread) [{Customer Request Type = "IT help (SD)"} AND {key = "SD-2"}] and user [null]: 0{noformat}

            h3. Workaround

            - Search using portalkey/requestTypeKey
            {code:java}
            String jqlQuery = "\"Customer Request Type\" = \"sd/getithelp\" "; //"portalkey/requesttypekey"
            {code}             		New: h3. Issue Summary

            Searching by Customer request type in background thread with override security results in wrong search results. 

            I have an issue while running {{searchProvider.searchCountOverrideSecurity(query, null)}}  from my plugin. It is expected to override security restrictions, but it doesn't. Queries that return issues in browser, return nothing if run via API. I also pass {{null}} for user here because I don't want user permissions to be used in the search. How can I run JQL query from my plugin with no any permission restrictions applied?The same is reproducible with {{searchProvider.getHitCount(SearchQuery.create(query, caller))}} . I wrap the search with {{jiraThreadLocalUtil.preCall()/postCall()}}, but it doesn't help to make search ignore permissions of the current user.
             The query is {{"Customer Request Type" = "IT help (SD)" and key=SD-1}}
            h3. Steps to Reproduce

            Running the following event listener will result in wrong count in background thread.
            {noformat}
            @EventListener
            public void onIssueEvent(IssueEvent event) throws Exception {
                Issue issue = event.getIssue();
                log.error("Issue event happened. Issue [{}], event type [{}]", issue, event.getEventTypeId());

                String jqlQuery = "\"Customer Request Type\" = \"IT help (SD)\" ";
                SearchService.ParseResult parseResult = searchService.parseQuery(jiraAuthenticationContext.getLoggedInUser(), jqlQuery);
                Query query = JqlQueryBuilder.newBuilder(parseResult.getQuery())
                        .where()
                        .and()
                        .issue()
                        .eq(issue.getKey())
                        .buildQuery();
                log.error("Issues found for query (main thread) [{}] and user [{}]: {}",
                        query.toString(), null, searchCountOverrideSecurity(query, null));

                executorService.submit(() -> {
                    log.error("Issues found for query (background thread) [{}] and user [{}]: {}",
                            query.toString(), null, searchCountOverrideSecurity(query, null));
                });
            }

            private long searchCountOverrideSecurity(Query query, ApplicationUser user) {
                try {
                    return searchProvider.searchCountOverrideSecurity(query, user);
                } catch (SearchException e) {
                    throw new RuntimeException(e);
                }
            }{noformat}
            h3. Expected Results

            The Count in background thread should be 1.
            h3. Actual Results

            The below exception is thrown in the xxxxxxx.log file:
            {noformat}
            [c.atlassian.impl.MyEventListener] Issue event happened. Issue [SD-2], event type [13]
            [c.atlassian.impl.MyEventListener] Issues found for query (main thread) [{Customer Request Type = "IT help (SD)"} AND {key = "SD-2"}] and user [null]: 1
            [c.atlassian.impl.MyEventListener] Issues found for query (background thread) [{Customer Request Type = "IT help (SD)"} AND {key = "SD-2"}] and user [null]: 0{noformat}
            h3. Workaround
             - Search using portalkey/requestTypeKey
            {code:java}
            String jqlQuery = "\"Customer Request Type\" = \"sd/getithelp\" ";
            {code}

              Unassigned Unassigned
              kkanojia Kunal Kanojia
              Affected customers:
              6 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated: