Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-6858

Searching by Customer request type in background thread with override security results in wrong search results

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Low Low
    • None
    • 3.16.0
    • Create Request

      Issue Summary

      Searching by Customer request type in background thread with override security results in wrong search results. 

      I have an issue while running searchProvider.searchCountOverrideSecurity(query, null)  from my plugin. It is expected to override security restrictions, but it doesn't. Queries that return issues in browser, return nothing if run via API. I also pass null for user here because I don't want user permissions to be used in the search. How can I run JQL query from my plugin with no any permission restrictions applied?The same is reproducible with searchProvider.getHitCount(SearchQuery.create(query, caller)) . I wrap the search with jiraThreadLocalUtil.preCall()/postCall(), but it doesn't help to make search ignore permissions of the current user.
      The query is "Customer Request Type" = "IT help (SD)" and key=SD-1

      Steps to Reproduce

      Running the following event listener will result in wrong count in background thread.

      @EventListener
public void onIssueEvent(IssueEvent event) throws Exception {
    Issue issue = event.getIssue();
    log.error("Issue event happened. Issue [{}], event type [{}]", issue, event.getEventTypeId());

    String jqlQuery = "\"Customer Request Type\" = \"IT help (SD)\" ";
    SearchService.ParseResult parseResult = searchService.parseQuery(jiraAuthenticationContext.getLoggedInUser(), jqlQuery);
    Query query = JqlQueryBuilder.newBuilder(parseResult.getQuery())
            .where()
            .and()
            .issue()
            .eq(issue.getKey())
            .buildQuery();
    log.error("Issues found for query (main thread) [{}] and user [{}]: {}",
            query.toString(), null, searchCountOverrideSecurity(query, null));

    executorService.submit(() -> {
        log.error("Issues found for query (background thread) [{}] and user [{}]: {}",
                query.toString(), null, searchCountOverrideSecurity(query, null));
    });
}

private long searchCountOverrideSecurity(Query query, ApplicationUser user) {
    try {
        return searchProvider.searchCountOverrideSecurity(query, user);
    } catch (SearchException e) {
        throw new RuntimeException(e);
    }
}

      Expected Results

      The Count in background thread should be 1.

      Actual Results

      The below exception is thrown in the xxxxxxx.log file:

      [c.atlassian.impl.MyEventListener] Issue event happened. Issue [SD-2], event type [13]
[c.atlassian.impl.MyEventListener] Issues found for query (main thread) [{Customer Request Type = "IT help (SD)"} AND {key = "SD-2"}] and user [null]: 1
[c.atlassian.impl.MyEventListener] Issues found for query (background thread) [{Customer Request Type = "IT help (SD)"} AND {key = "SD-2"}] and user [null]: 0

      Workaround

      • Search using portalkey/requestTypeKey 
        String jqlQuery = "\"Customer Request Type\" = \"sd/getithelp\" ";

          Form Name

            [JSDSERVER-6858] Searching by Customer request type in background thread with override security results in wrong search results

            No work has yet been logged on this issue.

              Unassigned Unassigned
              kkanojia Kunal Kanojia
              Affected customers:
              6 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated: