-
Bug
-
Resolution: Fixed
-
Low
-
4.15.0
-
None
-
Severity 3 - Minor
-
Issue Summary
Jira service management provides CustomerContextService to run a request as a customer. Insight java API's dont respect customer permission settings when invoked in customer context.
Steps to Reproduce
- Create a new object schema and enable it for customer access.
- Invoke Insight API to get object bean in a customer context `objectFacade.getObjectBeanByObjectId(id)` .
Expected Results
Correct object is returned
Actual Results
PermissionInsightException is thrown instead. Sample log -
2020-12-08 16:30:30,825+0100 http-nio-8812-exec-11 ERROR abbey 990x754x1 bgx4ld 0:0:0:0:0:0:0:1 /rest/jsdaction/1.0/jsdaction/validtransition [c.i.j.p.actions.rest.InsightFieldsUtils] Could not load Insight object com.riadalabs.jira.plugins.insight.common.exception.PermissionInsightException: PermissionInsightException: User JIRAUSER10800 didn't have correct permission (view) for object: 24 at com.riadalabs.jira.plugins.insight.services.permission.DefaultInsightPermissionsChecker.checkPermission(DefaultInsightPermissionsChecker.java:79) at com.riadalabs.jira.plugins.insight.services.permission.DefaultInsightPermissionsChecker.checkObjectViewPermission(DefaultInsightPermissionsChecker.java:124) at com.riadalabs.jira.plugins.insight.services.core.ObjectServiceImpl.loadObject(ObjectServiceImpl.java:1304) at com.riadalabs.jira.plugins.insight.channel.external.api.facade.impl.ObjectFacadeImpl.loadObjectBean(ObjectFacadeImpl.java:155)
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
- is resolved by
-
JSMDC-10409 Loading...