Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-8488

Insight Java APIs dont respect customer permisisons

XMLWordPrintable

      Issue Summary

      Jira service management provides CustomerContextService to run a request as a customer. Insight java API's dont respect customer permission settings when invoked in customer context.

      Steps to Reproduce

      1. Create a new object schema and enable it for customer access.
      2. Invoke Insight API to get object bean in a customer context `objectFacade.getObjectBeanByObjectId(id)` .

      Expected Results

      Correct object is returned

      Actual Results

      PermissionInsightException is thrown instead. Sample log - 

      2020-12-08 16:30:30,825+0100 http-nio-8812-exec-11 ERROR abbey 990x754x1 bgx4ld 0:0:0:0:0:0:0:1 /rest/jsdaction/1.0/jsdaction/validtransition [c.i.j.p.actions.rest.InsightFieldsUtils] Could not load Insight object com.riadalabs.jira.plugins.insight.common.exception.PermissionInsightException: PermissionInsightException: User JIRAUSER10800 didn't have correct permission (view) for object: 24 at com.riadalabs.jira.plugins.insight.services.permission.DefaultInsightPermissionsChecker.checkPermission(DefaultInsightPermissionsChecker.java:79) at com.riadalabs.jira.plugins.insight.services.permission.DefaultInsightPermissionsChecker.checkObjectViewPermission(DefaultInsightPermissionsChecker.java:124) at com.riadalabs.jira.plugins.insight.services.core.ObjectServiceImpl.loadObject(ObjectServiceImpl.java:1304) at com.riadalabs.jira.plugins.insight.channel.external.api.facade.impl.ObjectFacadeImpl.loadObjectBean(ObjectFacadeImpl.java:155)
      

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

            kkanojia Kunal Kanojia
            kkanojia Kunal Kanojia
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: