-
Bug
-
Resolution: Fixed
-
Low
-
4.15.0
-
None
-
Severity 3 - Minor
-
Issue Summary
Jira service management provides CustomerContextService to run a request as a customer. Insight java API's dont respect customer permission settings when invoked in customer context.
Steps to Reproduce
- Create a new object schema and enable it for customer access.
- Invoke Insight API to get object bean in a customer context `objectFacade.getObjectBeanByObjectId(id)` .
Expected Results
Correct object is returned
Actual Results
PermissionInsightException is thrown instead. Sample log -
2020-12-08 16:30:30,825+0100 http-nio-8812-exec-11 ERROR abbey 990x754x1 bgx4ld 0:0:0:0:0:0:0:1 /rest/jsdaction/1.0/jsdaction/validtransition [c.i.j.p.actions.rest.InsightFieldsUtils] Could not load Insight object com.riadalabs.jira.plugins.insight.common.exception.PermissionInsightException: PermissionInsightException: User JIRAUSER10800 didn't have correct permission (view) for object: 24 at com.riadalabs.jira.plugins.insight.services.permission.DefaultInsightPermissionsChecker.checkPermission(DefaultInsightPermissionsChecker.java:79) at com.riadalabs.jira.plugins.insight.services.permission.DefaultInsightPermissionsChecker.checkObjectViewPermission(DefaultInsightPermissionsChecker.java:124) at com.riadalabs.jira.plugins.insight.services.core.ObjectServiceImpl.loadObject(ObjectServiceImpl.java:1304) at com.riadalabs.jira.plugins.insight.channel.external.api.facade.impl.ObjectFacadeImpl.loadObjectBean(ObjectFacadeImpl.java:155)
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
- is resolved by
-
![[JIRA Server (Bulldog)] Story - Created by Jira Software - do not edit or delete. Issue type for a user story.](https://bulldog.internal.atlassian.com/images/icons/issuetypes/story.svg "[JIRA Server (Bulldog)] Story - Created by Jira Software - do not edit or delete. Issue type for a user story.")
JSMDC-10409
You do not have permission to view this issue
[JSDSERVER-8488] Insight Java APIs dont respect customer permisisons
| Remote Link | Original: This issue links to "JSDS-10409 (Bulldog)" [ 569951 ] | New: This issue links to "JSMDC-10409 (JIRA Server (Bulldog))" [ 569951 ] |
| Remote Link | Original: This issue links to "Page (Confluence)" [ 568446 ] |
| Fix Version/s | New: Insight 8.8.2 [ 97719 ] |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Waiting for Release [ 12075 ] | New: Closed [ 6 ] |
| Fix Version/s | New: Insight 8.8.0 [ 97710 ] |
| Description |
Original:
h3. Issue Summary
Jira service management provides CustomerContextService to run a request as a customer. Insight java API's dont respect customer permission settings when invoked in customer context. h3. Steps to Reproduce # Create a new object schema and enable it for customer access. # Invoke Insight API to get objeect bean in a customer context `objectFacade.getObjectBeanByObjectId(id)` . h3. Expected Results Correct object is returned h3. Actual Results PermissionInsightException is thrown instead. Sample log - {noformat} 2020-12-08 16:30:30,825+0100 http-nio-8812-exec-11 ERROR abbey 990x754x1 bgx4ld 0:0:0:0:0:0:0:1 /rest/jsdaction/1.0/jsdaction/validtransition [c.i.j.p.actions.rest.InsightFieldsUtils] Could not load Insight object com.riadalabs.jira.plugins.insight.common.exception.PermissionInsightException: PermissionInsightException: User JIRAUSER10800 didn't have correct permission (view) for object: 24 at com.riadalabs.jira.plugins.insight.services.permission.DefaultInsightPermissionsChecker.checkPermission(DefaultInsightPermissionsChecker.java:79) at com.riadalabs.jira.plugins.insight.services.permission.DefaultInsightPermissionsChecker.checkObjectViewPermission(DefaultInsightPermissionsChecker.java:124) at com.riadalabs.jira.plugins.insight.services.core.ObjectServiceImpl.loadObject(ObjectServiceImpl.java:1304) at com.riadalabs.jira.plugins.insight.channel.external.api.facade.impl.ObjectFacadeImpl.loadObjectBean(ObjectFacadeImpl.java:155) {noformat} h3. Workaround Currently there is no known workaround for this behavior. A workaround will be added here when available |
New:
h3. Issue Summary
Jira service management provides CustomerContextService to run a request as a customer. Insight java API's dont respect customer permission settings when invoked in customer context. h3. Steps to Reproduce # Create a new object schema and enable it for customer access. # Invoke Insight API to get object bean in a customer context `objectFacade.getObjectBeanByObjectId(id)` . h3. Expected Results Correct object is returned h3. Actual Results PermissionInsightException is thrown instead. Sample log - {noformat} 2020-12-08 16:30:30,825+0100 http-nio-8812-exec-11 ERROR abbey 990x754x1 bgx4ld 0:0:0:0:0:0:0:1 /rest/jsdaction/1.0/jsdaction/validtransition [c.i.j.p.actions.rest.InsightFieldsUtils] Could not load Insight object com.riadalabs.jira.plugins.insight.common.exception.PermissionInsightException: PermissionInsightException: User JIRAUSER10800 didn't have correct permission (view) for object: 24 at com.riadalabs.jira.plugins.insight.services.permission.DefaultInsightPermissionsChecker.checkPermission(DefaultInsightPermissionsChecker.java:79) at com.riadalabs.jira.plugins.insight.services.permission.DefaultInsightPermissionsChecker.checkObjectViewPermission(DefaultInsightPermissionsChecker.java:124) at com.riadalabs.jira.plugins.insight.services.core.ObjectServiceImpl.loadObject(ObjectServiceImpl.java:1304) at com.riadalabs.jira.plugins.insight.channel.external.api.facade.impl.ObjectFacadeImpl.loadObjectBean(ObjectFacadeImpl.java:155) {noformat} h3. Workaround Currently there is no known workaround for this behavior. A workaround will be added here when available |
| Fix Version/s | New: 4.19.0 [ 96190 ] |
| Status | Original: In Progress [ 3 ] | New: Waiting for Release [ 12075 ] |
| Status | Original: Needs Triage [ 10030 ] | New: In Progress [ 3 ] |
Has the same issue been resolved?