-
Bug
-
Resolution: Unresolved
-
Medium (View bug fix roadmap)
-
None
-
7.2.3
-
7.02
-
16
-
Severity 2 - Major
-
11
-
Summary
Whenever a workflow has a condition based on an application link (e.g. Code Committed Condition, No Open Reviews Condition, Unreviewed Code Condition), the condition will be bypassed if the user is not currently authenticated to the other application
Steps to Reproduce
- Add a condition to verify another application to a transition
- Make sure the user attempting the workflow transition is not connected to the other application
Expected Results
Transition is not available as it cannot confirm the condition passes
Actual Results
Transition is available and transitions without problems.
The following is logged
2015-07-08 15:34:15,819 http-bio-8080-exec-13 ERROR petry 934x4530x1 4becn9 192.168.10.136 /browse/TC-1 [domain.workflow.condition.ReviewsCompleteCondition] Error retrieving reviews for ReviewsCompleteCondition (TC-1). Enable logging for the FishEye plugin for more detail.
- was cloned as
-
-
- Closed
-
-
-
- Gathering Impact
-
- mentioned in
-
![[Extranet] Page](/images/icons/generic_link_16.png "[Extranet] Page")
Page
Failed to load
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[JSWSERVER-13926] Fisheye Plugin Workflow Conditions based on applink bypassed when user is not authenticated to other application
Hi,
It's been almost 2 years since the last update of this bug and I believe this bug priority must be a BLOCKER. Here's why:
- We are enforcing code work and code review and no JIRA ticket with code changes must continue for closing when the related code review is closed for that change.
- What I am reading from the support team and from this ticket is that Fisheye/Crucible workflow conditions are skipped when JIRA users with Fisheye account are not logged in Fisheye. What about those JIRA users who don't have Fisheye account? Are code enforcement not valid for them? Or they are able to break such enforcement regardless of the transition conditions explicitly mentioned.
- My current Application Link Type is OAuth with impersonation
Please, fix this as soon as possible. Otherwise,non-Fisheye JIRA users will discover this hole and exploit it and me as an Atlassian Admin, won't be able to mitigate.
Hi pboev291022425,
Thanks for showing your interest in this fix.
Unfortunately, this is currently not in our short-term backlog as we are currently working through higher priority issues in other areas of JIRA.
Having said that it is still an issue we would like to address in the long term, as it gathers more votes and interest from other customers. Could you please add your vote to this?
Please also do watch the issue, I will update it as soon as more information is available on it.
Ignat,
JIRA Bugmaster.
When can we expect this to be fixed?
Or is there some workaround?
We have teams with strict business processes, where certain transitions (for example resolving issues) must not be available if there are open code reviews.
With this condition being bypassed for some users (that are not authenticated) we may end up with resolved issue, that still has open code reviews.
We are being audited regularly for our quality management processes and if auditors find that we are resolving issues with open code reviews (while our process documentation states that this must not happen) they will conclude that we are not properly monitoring the application of our own processes.
We try to incorporate such business process conditions into our workflows, to minimize the chance for human errors and build the process into the system.
But with such "random" bypassing of workflow conditions we won't comply to our own processes.
Michael Enright
added a comment - Also happens in 7.0.2 Hey malmeida,
From another case, we found out all these conditions are in the Fisheye Plugin, so this needs be looked at by the FishEye team.
Cheers,
Os.
For Jira 7.13 version same error.