Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-14507

Activity Stream in JIRA for Bitbucket/Github commits should only show commits of relevant issues

XMLWordPrintable

    • 0
    • 1
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      The Activity Stream in JIRA is at the moment showing information regarding all commit messages.

      Users without access to projects mentioned on the Commit Messages still see the messages and are provided links to pages were they don't have access to.

      This is a Privacy concern on instances with Restricted Projects.
      On instances with a lot of dev activity, this generates unnecessary noise on the Dashboard.

      Activity Stream should be restricted to the user visibility according to permissions. Commits from issues without access should be discarded.

            [JSWSERVER-14507] Activity Stream in JIRA for Bitbucket/Github commits should only show commits of relevant issues

            Chelsea Chase added a comment -

            This is affecting our users as well - is there any workaround? We are trying to filter an activity log by project category but all commits from GitHub are showing up. Users who don't have permissions to view those repositories still see the commit message, but the user photo is broken and the links cannot be viewed. Due to federal security requirements, we may have to remove this gadget altogether as it's a security vulnerability. If we do not have to remove it, we would at least like the option to remove commit messages from the filter. There is already an "Activity" filter to remove certain entries - but commits aren't listed as one of the options.

            Chelsea Chase added a comment - This is affecting our users as well - is there any workaround? We are trying to filter an activity log by project category but all commits from GitHub are showing up. Users who don't have permissions to view those repositories still see the commit message, but the user photo is broken and the links cannot be viewed. Due to federal security requirements, we may have to remove this gadget altogether as it's a security vulnerability. If we do not have to remove it, we would at least like the option to remove commit messages from the filter. There is already an "Activity" filter to remove certain entries - but commits aren't listed as one of the options.

            Anton Genkin (Inactive) added a comment -

            barth thank you bringing up this issue. We acknowledge that DVCS Connector and Jira has issues with implementation of permissions that might lead to undesirable effects like the one you mentioned. This problem is certainly on our radar, but as in the last 3 years it didn't get much interest from customers we assume that the impact and severity isn't high enough to prioritise it over other important projects. It doesn't mean that we won't ever tackle this problem, but it is just not one of our top priorities at the moment.

            Anton Genkin (Inactive) added a comment - barth thank you bringing up this issue. We acknowledge that DVCS Connector and Jira has issues with implementation of permissions that might lead to undesirable effects like the one you mentioned. This problem is certainly on our radar, but as in the last 3 years it didn't get much interest from customers we assume that the impact and severity isn't high enough to prioritise it over other important projects. It doesn't mean that we won't ever tackle this problem, but it is just not one of our top priorities at the moment.

            BarthélémyH added a comment -

            so, 6 times 6 months later, any news ?

            It makes the activity stream unusable due to projects with very large activity in the github repo.

            This is not only a clear bug, it is also a security concern.

            BarthélémyH added a comment - so, 6 times 6 months later, any news ? It makes the activity stream unusable due to projects with very large activity in the github repo. This is not only a clear bug, it is also a security concern.

            Benjamin Morgan (Inactive) added a comment -

            This occurs because the commits are synced to JIRA and Bitbucket permissions are not applied.

            This is on our roadmap to investigate in the next six months.

            Thanks for raising this issue.

            Benjamin Morgan (Inactive) added a comment - This occurs because the commits are synced to JIRA and Bitbucket permissions are not applied. This is on our roadmap to investigate in the next six months. Thanks for raising this issue.

              Unassigned Unassigned
              mfernandezbadii Mauro Badii (Inactive)
              Votes:
              6 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: