-
Bug
-
Resolution: Duplicate
-
Low
-
None
-
8.13.1
-
None
-
8.13
-
7
-
Severity 2 - Major
-
20
-
Problem
Cloning Story without Edit Permission on Epic Link (Epic Issue) causes workflow inconsistency on the Cloned issue even though the entire clone operation should fail.
Environment
8.13.x
Steps to Reproduce
- Add issue security level to restrict Epic issue types to Administrators project role:
- Restrict Edit Issue permissions to Administrators only (to allow the non-admin user to only be able to clone Stories)
- Add the Security level on the Epic Issue to restrict to only admin users:
- Verify test user "user1" doesn't have edit issue permission on the Story (ABCD-12) and is restricted on the Epic issue (ABCD-11) due to Issue Security scheme:
and 
- Try to Clone the Story (ABCD-12)
- Error on UI: admin.errors.exception com.atlassian.jira.exception.CreateException: com.atlassian.jira.workflow.WorkflowException: You do not have permission to edit the following issues: ABCD-11, ABCD-14.
- Error in atlassian-jira.log:
2021-03-04 16:40:12,079+0000 JiraTaskExecutionThread-3 ERROR user1 1000x1006x1 d789vb 172.29.213.55 /secure/CloneIssueDetails.jspa [c.a.j.bc.issue.DefaultIssueService] com.atlassian.jira.workflow.WorkflowException: You do not have permission to edit the following issues: ABCD-11, ABCD-14. com.atlassian.jira.exception.CreateException: com.atlassian.jira.workflow.WorkflowException: You do not have permission to edit the following issues: ABCD-11, ABCD-14. at com.atlassian.jira.issue.managers.DefaultIssueManager.createIssue(DefaultIssueManager.java:522) at com.atlassian.jira.issue.managers.DefaultIssueManager.createIssueObject(DefaultIssueManager.java:616) at com.atlassian.jira.issue.managers.RequestCachingIssueManager.createIssueObject(RequestCachingIssueManager.java:212) at com.atlassian.jira.bc.issue.CloneIssueCommand.call(CloneIssueCommand.java:133) at com.atlassian.jira.bc.issue.CloneIssueCommand.call(CloneIssueCommand.java:61) at com.atlassian.jira.task.TaskManagerImpl$TaskCallableDecorator.call(TaskManagerImpl.java:533) at com.atlassian.jira.task.TaskManagerImpl$TaskCallableDecorator.call(TaskManagerImpl.java:491) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at com.atlassian.jira.task.ForkedThreadExecutor$ForkedRunnableDecorator.run(ForkedThreadExecutor.java:216) at java.lang.Thread.run(Thread.java:748) Caused by: com.atlassian.jira.workflow.WorkflowException: You do not have permission to edit the following issues: ABCD-11, ABCD-14. at com.atlassian.jira.workflow.OSWorkflowManager.createIssue(OSWorkflowManager.java:780) at com.atlassian.jira.issue.managers.DefaultIssueManager.createIssue(DefaultIssueManager.java:513) ... 11 more Caused by: java.lang.RuntimeException: You do not have permission to edit the following issues: ABCD-11, ABCD-14. at com.atlassian.greenhopper.customfield.epiclink.EpicLinkCFType.ensureEpicAssignment(EpicLinkCFType.java:728) at com.atlassian.greenhopper.customfield.epiclink.EpicLinkCFType.createValue(EpicLinkCFType.java:56) at com.atlassian.jira.issue.fields.ImmutableCustomField.createValue(ImmutableCustomField.java:693) at com.atlassian.jira.workflow.function.issue.IssueCreateFunction.execute(IssueCreateFunction.java:84) at com.opensymphony.workflow.AbstractWorkflow.executeFunction(AbstractWorkflow.java:1014) at com.opensymphony.workflow.AbstractWorkflow.transitionWorkflow(AbstractWorkflow.java:1407) at com.opensymphony.workflow.AbstractWorkflow.initialize(AbstractWorkflow.java:606) at com.atlassian.jira.workflow.OSWorkflowManager.createIssue(OSWorkflowManager.java:754) ... 12 more
Expected Results
Since the user cloning the Story doesn't have appropriate edit permission on the Epic Link (Epic issue) the entire operation should fail.
Alternatively, Jira should:
- Throw clearer error message with something like e.g., "Failed to clone <EPIC LINK> due to insufficient permission on linked epic"
- NOT create workflow inconsistency on the cloned issue
Actual Results
The incorrectly-cloned-issue (ABCD-14) is still created and no workflow transitions available:
- Error on UI: admin.errors.exception com.atlassian.jira.exception.CreateException: com.atlassian.jira.workflow.WorkflowException: You do not have permission to edit the following issues: ABCD-11, ABCD-14.
- Error in atlassian-jira.log:
2021-03-04 16:40:12,079+0000 JiraTaskExecutionThread-3 ERROR user1 1000x1006x1 d789vb 172.29.213.55 /secure/CloneIssueDetails.jspa [c.a.j.bc.issue.DefaultIssueService] com.atlassian.jira.workflow.WorkflowException: You do not have permission to edit the following issues: ABCD-11, ABCD-14. com.atlassian.jira.exception.CreateException: com.atlassian.jira.workflow.WorkflowException: You do not have permission to edit the following issues: ABCD-11, ABCD-14. at com.atlassian.jira.issue.managers.DefaultIssueManager.createIssue(DefaultIssueManager.java:522) at com.atlassian.jira.issue.managers.DefaultIssueManager.createIssueObject(DefaultIssueManager.java:616) at com.atlassian.jira.issue.managers.RequestCachingIssueManager.createIssueObject(RequestCachingIssueManager.java:212) at com.atlassian.jira.bc.issue.CloneIssueCommand.call(CloneIssueCommand.java:133) at com.atlassian.jira.bc.issue.CloneIssueCommand.call(CloneIssueCommand.java:61) at com.atlassian.jira.task.TaskManagerImpl$TaskCallableDecorator.call(TaskManagerImpl.java:533) at com.atlassian.jira.task.TaskManagerImpl$TaskCallableDecorator.call(TaskManagerImpl.java:491) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at com.atlassian.jira.task.ForkedThreadExecutor$ForkedRunnableDecorator.run(ForkedThreadExecutor.java:216) at java.lang.Thread.run(Thread.java:748) Caused by: com.atlassian.jira.workflow.WorkflowException: You do not have permission to edit the following issues: ABCD-11, ABCD-14. at com.atlassian.jira.workflow.OSWorkflowManager.createIssue(OSWorkflowManager.java:780) at com.atlassian.jira.issue.managers.DefaultIssueManager.createIssue(DefaultIssueManager.java:513) ... 11 more Caused by: java.lang.RuntimeException: You do not have permission to edit the following issues: ABCD-11, ABCD-14. at com.atlassian.greenhopper.customfield.epiclink.EpicLinkCFType.ensureEpicAssignment(EpicLinkCFType.java:728) at com.atlassian.greenhopper.customfield.epiclink.EpicLinkCFType.createValue(EpicLinkCFType.java:56) at com.atlassian.jira.issue.fields.ImmutableCustomField.createValue(ImmutableCustomField.java:693) at com.atlassian.jira.workflow.function.issue.IssueCreateFunction.execute(IssueCreateFunction.java:84) at com.opensymphony.workflow.AbstractWorkflow.executeFunction(AbstractWorkflow.java:1014) at com.opensymphony.workflow.AbstractWorkflow.transitionWorkflow(AbstractWorkflow.java:1407) at com.opensymphony.workflow.AbstractWorkflow.initialize(AbstractWorkflow.java:606) at com.atlassian.jira.workflow.OSWorkflowManager.createIssue(OSWorkflowManager.java:754) ... 12 more
Workaround
Without changing the permissions:
- Through DB:
- Identify cloned issue's workflow integrity:
SELECT jiraissue.id issue_id, jiraissue.workflow_id, os_wfentry.* FROM jiraissue JOIN os_wfentry ON jiraissue.workflow_id = os_wfentry.id WHERE os_wfentry.state IS NULL OR os_wfentry.state = 0 AND jiraissue.id = <CLONED_ISSUE_ID>;
- UPDATE if state is 0 with:
UPDATE os_wfentry SET state = 1 WHERE id = <CLONED_ISSUE_ID>;
OR
- Identify cloned issue's workflow integrity:
- DB Integrity checker for workflow intergrity and Fix all the errors
OR - Change the issue type of the Clone issue to something else and then change it back to previous issuetype (only works if multiple issue types share the same workflow)
OR - Move the issue to a different Project and move it back to previously intended project
Change Permissions:
- Allow the users with "Edit issue" permission
OR - Remove "Create issue" permission for the group of users who shouldn't clone Stories
Notes
- is duplicated by
-
-
- Closed
-
-
-
- Closed
-