-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Medium
-
None
-
Affects Version/s: 8.20.2, 8.22.1
-
Component/s: Sprint
-
None
-
8.2
-
1
-
Severity 2 - Major
Issue Summary
This is reproducible on Data Center: 
When a user attempts to perform a JQL search on the Sprint field, searching both for either openSprints()/closedSprints(), and a specific sprint, they encounter a permissions error for sprints not in scope of their search.
For example, any of the following may induce the permissions error:
- sprint in (openSprints(), 6)
- sprint in (closedSprints(), 6)
- sprint not in (openSprints(), 6)
- sprint not in (closedSprints(), 6)
The error appears as follows:
Sprint with id # does not exist or you do not have permission to view it.
The error will not appear unless there is at least one function (openSprints(), closedSprints()) along with at least one specific sprint. Using both functions together, and without a specific sprint, does not induce the issue.
Steps to Reproduce
- Create a new test user (Test)
- Create a new Software Project and Board (ProjA)
- Configure ProjA such that Test may access the project and it's issues
- Create a new Software Project and Board (ProjB)
- Configure ProjB such that Test may not access the project and it's issues
- In both ProjA and ProjB, create a new Sprint, add a new Issue, and start that Sprint.
- As Test, attempt to run the following JQL, replacing 1 with the specific sprint from ProjA:
sprint in (openSprints(), 1)
Expected Results
The JQL only runs in the contexts of the projects that Test has permissions to browse.
Actual Results
An error is thrown because Test does not have access to the sprint in ProjB, which it does not have project permissions to and should not be in the scope of the search.
Workaround
The error is avoided if the JQL is broken up, such as:
sprint in (openSprints()) and sprint in (6)
