Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-25317

Users with read-only permissions in Advanced Roadmaps can still access Plan configuration

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • 10.0.0
    • 8.20.0, 9.0.0, 9.12.4, 9.12.5, 9.13.0, 9.13.1, 9.14.0, 9.14.1
    • (Advanced Roadmaps) Permissions
    • None
    • 8.2
    • 1
    • Severity 2 - Major
    • 0
    • Hide
      Atlassian Update – 29 March 2024

      Dear Customers,

      Thank you for taking the time to file and comment on this issue. Feedback like yours helps us release valuable Jira features that solve problems for a greater customer base. To that end, we aim to keep our issues up-to-date so they accurately reflect current customer needs. Based on the impact, we’ve decided to move this issue to our short-term backlog.

      Please continue watching this ticket for future updates and changes in the timeline that impacts your work.

      Best regards

      Daniel Dudziak
      Senior Software Engineer

      Show
      Atlassian Update – 29 March 2024 Dear Customers, Thank you for taking the time to file and comment on this issue. Feedback like yours helps us release valuable Jira features that solve problems for a greater customer base. To that end, we aim to keep our issues up-to-date so they accurately reflect current customer needs. Based on the impact, we’ve decided to move this issue to our short-term backlog. Please continue watching this ticket for future updates and changes in the timeline that impacts your work. Best regards Daniel Dudziak Senior Software Engineer

      Issue Summary

      This is reproducible on Data Center: yes

      Steps to Reproduce

      1. Go to the 'Cog(on the right top corner) > Manage apps>Advance Roadmaps permissions'.
      2. Add one group to 'Advanced Roadmaps viewer'
      3. Login with the user who is a part of the group from Step 2.
      4. Open a plan
      5. Click the 'Cog ' next to the plan title and go to the Plan Configuration Page 

      Expected Results

      The user with only view permission should not be allowed to access the plan setting page. The 'cog' icon should only include the "Get started" and "Get help" items.  

      Actual Results

      The user with only view permission can access the plan setting page and make some configuration changes but cannot save these changes. 
      While trying to save these changes or accessing other options or going back to plan the page is stuck at loading and no error is thrown. An HTTP 401 Unauthorized error is captured on HAR and console log.

      Workaround

      No workaround. 

        1. Screenshot 2024-03-20 at 6.52.19 PM.png
          Screenshot 2024-03-20 at 6.52.19 PM.png
          189 kB
        2. Screenshot 2024-03-20 at 6.55.32 PM.png
          Screenshot 2024-03-20 at 6.55.32 PM.png
          124 kB

              drauf Daniel Rauf
              dzhang Dan Zhang
              Votes:
              3 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: