Details
-
Bug
-
Resolution: Fixed
-
High
-
None
-
None
-
4
-
Severity 2 - Major
Description
Issue Summary
When migrating with Confluence Cloud Migration Assistant, app users are not added to the Space so apps are unable to make REST calls via Connect to access content. App users are added to the default groups, but these groups might not be added to the Space post-migration.
This is caused by the app not having permission in the Space post-migration. This is similar to MIG-303, however that relates to Custom Content and Restricted Pages.
Each app in Confluence Cloud has a dedicated user. After installing an app in Cloud, you can see the app user by going to a Space -> Space Settings -> Space Permissions, and under Individual Users you will see a user for each installed app. This user is also added to the default group, but this is not visible in the UI.
On migrated Spaces, the app user does not appear under Individual Users. Also, the Space does not have a default group applied.
This is the Individual Users of a Space migrated with CCMA
This is the Individual Users of a Space created in Cloud, you can see the app user com-atlassian-devhelp-jrichards has been added automatically.
Steps to Reproduce
- Provision a new Cloud site
- Create a new Space in server with default permissions, and create a page in the space
- Migrate the Space to the new Cloud site
- For a Connect app with Scope READ, access the REST endpoint
GET /wiki/rest/api/content/<id>
authenticated as the add on for any content id that was in the migration.
Expected Results
The content is returned in a JSON blob
{"id":"6160385","type":"page","status":"current","title":"Test page", ...
Actual Results
A HTTP 403 is returned
403 Forbidden: [
{
"statusCode": 403,
"data": {
"authorized": false,
"valid": false,
"errors": [
{
"message": {
"key": "confluence.space.restricted",
"translation": "Space is restricted",
"args": []
}
}
],
"successful": false
},
"message": "com.atlassian.confluence.api.service.exceptions.PermissionException: Space is restricted"
}
]
Workaround
After the Space is migrated, uninstall and re-install the app. Access the same REST endpoints for the same contentIds. The content should return as expected.
Another workaround is to add the app user to as an Individual user to the Space. This is the same as Spaces created in Cloud.
Attachments
Issue Links
- is related to
-
CONFCLOUD-69755 Explanation of Confluence Connect app user permissions
- Gathering Interest
-
- Gathering Interest
-
ECORSK-55 Loading...
- relates to
-
-
- Closed
-
-
-
-
- blocks
-
- depends on
-
- mentioned in
-
-
-
-
-
-
-
-
-
-
-