App Scope and rest api.asApp / asUser to read user property

Hi, I’m developing a plugin with atlassian forge.
I call the jira cloud rest api to retrive an user property ( which I have set with rest api)
It works fine if I use api.asUser() with an user which is site-admin but it don’t work with basic users (it’s a permission problem).
I used this scopes in my app

  • read:jira-user
  • read:jira-work
  • write:jira-work
  • manage:jira-configuration
    I tried to set the scope manage:jira-configuration and use api.asApp() but don’t works.
    How I can make a call to get the user property when the app is used by a basic user?
    Thank you very much
1 Like

Hi @FedericoSpagocci ,

Can you explain the conditions under which the API call is being made. For example, is it in response to a user interaction in a custom UI or UI kit user experience?

Regards,
Dugald

Hi @dmorrow, thank you for your reply.
The app is developed with with Atlassian Forge UI Kit and for the call I use @Forge/api.
I call the get user properties jira cloud api and show it in a jira issue panel
It works fine with user which is site-admin/org admin but with basic user get forbidden 403

https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-user-properties/#api-rest-api-3-user-properties-propertykey-get

Hi @FedericoSpagocci ,

When user first visited the app, they should have been presented with a button prompting the user to grant the app permission for the scopes it requests. Prior to this, I believe you need to visit the app in the developer console (https://developer.atlassian.com/console/myapps) and transition its distribution status to Sharing by completing some details. Here’s a couple of code snippets for an app that I created today to investigate this issue and it works for a regular user (who is not the author of the app):

modules:
  jira:issuePanel:
    - key: forge-get-user-properties-hello-world-panel
      function: main
      title: forge-get-user-properties
      icon: https://developer.atlassian.com/platform/forge/images/icons/issue-panel-icon.svg
  function:
    - key: main
      handler: index.run
permissions:
  scopes:
    - 'read:jira-user'
app:
  id: ari:cloud:ecosystem::app/xxx
import ForgeUI, { render, Fragment, Text, IssuePanel, useAction } from '@forge/ui';
import api, { route } from '@forge/api';


const App = () => {

  const getData = async () => {
    const data = await api.asUser().requestJira(route`/rest/api/3/user/properties/navigation_next_ui_state?accountId=xxx`);
    return await data.json();
  }

  const [data] = useAction(value => value, async () => await getData());

  const message = data ? JSON.stringify(data, null, 2) : 'NOT FOUND';
  return (
    <Fragment>
      <Text>{message}</Text>
    </Fragment>
  );
};

export const run = render(
  <IssuePanel>
    <App />
  </IssuePanel>
);

Regards,
Dugald

1 Like

Hi @dmorrow, thank you very much for your reply.
Sorry for the delay of the reply but I’m very busy at work.

When user first visited the app, they should have been presented with a button prompting the user to grant the app permission for the scopes it requests. Prior to this, I believe you need to visit the app in the developer console (https://developer.atlassian.com/console/myapps) and transition its distribution status to Sharing by completing some details

Yes i have already done that

I have make some test also with your code and I found the same issue.
If I read the property of a different user with a site admin account the code works example: federico (site admin) read frederik property
if I read the property of the same user logged it works frederik(basic user) read Frederik property
But If drake (basic user) read frederik/federico property it don’t work.
(you need to log directly in jira with different users account if you do log as user option in jira the code work)

I tried to use asAPP() instead of asUser() but nothing change

Thank you for your support