Hi there,
I’m currently developing an app in Forge that listens for comment events, and facing a problem that if the comment is marked as restricted visibility to a project role or group the event is not received by the app.
It looks like the app doesn’t have permissions to the comment.
Has anyone had this happen to them?
How could I fix it?
Any ideas would be welcome.
Thanks a lot
Hi @carlosmoran,
This is the expected behavior i.e., if the app does not have the necessary permission or rights to a specific resource, in this case a comment, then the event will not be received by the app.
A viable path to success is to ask your administrator to grant your app access to the project or content by adding it to the group that has the necessary permissions and visibility rights.
Hope this helps.
Ian
@ianRagudo Is this just a problem with comments? Or will you have to give you app access to all private spaces to allow access to similar events? Also what happens when you restrict access to a page? Do you then have to give the app permission to see the page?
Either way, the app permission model seems a bit wonky.
Hi @david,
This holds true to resources other than comment. For example, your app cannot receive page creation events if the space permissions are restricted; your app also cannot receive page update events if the page is restricted.
If the resource like page is restricted, the app will not be able to get hold of its details either via REST API calls or product events which is aligned with privileges given to the page.
Cheers,
Ian
@ianRagudo Really? How does Atlassian expect anyone to get any work done on their platform if they throw up such ridiculous blocks to productivity?
Please confirm: You’re really saying that if I add a page restriction to hide a page from other users, then I have to remember to allow all the apps that are present on the page, or consume events, to have permission to view the page?
If so, this is madness. Users will not know to do this.
It really will become a “system of busy-work”.
Oh, and this will be yet another block to migrating my app onto Forge.
Yes, the app needs to have permission to view the page and is treated as a user. So if a page is restricted from view by users, that includes the app.
It is similar to how, by default, even admins don’t have access to private Confluence pages. Though that varies by subscription level.
It is possible to group apps and add the groups to reduce manual work if this comes up often. It also may depend on what the app is doing (for example, macros on a Confluence page might not need any view access and may work just fine as long as they’re not making calls asking about the page properties or whatever).
Hi @david, yes the app (app user), like any other user, will not have access to the restricted content, thus, will not receive the page-associated events.
Hello @ianRagudo
Thank you for your response.
What you say might make sense, but it’s confusing. I think an application should have access to all the resources it is listening to as @david says.
Anyway, I’ve tried granting access to my app for restricted comments, for example, to a project role: “Administrators.”
So I added the “atlassian-addons-admin” group to the default members of the role from the Jira admin settings \ Security \ Project roles.
Unfortunately, it doesn’t work. The app doesn’t receive the comment event either if it’s restricted.
I’ve also tried adding the “atlassian-addons-admin” group in the project permissions settings to set the project role, but this group is internal and hidden from selection.
Any ideas on how to proceed?
Thank you very much for your help.
@ianRagudo Thanks for the confirmation. That massively sucks.
I’ve just had this confirmed from another marketplace vendor along with the words – “It is ridiculous”.
How does anyone get any work done using Forge apps when the platform is just so inadequate? This just makes no sense.
Thanks for the clarification, @carlosmoran; I initially thought you are working with Confluence Cloud. If I understood your use case correctly, you are working with a Jira Service Management project and using a restricted internal note. If so, you can try this approach:
Do try it out and let us know how it goes.
Cheers,
Ian
Hi @ianRagudo ,
Thanks for your answer, but this approach doesn’t work for my case as I need to listen for all comment events of existing projects.
At this time, I don’t believe there’s a way to configure the permissions for the application properly.
Please, consider enabling a way for apps to listen events of restricted resources in next releases because this is a blocker.
Thank you and all the best
