Getting permission for issues that meets jql filter using REST API

I need to verify user EDIT and BROWSE permission for all issues that satisfies JQL filter using REST API in cloud.

Currently I am able to verify user permission using /rest/api/2/user/permission/search REST endpoint. Consequently I have to make a request for each issue that meets JQL filter.

Is it possible to make a single request to obtain such information?

I wonder if you could call the /rest/api/2/mypermissions end-point, and match the result against the projects associated with each issue.

You can send project keys to that endpoint instead of issue keys, which would reduce the number of requests unless you are using issue security schemes I guess.

1 Like

If you get an issue back in the search response using the user impersonation feature then the user has BROWSE permission for the issue. For the Edit piece you’ll have to request it for each issue.

That said - can you change your feature to maybe do a lazy check on it in the ui? Ie. when they click on edit then check and if they don’t have access then say “sorry…” ? Not the best but depending on how you do the ui - you might be able to get away with it.

1 Like

I forgot to emphasise that the Add-on request are done by backend server in order to maintain caches.

Indeed, implementing laziness scales well and seems to be a decent solution.

However it will not help me in all cases.
What I implement is a Gantt chart in JIRA that synchronizes with JIRA in both directions. While building link graph and work breakdown structure I need to check if issue can be edited be the user. Our customers have Gantt charts with 10k issues, I guess currently I have no other option but to user /rest/api/2/mypermission with user impersonation executing REST request for each task.

I have requested API improvement to look up such data in bulk: https://ecosystem.atlassian.net/browse/ACJIRA-1245