Global permission condition failing when using ac-redirect servlet

I have added a custom global permission to my add-on in its atlassian-connect.json, which looks like this:

"jiraGlobalPermissions": [
  {
	"description": {
	  "value": "Custom Permission"
	},
	"anonymousAllowed": false,
	"defaultGrants": [
	  "all"
	],
	"name": {
	  "value": "My custom permission"
	},
	"key": "customPerm"
  }
],

Suppose the add-on’s key is com.foo.bar. Later in the atlassian-connect.json file, I have a webItem with a location of “jira.navigator.pluggable.items”, that uses a condition to hide/show the webItem based on the user having the custom permission:

"conditions": [{
	"condition": "has_global_permission",
	"params": {
		"permission": "com.foo.bar__customPerm"
	}
}]

This all works fine on the surface. The webItem is hidden or shown based on the has_global_permission condition, as expected. The problem is that when a valid permission user clicks on the webItem, it attempts to load the webItem’s URL through the ac-redirect servlet but errors out with a page that shows

"
Access denied

You do not have the correct permissions to view the page:

Please request access from your Atlassian Cloud administrator.
"

The URL erroring out is the ac-redirect servlet that is called by the webItem, before Jira redirects to the actual content served up by the add-on:
{INSTANCEURL}/plugins/servlet/ac-redirect/{ADD-ON-KEY}/{WEBITEM-KEY}?user.key={USERKEY}&user.id={USERID}

When the webItem’s condition is removed or changed to something else like “user_is_logged_in”, the ac-redirect URL properly redirects to my ngrok.io URL: {NGROK_URL}/{WEBITEM-URL}/?VARIOUS_PARAMS_PASSED_BY_AC-REDIRECT.

Am I doing something wrong here? Do I need to apply the same permission check to something else in atlassian-connect.json? I get the same result if the location of the webItem is changed (expected), but if I change to performing the same check on, say, a “page” context webItem, it works properly. It seems like it is only failing on the default “addon” context webItem which uses the ac-redirect servlet.

2 Likes

I’m running into this same one - did you ever get a resolution to this?

That looks like a bug. I created a ticket: https://ecosystem.atlassian.net/browse/ACJIRA-1593

Just one more idea, though. Have you tried omitting the add-on key in the permission? Like this:

"conditions": [{
	"condition": "has_global_permission",
	"params": {
		"permission": "customPerm"
	}
}]
1 Like

Doesnt work removing the add-on key either.