I have added a custom global permission to my add-on in its atlassian-connect.json, which looks like this:
"jiraGlobalPermissions": [
{
"description": {
"value": "Custom Permission"
},
"anonymousAllowed": false,
"defaultGrants": [
"all"
],
"name": {
"value": "My custom permission"
},
"key": "customPerm"
}
],
Suppose the add-on’s key is com.foo.bar. Later in the atlassian-connect.json file, I have a webItem with a location of “jira.navigator.pluggable.items”, that uses a condition to hide/show the webItem based on the user having the custom permission:
"conditions": [{
"condition": "has_global_permission",
"params": {
"permission": "com.foo.bar__customPerm"
}
}]
This all works fine on the surface. The webItem is hidden or shown based on the has_global_permission condition, as expected. The problem is that when a valid permission user clicks on the webItem, it attempts to load the webItem’s URL through the ac-redirect servlet but errors out with a page that shows
"
Access denied
You do not have the correct permissions to view the page:
Please request access from your Atlassian Cloud administrator.
"
The URL erroring out is the ac-redirect servlet that is called by the webItem, before Jira redirects to the actual content served up by the add-on:
{INSTANCEURL}/plugins/servlet/ac-redirect/{ADD-ON-KEY}/{WEBITEM-KEY}?user.key={USERKEY}&user.id={USERID}
When the webItem’s condition is removed or changed to something else like “user_is_logged_in”, the ac-redirect URL properly redirects to my ngrok.io URL: {NGROK_URL}/{WEBITEM-URL}/?VARIOUS_PARAMS_PASSED_BY_AC-REDIRECT.
Am I doing something wrong here? Do I need to apply the same permission check to something else in atlassian-connect.json? I get the same result if the location of the webItem is changed (expected), but if I change to performing the same check on, say, a “page” context webItem, it works properly. It seems like it is only failing on the default “addon” context webItem which uses the ac-redirect servlet.