How to an app can access issues that are secured

Hi there,

We’ve recently had a customer contact us about an issue with our app - which turned out to be a problem with permissions.

We are indexing issues in the backend, and for that we invoke a JQL request to the search endpoint. That gives us a list of issue ids which we persist, and make another request on the frontend to fetch the actual content and take care of permissions.

The issue comes up when an issue is secured, and in this particular case, the issue requires the user to have an admin permission for the project.

In the past it was possible to edit the security scheme for a project and add an “add-on” user to the scheme, but it looks to me that this is no longer possible.

Is there a way to configure the instance to allow an app to access those issues?

Kind regards,
Bartlomiej Lewandowski

Hey Bartlomiej,
Thanks for your question - are you using Connect or Forge to build your app?
Cheers,
Mel

Hi @bartlomiej,

I think you might be referring to this bug report: [ACJIRA-2406] Restricted issues in a team-managed project are not returned via REST APIs, both when using the search and the issue endpoint - Ecosystem Jira.

I don’t have a workaround for this but, if one will be identified, it will be posted on the ticket directly.

It would be good to know here/on the bug report, how many apps are affected and noticed that so far.

Thanks,
Caterina

Recently I have also experienced a similar issue. I have fixed it by giving required permission to “atlassian-addons-admins” user group or “atlassian-addons-project-access”.

Connect app

Correct, this issue was probably created after describing the issue in detail in a support ticket :slight_smile:

1 Like

Thanks for jumping in @denizoguz. Are you sure it is actually working?
I’m trying to understand what I’m doing wrong.

I’ve just tried to do the same by adding these “users” to the Project Settings → Access UI in a team-managed project but, even after adding them, I still cannot retrieve the restricted issues when using the REST APIs in a Connect app.

Here is a screenshot of the Project access page:

Hi,
@ccurti Our situation was a little different. It was a Forge app and we were using app “api.asApp().requestJira” method for accessing Jira REST API. I had two problems, first the app didn’t able to retrieve details of an issue, protected with “issue security schema” and a second problem was it didn’t able to retrieve list of “user groups”. Both of them were solved by adjusting permissions of “atlassian-addons-admins” and “atlassian-addons-project-access”. It may not be the same problem but for our similar case adjusting permissions solved both issues.

1 Like