How to check if a user has site-access only

Developing anything on Jira Service Desk is hard. Each time you need to worry which user is accessing your panel / page. Some endpoints work only for Jira users, so you need to use service desk specific rest API to handle customers. But there is a special case of customers: Jira users with site access only.

https://confluence.atlassian.com/confeval/jira-service-desk-evaluator-resources/jira-service-desk-agents-customers-and-roles
Documentation is clear: “A user who has no application access is also considered a customer.”
And every Service Desk view seems to follow this principle. Such users can do everything what customers can, so we should treat them the same. Now to the point, how as app developers, can we check if a user has site-access only?

Let’s try to figure it out for serviceDeskPortalRequestCreatePropertyPanels module.

  1. It seems that a customer has a prefix in accountID, so we can use it:
const isCustomerLoggedIn = async () => {
    const myself = await createRequest(`${REST_API_3}/myself`);
    return myself?.accountId?.startsWith('qm');
};

So far, so good, but it doesn’t solve our problem with site-access only users :frowning:, because such users don’t have the qm prefix.

  1. Lets try new feature released recently. AP.user.getCurrentUser returns now accountType
AP.user.getCurrentUser(user => console.log(user.accountType));

Now login with site access only user

Quick check in the console and we get: “atlassian”
Dead end

  1. So maybe, use conditions! You can use condition in query parameters: https://developer.atlassian.com/cloud/jira/platform/context-parameters/#additional-parameters
    3 conditions seems to be promising:
    ** servicedesk.is_agent
    ** servicedesk.is_customer
    ** can_use_application
    Let’s try it out, add it to url in atlassian-connect.json and then console.log on server side
"url": "/customer-portal/request?requestTypeId={servicedesk.requestTypeId}&serviceDeskId={servicedesk.serviceDeskId}&isAgent={condition.servicedesk.is_agent}&isLicensed={condition.addon_is_licensed}&isCustomer={condition.servicedesk.is_customer}&hasSiteAccess=condition.can_use_application(jira-core)"

Unfortunately we will get nothing useful:

{
  requestTypeId: '46',
  serviceDeskId: '1',
  isAgent: '',
  isLicensed: 'false',
  isCustomer: '',
  hasSiteAccess: 'condition.can_use_application(jira-core)'
}

I give up for now, maybe you know how to solve this mystery?

2 Likes

Let’s try one more time. How about checking the roles in /myself endpoint. After all, if a user doesn’t have access to any of the products, the list should be empty.

AP.request("/rest/api/3/myself?expand=applicationRoles")
    .then(payload => JSON.parse(payload.body))
    .then(myself => console.log(myself?.applicationRoles.size === 0))

Let’s log in as a customer and check the results:

true

This is good! But we should check all the possible options. What about an Open Portal. After all customers can send requests without logging in.

What a pity. On the one hand I can understand why we get 401, on the other, there are many endpoints that works for not logged in users and they should! E.g.

AP.request("/rest/api/3/mypermissions?permissions=ADMINISTER").then(payload => JSON.parse(payload.body)).then(console.log)

returns:
{"permissions":{"ADMINISTER":{"id":"0","key":"ADMINISTER","name":"Administer Jira","type":"GLOBAL","description":"Create and administer projects, issue types, fields, workflows, and schemes for all projects. Users with this permission can perform most administration tasks, except: managing users, importing data, and editing system email settings.","havePermission":false}}}

Let’s try to sum up and write our function:

function isCustomerAsync() {
    return AP.request("/rest/api/3/myself?expand=applicationRoles")
        .then(payload => JSON.parse(payload.body))
        .then(myself => {
            return myself.applicationRoles.size === 0;
        })
        .catch(error => {
            // unauthorized for not logged users
            if (error.xhr.status === 401) return true;

            throw error;
        });
}

What do you think? Will that handle all the possible scenarios? What is your way to check if a user should be treated as a customer on portal.

Hey @maciej.dudziak - thanks for sharing your thoughts!

I stumbled across your post today and noticed that there are curly braces missing for hasSiteAccess=condition.can_use_application(jira-core) (should be hasSiteAccess={condition.can_use_application(jira-core)}). This should alter your response and may give you the desired result without having to call the REST API.

Hope it works now!

True :smiley: Would have to try someday :slight_smile: