Is there a normal way to get all group members via REST API in Jira Cloud?

Jira Development Jira Cloud
, ,
1

As the subject says. We would like to offer admins an option to subscribe a Jira/Confluence group to a regular email from within Jira/Confluence. Given that Atlassian does not offer email service from within REST API, we need to get all group members and their emails.

This is the current state of API:

Jira:
GET /rest/api/3/group/member Returns a paginated list of all users in a group.
Permissions required: Administer Jira global permission.
Connect app scope required: ADMIN

Confluence:
GET /wiki/rest/api/group/member Returns the users that are members of a group.
Permissions required: Permission to access the Confluence site (‘Can use’ global permission). Connect app scope required: READ

So in Confluence we could do it easily. In Jira, however, we would have to get all users list, and then for each user ask if it is member of this group, as those endpoints are accessible with READ scope. So we can get the same result with lesser privileges, as we don’t ask for ADMIN scope for our app.
Is there a better way? Or do I need to file a bug so that group members endpoint scope is changed?

1 Like
2

To be honest, I would just use ADMIN scope. Nobody cares.

2 Likes
3

@remie
I don’t agree with it. I think customers will be surprised when see that your application requires ADMIN rights just for looking at group members. It’s a little suspicious, isn’t it?

4

@JnisVanags
Have you found normal way without using ADMIN scope?

5

We have had 0, zero, zilch, nada, nothing, none, no customer request whatsoever with regard to the permissions our apps are requesting. It is possible that we are missing out on customers (you don’t know what you don’t know) because of our scopes, but given the number of Fortune500 companies that are using our Cloud apps I highly doubt it.

End of the day, legal, security & procurement departments can complain whatever they want, but if business wants it, the sale will happen. But that is just my experience, perhaps there are others in the Marketplace that do have had customers churn over their scopes.

2 Likes
6

So, you app requests ADMIN scope (manage:jira-configuration) for API /rest/api/3/group/member right?
Thank you.

7

Nah, we don’t use any of the groups API’s, but we kind of default to ADMIN scope for all our apps because it is a bigger hassle to realise you have to upgrade to a higher privilege scope later on than it is to just ask all permissions by default.

The reason for this is because Atlassian, in all her wisdom, has decided that A) a change in scope requires explicit manual updates from instance administrator and B) they require us to keep old versions active for those that never update.

Given the lack of care from customers with regard to the scopes we’re using, we figured it’s easier to just immediately ask all scopes :man_shrugging:

1 Like
8

Thanks again

9

Hi

You can refer below javascript code to get group members of a group.

var JIRA_CLOUD_HELPER = {  
   baseURL: "https://sureshmaster.atlassian.net",
   userEmails: [],
   getGroupMembers: function (groupID, startAt) {
      var xhttp = new XMLHttpRequest();
      xhttp.onreadystatechange = function () {
         if (this.readyState == 4 && this.status == 200) {
            var response = JSON.parse(this.responseText);           
            var users = response.values;
            for (let index = 0; index < users.length; index++) {
               var userEmail;
               if (users[index].hasOwnProperty("emailAddress")) {
                  userEmail = users[index].emailAddress;

               } else { /*Some user hide thier email address from other users*/
                  userEmail = users[index].displayName;

               }
               JIRA_CLOUD_HELPER.userEmails.push(userEmail);


            }
            var isLast = response.isLast;
            if (!isLast) {
               getGroupMembers(groupID, startAt + 50)
            }
         }
      };
      xhttp.open("GET", JIRA_CLOUD_HELPER.baseURL + "/rest/api/2/group/member?groupId=" + groupID + "&startAt=" + startAt, true);
      xhttp.send();
   }
}

JIRA_CLOUD_HELPER.getGroupMembers("aca7aefb-4b0f-497e-999c-29d0df8ad886",0);
JIRA_CLOUD_HELPER.userEmails;