Jira REST API for project permissions returns wrong response for "Next Gen" projects

I’m trying to get the project permissions for a portal user with no access to given “next gen” project via REST API and expecting a response with “havePermission”:false, but the endpoint returns “true”.
Is there any workaround to resolve the problem - how to get the correct project permissions for “next gen” portal users with REST call?

I’m using this endpoint:

“/rest/api/2/mypermissions?permissions=CREATE_ISSUES&projectId={projectId}”

Hello @GeorgiV ,

I believe this is actually the same behavior described in: JSDCLOUD-10417: Provide a REST API endpoint to retrieve permissions of users(including browse project permissions for JSM customers)

If this is the case, I can confirm that the issue is also present in Company managed (former “Classic”) projects, not only in Team managed (former “Next-Gen”) projects.

Can you kindly review above feature request and let me know if this is indeed the same issue?

For further details see also:

Cheers,
Dario

Hello @dbonotto,

Maybe it’s related to them, but in my case the project is set to ** Client added by agents and administrators ** and the endpoint “/ rest / api / 2 / mypermissions? Permissions = CREATE_ISSUES & projectId = {projectId}” works correctly for “classic” company-managed projects.
When I use this endpoint to manage the permissions of portal users without access to “Next-Gen” projects, that are not added by agents or administrators - it returns TRUE instead of FALSE

Hi @GeorgiV ,

Can you kindly check below points and let me know if my understanding is correct so that I can try to reproduce the issue on my test site:

  1. Your JSM Company managed (Classic) Service Desk project access is set to: Client added by agents and administrators in https://[NAME].atlassian.net/jira/servicedesk/projects/[PROJECT-KEY]/settings/customer-permissions

  2. For that project both endpoints are returning consistent results for the CREATE_ISSUES permission. For example: they both return false for a user that does not have access and they both return true for a portal only customer.

  3. Your Team managed (Next-Gen) Service Desk project is configured as “private”: “Only admins and people you add to the Internal access page can search for, view, and comment on this service project’s customer requests” in https://[NAME].atlassian.net/jira/servicedesk/projects/[PROJECT-KEY]/settings/access

  4. The mypermission endpoint returns TRUE for CREATE_ISSUES permission for a Jira user that does not have any access to the project as well as for Portal Only customers that do have access.

  5. Nothing changes switching to the v3 endpoint /rest/api/3/mypermissions

1 Like