Looks like /rest/api/3/mypermissions returns old data, after making changes to user group membership (maybe there are more other cases), so that user permissions are changed, e.g. Edit All Worklogs. So user does not have Edit All Worklogs permissions anymore, but api says user still has the permission.
Prerequisites: user is member of Administrators project role via administrators group, so has Edit All Worklogs Permissions
- Remove user from administrators group, so that you don’t have Edit All Worklogs permission.
- Open an issue, Worklog tab, with other users workogs, see Edit link for other users worklogs. Expected no edit link for other users worklogs.
- Wait for a while (half an hour?), refresh issue, see NO Edit link anymore for other users worklogs
- Open https://yourdomain.atlassian.net/rest/api/3/mypermissions?permissions=EDIT_ALL_WORKLOGS&issuekey=DEMO-5&r=1595011350618, adjust yourdomain and issue key as needed, see response havePermission: true. Expected: havePermission to be false
Note, waiting for more than 8 hours, still getting havePermission: true
Could someone please take a look at the problem?