Only Connect add-on users with admin scope permission are allowed to override screen security

I am trying to update the the story points field on an existing story.

I can update the summary with my code (win!) but when I try to update customfield_10030 (story points) I get:
"customfield_10030": "Field 'customfield_10030' cannot be set. It is not on the appropriate screen, or unknown.

Looking at the forum it seems like some deep configurations can fix that - but I need this to be easy for the users to get started with so will not ask them to do manual config in order to let the app engage with a field they can edit manually.

I have tried to set overrideScreenSecurity as a parameter to the api endpoint but I am told that
Only Connect add-on users with admin scope permission are allowed to override screen security.

Question: is there any plans to let forge apps to get same privilege as connect to override screen security?

I have tried to use overrideEditableFlag flag gives a similar response:
“Only Connect add-on users with admin scope permission are allowed to override the editable flag.”. Not sure if this is relevant in my case, but it would be interesting to hear when forge will get the same privileges as Connect.

Code that successfully updates the summary of the story (for reference):

        const url = route`/rest/api/3/issue/${key}`;
        const req = await api.asApp().requestJira(url, {
            method: 'PUT',
            headers: {
                Accept: 'application/json',
                'Content-Type': 'application/json',
            },
            body: JSON.stringify({
                fields: {
                    //customfield_10030: 3,
                    //customfield_10030: "5",
                    summary: new Date().toISOString(),
                },
            }),
        });
        const data = await req.json();
        console.log(JSON.stringify(data, null, 2));

Hi @MWulff,

Definitely! We are working towards making Forge a go to solution for writing apps so feature parity is on our roadmap. No concrete dates yet though.

Thanks,
Vitalii

So - is there a way for me to update the story point fields from my forge app?

@MWulff unfortunately, public REST API doesn’t allow updating it and the error you get is a common one for everyone. The only thing I may suggest you is to look into Network tab of your browser and check what requests Jira makes to update the story points field. That request must be an internal one so I can’t guarantee it would work but you may give it a try.

Thanks,
Vitalii

@vpetrychuk and @MWulff,

There is a published REST API for updating estimates. The problem with using it is that it’s not yet available to Forge because it is also not available under OAuth 2. This doesn’t change the effect because I’m not aware whether/how it is possible to update estimates through only the Jira Platform APIs. But it does change the path to a solution.

As prior art:

I don’t see Jira Software on the Forge Roadmap but OAuth 2 for JSW is an open issue:
https://jira.atlassian.com/browse/JSWCLOUD-18874

1 Like