Permission problems when querying customer requests with Java API



I’m working on a plugin for JSD Server that needs some server-side logic.

When I’m logged in as the customer, I can see a number of requests in the portal, as well as via the /servicedeskapi/request endpoint. Sanity check passed.

Now, I have a server resource talking to ServiceDeskCustomerRequestService (and other services). To my surprise, it does not return any issues for this customer at all.

public Object getMyRequests() throws SearchException {
    ApplicationUser user = authenticationContext.getLoggedInUser();
    Either<AnError, PagedResponse<CustomerRequest>> requests = serviceDeskCustomerRequestService

    // ...

After some investigation, I see that under the hood it’s calling the core SearchService as my customer user. Even though my project grants the “Browse Projects” permission to “Service desk customer - portal access”, I suspect that this SearchService call is failing because somehow the “portal context” is lost and it’s treated as regular search by unprivileged user.

Am I doing something wrong? How do you use the ServiceDeskCustomerRequestService in Java API as a customer? Are the customers limited to Cloud API?

Are service desk APIs meant to disallow portal/customer users from accessing them?