Permission problems when querying customer requests with Java API

jira-service-desk

#1

I’m working on a plugin for JSD Server that needs some server-side logic.

When I’m logged in as the customer, I can see a number of requests in the portal, as well as via the /servicedeskapi/request endpoint. Sanity check passed.

Now, I have a server resource talking to ServiceDeskCustomerRequestService (and other services). To my surprise, it does not return any issues for this customer at all.

@GET
@Path("/my-requests")
public Object getMyRequests() throws SearchException {
    ApplicationUser user = authenticationContext.getLoggedInUser();
    Either<AnError, PagedResponse<CustomerRequest>> requests = serviceDeskCustomerRequestService
            .getCustomerRequests(
                    user,
                    serviceDeskCustomerRequestService.newQueryBuilder()
                            .requestOwnership(CustomerRequestQuery.REQUEST_OWNERSHIP.ALL_REQUESTS)
                            .requestStatus(CustomerRequestQuery.REQUEST_STATUS.ALL_REQUESTS)
                            .build()
            );

    // ...
}

After some investigation, I see that under the hood it’s calling the core SearchService as my customer user. Even though my project grants the “Browse Projects” permission to “Service desk customer - portal access”, I suspect that this SearchService call is failing because somehow the “portal context” is lost and it’s treated as regular search by unprivileged user.

Am I doing something wrong? How do you use the ServiceDeskCustomerRequestService in Java API as a customer? Are the customers limited to Cloud API?


Are service desk APIs meant to disallow portal/customer users from accessing them?