Problem with permission to search by filter ID in JQL using requestJira

tarasantoniuk · December 12, 2023, 8:14am

Hi,
There is a problem with permission to search by filter ID in JQL using Forge.

The same jql request filter in (34494) works successfully on a web page but doesn’t work in Forge app (see “Error from developer console” and “Code snippet” below).
In both cases, it has used the same user. Additionally, this user is the owner of the filter.

If replace const jqlString = ‘filter in (34494)’; to native jql string, for example, const jqlString = ‘project in (PKEY) AND “Quantile[Dropdown]” is not EMPTY’; requestJira gets a successful response and correct result.

Could somebody help to resolve the issue?

Code snippet:

resolver.define("getJiraIssuesByJQL", async ({ payload }) => {
	const jqlString = 'filter in (34494)'; 
	const jqlStringify = JSON.stringify(jqlString);
	var bodyData = `{
    "jql": ${jqlStringify},
    "maxResults": 100,
    "startAt": 0,
    "fields": [
        "summary",
        "status",
        "reporter"
    ]
	}`;
 
	const searchResponse = await api.asApp().requestJira(route`/rest/api/3/search`, {
		method: 'POST',
		headers: {
		'Accept': 'application/json',
		'Content-Type': 'application/json; charset=UTF-8'
		},
		body: bodyData
	});

Error from developer console:

Error: API: POST search: 400 {"errorMessages":["A value with ID '34494' does not exist for the field 'filter'."],"warningMessages":[]}
Environment: Development
Trace ID: 0af6d8f16f8b454799ee363deeba8926-1c77dde9c0423906
Module: core:function
Function: resolver
Product: Jira

anon96974232 · December 12, 2023, 8:42am

Hello @tarasantoniuk

I just did that same request to that endpoint and it works just fine for me.

That error message normally only occurs if there is no such filter with that ID or the user doesn’t have the permission to use that filter. In either case, you can check both of those by doing a GET request against the Get my filters endpoint to confirm that the user really does own that filter.

If the user really is the owner… next, do you still get the problem if:

You send the same request with the same credentials to the search endpoint via a REST API test tool?
You define the JQL parameter directly and don’t use a stringified variable?:

resolver.define("getJiraIssuesByJQL", async ({ payload }) => {
	var bodyData = `{
    "jql": "filter in (34494)",
    "maxResults": 100,
    "startAt": 0,
    "fields": [
        "summary",
        "status",
        "reporter"
    ]
	}`;

tarasantoniuk · December 12, 2023, 10:00am

Hi @anon96974232,
The reason was the method. To access a filter, it’s necessary to use api.asUser instead of api.asApp. Anyway, thank you for the ideas to figure out the reason.

anon96974232 · December 12, 2023, 11:22am

Ahh, yes, of course. That explains the permission mis-match. I didn’t spot the asApp() in your code snippet.