ScriptRunner -get all users

Pakiet · August 14, 2023, 1:51pm

I want to get all uesrs with ScriptRunner

Script:

def users = get("/rest/api/2/users/search").asObject(Map)

return users

Response (with Run as Current user):
Serializing object into ‘interface java.util.Map’
GET /rest/api/2/users/search asObject Request Duration: 1255ms
GET request to /rest/api/2/users/search returned an error code: status: 403 - Forbidden
body: {errorMessages=[error.no-permission], errors={}}

Im log us org admin

ianRagudo · August 14, 2023, 11:33pm

Welcome to the Atlassian Developer Community, @Pakiet!

If you get an HTTP 403 for this API, it is possible that your user does not have the Browse users and groups global permission. You can verify this by going to > System > Security > Global Permissions – it looks like this:

Cheers,
Ian

Pakiet · August 16, 2023, 8:56am

@ianRagudo Thanks for your replay.

I’ve checked that and i am in one of group with this permission.

Mikołaj

ianRagudo · August 16, 2023, 11:39pm

Thanks, @Pakiet.

I checked ScriptRunner’s documentation and it states that

All REST requests made from ScriptRunner are performed as the ScriptRunner user

Can you also verify if the atlassian-addons-admin have the Browse users and groups permission?

Cheers,
Ian

Pakiet · August 17, 2023, 9:25am

Yes, it have

jbevan · August 17, 2023, 6:43pm

That’s old outdated documentation the latest can be found here ScriptRunner for Jira Cloud

Not all requests are authorised as the ScriptRunner app user, different features allow you to select the user a script runs as, run it as yourself, or run a script as a user who initiated some action that caused a script to run.

ianRagudo · August 18, 2023, 1:20am

Thanks for correcting the documentation link, @jbevan.

Apologies, @Pakiet, I overlooked an important detail for Get all users API; unfortunately, this resource cannot be accessed from a Connect app and I do not have a workaround.

Here’s a similar post wherein the same REST API is being accessed from a Connect app Getting all users from a connect app.

Pakiet · August 18, 2023, 10:50am

Ok, now i’m trying do my script with python

import requests
from requests.auth import HTTPBasicAuth
import json

url = "https://spritonit.atlassian.net/rest/api/3/users/search"
token='my token',

auth = HTTPBasicAuth("mymail@gmail.com", token)

headers = {
  "Accept": "application/json"
}

query = {
  'query': '',
}

response = requests.request(
   "GET",
   url,
   headers=headers,
   params="",
   auth=auth
)

print(json.dumps(json.loads(response.text), sort_keys=True, indent=4, separators=(",", ": ")))

and still getting no permission error.

{
    "errorMessages": [
        "error.no-permission"
    ],
    "errors": {}
}

Any idea why?