I am aiming to add Space Permissions to a User or Group using Confluence Clouds Rest API: https://developer.atlassian.com/cloud/confluence/rest/api-group-space-permissions/
With the new ‘requestConfluence’ function, I can call confluence requests without needing to invoke
to a resolver (This works for other endpoints in the confluence cloud Rest API), however the /wiki/rest/api/space/${spaceKey}/permission
endpoint returns a 401 unauthorized error.
The following permissions are in my manifest:
- storage:app
- read:confluence-space.summary
- read:confluence-groups
- read:confluence-user
- write:confluence-groups
- read:confluence-props
- write:confluence-props
- search:confluence
- write:confluence-space
- manage:confluence-configuration
Example using new ‘requestConfluence’ outside Resolver
import {requestConfluence} from "@forge/bridge";
export const addPermissionToNewGroup = async (spaceKey, groupName) => {
//bodyData should grant read permissions to the group provided (per the docs groupId or groupName can be provided)
let bodyData = `{
"subject": {"type": "group","identifier": "${groupName}"},
"operation": {"key": "read","target": "space"},
}`;
const response = await requestConfluence(`/wiki/rest/api/space/${spaceKey}/permission`, {
method: 'POST',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
body: bodyData
});
console.log(response);
console.log(response.status); //401
return await response.status;
}
The following response is given:
{
"headers": {},
"ok": false,
"status": 401,
"statusText": "Unauthorized",
"body": {
"code": 401,
"message": "Unauthorized; scope does not match"
}
}
In the Rest API docs, in the Forge section, this endpoint states:
This API resource doesn't support Oauth2 (3LO). See alternate authorization methods:
So how is this possible in Forge? Is there a workaround/alternative endpoint, or is this not extended to work within Forge CustomUI?
Update: On a related note, there seems to not be any description in the docs on how to retrieve space permissions?
Update2 This has been tested using a resolver definition incase asApp
or asUser
would help - it doesn’t.