Unexpected error getting permissions of user interacting with app


My app always verifies that the user interacting with the app actually has the appropriate permissions to view the pages, panels, dialogs, etc.

I’m noticing some unexpected responses when sending requests to /rest/api/3/permissions/project and /rest/api/3/mypermissions.

  • 403 Forbidden: App is not installed
  • 403 Forbidden: Add-on ‘com.marvelution.jira.plugins.jenkins’ disallowed to impersonate the user because it lacks the ‘ACT_AS_USER’ scope

If the app is not installed, then why do I receive requests for that Jira cloud instance?

The claim the scope is not set is incorrect, when I look at the descriptor https://jjc.marvelution.com/atlassian-connect.json the scope ACT_AS_USER is properly set, and has been since the very first deployment of the app.

As far as I can tell Im using the APIs as documented. Are there other things to take into account when using these APIs?


1 Like

I just got another unexpected response.

My app provides 3 custom permissions one that is applied to all global administrators and 2 that can be applied using permission schemes.
So I would not expect an Unrecognized permission error that lists the 2 custom permissions since these are installed through the app.

GET /rest/api/3/mypermissions?permissions=ADMINISTER,ADMINISTER_PROJECTS,VIEW_DEV_TOOLS,com.marvelution.jira.plugins.jenkins__administer,com.marvelution.jira.plugins.jenkins__trigger-jenkins-build,com.marvelution.jira.plugins.jenkins__view-jenkins resulted in 400 Bad Request: {"errorMessages":[],"errors":{"com.marvelution.jira.plugins.jenkins__view-jenkins":"Unrecognized permission","com.marvelution.jira.plugins.jenkins__trigger-jenkins-build":"Unrecognized permission"}}

I should be able to assume that my custom permissions are installed and will be recognized by the permissions APIs when my app is installed correct?

@ibuchanan do you have any idea, o do you know someone that knows?


Sorry the community didn’t have any wisdom to share. I’m relatively far from the insides of these systems and I don’t think I would be able to reproduce independently. Perhaps the best course would be developer support where our support engineers could get into the logs on the back-end.

Thanks @ibuchanan I have opened a ticket at developer support, hopefully they can assist.