Hi, I’m currently developing a Forge app that uses the jiraServiceManagement:assetsImportType
and I’m experiencing some permission problems.
Steps to reproduce
Here’s what I did step-by-step:
- Run
forge create
→ select UI Kit 2 → select Jira Service Management → selectjira-service-management-assets-import-type
- Add permission scopes
write:cmdb-type:jira
,read:cmdb-schema:jira
andwrite:cmdb-schema:jira
tomanifest.yml
→ this is for testing purposes only but in the end, our app needs at least permissions to add Object Types to a schema. - Similarly, I’m adding
api.atlassian.com
as an external backend to themanifest.yml
. Thepermissions
look like this now:
permissions:
scopes:
- import:import-configuration:cmdb
- read:servicedesk-request
- read:cmdb-type:jira
- write:cmdb-type:jira
- read:cmdb-schema:jira
- write:cmdb-schema:jira
external:
fetch:
backend:
- 'api.atlassian.com'
- Extend the
importStatus
function fromsrc/resolvers/index.js
with the following code to test reading and writing schemas and object types:
export const importStatus = async (context) => {
// list schemas with read:cmdb-schema:jira permission
console.log(`listing all schemas`)
const schemaResponse = await api.asApp().requestJira(route`/jsm/assets/workspace/${context.workspaceId}/v1/objectschema/list`, {
method: 'GET',
});
const schemas = await schemaResponse.json();
console.log(JSON.stringify(schemas));
// create new schema with write:cmdb-schema:jira permission
console.log(`creating new schema`)
const objectSchema = {
"name": "My Schema",
"objectSchemaKey": "TEST",
"description": "The IT department schema"
};
const objectSchemaCreateResponse = await api.asApp().requestJira(route`/jsm/assets/workspace/${context.workspaceId}/v1/objectschema/create`, {
method: 'POST',
body: JSON.stringify(objectSchema),
Accept: 'application/json',
'Content-Type': 'application/json',
});
const objectSchemaCreateResult = await objectSchemaCreateResponse.json();
console.log(JSON.stringify(objectSchemaCreateResult));
// create new object type with write:cmdb-type:jira permission
console.log(`creating new object type for schema=${context.schemaId}`);
const objectType = {
"name": "TestObject",
"description": "<string>",
"iconId": "13",
"objectSchemaId": context.schemaId, // the schema where our app is configured as an import type
};
const objectTypeCreateResponse = await api.asApp().requestJira(route`/jsm/assets/workspace/${context.workspaceId}/v1/objecttype/create`, {
method: 'POST',
body: JSON.stringify(objectType),
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
},
});
const objectTypeResult = await objectTypeCreateResponse.json();
console.log(JSON.stringify(objectTypeResult));
// return status
};
Again, I’m just extending this importStatus
function because it’s the easiest one to trigger and I just want to verify if my use case works.
4. After adjusting the code, I run forge deploy
and forge install
.
5. I create a new schema in “Assets”, open the schema, go to “schema configuration”, select “import” tab and configure my app as an import source.
6. Finally, I need to allow access to my app and reload the page to trigger the importStatus
function.
Results
Unfortunately, if I check the logs in the Forge Developer Console, the 3 calls had the following results:
-
GET /v1/objectschema/list
works withread:cmdb-schema:jira
permission -
POST /v1/objectschema/create
fails withwrite:cmdb-schema:jira
permission with the error:
Sorry, you do not have permission to perform this action. PermissionInsightException: User ‘id’ didn’t have correct permission (admin).
-
POST /v1/objecttype/create
fails withwrite:cmdb-type:jira
permission with the error:
Sorry, you do not have permission to perform this action. PermissionInsightException: User ‘id’ didn’t have correct permission (modify) for object schema: ‘schema-id’
Note: schema-id
relates to the schema that I have created in step 5.
Help?
I don’t really understand why this is not working properly as the docs are pretty clear for using Assets scopes (at the bottom of the linked page). Does anyone have any idea why this is not working? I’m using the newest Forge CLI version of course