When trying to post a comment on a JSM request, we first check if the user has the Add comment permission via the /rest/api/3/mypermissions?permissions=ADD_COMMENTS&issueKey=${issueKey} API.
If this returns true then we post the comment as this User via /rest/servicedeskapi/request/${issueKey}/attachment API. But even though the permission API is returning true we are getting the following error when posting the comment.
post /rest/servicedeskapi/request/${issueKey}/attachment 403}
{"errorMessage":"You do not have permission to view this request.","i18nErrorMessage":{"i18nKey":"sd.request.view.error.no.permission","parameters":[]}}
What other permissions do we need to check in this case?
Also the user in question is an atlassian user.
Hi @AmitvikramDwivedi,
As you are using the Create comment with attachment REST API, are you also adding an attachment? If so, try checking CREATE_ATTACHMENTS as well.
If you only want to add request comments, then the Create request comment REST API should suffice.
Cheers,
Ian
I checked the CREATE_ATTACHMENTS Permission as well and even that was returning true. We are using this API to post comments and attachments both. If there are attachments then we upload them first via the /rest/servicedeskapi/servicedesk/${metadata.serviceDeskId}/attachTemporaryFile API and pass the ids of the temporary attachments to the /rest/servicedeskapi/request/${issueKey}/attachment API with the attachment Ids along with the comment text in the following body. If there are no attachments then the temporaryAttachmentIds array is empty and it posts the comment as is. The exact example that I was talking about was of the later case when there were no attachments.
{
public: true,
temporaryAttachmentIds: temporaryAttachments.map(
(tempAttachment) => tempAttachment.temporaryAttachmentId
),
additionalComment: {
body: commentBody
}
},