Uploaded image for project: 'SR for Jira - Development'
  1. SR for Jira - Development
  2. SRJIRA-2733

Behaviours do not load (HTTP 400 error) on SD support portal for some users

    Details

    • Type: Bug
    • Status: Done
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 5.3.1
    • Fix Version/s: 5.4.7
    • Component/s: Behaviours
    • Labels:
      None
    • Critical Points:
      2.6

      Description

      To reproduce:

      • Create a Service Desk project.
      • Create a behaviour mapped to that project.
      • Add a user to the Service Desk Customers role in the project (but not any other roles).
      • Make sure that the Browse Projects permission is granted to Service Desk Customer - Portal Access.
      • Switch to the user you added before.
      • Go to the customer portal and click through to a request creation form.

      Expected result: the behaviour loads.

      Actual result: the behaviour doesn't load and the following error appears in the browser developer console.

      image-2018-03-02-13-41-41-974.png.tiff

      Navigating to the URL http://localhost:8080/jira/rest/scriptrunner/behaviours/latest/jsd/jsd/validatorsByPid.json?portalId=1&requestTypeId=1 gives the result:

      "Cannot retrieve validators from PortalID: '{1}' , Request Type ID : '{1}', exception: Could not find project for service desk id for  1. \nAnError{httpStatusCode=403, errorCode=none(), message='sd.portal.error.permission : 'You do not have permission to view this Portal.''}"
      

      When we call PortalService.getPortalForId(...) from ServiceDeskUtils.getProjectIdForPortal(...), we 'do the right thing' by passing in the currently logged-in user as the user parameter. However, if the logged-in user is as specified above - a customer only, with permission to browse projects via the portal only - then getPortalForId will return an error result, claiming that the user lacks the Browse Projects permission. Possibly this has something to do with the special nature of the "Service Desk Customer - Portal Access" security type.

        Attachments

          Activity

            People

            Assignee:
            jchoules Joanna Choules
            Reporter:
            jchoules Joanna Choules
            Votes:
            11 Vote for this issue
            Watchers:
            17 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: