Details
-
Bug
-
Status: Done
-
High
-
Resolution: Fixed
-
5.3.1
-
None
-
2.6
Description
To reproduce:
- Create a Service Desk project.
- Create a behaviour mapped to that project.
- Add a user to the Service Desk Customers role in the project (but not any other roles).
- Make sure that the Browse Projects permission is granted to Service Desk Customer - Portal Access.
- Switch to the user you added before.
- Go to the customer portal and click through to a request creation form.
Expected result: the behaviour loads.
Actual result: the behaviour doesn't load and the following error appears in the browser developer console.
image-2018-03-02-13-41-41-974.png.tiff
Navigating to the URL http://localhost:8080/jira/rest/scriptrunner/behaviours/latest/jsd/jsd/validatorsByPid.json?portalId=1&requestTypeId=1 gives the result:
"Cannot retrieve validators from PortalID: '{1}' , Request Type ID : '{1}', exception: Could not find project for service desk id for 1. \nAnError{httpStatusCode=403, errorCode=none(), message='sd.portal.error.permission : 'You do not have permission to view this Portal.''}"
When we call PortalService.getPortalForId(...) from ServiceDeskUtils.getProjectIdForPortal(...), we 'do the right thing' by passing in the currently logged-in user as the user parameter. However, if the logged-in user is as specified above - a customer only, with permission to browse projects via the portal only - then getPortalForId will return an error result, claiming that the user lacks the Browse Projects permission. Possibly this has something to do with the special nature of the "Service Desk Customer - Portal Access" security type.
