REST: How to perform search as admin with user view/privileges?

Daniel Woste February 18, 2013

Hello,

my users are able to define report issues.
In these issues they are defing a jql.
Once a day I take all report issues, perform a jql search and create a specific pdf report for them.

I do all this using the JIRA REST API.

The problem is that I perform the JQL search as admin.
My admin search results are different from the search results a normal user exspects.

For instance: labels in ("meeting", "discussion")

The user gets only issues which are part of his projects.
Me as admin is getting all isuess over all JIRA projects.

Is there a way to perform a user related REST JQL search as admin?

If not, is there a way to check the search result for issues a specific user is able to see/edit?

Thanks for your feedback,
Daniel

2 answers

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

1 vote
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 18, 2013

Yes, use an admin account to log in via REST.

There's a reason you can't see stuff in REST when using an unprivileged user - they don't have the rights to do it in the UI. The correct security model here is to have REST respect that. There's no way to check for "issues a user is able to see", because, by definition, they cannot see the issues.

Try the search as that user in the Jira UI, then try the same in REST - you *should* get the same results.

Daniel Woste February 18, 2013

Hey Nic, thanks for your answer.

But I'm afraid you missunderstoood my question.
I'm searching for a way to perform a search related to a specific user, but without the need to login as this user to REST (because I don't have the needed loging data)
I will login as admin!

So the user search result will be a subset of the search result I get as admin.
And this subset I need to find out.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 18, 2013

Oh, I see, so the "can only see what logging in user can see" is fine, and valid. But your problem is an admin can see too much.

Sorry I misunderstood that.

I don't think there is a way to impersonate another user via REST, but I've not used it enough to be sure yet. Hopefully someone else here will have a better answer!

0 votes
Daniel Woste February 24, 2013

As really nobody an idea? Atlassain JIRA team?

TAGS
AUG Leaders

Atlassian Community Events