Uploaded image for project: 'ONE'
  1. ONE
  2. ONE-27810

Navigated to the Gantt module - HTTP GET, throws '403' (Forbidden) for endpoint "util/datatype/" for non Jira / BP Admin users.

    XMLWordPrintable

Details

    • Tree
    • BigPicture, BigGantt
    • JIRA server, JIRA cloud
    • 5
    • Analysis
    • $i18n.getText("admin.common.words.hide")
      $i18n.getText("admin.common.words.show")
      var cfToHide1 = document.getElementById("rowForcustomfield_18501"); if(cfToHide1){cfToHide1.style.display="none";} var cfToHide2 = document.getElementById("rowForcustomfield_18502"); if(cfToHide2){cfToHide2.style.display="none";} var cfToHide3 = document.getElementById("rowForcustomfield_19700"); if(cfToHide3){cfToHide3.style.display="none";} var cfToHide4 = document.getElementById("rowForcustomfield_18400"); if(cfToHide4){cfToHide4.style.display="none";}
    • 6 minutes, 24 seconds
    • 22 hours, 49 minutes, 50 seconds
    • 0
    • 0
    • 0
    • 12 minutes, 16 seconds
    • 1 day, 1 hour, 47 minutes, 55 seconds

    Description

      This error may lead to Gantt unavailability for non Jira / BigPicture Admin users

      Prerequisites: The User without permission BigPicture Admin is created. User has permission to App User and Box Editor/Box Viewer

      Steps to create prerequisites:

      1. Create any User in Jira.
      2. Go to BigPicture ->Administration -> Security -> Global Roles
      3. Add User to App User
      4. Go to Box types tab
      5. Select ‘Program Box’ -> ’Security’ -> ‘Basics’
      6. Add User to Box Editor or Box Viewer
      7. Navigate to Overview, Hierarchy Mode - Home level
      8. Create Program Box

       Steps to reproduce:

      1. Log in as User, created in previous steps.
      2. Navigate to ‘Gantt’ module of Box created in previous steps.

      Actual Result 
      In console (devtools) Request returns ‘403’ error code for endpoint "util/datatype/"

      For the reference the image below - '403.png'.

      Expected Result 
      There is not ‘403’ error code for endpoint "util/datatype/"

       

      Attachments

        Activity

          People

            igor.szymanczyk Igor Szymanczyk
            igor.szymanczyk Igor Szymanczyk
            bartlomiej.janczak Bartłomiej Jańczak , grzegorz.duzy Grzegorz Duży , system.jenkins Jenkins , piotr.zadora Piotr Zadora , piotr.rozdeba Piotr Rozdeba , system.gerrit Gerrit , igor.szymanczyk Igor Szymanczyk
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: