Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

REST API SERVER PermissionScheme projectRole returns nonsensical data

Jorge Suarez
Jorge Suarez
Contributor
August 26, 2019

Jira Server 7.12.3 -

I am writing a script to generate a list of all groups and users that have BROWSE on all the projects in my instance.  My steps are:

1. Get permission scheme of project: 

https://<JIRA>/rest/api/2/'project/<key>/permissionscheme?expand=permissions,user,field

(note, if I added projectRole to expand list, REST returns a crash stack trace)

2. Iterate permissions returned and find those that contain

     {.... "permission": "BROWSE_PROJECT", 

           "self": <url_of_permission>,  

           "type": <projectRole, user, etc> 

     }

3. Query 'self' url with  HTTP GET <url_of_permission>?expand=<projectRole or all> 

    With expand set, this returns the holder of the permission, and in the case of projectRole something like:

"projectRole": {
"self": "https://jira.iilg.com/rest/api/2/role/10000",
"name": "Users",
"id": 10000,
"description": "A project role that represents users in a project"
}

4.  The problem is, that the 'self' value here does not appear to apply to anything that makes sense, since the PermissionScheme is shared amongst 30 projects, and is not specific to any project I can determine.  All projects with this scheme return the same link, and retrieving the list returns a JSON with "actors" that always contain the same 3 groups, even though each project has a different set of users/groups for their respective Users role.

{
"self": "https://jira.iilg.com/rest/api/2/role/10000",
"name": "Users",
"id": 10000,
"description": "A project role that represents users in a project",
"actors": [   { "id": 10364,
                "displayName": "resort sales",
                "type": "atlassian-group-role-actor",
                "name": "resort sales"
               },
               {  "id": 10363,
                  "displayName": "jira-qa",
                  "type": "atlassian-group-role-actor",
                  "name": "jira-qa"
                },
               { "id": 10000,
                 "displayName": "jira-users",
                 "type": "atlassian-group-role-actor",
                 "name": "jira-users"
               }
           ]
}

Questions are:

1.  Is this set to the projectRole actors of the first project that was assigned this permission?  It makes no sense to list any groups here for a shared permission scheme that simply points to project roles (the permission does not list groups or users, only projectRole)

2. Given the "role" name I can query each projects for its roles and find the groups listed there, by why list anything at the permission level, especially when it is inaccurate.  What exactly does that information represent?  Was it a left over from a half-implemented design?

 

 

Answer
Watch
Like Be the first to like this
305 views

0 answers

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events