IssueService validations does not run with provided user
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
When upgrading to Jira 8.13+, IssueService validations do not run with the provided user. For example issueService.validateCreate(actor, issueInputParameters) produces a reporter can't be changed by the user error, which shouldn't happen, as the actor passed has maxed out permissions in the project.
In a Scriptrunner Script Listener (Groovy) the issueService.validateCreate(actor, issueInputParameters) or even validateSubTaskCreate fails on the reporter permission check, despite the API being given a user which is authorized to do so.
Environment
8.13.6
8.20.11
Diagnosis
This results in a validation error of:
reporter:You do not have permission to modify the issue reporter.
Cause
We have a bug documenting this behaviour: JRASERVER-72676 - In a script listener, the IssueService validateSubTaskCreate fails on the reporter permission check, despite the API being given a user which is authorized to do so.
Solution
As an example, override the authContext like this:
JiraAuthenticationContext authContext = ComponentAccessor.getJiraAuthenticationContext()
try {
authContext.setLoggedInUser(actor)
// Rest of the script with the set authentication context
} catch (Exception exception) {
log.error exception.message
} finally {
authContext.setLoggedInUser(originalIssue.reporter)
}