Customers can see links to issues he cannot access

Description

On the customer portal the similiar issues addon shows issues that the customer does not have access to.

The use case:
User is part of an JSD organisation and starts writing in the summary field.
He then gets a list of both issues that he can see as well as issues that are not visible to his organisation.
Clicking on an issue he does not have access to redirects him to the portal page.

Desired behaviour:
Only show issues that is accessible for the customer.

SIF-73 does not resolve this problem.

Environment

None

Activity

Show:
Torbjörn Richter
March 8, 2019, 2:10 PM

I also have the same problem.
The 'filter by fields' setting doesnt work.
In our case we would like to have 'Project', 'Issue Type' and 'Organizations' as filters but only Project seems to work.

Deniz Oğuz
April 18, 2019, 9:04 AM

This behavior is caused by "Issue Types" settings of project specific "Similar Issues Finder" configuration. If you set "Issue Types" to empty this will not occur. But this field is causing confusion and we have decided to revert back to normal visibility rules of Jira instead of overriding it for issue types selected here. In 1.20.0 version this field will be removed and users will only able to access issues they have access to. Sorry for the confusion.
"Filter by Fields" setting only works for issues displayed on "Similar Issues Tab Panel" it is not used on create issue screen because we don't know most field values on issue create screen because issue is not created yet.

Fixed

Assignee

Deniz Oğuz

Reporter

Björn Gullander

Labels

None

Source

None

Jira Version

None

Database Type/Version

None

Browser Type/Version

None

Fix versions

Affects versions

Priority

Major
Configure