REST API incorrectly checks CREATE_WORKLOG permissions instead of "EDIT_WORKLOG" and "EDIT_ALL_WORKLOG" permissions

Description

On a particular workflow of ours we have a status where only Administrators are allowed to edit all worklogs. Users are able to add the worklogs in previous statuses.

When a user attempts to edit a worklog via the REST api, the following errors can be seen:

However there is no issues editing the worklogs manually via the UI with the Administrator user. The errors seem to indicate that the REST api is attempting to update the worklogs as the original worklog author, instead of the Administrator user editing them.

I don't know the exact version we started seeing this, but we did not have this issue with 4.6. I am not sure also whether this may be related to changes made by

Environment

None

Activity

Show:
Deniz Oğuz
March 10, 2021, 4:24 PM

Hi Jennifer,
I can reproduce this problem and it will be released with 4.8.2 version. Thanks for taking your time and providing a detailed report.

Fixed

Priority

Critical

Assignee

Deniz Oğuz

Reporter

Jennifer Whalan

Affects versions

Fix versions

Labels

None

Source

None

Jira Version

Database Type/Version

None

Browser Type/Version

None