Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

ScriptRunner - IssueInputParameters not setting issue comments

Hello Community,

I have a Rest EndPoint that a user recieves via email for them to click on.

The Rest EndPoint does some processing and pretty much sets some fields in Jira without the user needing to log-in. 

So far I am able to have an issue transition based on the Rest EndPoint user clicks, as well as delete a few custom fields based on which Rest EndPoint user clicks as well.

In my Rest EndPoint I have code that automatically adds the a comment to the issue with some standard information. I've tested out my code and everything works when the user accepts via email and just happens to be logged into Jira.

When the user is not logged into Jira and accepts via email everything works except for posting a comment in the issue. Below is my code:

def value = "Thank you for utilizing our email feature"
ApplicationUser user = userManager.getUserByName("userNamePassedViaRestEndPoint")

IssueService issueService = ComponentAccessor.getComponent(IssueService);
IssueInputParameters issueInputParameters = issueService.newIssueInputParameters()
def update = issueService.validateUpdate(user, issue.getId(), issueInputParameters)
if (update.isValid()) {
issueService.update(user, update)


I am not sure why this code only runs correctly when the user is logged into Jira as well.

Can anyone provide me some insight as to what I need to change or why this is behaving in such a matter.

Thank you!


1 answer

1 accepted

1 vote
Answer accepted


If you want to know the exact error, you should make your code tell you the errors. It would be something like this:

 if (update.isValid()) {

IssueService.IssueResult issueResult = issueService.update(user, update)

if (!issueResult.isValid()) {  log.error(issueResult.getErrorCollection())
} else {

I did not check the code. There can be typos.

Also I would check the project permission scheme. Check the add comment permission. It must be granted to Anyone.

@Alexey Matveev _Appfire_,

I added the log you recommended and this is what it returned:

{"reasons":["NOT_LOGGED_IN"],"errorMessages":["You do not have the permission to comment on this issue."],"flushedErrorMessages":["You do not have the permission to comment on this issue."],"errors":{}}

 It appears the issue is that the user isnt logged into Jira and therefore cant post the comment.

Do you know of anyone to circumvent this?
I check my project schemes and the comment permissions are global, anyone can comment.


What do you mean the comment permission are global? did you check the add comment permission?

Anyway I think it would be better if you made a new user in Jira and make your REST work under this user, if the user is not logged in. You could get the current user by


and you can set a user


At least you would know that changes were made by your rest.

Hey Roberto, 

If the call is made without the user being logged in then you can use the HttpServletRequest to get the user that made the call and then using the UserManager you can get the ApplicationUser. 

There is a similar example in the documentation - Get the user making the request

@Alexey Matveev _Appfire_@Thanos Batagiannis [Adaptavist]

By Global I mean that the jira-group that I have that encompasses everyone in Jira has the add comment permission for the project I am working in.

I tried that approach as well, I made an admin in Jira to use with REST.

The rest works if you are logged into Jira at the same time you hit the Rest EndPoint URL.

But the rest only partially works, disregarding if I make the admin the person who triggers the IssueService or the actual individual who clicked on the Rest EndPoint, if you hit the Rest EndPoint while not being logged into Jira.

The whole functionality I am adding is allowing people to do certain Jira issue functions without having to be logged into Jira, through a link i send them via email whenever a certain condition is triggered in Jira itself.

Example, a dev changes an issue, someone gets the email with Rest EndPoint URl to perform certain things to the issue automatically without having to log into Jira.

Thanos, I dont have an issue grabbing the actual ApplicationUser.

My Issue is that even though I have the actual ApplicationUser of the user who triggered the Rest EndPoint. I can't get IssueService to run correctly if said User is not logged into Jira at the same time they click the Rest EndPoint URL. In my initial post you see the error message i get from ErrorCollection().


Hey Roberto, 

If you follow the example in the link I sent above then you can get the ApplicationUser who made the rest call (without being logged in), like 

import com.atlassian.sal.api.user.UserManager
import com.atlassian.jira.component.ComponentAccessor

def userManager = ComponentAccessor.getOSGiComponentInstanceOfType(UserManager)
def userProfile = userManager.getRemoteUser(request)
def applicationUser = ComponentAccessor.userManager.getUserByKey(userProfile.userKey)

Ok, I missed the point. You do not need JiraAuthenticationContext to set the user.  Do you mean that if your user is admin, your Rest function does not work? I mean you can change your line to

ApplicationUser user = userManager.getUserByName("admin")

and it does not work? It must work.  I do not want you to make a code like that, It is just a question. Because if you put a user who has rights to add a comment  then your code must work.

@Thanos Batagiannis [Adaptavist],

I did what you mentioned above, and I am able to get the user who made the requests information. I can see their username, emailAddress, active, directoryId, etc.

But regardless of actually having the user, when the user clicks on the Rest EndPoint link that I send them via their email and the user who clicks on the link is not logged into Jira then the comment does not post.

When the user I send the Rest EndPoint link via email clicks on the link and is logged into Jira at the sametime, then the comment is posted.

{"reasons":["NOT_LOGGED_IN"],"errorMessages":["You do not have the permission to comment on this issue."],"flushedErrorMessages":["You do not have the permission to comment on this issue."],"errors":{}}

That is the error I get, same error I had before, even after implementing your way of getting the user.


I guess you need to make an internal user who has permission to edit comments in the project and if the current user is not logged in then you have to make an update under the internal user.

@Alexey Matveev _Appfire_@Thanos Batagiannis [Adaptavist],

I just tried something similar to that.

If you are aware of how Confluence has "Anynoymous" users, I pretty much copied that concept of "Anynymous"  and put it into Jira.

I am having the Anynomous user post the comment and the comment has all pertaining information of the actual user. 

So that kind of solves my issue, not 100% ideal since the comment isnt posted by the actual user but its close.

Thanks for all the help!


Anonymous added a comment - 1 minute ago

userTester2 has approved issue HTPX-12 of type: Testing

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events