Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

using contentPropertyService.create() for a user without edit permission?

Rina Nir (AC)
Rina Nir (AC)
Solutions Partner
Solution Partners provide consulting, sales, and technical services on Atlassian products.
April 15, 2017

Confluence 6.0.3

With a POM2 plugin I need to create json properties on a page via the ContentPropertyService. This is triggered within a LabelEvent listener.

This fails when the user has no edit permission on the page. Any idea how to 'force' saving properties even when the user has no edit permission?

This is the message I get:

validationResult.validateCreate=SimpleValidationResult{authorized=false, errors=[]}

Answer
Watch
Like Ture Hoefner _Appfire_ likes this
475 views

2 answers

0 votes
Ture Hoefner _Appfire_
Ture Hoefner _Appfire_ October 13, 2023

I don't see this topic over in the dev community.  I'll probably start something over there.

I'm running into the same trouble:  the ContentPropertyService API requires page EDIT perms to create/update/delete custom content properties for a page.  This is inconsistent with all of the other APIs I have seen/used in Confluence.  They don't have perm checks so close to the method calls that do the actual CRUD.  Any perm checks are usually app code that is upstream of the API that is doing the CRUD.

This is an unfortunate design choice.  It makes custom content properties usable only for the page editor use-case.  These custom content properties cannot be used when viewing a page.  Only plugins that are used inside of the page editor can use them. 

Collaboration plugins that are used in page view mode cannot use the ContentPropertyService API.

This is the only content property API that I know of that migrates its properties from Server to Cloud along with the page when it is migrated.  (A related problem is the collection of inconsistent content property impls out there)

3rd party apps that use page-scoped custom properties are struggling now with what to do because the Server/DC --> Cloud migration is such an important part of the ecosystem right now. 

The ContentPropertyMANAGER custom content properties are correctly implemented w.r.t. perms (they do not do perm checks right in the create/update/delete impl) but they are in the OS_PROPERTYENTRY table and that is NOT migrated from Server to Cloud and those properties are not available via a Confluence Cloud REST API like the ContentPropertySERVICE properties are.  The ContentPropertySERVICE properties are in the CONTENT and BODYCONTENT tables and are available via REST API on both server and Cloud.

I'm going to take a guess:  the perm checks were implemented in the ContentPropertySERVICE API because it is what backs the REST API.  The REST API needs some perm checks and somebody made a few mistakes:  1) they put the perm checks in the create/update/delete methods in the backing Java API instead of encapsulating them outside/upstream of the Java API, 2) they did the wrong perm check: they should be checking page VIEW, not page EDIT.

A long and painful story.  Sorry, but I put it here because there are no other hits out there when searching for this problem.

Reply
0 votes
Maarten Cautreels
Maarten Cautreels
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 15, 2017

Hi Rina,

The Atlassian User Community and Developer Community recently got split up. 

It'll probably be better for you to ask your question at https://community.developer.atlassian.com/, you'll have a better chance of getting an answer there!

Best,

Maarten

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events