Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


using contentPropertyService.create() for a user without edit permission?

Rina Nir (AC)
Solutions Partner
Solution Partners provide consulting, sales, and technical services on Atlassian products.
Apr 15, 2017

Confluence 6.0.3

With a POM2 plugin I need to create json properties on a page via the ContentPropertyService. This is triggered within a LabelEvent listener.

This fails when the user has no edit permission on the page. Any idea how to 'force' saving properties even when the user has no edit permission?

This is the message I get:

validationResult.validateCreate=SimpleValidationResult{authorized=false, errors=[]}

2 answers

I don't see this topic over in the dev community.  I'll probably start something over there.

I'm running into the same trouble:  the ContentPropertyService API requires page EDIT perms to create/update/delete custom content properties for a page.  This is inconsistent with all of the other APIs I have seen/used in Confluence.  They don't have perm checks so close to the method calls that do the actual CRUD.  Any perm checks are usually app code that is upstream of the API that is doing the CRUD.

This is an unfortunate design choice.  It makes custom content properties usable only for the page editor use-case.  These custom content properties cannot be used when viewing a page.  Only plugins that are used inside of the page editor can use them. 

Collaboration plugins that are used in page view mode cannot use the ContentPropertyService API.

This is the only content property API that I know of that migrates its properties from Server to Cloud along with the page when it is migrated.  (A related problem is the collection of inconsistent content property impls out there)

3rd party apps that use page-scoped custom properties are struggling now with what to do because the Server/DC --> Cloud migration is such an important part of the ecosystem right now. 

The ContentPropertyMANAGER custom content properties are correctly implemented w.r.t. perms (they do not do perm checks right in the create/update/delete impl) but they are in the OS_PROPERTYENTRY table and that is NOT migrated from Server to Cloud and those properties are not available via a Confluence Cloud REST API like the ContentPropertySERVICE properties are.  The ContentPropertySERVICE properties are in the CONTENT and BODYCONTENT tables and are available via REST API on both server and Cloud.

I'm going to take a guess:  the perm checks were implemented in the ContentPropertySERVICE API because it is what backs the REST API.  The REST API needs some perm checks and somebody made a few mistakes:  1) they put the perm checks in the create/update/delete methods in the backing Java API instead of encapsulating them outside/upstream of the Java API, 2) they did the wrong perm check: they should be checking page VIEW, not page EDIT.

A long and painful story.  Sorry, but I put it here because there are no other hits out there when searching for this problem.

0 votes
Maarten Cautreels
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Apr 15, 2017

Hi Rina,

The Atlassian User Community and Developer Community recently got split up. 

It'll probably be better for you to ask your question at, you'll have a better chance of getting an answer there!



Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events