Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Anonymous caused a status change in Jira -- scary

Brent Webster
Brent Webster
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 23, 2013

Running with Jira 5.2.2

My project manager tripped over this, asking why is the Resolution set to "xxxx" when the Status is in a unResolved state. I reviewed the issue's comments and came across:

Anonymous made changes - 02/Aug/13 1:54 PM
Status Resolved [ 5 ] Ready to Submit [ 10001 ]
Rick added a comment - 02/Aug/13 3:45 PM - edited

Please re-open. I tried to re-open and it now appears to be ready to submit

After chatting with Rick, I believe he left his Jira web page up pointing to this issue where one of the transition menus was to "reopen" the issue. He left and later returned, pressed the "reopen" button and did what most busy person -- ignored any errors and continued with his work.

I reviewed the catalina.out log for both Rick and anonymous but there were no logs (errors, warns, info) around that time period. I'm concerned because Anonymous force a state change and that state change for Resolved to "Ready to Submit" has no valid transition to get it there directly.

There are no current questions on this issue but I hoping for some comments or recommendations from the community.

Answer
Watch
Like Be the first to like this
460 views

2 answers

1 accepted

0 votes
Answer accepted
Brent Webster
Brent Webster
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 28, 2013

Hmmmm. All my workflow transitions have conditions set to control access. There is one transition that goes from "Ready to Submit" to "Resolved" and the conditions on that transition do not allow that user to fire it. There are no transition that directly go from "Resolved" to "Ready to Submit" but the comment above show that Anonymous did do it. I'm using three plugins: ScriptRunner 2.1.11, Subversion 0.10.11.1 and Universal Plugin Manager 2.11 which are all rock solid plugins. I appreciate your responses Nic but for now I'm just going to have to keep a watchful eye on the situtation.

Reply
0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 23, 2013

Your workflow is missing conditions, such as "only people in the role of user can do this"

A workflow transition with no conditions is executable by absolutely anyone who can see the issue, without logging in. That's what's happened here.

Have a look at the (uneditable) jira default workflow - you'll see it has no transitions without any conditions, there's always at least one enforcing a "user must be logged in because I need to know that they're part of role X"

View More Comments
Brent Webster
Brent Webster
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 24, 2013

Good point but the active workflow does not have a transition directly from Resolved to "Ready to Submit" so how did it get there.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 24, 2013
It did when the user clicked it. Either that, or you have a plugin that is bypassing the workflow (I'd advise deleting that immediately if that is the case)
Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events