Access the REST API as a specific user rather than an overall system

So, right now, I am accessing the JIRA Rest API through my rails app.

If a user of my app wants change the "status" of an issue, I check to see if their associated JIRA user account is a member of groups with permissions to change that issue's status. 

For instance, if the JIRA username "Beckah" is part of the "jira-administrators" groups, they can change an issue's status from "In Progress" to "Complete".

My question is, is there a way to enforce these kinds of rules through Jira's rest API? In plain English, with a Rest PUT request, "User Beckah wants to move Issue NEM-11 to Complete" and see if it JIRA responds with an error or success based on Beckah's permissions to update that issue. 

Let me know if that makes any sense or if more details are needed.

1 answer

0 votes
Boris Berenberg Community Champion Aug 01, 2017

You need to use oAuth instead of basic auth in your rails app. You also need to support user impersination.

Is there a specific tutorial on jira oauth user impersonation? can't find anything.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Friday in Jira Service Desk

Looking for anyone who has switched from Zendesk to Jira Service Desk

Hi Community! The Jira Service Desk marketing team is looking for customers who have successfully switched from Zendesk to Jira Service Desk!   We’d love to hear your thoughts on the pros and ...

31 views 0 1
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you