Can not search by exact email address when Profile Visibility is not Anyone

Description

Problem 1:
We are using /rest/api/2/user/search to find the accountId by the exact email address.
We are calling this REST endpoint by an add-on user, as we would like to find the user that should be impersonated.

The problem is that /rest/api/2/user/search does not return any result when PVC is set to anything different from "Anyone".

We would respect the PVC settings, we do not want to see the email address, but we would like to find the corresponding accountId by the exact email address.

Problem 2:
Even worse, if we try to execute searching as an admin user instead of the add-on user, we do not found users who set PVC to "Only me and admins".
For this latter case we executed search as an admin:
https://csekol.atlassian.net/rest/api/2/user?accountId=557058:d10e699b-e2dc-4506-824e-c093772d6997

The REST call was:
https://csekol.atlassian.net/rest/api/2/user/search?query=laszlo.cseko@blueatlasconsulting.com

However, the result should be the account for laszlo.cseko@blueatlasconsulting.com
https://csekol.atlassian.net/rest/api/2/user?accountId=5bb62ace51d4557be258b5fc

Our impression according to this, that searching by exact match should have to work:
https://community.developer.atlassian.com/t/user-search-with-email-gdpr-impacts/27953/2

Environment

None

Activity

Show:
Rahul Patasariya
July 11, 2019, 5:44 PM

If privacy setting are not applied then you can search on any field but this issue was when privacy settings are applied. And we only apply privacy setting if:

  1. In api call user pass the apply_privacy_settings=true OR

  2. if we have added the user to feature flag.

since privacy has not yet been rolled out in production.

Anyway it has been tested and confirmed that it is working fine so all good.

 

Daniel Marczisovszky [META-INF]
July 11, 2019, 2:12 PM

Dear Rahul,

Sorry, we do not understand 100% your last comment, can you please clarify how it should work exactly?

Thanks,
Daniel

Rahul Patasariya
July 8, 2019, 10:38 PM
Edited

Deployed the changes to prod-east. Since this code will only trigger if `privacy_settings` are used. There are 2 ways of doing it 1) pass `apply_privacy_settings=true` in the search request or 2) We add the user with product in our feature-flag so search will apply privacy settings by default. Please let us know which way will you prefer

Jon Hartlaub
July 1, 2019, 11:06 PM
László Csekő
June 26, 2019, 1:33 PM

Hi,

As far as I remember, it was working some weeks ago.

First when I found search is not working, I asked it on developer community: https://community.developer.atlassian.com/t/user-search-with-email-gdpr-impacts/27953/5

Then I saw it was working until now.

Hope this helps.

 

BR,

László

Fixed

Assignee

Rahul Patasariya

Reporter

Daniel Marczisovszky [META-INF]