Customers Receive 403 Error When Opening Email Attachments
Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.
This custom solution utilizes an internal API endpoint, which is subject to alterations without prior notification, potentially leading to the disruption of the implemented solution.
要約
Jira Automation allows users to retrieve information about request attachments by calling the {{attachment}} smart value. This allows agents to access some file attributes like:
- name
- URL
- size
- type
- author
Although the smart value has an attribute containing the file URL, opening this link does not always work as expected for some users.
診断
When opening an attachment link sent via Jira Automation using {{attachment.content}} smart value, one of the two errors below will appear on the page:
- User authenticated: Encountered a "403 - Forbidden" error while loading this page.
- User not authenticated: {"errorMessages":["You do not have permission to view attachment with id: XXXXX"],"errors":{}}
原因
There is an internal link in the {{attachment.content}} smart value that can only be accessed by Jira licensed users, and in most cases, Jira Service Management customers will not have a Jira license. Hence, the attachment link cannot be opened by them.
ソリューション
Let's compare the URL provided by the smart value against a proper URL where customers can download the attachments:
Smart value URL:
https://<instance_name>.atlassian.net/rest/api/2/attachment/content/<attachment_id>
Customer attachment URL:
https://<instance_name>.atlassian.net/servicedesk/customershim/secure/attachment/<attachment_id>/<attachment_name>?fromIssue=<issue_id>Notice that the smart value attachment has attributes that store everything we need to create the same structure as the customer attachment URL, allowing us to do the following:
Add all the Attachments added as comments, in the description,or while creating the issue ( agent view )
[
This step will add all the attachments in the issue as comments ]
- Open the service project > Project settings > Automation > Create rule
- As a trigger, select Desired Trigger and > Save
- Select New action > Comment on issue > Add the following smart value{{#attachment}} !{{filename}}! {{/}}Create a variable (e.g., {{requestattach}}) with the following structure:
<ul> {{#issue.attachment}} <li> <a href="{{content.replaceAll("(.*)(rest\/api\/2\/.*\/)(\d{5,})","$1servicedesk/customershim/secure/attachment/$3/")}}{{filename}}?fromIssue=replaceme">{{filename}}</a> </li> {{/issue.attachment}} </ul>Create another variable (e.g., {{issueId}}) with the following structure:
{{issue.id}}Now, on the Send Email action, call the variable with the following function to replace the replaceme text with the second variable issueId:
{{requestattach.replace("replaceme",issueId)}}Variable names are case-sensitive, if your email didn't work, check if your variables match case in all rule components.
The result should be an email with the following structure:
Users must see the respective attachments on the request on the Portal to open the attachment links. This means:
- The user must be authenticated in the Portal.
- They also must be able to see the request where the attachment pertains to on the Portal by being:
- 報告者
- リクエスト参加者
- Member of an Organization which the request was shared with
- Last but not least, the attachment should be visible to the user through a comment in the request