Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

using contentPropertyService.create() for a user without edit permission?

Rina Nir (AC)
Rina Nir (AC)
Atlassian Partner
April 15, 2017

Confluence 6.0.3

With a POM2 plugin I need to create json properties on a page via the ContentPropertyService. This is triggered within a LabelEvent listener.

This fails when the user has no edit permission on the page. Any idea how to 'force' saving properties even when the user has no edit permission?

This is the message I get:

validationResult.validateCreate=SimpleValidationResult{authorized=false, errors=[]}

Answer
Watch
Like Ture Hoefner {Appfire} likes this
628 views

2 answers

0 votes
Ture Hoefner {Appfire}
Ture Hoefner {Appfire}
Contributor
October 13, 2023

I don't see this topic over in the dev community.  I'll probably start something over there.

I'm running into the same trouble:  the ContentPropertyService API requires page EDIT perms to create/update/delete custom content properties for a page.  This is inconsistent with all of the other APIs I have seen/used in Confluence.  They don't have perm checks so close to the method calls that do the actual CRUD.  Any perm checks are usually app code that is upstream of the API that is doing the CRUD.

This is an unfortunate design choice.  It makes custom content properties usable only for the page editor use-case.  These custom content properties cannot be used when viewing a page.  Only plugins that are used inside of the page editor can use them. 

Collaboration plugins that are used in page view mode cannot use the ContentPropertyService API.

This is the only content property API that I know of that migrates its properties from Server to Cloud along with the page when it is migrated.  (A related problem is the collection of inconsistent content property impls out there)

3rd party apps that use page-scoped custom properties are struggling now with what to do because the Server/DC --> Cloud migration is such an important part of the ecosystem right now. 

The ContentPropertyMANAGER custom content properties are correctly implemented w.r.t. perms (they do not do perm checks right in the create/update/delete impl) but they are in the OS_PROPERTYENTRY table and that is NOT migrated from Server to Cloud and those properties are not available via a Confluence Cloud REST API like the ContentPropertySERVICE properties are.  The ContentPropertySERVICE properties are in the CONTENT and BODYCONTENT tables and are available via REST API on both server and Cloud.

I'm going to take a guess:  the perm checks were implemented in the ContentPropertySERVICE API because it is what backs the REST API.  The REST API needs some perm checks and somebody made a few mistakes:  1) they put the perm checks in the create/update/delete methods in the backing Java API instead of encapsulating them outside/upstream of the Java API, 2) they did the wrong perm check: they should be checking page VIEW, not page EDIT.

A long and painful story.  Sorry, but I put it here because there are no other hits out there when searching for this problem.

Reply
0 votes
Maarten Cautreels
Maarten Cautreels
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 15, 2017

Hi Rina,

The Atlassian User Community and Developer Community recently got split up. 

It'll probably be better for you to ask your question at https://community.developer.atlassian.com/, you'll have a better chance of getting an answer there!

Best,

Maarten

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.