Details
-
Bug
-
Status: Waiting Approval
-
Very High
-
Resolution: Unresolved
-
Xray Cloud 14.0.0
-
None
-
None
-
Cloud
Description
Description
On Xray Cloud, opening the Requirement Traceability report (or the Test Coverage panel on an issue) fails with HTTP 400 and the error "User doesn't have access to all issues needed" for older requirement issues, while newly created issues work fine. The root cause is a false-positive in Xray's permission middleware: when the report calls /api/internal/issuelinksMulti/testset/tests, the checkIssuePermissionBulkAux() middleware queries Jira via JQL for the linked Test Set issue IDs and compares the returned count to the requested count. Due to a known Jira Cloud JQL search inconsistency (fewer results returned than requested), the counts do not match, and Xray incorrectly treats this as a permissions failure and returns 400.
Pre-conditions
- Xray for Jira Cloud instance
- Requirement issue (Specification type) that has links to one or more Test Sets
- The issue must be an older one - newly created issues without accumulated Test Set links are not affected
- User role: any (error occurs for all users, including Jira admins)
How to reproduce
- Log into the affected Jira Cloud instance as any user (including a Jira admin)
- Navigate to Xray -> Reporting Center -> Requirement Traceability
- Select a project and a test plan that includes older Specification issues
- Attempt to generate the Requirement Traceability report
- Observe the 400 error
- Alternatively: open one of the affected older Specification issues directly and observe the Test Coverage panel - the same 400 error appears there as well
Actual result/Attachments
The Requirement Traceability report fails to generate. A 400 HTTP error is returned with the body: {"error": "User doesn't have access to all issues needed"}. The Test Coverage panel on the same issues shows: "Error occurred while calculating Test Coverage Status! Request failed with status code 400". The error affects all users (not just non-admins) and only older requirements - newly created issues work correctly.
Expected result
The Requirement Traceability report should generate successfully for all requirement issues regardless of age, and the Test Coverage panel should load without error. The permission check middleware should not treat a Jira JQL search result count mismatch as a permissions failure - it should handle the case where Jira returns fewer issues than requested (a known Jira Cloud API inconsistency) without blocking the report.
Attachments
Issue Links
- duplicates
-
XCC-2750 Loading...