Restricted Work Log entries show in the Activity Stream for JIRA Cloud

2017-03-13T04:15:41
ID ATLASSIAN:JRA-64380
Type atlassian
Reporter mikey.schott
Modified 2017-03-29T00:07:12

Description

h3. Summary

When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream.

h3. Steps to Reproduce

Set up a test user (JIRA Users).

Enable comment visibility to support groups as per [Configuring JIRA Options|https://confluence.atlassian.com/display/JIRA/Configuring+JIRA+Options].

With an admin user, log work on an issue and set the visibility to a group.

Access an activity stream with the test user (JIRA Users).

h3. Expected Results

The Activity Stream does not expose information about the log work event to the user.

h3. Actual Results

The Activity Streams leaks the worklog comment, despite being marked as restricted to a specific group.

h3. Workaround

Disable group comment visibility, or ensure users only restrict worklogs to project roles.