Scopes & Permissions

External domains (for images):

• *.atlassian.com : We cannot upload images directly to the survey in Cloud because the images get part of the JSON which is then too big for the Storage API of Forge. Instead, it is possible to upload images to a Confluence page as an attachment and link this attachment. Because attachments are stored on api.media.atlassian.com, we whitelist *.atlassian.com for images.

• *.atlassian.net : Used to retrieve a user's Confluence profile picture.

• *.wp.com : We need this to retrieve user avatars for users that do not have a profile picture, e.g., https://i2.wp.com/avatar-management--avatars.us-west-2.prod.public.atl-paas.net/initials/MB-0.png?ssl=1. We are mirroring this from Atlassian, who do the same call when retrieving such user avatars.

• fonts.gstatic.com : SurveyJS introduces some fonts for the survey creator. We retrieve the fonts so the editor is displayed correctly.

• surveyjs.io: SurveyJS shows some demonstration pictures when inserting an image picker question. We retrieve exactly these four images to give a good user experience.

  • https://surveyjs.io/Content/Images/examples/image-picker/lion.jpg

  • https://surveyjs.io/Content/Images/examples/image-picker/giraffe.jpg

  • https://surveyjs.io/Content/Images/examples/image-picker/panda.jpg

  • https://surveyjs.io/Content/Images/examples/image-picker/camel.jpg

Scopes:

These are the scopes defined for our app. Please note that their representation in the “Allow Access” dialog can differ.

• storage:app: Needed to persist data of a Multivote or Survey in your Confluence Cloud instance

• read:user:confluence: Needed to check for group membership of a user to be able to give groups permissions in surveys (https://developer.atlassian.com/cloud/confluence/rest/api-group-group/#api-wiki-rest-api-group-groupid-membersbygroupid-get).

• read:content.permission:confluence: Needed to check whether a user has edit rights for a page to give users only permissions to vote in Multivotes when they could edit the page (https://developer.atlassian.com/cloud/confluence/rest/api-group-content-permissions/).

• read:group:confluence: Needed to check for group membership of a user to be able to give groups permissions in surveys (https://developer.atlassian.com/cloud/confluence/rest/api-group-group/#api-wiki-rest-api-group-groupid-membersbygroupid-get).

• read:content-details:confluence: For example used for retrieving data of the current logged in user to add the user directly as survey manager in a newly created survey (https://developer.atlassian.com/cloud/confluence/rest/api-group-users/#api-wiki-rest-api-user-current-get).