JIRA SD Script Runner Adding a user to a group and removing the user from the project role as a user

Eric Salonen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 6, 2017

Hi guys,

Im baffled - can @JamieA help at all?

Ive created a script runner listener that monitors the "UserCreatedEvent" and the purpose of the script is to remove the user from the "Service Desk Customers" project role as as SINGLE USER and add that person to the group called "service-desk-customers" so that they belong to the group.

I have found out that when this "UserCreatedEvent" is fired the user is not in that role as a single user YET. I tested this script in the console with the hybrid version and the command (removeActorsFromProjectRole) actually works. However, it doesnt work in the automation where the event is fired.

*EDIT*

The adding of the group is succesfull but not the removal from the role as a single user. The if -statement is returned as false during run time. This does not work even when the if statement is removed as the user is not in that role yet when this script has run.

Why? :D

This is purely superficial as we think the admin page is easier to understand where not every single user is listed as a single user instead of a group (JSD does this feature automatically and we dont like it:D)

We are running JIRA 7.4.4 Core with the latest SD.

The script code is below

 

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.crowd.event.user.UserCreatedEvent
import com.atlassian.jira.user.util.UserUtil
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.util.UserManager
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.security.roles.ProjectRoleManager
import com.atlassian.jira.security.roles.ProjectRole
import com.atlassian.jira.project.ProjectManager
import com.atlassian.jira.security.roles.ProjectRoleActor
import com.atlassian.jira.project.Project
import com.atlassian.jira.bc.projectroles.ProjectRoleService
import com.atlassian.jira.util.ErrorCollection
import com.atlassian.jira.util.SimpleErrorCollection

UserManager userManager = ComponentAccessor.getComponent(UserManager)
GroupManager groupManager = ComponentAccessor.getComponent(GroupManager)
UserUtil userUtil = ComponentAccessor.getComponent(UserUtil)
ProjectRoleManager projectRoleManager = ComponentAccessor.getComponent(ProjectRoleManager)
ProjectManager projectManager = ComponentAccessor.getComponent(ProjectManager)
ProjectRoleService projectRoleService = ComponentAccessor.getComponent(ProjectRoleService)

def event = event as UserCreatedEvent
def gname = groupManager.getGroup('service-desk-customers')
def appUser = userManager.getUserByKey(ApplicationUsers.getKeyFor(event.user))
log.info "User: ${appUser}"
userUtil.addUserToGroup(gname, appUser) //Adds the user to the above group

long projectRoleID = 10200
long projectID = 10301

def adminUser = userManager.getUserByKey("jiraadmin")
Collection listOfUsers = [appUser.getKey()]
ProjectRole projectRole = projectRoleManager.getProjectRole(projectRoleID)//Service Desk Customers projectrole
Project project = projectManager.getProjectObj(projectID) //Service Desk Project

log.info "User List: ${listOfUsers}"
log.info "Project Role: ${projectRole}"
log.info "Project: ${project}"
log.info "${projectRoleManager.isUserInProjectRole(appUser,projectRole,project)}"

if (projectRoleManager.isUserInProjectRole(appUser,projectRole,project)){
    ErrorCollection errorCollection = new SimpleErrorCollection()
    projectRoleService.removeActorsFromProjectRole(listOfUsers,projectRole,project,ProjectRoleActor.USER_ROLE_ACTOR_TYPE,errorCollection)
}

 

4 answers

1 accepted

Suggest an answer

Log in or Sign up to answer
3 votes
Answer accepted
Eric Salonen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 14, 2018

I was finally able to figure out what the problem was.

As the script is reacting to the user authenticated event, the script is obviously run as the user who is logging in, whom more then likely wont have project administrative rights.

I noticed that I was setting the JIRA admin user in the script, but I wasnt doing anything with it :D D'oH!

Here is the code that fixed the problem, by placing the 2 lines of code after the 1st row.

String AdminUser = "jiraadmin" //User with admin rights

ApplicationUser adminApplicationUser = userManager.getUserByName("${AdminUser}")
ComponentAccessor.getJiraAuthenticationContext().setLoggedInUser(adminApplicationUser)
0 votes
Eric Salonen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 7, 2018

Duplicate answer.

0 votes
Alexey Matveev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 22, 2017

The question is publicly available. What do you mean by #it does not work in automation#? What is automation? You log script variables. Did you check in the log that the variables have correct values in automation?

Eric Salonen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 22, 2017

Hi Alexey,

Thanks for confirming I wasnt alone :D

The "does not work in automation" means that the Listener I created with Script Runner (Script Runner listeners) that monitors the "Usercreated" event - does not successfully remove the user as a single from the project role.

This is due to the fact (I was able to debug it) that when the "UserCreated" event is thrown - the user is actually not as a single user in the project role yet - because the line

log.info "${projectRoleManager.isUserInProjectRole(appUser,projectRole,project)}"

shows false in the logs.

So my question is: why?

Why isnt the user in that role, when this listener grabs hold of the thrown event? My guess is that this script is run before JIRA actually places the user into that role.

My other question is: How can I go around this problem? How can I make this script "run later"?

Alexey Matveev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 22, 2017

I think your script works as expected. If a user is created it does not mean that the user was added to a role. I would look for another event. I do not have access to Jira right now. I ll have a look later.

Alexey Matveev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 22, 2017

Try UserUpdatedEvent or UserEditedEvent

Eric Salonen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 2, 2018

Hi Alexey,

Just returned from holidays so apologies for late reply.

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.user.util.UserUtil
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.util.UserManager
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.security.roles.ProjectRoleManager
import com.atlassian.jira.security.roles.ProjectRole
import com.atlassian.jira.project.ProjectManager
import com.atlassian.jira.security.roles.ProjectRoleActor
import com.atlassian.jira.project.Project
import com.atlassian.jira.bc.projectroles.ProjectRoleService
import com.atlassian.jira.util.ErrorCollection
import com.atlassian.jira.util.SimpleErrorCollection
import com.atlassian.crowd.event.user.UserAuthenticatedEvent

UserManager userManager = ComponentAccessor.getComponent(UserManager)
GroupManager groupManager = ComponentAccessor.getComponent(GroupManager)
UserUtil userUtil = ComponentAccessor.getComponent(UserUtil)
ProjectRoleManager projectRoleManager = ComponentAccessor.getComponent(ProjectRoleManager)
ProjectManager projectManager = ComponentAccessor.getComponent(ProjectManager)
ProjectRoleService projectRoleService = ComponentAccessor.getComponent(ProjectRoleService)

def event = event as UserAuthenticatedEvent
def gname = groupManager.getGroup('service-desk-customers')
def appUser = userManager.getUserByKey(ApplicationUsers.getKeyFor(event.user))
log.info "User: ${appUser}"

if (!groupManager.isUserInGroup(appUser, gname)){
    userUtil.addUserToGroup(gname, appUser) //Adds the user to the above group
}

long projectRoleID = 10200
long projectID = 10301

def adminUser = userManager.getUserByKey("jiraadmin")
Collection<String> listOfUsers = new ArrayList<>()
listOfUsers.add(appUser.getKey())
ProjectRole projectRole = projectRoleManager.getProjectRole(projectRoleID)//Service Desk Customers projectrole
Project project = projectManager.getProjectObj(projectID) //Service Desk Project

log.info "User List: ${listOfUsers}"
log.info "Project Role: ${projectRole}"
log.info "Project: ${project}"
log.info "${projectRoleManager.isUserInProjectRole(appUser,projectRole,project)}"

if (projectRoleManager.isUserInProjectRole(appUser,projectRole,project)){
    ErrorCollection errorCollection = new SimpleErrorCollection()
    projectRoleService.removeActorsFromProjectRole(listOfUsers,projectRole,project,ProjectRoleActor.USER_ROLE_ACTOR_TYPE,errorCollection)
}

 I edited the code to fire when the user authenticates and now it returns true (the isuserinprojectrole).

However, the user is still in the project role as a single user and it seems the removeactors -function does not remove the user as a single (the user is now successfully in the group, so the single user can be removed)

Any idea buddy?

Eric Salonen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 1, 2018

Just giving this one more go before giving up hope :) @Alexey Matveev

Like Magic Mike likes this
0 votes
Eric Salonen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 8, 2017

Any help? :D

Eric Salonen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 8, 2017
Eric Salonen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 22, 2017

I wonder if this question is even publicly available - somebody at least troll this question? :D

TAGS
AUG Leaders

Atlassian Community Events