JIRA SD Script Runner Adding a user to a group and removing the user from the project role as a user Edited

Hi guys,

Im baffled - can @Jamie Echlin [Adaptavist] help at all?

Ive created a script runner listener that monitors the "UserCreatedEvent" and the purpose of the script is to remove the user from the "Service Desk Customers" project role as as SINGLE USER and add that person to the group called "service-desk-customers" so that they belong to the group.

I have found out that when this "UserCreatedEvent" is fired the user is not in that role as a single user YET. I tested this script in the console with the hybrid version and the command (removeActorsFromProjectRole) actually works. However, it doesnt work in the automation where the event is fired.

*EDIT*

The adding of the group is succesfull but not the removal from the role as a single user. The if -statement is returned as false during run time. This does not work even when the if statement is removed as the user is not in that role yet when this script has run.

Why? :D

This is purely superficial as we think the admin page is easier to understand where not every single user is listed as a single user instead of a group (JSD does this feature automatically and we dont like it:D)

We are running JIRA 7.4.4 Core with the latest SD.

The script code is below

 

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.crowd.event.user.UserCreatedEvent
import com.atlassian.jira.user.util.UserUtil
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.util.UserManager
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.security.roles.ProjectRoleManager
import com.atlassian.jira.security.roles.ProjectRole
import com.atlassian.jira.project.ProjectManager
import com.atlassian.jira.security.roles.ProjectRoleActor
import com.atlassian.jira.project.Project
import com.atlassian.jira.bc.projectroles.ProjectRoleService
import com.atlassian.jira.util.ErrorCollection
import com.atlassian.jira.util.SimpleErrorCollection

UserManager userManager = ComponentAccessor.getComponent(UserManager)
GroupManager groupManager = ComponentAccessor.getComponent(GroupManager)
UserUtil userUtil = ComponentAccessor.getComponent(UserUtil)
ProjectRoleManager projectRoleManager = ComponentAccessor.getComponent(ProjectRoleManager)
ProjectManager projectManager = ComponentAccessor.getComponent(ProjectManager)
ProjectRoleService projectRoleService = ComponentAccessor.getComponent(ProjectRoleService)

def event = event as UserCreatedEvent
def gname = groupManager.getGroup('service-desk-customers')
def appUser = userManager.getUserByKey(ApplicationUsers.getKeyFor(event.user))
log.info "User: ${appUser}"
userUtil.addUserToGroup(gname, appUser) //Adds the user to the above group

long projectRoleID = 10200
long projectID = 10301

def adminUser = userManager.getUserByKey("jiraadmin")
Collection listOfUsers = [appUser.getKey()]
ProjectRole projectRole = projectRoleManager.getProjectRole(projectRoleID)//Service Desk Customers projectrole
Project project = projectManager.getProjectObj(projectID) //Service Desk Project

log.info "User List: ${listOfUsers}"
log.info "Project Role: ${projectRole}"
log.info "Project: ${project}"
log.info "${projectRoleManager.isUserInProjectRole(appUser,projectRole,project)}"

if (projectRoleManager.isUserInProjectRole(appUser,projectRole,project)){
    ErrorCollection errorCollection = new SimpleErrorCollection()
    projectRoleService.removeActorsFromProjectRole(listOfUsers,projectRole,project,ProjectRoleActor.USER_ROLE_ACTOR_TYPE,errorCollection)
}

 

4 answers

2 accepted

0 votes
Accepted answer

I was able to figure this one out. By going through the errorcollection (derr, I am a rookie) I was able to find that it was being blocked by an error (which of course was not being printed by default in the system logs).

The error was that the user did not have permission to remove the user from the project role. (But its weird that the adding of the user to the group succeeds with the event user? Weird).

So by adding the following lines before the removeActorsFromProjectRole function, I got everything working:

String AdminUser = "jiraadmin" //User with admin rights
ApplicationUser adminApplicationUser = userManager.getUserByName("${AdminUser}")
ComponentAccessor.getJiraAuthenticationContext().setLoggedInUser(adminApplicationUser)

This means that by setting the logged in user before the function the operation has privelages to complete the operation.

0 votes
Accepted answer

I was finally able to figure out what the problem was.

As the script is reacting to the user authenticated event, the script is obviously run as the user who is logging in, whom more then likely wont have project administrative rights.

I noticed that I was setting the JIRA admin user in the script, but I wasnt doing anything with it :D D'oH!

Here is the code that fixed the problem, by placing the 2 lines of code after the 1st row.

String AdminUser = "jiraadmin" //User with admin rights

ApplicationUser adminApplicationUser = userManager.getUserByName("${AdminUser}")
ComponentAccessor.getJiraAuthenticationContext().setLoggedInUser(adminApplicationUser)

Any help? :D

I wonder if this question is even publicly available - somebody at least troll this question? :D

0 votes
Alexey Matveev Community Champion Dec 22, 2017

The question is publicly available. What do you mean by #it does not work in automation#? What is automation? You log script variables. Did you check in the log that the variables have correct values in automation?

Hi Alexey,

Thanks for confirming I wasnt alone :D

The "does not work in automation" means that the Listener I created with Script Runner (Script Runner listeners) that monitors the "Usercreated" event - does not successfully remove the user as a single from the project role.

This is due to the fact (I was able to debug it) that when the "UserCreated" event is thrown - the user is actually not as a single user in the project role yet - because the line

log.info "${projectRoleManager.isUserInProjectRole(appUser,projectRole,project)}"

shows false in the logs.

So my question is: why?

Why isnt the user in that role, when this listener grabs hold of the thrown event? My guess is that this script is run before JIRA actually places the user into that role.

My other question is: How can I go around this problem? How can I make this script "run later"?

Alexey Matveev Community Champion Dec 22, 2017

I think your script works as expected. If a user is created it does not mean that the user was added to a role. I would look for another event. I do not have access to Jira right now. I ll have a look later.

Alexey Matveev Community Champion Dec 22, 2017

Try UserUpdatedEvent or UserEditedEvent

Hi Alexey,

Just returned from holidays so apologies for late reply.

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.user.util.UserUtil
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.util.UserManager
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.security.roles.ProjectRoleManager
import com.atlassian.jira.security.roles.ProjectRole
import com.atlassian.jira.project.ProjectManager
import com.atlassian.jira.security.roles.ProjectRoleActor
import com.atlassian.jira.project.Project
import com.atlassian.jira.bc.projectroles.ProjectRoleService
import com.atlassian.jira.util.ErrorCollection
import com.atlassian.jira.util.SimpleErrorCollection
import com.atlassian.crowd.event.user.UserAuthenticatedEvent

UserManager userManager = ComponentAccessor.getComponent(UserManager)
GroupManager groupManager = ComponentAccessor.getComponent(GroupManager)
UserUtil userUtil = ComponentAccessor.getComponent(UserUtil)
ProjectRoleManager projectRoleManager = ComponentAccessor.getComponent(ProjectRoleManager)
ProjectManager projectManager = ComponentAccessor.getComponent(ProjectManager)
ProjectRoleService projectRoleService = ComponentAccessor.getComponent(ProjectRoleService)

def event = event as UserAuthenticatedEvent
def gname = groupManager.getGroup('service-desk-customers')
def appUser = userManager.getUserByKey(ApplicationUsers.getKeyFor(event.user))
log.info "User: ${appUser}"

if (!groupManager.isUserInGroup(appUser, gname)){
    userUtil.addUserToGroup(gname, appUser) //Adds the user to the above group
}

long projectRoleID = 10200
long projectID = 10301

def adminUser = userManager.getUserByKey("jiraadmin")
Collection<String> listOfUsers = new ArrayList<>()
listOfUsers.add(appUser.getKey())
ProjectRole projectRole = projectRoleManager.getProjectRole(projectRoleID)//Service Desk Customers projectrole
Project project = projectManager.getProjectObj(projectID) //Service Desk Project

log.info "User List: ${listOfUsers}"
log.info "Project Role: ${projectRole}"
log.info "Project: ${project}"
log.info "${projectRoleManager.isUserInProjectRole(appUser,projectRole,project)}"

if (projectRoleManager.isUserInProjectRole(appUser,projectRole,project)){
    ErrorCollection errorCollection = new SimpleErrorCollection()
    projectRoleService.removeActorsFromProjectRole(listOfUsers,projectRole,project,ProjectRoleActor.USER_ROLE_ACTOR_TYPE,errorCollection)
}

 I edited the code to fire when the user authenticates and now it returns true (the isuserinprojectrole).

However, the user is still in the project role as a single user and it seems the removeactors -function does not remove the user as a single (the user is now successfully in the group, so the single user can be removed)

Any idea buddy?

Just giving this one more go before giving up hope :) @Alexey Matveev

Like 1 person likes this

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted yesterday in Jira Service Desk

Looking for anyone who has switched from Zendesk to Jira Service Desk

Hi Community! The Jira Service Desk marketing team is looking for customers who have successfully switched from Zendesk to Jira Service Desk!   We’d love to hear your thoughts on the pros and ...

22 views 0 1
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you