Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,362,011
Community Members
 
Community Events
168
Community Groups

Script Runner - Script Fragment and REST Endpoint restriction based on project's role.

fjodors Rising Star Apr 23, 2018

Hello

I'd like to restrict Script Fragment and REST Endpoint for users in specific project role.
I detected strange behavior with ApplicationUser returned by "ComponentAccessor.getJiraAuthenticationContext().getLoggedInUser()"

For.e.g.

1. I have a script fragment that executes specific rest endpoint with defined project Key: /rest/scriptrunner/latest/custom/myRestendpointFunction?project=${project.key}
Fragment location: jira.project.sidebar.navigation
Restriction:

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.roles.ProjectRoleManager
import com.atlassian.jira.project.ProjectManager
import com.atlassian.jira.project.Project;
def projectKey = jiraHelper.project?.key;
def currentUser = ComponentAccessor.getJiraAuthenticationContext().getLoggedInUser()
def projectRoleManager = ComponentAccessor.getComponentOfType(ProjectRoleManager);
def projectManager = ComponentAccessor.getProjectManager();
def role = projectRoleManager.getProjectRole("Admin");
Project projectObj = projectManager.getProjectObjByKey(projectKey)
return projectRoleManager.isUserInProjectRole(currentUser, role, projectObj)

 

If am logged as user who is in Admin Role in current project, I see this fragment in project sidebar section.
If I am logged as user who is not in Admin role, I don't see this fragment.
So looks like everything is ok at this step.

2. I have to restrict my Rest Endpoint based on project role.
I use the same logic as in previous step - check project and user returned by "ComponentAccessor.getJiraAuthenticationContext().getLoggedInUser()".
Problem is that this "getLoggedInUser()" returns me the same user with admin role regardless who is executing this rest endpoint
a) I logged as user with Admin Role in current project, execute rest endpoint URL directly and "getLoggedInUser()" returns me the correct user
b) I open another browser, logged as another user who is not in Admin role, execute rest endpoint URL directly, but "getLoggedInUser()" returns me the same user as in previous (a) step (user in admin role).

So, looks like "ComponentAccessor.getJiraAuthenticationContext().getLoggedInUser()" returns different values in Script fragment and in rest Endpoint.

I found a solution - user "Get the user making the request" example in https://scriptrunner.adaptavist.com/latest/jira/rest-endpoints.html to get correct user in Rest Endpoint, however I don't understand what is wrong with "getLoggedInUser()"...

Could you help me to understand this?

 

Thank you in advance,
Fyodor.

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira

Online AMA this week: Your project management questions answered by Jira Design Lead James Rotanson

We know that great teams require amazing project management chops. It's no surprise that great teams who use Jira have strong project managers, effective workflows, and secrets that bring planning ...

214 views 1 6
Read article

Atlassian Community Events