Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

User context in which JQL query for issue picker custom field runs

Is there a way to run the query in a way so that permission checks are bypassed and all issues matching the JQL query are returned?

2 answers

1 accepted

1 vote
Answer accepted

I don't think that's possible using the built-in issue picker.

But you might be able to achieve a similar purpose by using a plain text field and a conversion to a select list

This would require you to build a custom rest endpoint that mimics the built-in /rest/scriptrunner-jira/latest/issue/picker but ignores the current user permissions.

Is there a chance to get the source of this built-in rest endpoint?

I don't have access to it, but it should be fairly simple to recreate the input and response.

Here I took a small stab at it:

import com.atlassian.jira.web.bean.PagerFilter
import com.atlassian.jira.bc.issue.search.SearchService
import com.atlassian.jira.component.ComponentAccessor
import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate
import groovy.json.JsonBuilder
import groovy.transform.BaseScript
import javax.ws.rs.core.MultivaluedMap
import javax.ws.rs.core.Response

@BaseScript CustomEndpointDelegate delegate

issuePickerNoSecurity(httpMethod: "GET", groups: ['jira-users']) { MultivaluedMap queryParams, String body ->
   def query = queryParams.getFirst('query')
   def currentJql = queryParams.getFirst('currentJql')
   def max = queryParams.getFirst('max') ?: 10

   def adminUser = ComponentAccessor.userManager.getUserByName('admin')

   def searchService = ComponentAccessor.getComponent(SearchService)
   def jql =''
   if(query.trim() && currentJql.trim()){
      jql = /$currentJql and text ~ "$query"/
   } else if (currentJql.trim()){
jql = currentJql
} else if(query.trim()){
jql=/text ~ "$query"/
}
def jqlParseResult = searchService.parseQuery(adminUser, jql)
def pager = new PagerFilter(max as Integer)
def results = searchService.searchOverrideSecurity(adminUser, jqlParseResult.query, pager)
def output = [sections:[
[label: 'Select Issue',
sub : "Showing $max of $results.total matching issues",
jql: jql, id:'cs',issues:
results.results.collect{
def issue = ComponentAccessor.issueManager.getIssueObject(it.key)
[key: issue.key, keyHtml: issue.key, img:issue.issueType.iconUrlHtml,
summary: issue.summary.replaceAll(/(?i)($query)/, '<b>$1</b>'),
summaryText: issue.summary,
id:issue.id]
},
totalIssues: results.total
]]]
return Response.ok(new JsonBuilder(output).toString()).build();
}

This doesn't use the other options like showSubTasks.

Also, note that with this, you don't get a preferential list of issues based on the current users' recently viewed issues.

Like Dieter likes this

Thank‘s a lot for this 👍

Very helpful!

Hi Dieter, I don't think that is possible because Jira API for SearchService.search() takes in an ApplicationUser parameter no matter what.

The only way to work around this is to use a superuser instead to do the search. 

In any case, using JQL searches in Scripted Field is not recommended as mentioned here: JQL Searches in Script Fields

Otherwise, you will get issues with full reindexing. If you still want to use it, do remember to check the index availability as suggested in the documentation. 

UPDATE: I just noticed you were referring to Issue Picker query, not search query in Scripted Field. In that case, Peter-Dave Sheehan's reply is more relevant. Can't believe we commented at the same time though, Peter. 

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira

Admins, notify your Jira instance of system-wide changes with the new admin announcement banner

Hi All! We’re excited to share the launch of an announcement banner that lets Jira site administrators communicate directly to their users across their  Jira Cloud instance.  ...

528 views 15 17
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you