Is there a way to run the query in a way so that permission checks are bypassed and all issues matching the JQL query are returned?
I don't think that's possible using the built-in issue picker.
But you might be able to achieve a similar purpose by using a plain text field and a conversion to a select list.
This would require you to build a custom rest endpoint that mimics the built-in /rest/scriptrunner-jira/latest/issue/picker but ignores the current user permissions.
Is there a chance to get the source of this built-in rest endpoint?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I don't have access to it, but it should be fairly simple to recreate the input and response.
Here I took a small stab at it:
import com.atlassian.jira.web.bean.PagerFilter
import com.atlassian.jira.bc.issue.search.SearchService
import com.atlassian.jira.component.ComponentAccessor
import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate
import groovy.json.JsonBuilder
import groovy.transform.BaseScript
import javax.ws.rs.core.MultivaluedMap
import javax.ws.rs.core.Response
@BaseScript CustomEndpointDelegate delegate
issuePickerNoSecurity(httpMethod: "GET", groups: ['jira-users']) { MultivaluedMap queryParams, String body ->
def query = queryParams.getFirst('query')
def currentJql = queryParams.getFirst('currentJql')
def max = queryParams.getFirst('max') ?: 10
def adminUser = ComponentAccessor.userManager.getUserByName('admin')
def searchService = ComponentAccessor.getComponent(SearchService)
def jql =''
if(query.trim() && currentJql.trim()){
jql = /$currentJql and text ~ "$query"/
} else if (currentJql.trim()){
jql = currentJql
} else if(query.trim()){
jql=/text ~ "$query"/
}
def jqlParseResult = searchService.parseQuery(adminUser, jql)
def pager = new PagerFilter(max as Integer)
def results = searchService.searchOverrideSecurity(adminUser, jqlParseResult.query, pager)
def output = [sections:[
[label: 'Select Issue',
sub : "Showing $max of $results.total matching issues",
jql: jql, id:'cs',issues:
results.results.collect{
def issue = ComponentAccessor.issueManager.getIssueObject(it.key)
[key: issue.key, keyHtml: issue.key, img:issue.issueType.iconUrlHtml,
summary: issue.summary.replaceAll(/(?i)($query)/, '<b>$1</b>'),
summaryText: issue.summary,
id:issue.id]
},
totalIssues: results.total
]]]
return Response.ok(new JsonBuilder(output).toString()).build();
}
This doesn't use the other options like showSubTasks.
Also, note that with this, you don't get a preferential list of issues based on the current users' recently viewed issues.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank‘s a lot for this 👍
Very helpful!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Dieter, I don't think that is possible because Jira API for SearchService.search() takes in an ApplicationUser parameter no matter what.
The only way to work around this is to use a superuser instead to do the search.
In any case, using JQL searches in Scripted Field is not recommended as mentioned here: JQL Searches in Script Fields
Otherwise, you will get issues with full reindexing. If you still want to use it, do remember to check the index availability as suggested in the documentation.
UPDATE: I just noticed you were referring to Issue Picker query, not search query in Scripted Field. In that case, Peter-Dave Sheehan's reply is more relevant. Can't believe we commented at the same time though, Peter.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.