Is there a Java API to determine if a user can view an issue?

I'm writing a groovy script (using the script runner plugin) and want to determine if a particular user can view an issue.

 

I was just wondering if there was a simple API to figure this out. Crucially, it needs to take issue level security into consideration - this isn't something I can see in the permissionManager API (which appears to be project-based only).

 

Thanks

2 answers

1 accepted

This widget could not be displayed.

Just call this hasPermission() methods from PermissionManager passing the ProjectPermissions.BROWSE_PROJECTS permission - this will also check the issue security level scheme if such is assigned to the project which contains the issue.

There is a similar method in the JIRA 6.x API (the one I've linked is for JIRA 7.x).

Yes, this seems to do the trick - there are quite a few hasPermission methods, so I must have overlooked the one with both a user and an issue.

 

Thanks

This widget could not be displayed.

Hi Chris,

Try the script below (JIRA v7), in your script console and check the logs. 

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.issue.Issue
import com.atlassian.jira.issue.security.IssueSecurityLevel
import com.atlassian.jira.issue.security.IssueSecurityLevelManager

def userKey = "aUserKey"
Issue issue = ComponentAccessor.getIssueManager().getIssueObject("TP-1")
def userToCheck = ComponentAccessor.getUserManager().getUserByKey(userKey)

Collection <IssueSecurityLevel> issueSecurityLvlvs = ComponentAccessor.getComponent(IssueSecurityLevelManager)?.getAllSecurityLevelsForUser(userToCheck)
def hasPermission = issueSecurityLvlvs.find {it.id == issue?.securityLevelId} ? true : false
log.debug "${userKey} has permissions to view the issue: ${hasPermission}"

Let me know if this does the trick.

regards, Thanos

Hi - this just gives me a collection of issue security levels.

There's nothing I can see about your code sample that ties this to the issue in question... or have I missed something?

Ok I updated my script above, was missing the comparison with issue's security level. So there are the project permissions the global permissions and then the issue permission

According to the managing project permissions doc 

Permission to browse projects, use the Issue Navigator and view individual issues (except issues that have been restricted via issue-level security).

Hope that makes things a little more clear

regards, Thanos

I still don't think this is going to work quite right.  For instance, say I have an issue security level of "Reporter Only" - i.e. only the reporter can see the issue.

 

I believe that "Reporter Only" will come back for all users.  And the issue's security level will be "Reporter Only".  So all users will pass your check - which is not correct as only the reporter should return true.

 

@Petar Petrov's solution was along the lines I was looking for - I just missed the exact function taking both a user and an issue in the permission manager docs.

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Published yesterday in Marketplace Apps

The 7 hacks of highly successful automation

...there's anything I've learnt from working, it's that people are lazy! No offense to anyone reading this, but it's true and we can all admit it. The easier you make something for someone, the more...

96 views 0 8
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you