It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Is there a Java API to determine if a user can view an issue?

I'm writing a groovy script (using the script runner plugin) and want to determine if a particular user can view an issue.

 

I was just wondering if there was a simple API to figure this out. Crucially, it needs to take issue level security into consideration - this isn't something I can see in the permissionManager API (which appears to be project-based only).

 

Thanks

2 answers

1 accepted

2 votes
Answer accepted

Just call this hasPermission() methods from PermissionManager passing the ProjectPermissions.BROWSE_PROJECTS permission - this will also check the issue security level scheme if such is assigned to the project which contains the issue.

There is a similar method in the JIRA 6.x API (the one I've linked is for JIRA 7.x).

Yes, this seems to do the trick - there are quite a few hasPermission methods, so I must have overlooked the one with both a user and an issue.

 

Thanks

Hi Chris,

Try the script below (JIRA v7), in your script console and check the logs. 

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.issue.Issue
import com.atlassian.jira.issue.security.IssueSecurityLevel
import com.atlassian.jira.issue.security.IssueSecurityLevelManager

def userKey = "aUserKey"
Issue issue = ComponentAccessor.getIssueManager().getIssueObject("TP-1")
def userToCheck = ComponentAccessor.getUserManager().getUserByKey(userKey)

Collection <IssueSecurityLevel> issueSecurityLvlvs = ComponentAccessor.getComponent(IssueSecurityLevelManager)?.getAllSecurityLevelsForUser(userToCheck)
def hasPermission = issueSecurityLvlvs.find {it.id == issue?.securityLevelId} ? true : false
log.debug "${userKey} has permissions to view the issue: ${hasPermission}"

Let me know if this does the trick.

regards, Thanos

Hi - this just gives me a collection of issue security levels.

There's nothing I can see about your code sample that ties this to the issue in question... or have I missed something?

Ok I updated my script above, was missing the comparison with issue's security level. So there are the project permissions the global permissions and then the issue permission

According to the managing project permissions doc 

Permission to browse projects, use the Issue Navigator and view individual issues (except issues that have been restricted via issue-level security).

Hope that makes things a little more clear

regards, Thanos

I still don't think this is going to work quite right.  For instance, say I have an issue security level of "Reporter Only" - i.e. only the reporter can see the issue.

 

I believe that "Reporter Only" will come back for all users.  And the issue's security level will be "Reporter Only".  So all users will pass your check - which is not correct as only the reporter should return true.

 

@Petar Petrov's solution was along the lines I was looking for - I just missed the exact function taking both a user and an issue in the permission manager docs.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira Core

How to manage many similar workflows?

I have multiple projects that use variations of the same base workflow. The variations depend on the requirements of the project or issue type. The variations mostly come in the form of new statuses ...

1,097 views 7 0
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you