Is there a Java API to determine if a user can view an issue?

I'm writing a groovy script (using the script runner plugin) and want to determine if a particular user can view an issue.


I was just wondering if there was a simple API to figure this out. Crucially, it needs to take issue level security into consideration - this isn't something I can see in the permissionManager API (which appears to be project-based only).



2 answers

1 accepted

2 votes
Answer accepted

Just call this hasPermission() methods from PermissionManager passing the ProjectPermissions.BROWSE_PROJECTS permission - this will also check the issue security level scheme if such is assigned to the project which contains the issue.

There is a similar method in the JIRA 6.x API (the one I've linked is for JIRA 7.x).

Yes, this seems to do the trick - there are quite a few hasPermission methods, so I must have overlooked the one with both a user and an issue.



Hi Chris,

Try the script below (JIRA v7), in your script console and check the logs. 

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.issue.Issue

def userKey = "aUserKey"
Issue issue = ComponentAccessor.getIssueManager().getIssueObject("TP-1")
def userToCheck = ComponentAccessor.getUserManager().getUserByKey(userKey)

Collection <IssueSecurityLevel> issueSecurityLvlvs = ComponentAccessor.getComponent(IssueSecurityLevelManager)?.getAllSecurityLevelsForUser(userToCheck)
def hasPermission = issueSecurityLvlvs.find { == issue?.securityLevelId} ? true : false
log.debug "${userKey} has permissions to view the issue: ${hasPermission}"

Let me know if this does the trick.

regards, Thanos

Hi - this just gives me a collection of issue security levels.

There's nothing I can see about your code sample that ties this to the issue in question... or have I missed something?

Ok I updated my script above, was missing the comparison with issue's security level. So there are the project permissions the global permissions and then the issue permission

According to the managing project permissions doc 

Permission to browse projects, use the Issue Navigator and view individual issues (except issues that have been restricted via issue-level security).

Hope that makes things a little more clear

regards, Thanos

I still don't think this is going to work quite right.  For instance, say I have an issue security level of "Reporter Only" - i.e. only the reporter can see the issue.


I believe that "Reporter Only" will come back for all users.  And the issue's security level will be "Reporter Only".  So all users will pass your check - which is not correct as only the reporter should return true.


@Petar Petrov's solution was along the lines I was looking for - I just missed the exact function taking both a user and an issue in the permission manager docs.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 09, 2018 in Jira Core

How to manage many similar workflows?

I have multiple projects that use variations of the same base workflow. The variations depend on the requirements of the project or issue type. The variations mostly come in the form of new statuses ...

381 views 6 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you