As per getComment method comment of CommentManager we need to use getCommentsForUser for permission checks, but I could not fine any difference. Can any one suggest a test that shows the problem with getComment would be grateful. Thanks in advance.
This is in reference to the ability to restrict comments:
If you're making a request as a user that has permission to see all of the existing comments, then there would not be any difference. If you have a project administrator restrict a comment to the Administrators role, then mere Developers should not be able to see it when you are using the method that enforces permission checks.
One of our own tests for it goes something like this (edited for brevity):
when(mockProjectRoleManager.isUserInProjectRole(author, adminProjectRole, issueObject.getProjectObject())).thenReturn(false); final ApplicationUser admin = new MockApplicationUser("Admin"); Comment comment = commentManager.create(issueObject, admin, "comment for admins", null, adminProjectRole.getId(), false); final List<Comment> comments = commentManager.getCommentsForUser(issueObject, author); assertEquals("User was NOT in the role so he should not see the comment", 0, comments.size());
As a Jira power user, I was at first doubtful that Trello could benefit my workflow. Jira already uses boards (ones you can customize!), so why would I even need to use Trello?! In this post you will...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG