As per getComment method comment of CommentManager we need to use getCommentsForUser for permission checks, but I could not fine any difference. Can any one suggest a test that shows the problem with getComment would be grateful. Thanks in advance.
This is in reference to the ability to restrict comments:
If you're making a request as a user that has permission to see all of the existing comments, then there would not be any difference. If you have a project administrator restrict a comment to the Administrators role, then mere Developers should not be able to see it when you are using the method that enforces permission checks.
One of our own tests for it goes something like this (edited for brevity):
when(mockProjectRoleManager.isUserInProjectRole(author, adminProjectRole, issueObject.getProjectObject())).thenReturn(false); final ApplicationUser admin = new MockApplicationUser("Admin"); Comment comment = commentManager.create(issueObject, admin, "comment for admins", null, adminProjectRole.getId(), false); final List<Comment> comments = commentManager.getCommentsForUser(issueObject, author); assertEquals("User was NOT in the role so he should not see the comment", 0, comments.size());
I have multiple projects that use variations of the same base workflow. The variations depend on the requirements of the project or issue type. The variations mostly come in the form of new statuses ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs