As per getComment method comment of CommentManager we need to use getCommentsForUser for permission checks, but I could not fine any difference. Can any one suggest a test that shows the problem with getComment would be grateful. Thanks in advance.
This is in reference to the ability to restrict comments:
If you're making a request as a user that has permission to see all of the existing comments, then there would not be any difference. If you have a project administrator restrict a comment to the Administrators role, then mere Developers should not be able to see it when you are using the method that enforces permission checks.
One of our own tests for it goes something like this (edited for brevity):
when(mockProjectRoleManager.isUserInProjectRole(author, adminProjectRole, issueObject.getProjectObject())).thenReturn(false); final ApplicationUser admin = new MockApplicationUser("Admin"); Comment comment = commentManager.create(issueObject, admin, "comment for admins", null, adminProjectRole.getId(), false); final List<Comment> comments = commentManager.getCommentsForUser(issueObject, author); assertEquals("User was NOT in the role so he should not see the comment", 0, comments.size());
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
As part of the Bitbucket product team I'm always interested in better understanding what kind of impact the use of our tools have on the way you work. In a recent study we conducted of software devel...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG