As per getComment method comment of CommentManager we need to use getCommentsForUser for permission checks, but I could not fine any difference. Can any one suggest a test that shows the problem with getComment would be grateful. Thanks in advance.
This is in reference to the ability to restrict comments:
If you're making a request as a user that has permission to see all of the existing comments, then there would not be any difference. If you have a project administrator restrict a comment to the Administrators role, then mere Developers should not be able to see it when you are using the method that enforces permission checks.
One of our own tests for it goes something like this (edited for brevity):
when(mockProjectRoleManager.isUserInProjectRole(author, adminProjectRole, issueObject.getProjectObject())).thenReturn(false); final ApplicationUser admin = new MockApplicationUser("Admin"); Comment comment = commentManager.create(issueObject, admin, "comment for admins", null, adminProjectRole.getId(), false); final List<Comment> comments = commentManager.getCommentsForUser(issueObject, author); assertEquals("User was NOT in the role so he should not see the comment", 0, comments.size());
If you spend enough time as a Jira admin - whether you are managing a single, mid-sized instance, a large enterprise one or juggling multiple instances at once - you will eventually find yourself in ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot