Changing Permission Scheme of a Project after the first issue is created

S. Ravi Venkatramana August 12, 2014

Hi,

Because of the flexibility provided in jira, it can be used for many other scenarios apart from issue tracking.

We have one scenario of having a project portfolio details in JIRA. There will be multiple projects. The project lead will create a new issue inside a project which will consist of project details. Based on the issue created different reports are produced. Here we are not tracking any bugs or issues inside projects. This is purely being used as a project management system here.

The main problem here is that, the user should not be able to create 2nd issue in the project once the first issue is created. This for the reason that a project can consist of only 1 project details issue.

One option I am trying is, I have created 2 permissions schemes

1st Permission Scheme : User have create issue permission

2nd Permission Scheme : User does not have create issue permission

Now when the user creates first issue in the project, I am running a script on the "Create" post funtion in a workflow which will change the permission shceme to the 2nd one. Here user does not have create issue permission and hence he will not be able to create any issue inside that project again.

Now When I create the first issue in the project, as per the logic written in the workflow, the issue should be created and the permission scheme should get changed to the 2nd permission scheme.

Issue is getting created, even the permission scheme is getting changed, however as soon as the user presses create button he gets an error stating "You do not have permission to create issue in this project". Though, the issue gets created internally. I can understand that this is happening due to the change in the permission scheme, but the permission sheme is being changed after the issue is getting created, then why this error is being shown to the user.

Is there any other alternative I can try to achieve the same?

Please find the attached files.

2 answers

1 accepted

1 vote
Answer accepted
Alexey_Rjeutski__Polontech_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 12, 2014

You've choosen really complex approach. The better way is to remove the postfunction and create a script validator (or create a plugin with validator module). Inside the validator search for the issue of specific issue type in the selected project and throw specific exception if the issue exist (with proper message). So your permission scheme will be unchanged and you will use proper way to omit creation (never make desisions on creation during creation itself)

S. Ravi Venkatramana August 12, 2014

Hi Alexey,

Thank you for the quick reply.

What I observed with script validator is, it will show message after we click on the create button. We have a huge form to fill up before they create the issue, the user might end up filling up entire form and then realise at the end that he cannot create this issue.

For better user friendliness, we were trying this approach. If there is no other way, then will go with script validator only.

Alexey_Rjeutski__Polontech_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 12, 2014

I would advice to develop the custom field that will be shown on the top of the form - and if there is issue with that issue type exist it should be rendered with big red message "You cannot create tickets of that issue type inside this project" - something like message field but with condition.

S. Ravi Venkatramana August 13, 2014

Hmm..This seems a better approach. Will try this for sure.

Thank you Alexey.

1 vote
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 12, 2014

Another approach...

Create a new role for the project called something like "can create".

Change the permission scheme so that only users in that role in the project can create an issue.

You'll need to load all your users into the role initially, and when you get new ones, or someone does need to create a new issues (I'm assuming this is a business process of some sort)

Finally, all your post function script needs to do now is remove the current user from that role after they create the issue. Once removed, they'll lose all "create issue" rights in that project, and it's all within Jira's standard working structures!

S. Ravi Venkatramana August 12, 2014

Hi Nic,

Thank you for the reply.

So here the user will be usually the project lead. Once the project lead creates one issue in the project, the project should not have create issue permission for anyone.

Even If I use this approach, the project will have the problem I defined in the post, that there will be an error message showing to the user that "You do not have permission to create issue in the project".

Alexey_Rjeutski__Polontech_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 12, 2014

Hi Nic, that will not work as the permission set is being changed during creation - so even if you remove the user from the role instead of removing the group / role from permission - the ticket cannot be created due to the final check after all postfunctions were executed

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 12, 2014

Ah, good point. I should have used a listener to remove the user from the role.

I know it's worked in the past because I've done something very similar (it was for requesting access to systems and people were annoyed by repeated pointless duplicated requests), I just forgot that a post-function won't work.

You won't get the "can't create" message either - once the user has created one issue, they're removed from the role that lets them create, which means Jira's permission system kicks in, and they will no longer be offered "create" links for that project anywhere. The only time I think you'd see the permission error from then on is if they use a direct url to try to create, or after they create the first issue, they use "create another" and it remembers the project. I don't think you can stop either of those.

Suggest an answer

Log in or Sign up to answer