Configure JEMH Comment Creation to disregard security

Duncan DAVIES May 9, 2012

Hi

Iv had a rather strange request for one of our Queues today, and am not sure whether it is doable in JIRA

I was wondering whether a User could add a comment to an issue (via email) if they don't have the security to see the ticket? Currently when users raise a ticket via email, they often CC other users in, and these users don't get view permissions, but sometimes they respond and there response should be logged as a comment. Even if the Comment is logged under some Anonymous user account, as long as the comment is actually logged correctly

Sorry if that didnt make sense

Thanks

1 answer

1 accepted

0 votes
Answer accepted
Renjith Pillai
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 9, 2012

AFAIK the security permissions are respected while comments are added via emails. So with the default mail handler this may not be possible.

But if these people in Cc are not Jira users, then if defaultReporter is specified in email configuration, Jira actually adds their comments under the name of defaultReporter. A little strange though :)

JEMH seems to have this functionality https://plugins.atlassian.com/plugins/com.javahollic.jira.jemh-ui

I leave to Andy to comment more.

Duncan DAVIES May 9, 2012

Hi Renjith

Thanks for the response. I have tried using the defaultReporterUsername option, but it seems to reject the email still if the User is an actual JIRA user who doesn't have permission to comment on the issue - unless i'm using the wrong JEMH property?

Renjith Pillai
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 10, 2012

May be that is what I wrote in the above comment. If defaultReporter is specified and mail comes from NON-Jira users, it gets added, while it comes from known Jira users without permissions, it is rejected.

Btw, there seems to be another parameter 'defaultReporterOverridesDerivedReporter' which you can use, but the bad part is that all comments may look like it has come from the same originator.

Duncan DAVIES May 13, 2012

Yeah, its just not quite what I am after Renjith

Is it possibly something that could be solved with better security settings? Through the JIRA interface, only specified groups can access the tickets (which I currently have working), but via email, anyone can comment on a ticket (as to comment, they must know about the ticket)

Renjith Pillai
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 14, 2012

I doubt.

May be a custom handler is needed for this.

Andy Brook [Plugin People]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 19, 2012

JIRA has a security model that JEMH can respect fully, or bend a little if you configure it so. There is a configuration option that enforces strict JIRA security, relaxing that will mean a user, by email, may be able to do things that would not otherwise be possible (eg add a watcher). If you have users commenting on issues that they should not be able to, thats a bug or a configuration issue.

Not having a defaultReporter set will ensure issues cannot be created in projects that are not appropriate, as the 'reporter' must be derived from the incomng email address, associated with a JIRA user having the correct privileges.

If you're using JEMH 1.x I'd be more than happy to dig into cause.

In passing, when non-jira user support is needed (and is specifically enabled) in addition to the above 'correct' behaviour', it is possible that new users could email with an issue key in the subject.

Happy to dig into this in more detail in JIRA, if there is a use case not being addressed, just create an issue on the project issue tracker.

Duncan DAVIES May 20, 2012

Thanks for the help guys - actually got close to what the guys wanted using JEMH's ccHandling, but I think to fully implement it would require a Custom Email Handler since it is a very specific case. I'm using JIRA 4.4.4 so not using JEMH 1.X yet Andy - thanks for the option though.

Suggest an answer

Log in or Sign up to answer