Need help with modification of Script for Deactivating users

Parag Thakkar March 6, 2018

Hi!

am using the below script to deactivate the users not logged in the last 150 days:
https://www.adaptavist.com/doco/display/SFJ/Automatically+deactivate+inactive+JIRA+users - For JIRA 7

But, we observed that it also deactivates other users who did not log in for long but we still require them for other purpose. And so basically we want to exclude these set of users.

What we have thought of is that we will include them in a group and exclude this group from the script.

Could someone please help with the necessary modification to the script to exclude a mentioned group from getting deactivated?

If you have better suggestions, we would love to hear from you.

Thanks a lot!

Cheers,
Parag Thakkar

2 answers

1 accepted

1 vote
Answer accepted
Vasiliy Zverev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 6, 2018

Here you are. Replace "groupName" with actual name of your group:

import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.crowd.embedded.impl.ImmutableUser
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.user.util.UserUtil

int numOfDays = 100 // Number of days the user was not logged in
Date dateLimit = (new Date())- numOfDays

UserUtil userUtil = ComponentAccessor.userUtil
CrowdService crowdService = ComponentAccessor.crowdService
UserService userService = ComponentAccessor.getComponent(UserService)
ApplicationUser updateUser
UserService.UpdateUserValidationResult updateUserValidationResult

long count = 0

GroupManager groupManager = ComponentAccessor.getGroupManager();

userUtil.getUsers().findAll{it.isActive()}.each {

if(groupManager.isUserInGroup(it.getName(),"groupName"))

UserWithAttributes user = crowdService.getUserWithAttributes(it.getName())

String lastLoginMillis = user.getValue('login.lastLoginMillis')
if (lastLoginMillis?.isNumber()) {
Date d = new Date(Long.parseLong(lastLoginMillis))
if (d.before(dateLimit)) {
updateUser = ApplicationUsers.from(ImmutableUser.newUser(user).active(false).toUser())
updateUserValidationResult = userService.validateUpdateUser(updateUser)
if (updateUserValidationResult.isValid()) {
userService.updateUser(updateUserValidationResult)
log.info "Deactivated ${updateUser.name}"
count++
} else {
log.error "Update of ${user.name} failed: ${updateUserValidationResult.getErrorCollection().getErrors().entrySet().join(',')}"
}
}
}
}

"${count} users deactivated.\n"
Parag Thakkar March 6, 2018

Hi Vasiliy,

Thanks a lot!!

Just to confirm: This will only deactivate the user if he belongs to the "groupName" group? If yes, I need that it deactivates only if it DOES NOT belong to the group.

Cheers,

Parag

Vasiliy Zverev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 6, 2018

Here is corrected code. User into specified group are ignored

import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.crowd.embedded.impl.ImmutableUser
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.user.util.UserUtil

int numOfDays = 100 // Number of days the user was not logged in
Date dateLimit = (new Date())- numOfDays

UserUtil userUtil = ComponentAccessor.userUtil
CrowdService crowdService = ComponentAccessor.crowdService
UserService userService = ComponentAccessor.getComponent(UserService)
ApplicationUser updateUser
UserService.UpdateUserValidationResult updateUserValidationResult

long count = 0

GroupManager groupManager = ComponentAccessor.getGroupManager();

userUtil.getUsers().findAll{it.isActive()}.each {

if(groupManager.isUserInGroup(it.getName(),"groupName"))
return;

UserWithAttributes user = crowdService.getUserWithAttributes(it.getName())

String lastLoginMillis = user.getValue('login.lastLoginMillis')
if (lastLoginMillis?.isNumber()) {
Date d = new Date(Long.parseLong(lastLoginMillis))
if (d.before(dateLimit)) {
updateUser = ApplicationUsers.from(ImmutableUser.newUser(user).active(false).toUser())
updateUserValidationResult = userService.validateUpdateUser(updateUser)
if (updateUserValidationResult.isValid()) {
userService.updateUser(updateUserValidationResult)
log.info "Deactivated ${updateUser.name}"
count++
} else {
log.error "Update of ${user.name} failed: ${updateUserValidationResult.getErrorCollection().getErrors().entrySet().join(',')}"
}
}
}
}

"${count} users deactivated.\n"
Parag Thakkar March 6, 2018

Hi Vasiliy!

Exactly what I need! Thanks a lot again!

Cheers,
Parag

KRC March 7, 2018

Hi @Vasiliy Zverev

I guess this is just for Crowd, how about LDAP and Internal Directory?

Vasiliy Zverev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 9, 2018

For us it worked on internal derictory and on LDAP.

1 vote
Tarun Sapra
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
March 6, 2018

In the same script, once the loop begin over the user list i.e. ".each { <closure >} "

Then in the first line of closure you can add a if statement which checks if the user is part of the specific group and if it's not then proceed with "deactivating" the user otherwise don't.

You can get GroupManager using

ComponentAccessor.groupManager

and then use this API to check if the user belongs to specific group or not. 

https://docs.atlassian.com/software/jira/docs/api/7.6.1/com/atlassian/jira/security/groups/GroupManager.html#isUserInGroup-com.atlassian.jira.user.ApplicationUser-java.lang.String-

booleanisUserInGroup(ApplicationUser user, String groupName)Returns true if the user is a member of the named group.

Suggest an answer

Log in or Sign up to answer