ScriptRunner how to addUserToGroup() on behalf of some other user

IT Accounts August 18, 2016

I need a post script which can add or remove users from groups. I've done something like that:
...

import com.atlassian.jira.user.util.UserUtil

def userUtil = ComponentAccessor.getUserUtil()
StringBuffer sb_debug = new StringBuffer()
def usersField = customFieldManager.getCustomFieldObjectByName("Access for users")
def users = issue.getCustomFieldValue(usersField)
for (def user: users){ //com.atlassian.jira.user.DelegatingApplicationUser
sb_debug << "Starting work with:" + user.getName() + "\n"
for (com.atlassian.crowd.embedded.api.Group group: groups){
sb_debug << "Adding " + user.getName() + " to " + group.getName() + "\n"

//Adding User
groupManager.addUserToGroup(user,group)
//userUtil.removeUserFromGroup(userUtil.getGroup("jira-users") ,userUtil.getUser(username))
//Removing User
userUtil.removeUserFromGroup(group,user)
}
}

...

 It is working, but how can I define, by which account should be user added or removed from group?
If I perform transition and run script, using account without "jira-administrators" group, script will add/delete user to/from group despite that fact, using current account. (Terrible =)

Here is a simple way to do it for issue field:

def userManager = ComponentAccessor.getComponent(UserManager)
def user = userManager.getUserByName("JiraAdmin")
def updateValidationResult = issueService.validateUpdate(user, issue.id, issueInputParameters)
if (updateValidationResult.isValid()) {
issueService.update(user, updateValidationResult)
 }

But how to do it for User ? (adding or deleting from group)
Please, help! 

Thank you! )
 

 

2 answers

1 vote
Jonny Carter
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 25, 2016

As you've probably already noticed, the GroupManager and UserUtil classes don't have method signatures that take an acting user for adding users to groups or removing them from groups. The IssueService.validateUpdate method does, and there are other methods in the Atlassian API that also take an "acting user" parameter.

If you want to change the acting user, you can do something similar to what gets done by the built-in Switch User script and manipulate the session variables:

import com.onresolve.scriptrunner.runner.rest.common.ServletRequestThreadLocal
import com.atlassian.seraph.auth.DefaultAuthenticator
import com.atlassian.jira.component.ComponentAccessor

def session = ServletRequestThreadLocal.get().getSession()
def currentUser = session.getAttribute(DefaultAuthenticator.LOGGED_IN_KEY)
try {
    //Change the current user
    def userUtil = ComponentAccessor.getUserUtil()
    def targetUser = userUtil.getUser("Some username")
    session.setAttribute(DefaultAuthenticator.LOGGED_IN_KEY, targetUser)

    //Do the work you want to do as the target user
    //I just copied your code, did not actually test it
    StringBuffer sb_debug = new StringBuffer()
    def usersField = customFieldManager.getCustomFieldObjectByName("Access for users")
    def users = issue.getCustomFieldValue(usersField)
    for (def user: users){ //com.atlassian.jira.user.DelegatingApplicationUser
        sb_debug &lt;&lt; "Starting work with:" + user.getName() + "\n"
        for (com.atlassian.crowd.embedded.api.Group group: groups){
            sb_debug &lt;&lt; "Adding " + user.getName() + " to " + group.getName() + "\n"
            //Adding User
            groupManager.addUserToGroup(user,group)
            // userUtil.removeUserFromGroup(userUtil.getGroup("jira-users") ,userUtil.getUser(username))
            //Removing User
            userUtil.removeUserFromGroup(group,user)
        }
    }
}
catch (Exception e) {
    //Do some error handling here if you need to
    log.error("Error adding removing users in post function")
}
finally {
    //Set the current user back again
    session.setAttribute(DefaultAuthenticator.LOGGED_IN_KEY, currentUser)
}
0 votes
vitaliy zapolskyy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 18, 2016

>>how can I define, by which account should be user added or removed from group?

You can go to System-Audit log

then look for "group management" events. 

I've got following:

DateAuthorEvent categoryChange summaryChanged objectActions
18/Aug/16 7:46 PMJIRAgroup management

User added to group

jira-usersJIRA Internal Directory
IT Accounts August 19, 2016

No =))) I mean how can I define in code a user, by which adding or removing from group should be done. I want to add/remove person to/from group by selecting user. 
Right now script runner performs this by using account of user who executed script by performing issue transition. That is the problem... ) 

IT Accounts August 19, 2016

Wrote very sophisticated. 

  1. In script select/define user account by its name
  2. Delete/Add to group user on behalf of selected account 

Suggest an answer

Log in or Sign up to answer