how to get only visible issues in a project

Hi,

In one of my jql function PermissionManager.getProjectObjects(Permissions.BROWSE,user) returns the projects on which user has browse permissions. Till now it is fine.

In one of the project, its permission scheme has "Browse Project" as Reporter Only.

So the user can see only the issues where he/she is the Reporter.

How can I filter same thing in my code, i.e. the getIssueIdsForProject(the id of above project) method returns all the issues, but I need only the issues which user can see?

FYI, I'm using JIRA 5.0.7API

Thanks a million!

1 answer

1 accepted

1 votes

Ah, no, there's a bit of an oddity here. "Browse" = "Reporter" doesn't do what it sounds like it should.

At a glance, the sentence should be "Only the person who reports the issue can see it". However, Jira actually thinks "Anyone who can create an issue in that project can see it". There is a sort of logic behind it, but it's a pain to explain. That explains why your filter is getting everything - because it's allowing anyone who *might* report an issue

There is another permission you need to use to get a proper "only reporter can see it" to work - https://confluence.atlassian.com/display/JIRA/Current+Reporter+Browse+Project+Permission

Thanks Nic!

Probably I did not explain you what i want. Here is the situation:

The above project has so many issues, but when I write a search query like project in "xxx", it returns only issues where I'm the reporter for them. The issue navigator is filtering other issues based on the permission scheme logic.

Coming to my custom jql function:

issue in getXYZIssues()

In code, I'm able to get the projectID using getProjectObjects(), but I'm unable to filter the issue list to return. In this case, the issues where I'm not the reporter are creating the error.

That does not make any sense. If you have a search query of "project in <list of projects>" then the list returned will be all issues in those projects that you have the permission to see.

It doesn't filter anything out, other than stuff you should not see because, well, you can't see it. Yes, that's based on the permission scheme, but that also seems to be what you're asking for? You seem to want to repeat something that it's already doing for you.

I'm a bit lost on what the actual requirement is?

Trying to use 
PermissionManager.hasPermission(int permissionsId,
                      Issue issue,
                      com.atlassian.crowd.embedded.api.User user)

That is what happening in jira with permission scheme. I have browse permissions on project, but due to permission scheme, I'm able to see only few issues out of it.

Coming to my requirement, I have wrote a jql function which returns issue ids( So I can use it as "issue in getIssueIdsXXX()" ), in my coding based on requirement logic, I got the projects and I tried to get all the issues from every project and prepared a list and returned. As this list contains issues which I can't see them, issue navigator is throwing error.

I tried to use above function "hasPermission" for every issue, it is working fine, but it is very expensive and takes lot of time if the issue count is more.

I think the same logic(permission check) applied in issue navigator, but this logic gets executed very fast(I'm not talking about the fastness of index).

Could you please suggest me any other ways to achieve this "permission check" to make my jql function faster?

Renjith Pillai Community Champion Feb 05, 2013

If you are using the SearchService of JIRA internally, then you should get the logged in user and do the search. So that it gives you only the issues that the user can see.

http://docs.atlassian.com/jira/latest/com/atlassian/jira/bc/issue/search/SearchService.html#search(com.atlassian.crowd.embedded.api.User, com.atlassian.query.Query, com.atlassian.jira.web.bean.PagerFilter)

http://docs.atlassian.com/jira/latest/com/atlassian/jira/security/JiraAuthenticationContext.html#getLoggedInUser()

> I got the projects and I tried to get all the issues from every project and prepared a list and returned. As this list contains issues which I can't see them, issue navigator is throwing error

How are you building the list? If you're passing it into any form of JQL (via searchservice, as Renjith has pointed out), then that will automatically drop anything the current user can't see, without you needing to do any of your own permission checking.

If you don't mind, please help me to use SearchService in my code. I have tried to instanciate DefaultSearchService, but in my import it is saying cannot find symbol. Do I need to add any thing in pom.xml? Or do we have any easy methods like getSearchService() etc.

Thanks in advance!

Using SearchService.search(), I'm able to get issues that I can see. But it has a performance problem:

1. I tried to send 50k issues as query liters but due to permissions I can not. Then

2. I passed those 50k issues thru SearchService.search and I got 40k issues, I passed them as query literals. This is fine!

But in this process I'm spending TWO times for searching(1 is SearchService.search and 2nd is by issue navigator).

Is there any chance to avoid any one of these and make my JQL faster?

Thanks in advance!

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,175 views 13 19
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot