Permission denied when accessing Insight attribute (Post function)

Thomas Scheibelhofer November 14, 2017

Hey,

I've been working on an approval workflow which gets the User's cost center manager of a User out of Insight and adds him to the Approvers via post functions.

This already works. That's the first code block, you're welcome to use it but it's definitely 'unrefined' and still needs some grooming, as this is a learning by doing and my first attempt in working with Post functions (or Groovy / Java at that).

The second thing i'm trying is:

- Have an object representing a permission

- Each of these objects have Approval 1, 2, 3, ... as Attribute

- These attributes are then filled with a Keyword, such as "Cost Center Manager" or "Line Manager"

For these Keywords i'm preparing the second code block which should get this "Line Manager" or "Cost Center Manager" and then decide which Object / Value to fetch from Insight and enter in a field in JIRA Service Desk.

Now that's kind of where i'm stuck and i just don't know what i'm doing wrong here (taken from the second block):

def FirstApproval = objectFacade.loadObjectAttributeBean(PermissionInt,"Approval 1");

This is the one line I can't get past, when trying to fetch the "Approval 1" Attribute Bean, i get a Permission Insight Exception:

"com.riadalabs.jira.plugins.insight.common.exception.PermissionInsightException: PermissionInsightException: User scheibet didn't have correct permission (view) for object : 49144\r\n\tat com.riadalabs.jira.plugins.insight.services.core.AbstractService.checkObjectViewPermission(AbstractService.java:290)\r\n\tat 

I've attached 'more' of the error message at the bottom. All of it extends the character limit.

All of this is staging / testing boundaries of the system so i'm usually using the same user which is my JIRA admin, as well as the administrator for anything i do in Insight.

I've tried this with other Objects as well and it works. E.g. i can get the bean of the Attribute Name (Address -> not the identifier) of the Object 'Location' without any issues.

When i create new objects and attributes it won't let me access them any more like this after I've upgraded to the latest Beta 5.2. I've already downgraded back to 5.1.4, but the issue persists, i'm not certain whether it's actually connected to the upgrade.

I've recreated the Object Type & the Object several times by now, deleted the custom jira field and recreated it, nothing helped so far.

Restarted application, server & database (postgres).

I would greatly appreciate any tips you have.

Thanks and best regards

Thomas

 

First Block: (works)

import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.ComponentManager
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.issue.comments.CommentManager
import com.atlassian.jira.bc.issue.IssueService



// Get a pointer to the issue
Issue issueKey = issue
def CurrentUser = ComponentAccessor.getJiraAuthenticationContext().getUser().username

// ObjectFacade cladd import
Class objectFacadeClass = ComponentAccessor.getPluginAccessor().getClassLoader().findClass("com.riadalabs.jira.plugins.insight.channel.external.api.facade.ObjectFacade");
def objectFacade = ComponentAccessor.getOSGiComponentInstanceOfType(objectFacadeClass);

// Current User mit Useritem in Insight vergleichen, gibt Userbean
def InsightUserObject = objectFacade.findObjectBeansByAttributeValue(86, "=" , CurrentUser)

// Remove all alphabetic characters from the User-Object string
String objectString = InsightUserObject.toString();
objectString = objectString.replaceAll("[^\\d.]", "").toString();
//Convert to integer for further processing
int objectInt = objectString.toInteger();

// Get Objectbean of User basierend auf ID (integer)
def ObjectBean = objectFacade.loadObjectBean(objectInt);
// Cost center Manager Attribute bean laden basieren auf User ID (integer) & Cost Center Manager Feld
def CostCenterManager = objectFacade.loadObjectAttributeBean(objectInt,"Cost Center Manager")

// Get Name of User (not needed)
// def ObjectGetName = ObjectBean.getName();
// def ObjectGetAttributeBeans = ObjectBean.getObjectAttributeBeans();

//Get Cost Center Manager ID
def GetCCMID = CostCenterManager.getObjectAttributeValueBeans()


//Clean up Cost Center Manager ID
// Remove all alphabetic characters from the CCM-Object string
String CCMString = GetCCMID.toString();
CCMString = CCMString.replaceAll("[^\\d.]", "").toString();
//Convert to integer
int CCMInt = CCMString.toInteger();

// GET NAME OF CCM
def CCMObjectBean = objectFacade.loadObjectBean(CCMInt);
def CCMName = CCMObjectBean.getName();

// Get access to the Jira comment and component manager
CommentManager commentManager = ComponentAccessor.getCommentManager()
ComponentManager componentManager = ComponentManager.getInstance()

// Cost center Manager Attribute bean laden basieren auf User ID (integer) & Cost Center Manager Feld
// def CCMJIRAUser = objectFacade.loadObjectAttributeBean(CCMInt,"JIRA User")
// def GetCCMJIRAID = CCMJIRAUser.getObjectAttributeValueBeans()

//Fill into approvers
def customFieldManager = ComponentAccessor.getCustomFieldManager()
def issueService = ComponentAccessor.getComponent(IssueService)
def approvers = customFieldManager.getCustomFieldObjectByName("Approvers")

def issue = issue as Issue
def user = ComponentAccessor.jiraAuthenticationContext.loggedInUser
def issueInputParameters = issueService.newIssueInputParameters()

// Adding the user names here
issueInputParameters.addCustomFieldValue(approvers.id, CCMName)

def updateValidationResult = issueService.validateUpdate(user, issue.id, issueInputParameters)

if (updateValidationResult.isValid()) {
issueService.update(user, updateValidationResult)
}

// COMMENT FOR VERIFICATION
// Check if the issue is not null

//if(issueKey){
// Create a comment on the issue
// commentManager.create(issueKey, CurrentUser,CCMName.toString(), true)
//}

Second block :

import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.ComponentManager;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.issue.comments.CommentManager;
import com.atlassian.jira.bc.issue.IssueService;
import com.atlassian.jira.issue.fields.CustomField;

// Get a pointer to the issue
Issue issueKey = issue
def CurrentUser = ComponentAccessor.getJiraAuthenticationContext().getUser().username
def issueID = issueKey.getId();

// ObjectFacade classimport
Class objectFacadeClass = ComponentAccessor.getPluginAccessor().getClassLoader().findClass("com.riadalabs.jira.plugins.insight.channel.external.api.facade.ObjectFacade");
def objectFacade = ComponentAccessor.getOSGiComponentInstanceOfType(objectFacadeClass);

//Get custom field content
CustomField PermissionsCF = ComponentAccessor.getCustomFieldManager().getCustomFieldObject(10700);
def PermissionCFvalue = PermissionsCF.getValue(issue)

// Remove all alphabetic characters from the User-Object string
String PermissionString = PermissionCFvalue.toString();
PermissionString = PermissionString.replaceAll("[^\\d.]", "");

//Convert to integer for further processing
int PermissionInt = PermissionString.toInteger();

// Get Objectbean of User basierend auf ID (integer)
// def PermissionBean = objectFacade.loadObjectBean(PermissionInt);
// Permission Attribute bean laden basierend auf Permission ID (integer) & Approval 1 feld
def FirstApproval = objectFacade.loadObjectAttributeBean(PermissionInt,"Approval 1");

//Get Permission ID
//def GetCCMID = CostCenterManager.getObjectAttributeValueBeans()

// Get access to the Jira comment and component manager
CommentManager commentManager = ComponentAccessor.getCommentManager()
ComponentManager componentManager = ComponentManager.getInstance()

if(issueKey){
// Create a comment on the issue
commentManager.create(issueKey, CurrentUser,PermissionInt.toString(), true)
}

 

Error message:


"com.riadalabs.jira.plugins.insight.common.exception.PermissionInsightException: PermissionInsightException: User scheibet didn't have correct permission (view) for object : 49144\r\n\tat com.riadalabs.jira.plugins.insight.services.core.AbstractService.checkObjectViewPermission(AbstractService.java:290)\r\n\tat com.riadalabs.jira.plugins.insight.services.core.impl.ObjectServiceImpl.loadObjectAttributeBean(ObjectServiceImpl.java:891)\r\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\r\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\r\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\r\n\tat java.lang.reflect.Method.invoke(Method.java:498)\r\n\tat com.atlassian.activeobjects.tx.TransactionalProxy.invoke(TransactionalProxy.ja

2 answers

1 accepted

1 vote
Answer accepted
Alexander Sundström
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 16, 2017

Hi!

The object you're trying to access with id 49144, can you actually see the information of that object in Insight if you go there manually with the same user used in the groovy script, or are there any permissions restricting you from it? 

Can you also double check that the CurrentUser is the user that you expects. Based on the exception thrown, there doesn't seem to be any errors, but rather a question about Permissions. I know you mentioned that you are the JIRA admin, as well as the Insight Administrator, so this is just to verify.

You can also read more about permissions at https://documentation.riada.se/insight/latest/insight-administrator-s-guide/insight-permissions

 

Best Regard
Alexander

Thomas Scheibelhofer November 17, 2017

Hi Alexander,

thanks for your reply. Yes, i can see the item and all details.

It is a bit difficult to describe, but i think I've discovered a bug (besides the permission issue which was only occurring when i tried to use the Name of the Attribute):

When trying to get the ObjectAttributeBean of a Default-Select Type Attribute, i'm getting a null value.

I tried to consolidate the configuration in these screenshots:

Untitled.png

BR

Alexander Sundström
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 17, 2017

Hi Thomas, 

You're passing in the wrong id  to the loadObjectAttributeBean, it should be the id for the object, which is not the same as the digits parsed from the Key. That is why it's null.  Could you try this with the actual id?

Thomas Scheibelhofer November 17, 2017

You are a life saver! It works, thank you so much!

Would you like me to post the script here when it's finished? - Possibly it helps someone else build an approval workflow :-)

BR

Alexander Sundström
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 17, 2017

Glad that you got it to work!

Yes fell free to post it here so others can learn from it. And please mark this question as answered :)

Best Regards
Alexander

0 votes
Thomas Scheibelhofer November 17, 2017

Hi Alexander,

so, to check that generally this works, i have an example here, but for some reason i cannot get it to work for newly created object attribute types:

Untitled1.png

Any advice would be greatly appreciated.

BR

Thomas

Alexander Sundström
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 17, 2017

Hi Thomas, In this case, the id is the same as the Key, but that is not always the case, but that's why it's working.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events