Permission denied when accessing Insight attribute (Post function)

Hey,

I've been working on an approval workflow which gets the User's cost center manager of a User out of Insight and adds him to the Approvers via post functions.

This already works. That's the first code block, you're welcome to use it but it's definitely 'unrefined' and still needs some grooming, as this is a learning by doing and my first attempt in working with Post functions (or Groovy / Java at that).

The second thing i'm trying is:

- Have an object representing a permission

- Each of these objects have Approval 1, 2, 3, ... as Attribute

- These attributes are then filled with a Keyword, such as "Cost Center Manager" or "Line Manager"

For these Keywords i'm preparing the second code block which should get this "Line Manager" or "Cost Center Manager" and then decide which Object / Value to fetch from Insight and enter in a field in JIRA Service Desk.

Now that's kind of where i'm stuck and i just don't know what i'm doing wrong here (taken from the second block):

def FirstApproval = objectFacade.loadObjectAttributeBean(PermissionInt,"Approval 1");

This is the one line I can't get past, when trying to fetch the "Approval 1" Attribute Bean, i get a Permission Insight Exception:

"com.riadalabs.jira.plugins.insight.common.exception.PermissionInsightException: PermissionInsightException: User scheibet didn't have correct permission (view) for object : 49144\r\n\tat com.riadalabs.jira.plugins.insight.services.core.AbstractService.checkObjectViewPermission(AbstractService.java:290)\r\n\tat 

I've attached 'more' of the error message at the bottom. All of it extends the character limit.

All of this is staging / testing boundaries of the system so i'm usually using the same user which is my JIRA admin, as well as the administrator for anything i do in Insight.

I've tried this with other Objects as well and it works. E.g. i can get the bean of the Attribute Name (Address -> not the identifier) of the Object 'Location' without any issues.

When i create new objects and attributes it won't let me access them any more like this after I've upgraded to the latest Beta 5.2. I've already downgraded back to 5.1.4, but the issue persists, i'm not certain whether it's actually connected to the upgrade.

I've recreated the Object Type & the Object several times by now, deleted the custom jira field and recreated it, nothing helped so far.

Restarted application, server & database (postgres).

I would greatly appreciate any tips you have.

Thanks and best regards

Thomas

 

First Block: (works)

import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.ComponentManager
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.issue.comments.CommentManager
import com.atlassian.jira.bc.issue.IssueService



// Get a pointer to the issue
Issue issueKey = issue
def CurrentUser = ComponentAccessor.getJiraAuthenticationContext().getUser().username

// ObjectFacade cladd import
Class objectFacadeClass = ComponentAccessor.getPluginAccessor().getClassLoader().findClass("com.riadalabs.jira.plugins.insight.channel.external.api.facade.ObjectFacade");
def objectFacade = ComponentAccessor.getOSGiComponentInstanceOfType(objectFacadeClass);

// Current User mit Useritem in Insight vergleichen, gibt Userbean
def InsightUserObject = objectFacade.findObjectBeansByAttributeValue(86, "=" , CurrentUser)

// Remove all alphabetic characters from the User-Object string
String objectString = InsightUserObject.toString();
objectString = objectString.replaceAll("[^\\d.]", "").toString();
//Convert to integer for further processing
int objectInt = objectString.toInteger();

// Get Objectbean of User basierend auf ID (integer)
def ObjectBean = objectFacade.loadObjectBean(objectInt);
// Cost center Manager Attribute bean laden basieren auf User ID (integer) & Cost Center Manager Feld
def CostCenterManager = objectFacade.loadObjectAttributeBean(objectInt,"Cost Center Manager")

// Get Name of User (not needed)
// def ObjectGetName = ObjectBean.getName();
// def ObjectGetAttributeBeans = ObjectBean.getObjectAttributeBeans();

//Get Cost Center Manager ID
def GetCCMID = CostCenterManager.getObjectAttributeValueBeans()


//Clean up Cost Center Manager ID
// Remove all alphabetic characters from the CCM-Object string
String CCMString = GetCCMID.toString();
CCMString = CCMString.replaceAll("[^\\d.]", "").toString();
//Convert to integer
int CCMInt = CCMString.toInteger();

// GET NAME OF CCM
def CCMObjectBean = objectFacade.loadObjectBean(CCMInt);
def CCMName = CCMObjectBean.getName();

// Get access to the Jira comment and component manager
CommentManager commentManager = ComponentAccessor.getCommentManager()
ComponentManager componentManager = ComponentManager.getInstance()

// Cost center Manager Attribute bean laden basieren auf User ID (integer) & Cost Center Manager Feld
// def CCMJIRAUser = objectFacade.loadObjectAttributeBean(CCMInt,"JIRA User")
// def GetCCMJIRAID = CCMJIRAUser.getObjectAttributeValueBeans()

//Fill into approvers
def customFieldManager = ComponentAccessor.getCustomFieldManager()
def issueService = ComponentAccessor.getComponent(IssueService)
def approvers = customFieldManager.getCustomFieldObjectByName("Approvers")

def issue = issue as Issue
def user = ComponentAccessor.jiraAuthenticationContext.loggedInUser
def issueInputParameters = issueService.newIssueInputParameters()

// Adding the user names here
issueInputParameters.addCustomFieldValue(approvers.id, CCMName)

def updateValidationResult = issueService.validateUpdate(user, issue.id, issueInputParameters)

if (updateValidationResult.isValid()) {
issueService.update(user, updateValidationResult)
}

// COMMENT FOR VERIFICATION
// Check if the issue is not null

//if(issueKey){
// Create a comment on the issue
// commentManager.create(issueKey, CurrentUser,CCMName.toString(), true)
//}

Second block :

import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.ComponentManager;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.issue.comments.CommentManager;
import com.atlassian.jira.bc.issue.IssueService;
import com.atlassian.jira.issue.fields.CustomField;

// Get a pointer to the issue
Issue issueKey = issue
def CurrentUser = ComponentAccessor.getJiraAuthenticationContext().getUser().username
def issueID = issueKey.getId();

// ObjectFacade classimport
Class objectFacadeClass = ComponentAccessor.getPluginAccessor().getClassLoader().findClass("com.riadalabs.jira.plugins.insight.channel.external.api.facade.ObjectFacade");
def objectFacade = ComponentAccessor.getOSGiComponentInstanceOfType(objectFacadeClass);

//Get custom field content
CustomField PermissionsCF = ComponentAccessor.getCustomFieldManager().getCustomFieldObject(10700);
def PermissionCFvalue = PermissionsCF.getValue(issue)

// Remove all alphabetic characters from the User-Object string
String PermissionString = PermissionCFvalue.toString();
PermissionString = PermissionString.replaceAll("[^\\d.]", "");

//Convert to integer for further processing
int PermissionInt = PermissionString.toInteger();

// Get Objectbean of User basierend auf ID (integer)
// def PermissionBean = objectFacade.loadObjectBean(PermissionInt);
// Permission Attribute bean laden basierend auf Permission ID (integer) & Approval 1 feld
def FirstApproval = objectFacade.loadObjectAttributeBean(PermissionInt,"Approval 1");

//Get Permission ID
//def GetCCMID = CostCenterManager.getObjectAttributeValueBeans()

// Get access to the Jira comment and component manager
CommentManager commentManager = ComponentAccessor.getCommentManager()
ComponentManager componentManager = ComponentManager.getInstance()

if(issueKey){
// Create a comment on the issue
commentManager.create(issueKey, CurrentUser,PermissionInt.toString(), true)
}

 

Error message:


"com.riadalabs.jira.plugins.insight.common.exception.PermissionInsightException: PermissionInsightException: User scheibet didn't have correct permission (view) for object : 49144\r\n\tat com.riadalabs.jira.plugins.insight.services.core.AbstractService.checkObjectViewPermission(AbstractService.java:290)\r\n\tat com.riadalabs.jira.plugins.insight.services.core.impl.ObjectServiceImpl.loadObjectAttributeBean(ObjectServiceImpl.java:891)\r\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\r\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\r\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\r\n\tat java.lang.reflect.Method.invoke(Method.java:498)\r\n\tat com.atlassian.activeobjects.tx.TransactionalProxy.invoke(TransactionalProxy.ja

2 answers

1 accepted

Accepted Answer
1 vote

Hi!

The object you're trying to access with id 49144, can you actually see the information of that object in Insight if you go there manually with the same user used in the groovy script, or are there any permissions restricting you from it? 

Can you also double check that the CurrentUser is the user that you expects. Based on the exception thrown, there doesn't seem to be any errors, but rather a question about Permissions. I know you mentioned that you are the JIRA admin, as well as the Insight Administrator, so this is just to verify.

You can also read more about permissions at https://documentation.riada.se/insight/latest/insight-administrator-s-guide/insight-permissions

 

Best Regard
Alexander

Hi Alexander,

thanks for your reply. Yes, i can see the item and all details.

It is a bit difficult to describe, but i think I've discovered a bug (besides the permission issue which was only occurring when i tried to use the Name of the Attribute):

When trying to get the ObjectAttributeBean of a Default-Select Type Attribute, i'm getting a null value.

I tried to consolidate the configuration in these screenshots:

Untitled.png

BR

Hi Thomas, 

You're passing in the wrong id  to the loadObjectAttributeBean, it should be the id for the object, which is not the same as the digits parsed from the Key. That is why it's null.  Could you try this with the actual id?

You are a life saver! It works, thank you so much!

Would you like me to post the script here when it's finished? - Possibly it helps someone else build an approval workflow :-)

BR

Glad that you got it to work!

Yes fell free to post it here so others can learn from it. And please mark this question as answered :)

Best Regards
Alexander

Hi Alexander,

so, to check that generally this works, i have an example here, but for some reason i cannot get it to work for newly created object attribute types:

Untitled1.png

Any advice would be greatly appreciated.

BR

Thomas

Hi Thomas, In this case, the id is the same as the Key, but that is not always the case, but that's why it's working.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 11, 2018 in Marketplace Apps

You + one app + a desert island...

Hi all! My name is Miles and I work on the Marketplace team. We’re looking for better ways to recommend and suggest apps that are truly crowd favorites, so of course we wanted to poll the Community. ...

3,374 views 6 6
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you