Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

ScriptRunner/Behaviours get project role group on CREATE screen

Gabriel MOSCALU
Gabriel MOSCALU February 22, 2019

Hello,

 

I am trying to ease the users creation and done a workflow for it.

 

Setup : Users can be internal, or customers. Customer access is controlled via groups (each customer project has a dedicated group, created on project creation). User type, Name, email, etc are captured in custom fields, as well as target project (in a single-project select CF). Depending on the project, i got the user listed in project's "Project Manager" project role, and save it in a "Team Manager" CF, as these guys need to approve the user creation. The groups to be granted to the user are listed in a CF named "Available groups", type Group Picker (multiple groups).

 

By default, when the user type is "Customer - Portal" or "Customer - JIRA", i add the "jira-customers" to that CF, and i need a bit of help on getting the group listed in the "Service Desk Customer - Portal Access " project role.

 

I managed to write the ScriptRunner workflow post-function that :

* creates the user

* grants all the groups listed in the "Available groups" CF

* adds the user to the organizations declared on the target project

 

The only missing part, where i cannot really find my way through is how to get the project's role as a group object (to be added to the groups CF). I can get the list of users in a role (used to get the Team Manager), but i do not know how to filter on the groups.

 

Here's the relevant part of the code I wrote so far:

 

import com.atlassian.jira.ComponentManager
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.project.Project
import com.atlassian.jira.project.ProjectManager
import com.atlassian.jira.security.roles.ProjectRole
import com.atlassian.jira.security.roles.DefaultRoleActors
import com.atlassian.jira.security.roles.ProjectRoleActors
import com.atlassian.jira.security.roles.ProjectRoleManager
import static com.atlassian.jira.issue.IssueFieldConstants.*
import com.atlassian.jira.security.roles.RoleActor

log.info(" --- 'New user - Main project' behaviour is executed in : ${getActionName()} --- ")

if (getActionName() != "Create") {
return // not the initial action, so don't set default values for groups
}

ComponentManager componentManager = ComponentManager.getInstance()
ProjectRoleManager projectRoleManager = ComponentManager.getComponentInstanceOfType(ProjectRoleManager.class) as ProjectRoleManager

def ProjectSelectedField = getFieldById(getFieldChanged())
def selectedOption = ProjectSelectedField.getValue().toString().split(": ")[1] as String
ProjectManager pm = ComponentAccessor.getProjectManager()
Project selectedProjectObj = pm.getProjectByCurrentKeyIgnoreCase(selectedOption)
log.debug(" --- 'New user - Main project' behaviour : selected project = ${selectedProjectObj.getName()} --- ")
log.debug(" --- 'New user - Main project' behaviour : selected project lead = ${selectedProjectObj.getProjectLead()?.getKey()} --- ")

def groupsField = getFieldByName("Available groups")
def orgField = getFieldByName("New user - Company")
log.debug(" --- 'New user - Main project' behaviour : New user - Company = ${orgField.getValue()} --- ")
def tmField = getFieldByName("Team Manager")


tmField.setFormValue(selectedProjectObj.getProjectLead()?.getKey())
orgField.setFormValue( selectedProjectObj.getName().toString() )

// name of role here
ProjectRole custRole = projectRoleManager.getProjectRole("Service Desk Customer - Portal Access")

ProjectRoleActors actors = projectRoleManager.getProjectRoleActors(custRole, selectedProjectObj)

log.info("$selectedProjectObj.key, $selectedProjectObj.name, $selectedProjectObj.leadUserName, ${actors.getUsers()*.name}\n");

 

unfortunately, the last line logs something i do not expect:

 

2019-02-23 08:12:49,422 http-nio-8080-exec-4846 INFO admin 492x1528569x2 uxnj3h 10.122.130.50,10.122.140.22 /rest/scriptrunner/behaviours/latest/runvalidator.json [c.o.j.groovy.user.FieldBehaviours] DEMO, Demo_Project, Solutions_Support, [my_agent, my_support_user]

 

While i would have expected to get "cust-demo" - the group name that includes all users allowed to access this project.

 

Can you please help me get this right?

 

Thanks

Gabriel

 

PS: I forgot to mention: I would like that every change of the project selection is added to the groups CF (not to overwrite existing values), to allow  multiple groups access granting.

Answer
Watch
Like Be the first to like this
1926 views

1 answer

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 23, 2019

It looks to me like "cust-demo" is not a group listed in the role of "Service Desk Customer - Portal Access" for that project.

The code is returning three other groups and a couple of users.  My best guess is that you're looking in the wrong place - cust-demo being the group you have named in global permissions as users allowed to be "customers"

View More Comments
Gabriel MOSCALU
Gabriel MOSCALU February 23, 2019

Hi Nic,

 

The "cust-demo" is a group and it is added on that project:

 

2019-02-23 17_19_24-Clipboard.png

 

And the group is not empty (that's where the "my_agent" and the "my_support_user" came from (I could make generic the log, but tougher to mangle with the screenshots):2019-02-23 17_21_20-Users - ServiceDesk.png

Any idea how to get the group name, not the members?

 

The global permissions allows "jira-support" & "jira-can-login" members to login, giving access to ServiceDesk features to "jira-support" and "servicedesk-agents", and "jira-can-login" gives access to JIRA Software license seats.

 

All the other users, based on groups and organizations, get access to portals only.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 26, 2019

Ahh, ok, the call is "flattening" groups out, and returning the content of the groups.

I can't see how to get to the groups this way, the class is built to get directly to a user, not go via the group.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events