Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Sign up for free Log in
Atlassian Community Hero Image Collage

ScriptRunner/Behaviours get project role group on CREATE screen

Edited
Gabriel MOSCALU
Gabriel MOSCALU Feb 22, 2019

Hello,

 

I am trying to ease the users creation and done a workflow for it.

 

Setup : Users can be internal, or customers. Customer access is controlled via groups (each customer project has a dedicated group, created on project creation). User type, Name, email, etc are captured in custom fields, as well as target project (in a single-project select CF). Depending on the project, i got the user listed in project's "Project Manager" project role, and save it in a "Team Manager" CF, as these guys need to approve the user creation. The groups to be granted to the user are listed in a CF named "Available groups", type Group Picker (multiple groups).

 

By default, when the user type is "Customer - Portal" or "Customer - JIRA", i add the "jira-customers" to that CF, and i need a bit of help on getting the group listed in the "Service Desk Customer - Portal Access " project role.

 

I managed to write the ScriptRunner workflow post-function that :

* creates the user

* grants all the groups listed in the "Available groups" CF

* adds the user to the organizations declared on the target project

 

The only missing part, where i cannot really find my way through is how to get the project's role as a group object (to be added to the groups CF). I can get the list of users in a role (used to get the Team Manager), but i do not know how to filter on the groups.

 

Here's the relevant part of the code I wrote so far:

 

import com.atlassian.jira.ComponentManager
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.project.Project
import com.atlassian.jira.project.ProjectManager
import com.atlassian.jira.security.roles.ProjectRole
import com.atlassian.jira.security.roles.DefaultRoleActors
import com.atlassian.jira.security.roles.ProjectRoleActors
import com.atlassian.jira.security.roles.ProjectRoleManager
import static com.atlassian.jira.issue.IssueFieldConstants.*
import com.atlassian.jira.security.roles.RoleActor

log.info(" --- 'New user - Main project' behaviour is executed in : ${getActionName()} --- ")

if (getActionName() != "Create") {
return // not the initial action, so don't set default values for groups
}

ComponentManager componentManager = ComponentManager.getInstance()
ProjectRoleManager projectRoleManager = ComponentManager.getComponentInstanceOfType(ProjectRoleManager.class) as ProjectRoleManager

def ProjectSelectedField = getFieldById(getFieldChanged())
def selectedOption = ProjectSelectedField.getValue().toString().split(": ")[1] as String
ProjectManager pm = ComponentAccessor.getProjectManager()
Project selectedProjectObj = pm.getProjectByCurrentKeyIgnoreCase(selectedOption)
log.debug(" --- 'New user - Main project' behaviour : selected project = ${selectedProjectObj.getName()} --- ")
log.debug(" --- 'New user - Main project' behaviour : selected project lead = ${selectedProjectObj.getProjectLead()?.getKey()} --- ")

def groupsField = getFieldByName("Available groups")
def orgField = getFieldByName("New user - Company")
log.debug(" --- 'New user - Main project' behaviour : New user - Company = ${orgField.getValue()} --- ")
def tmField = getFieldByName("Team Manager")


tmField.setFormValue(selectedProjectObj.getProjectLead()?.getKey())
orgField.setFormValue( selectedProjectObj.getName().toString() )

// name of role here
ProjectRole custRole = projectRoleManager.getProjectRole("Service Desk Customer - Portal Access")

ProjectRoleActors actors = projectRoleManager.getProjectRoleActors(custRole, selectedProjectObj)

log.info("$selectedProjectObj.key, $selectedProjectObj.name, $selectedProjectObj.leadUserName, ${actors.getUsers()*.name}\n");

 

unfortunately, the last line logs something i do not expect:

 

2019-02-23 08:12:49,422 http-nio-8080-exec-4846 INFO admin 492x1528569x2 uxnj3h 10.122.130.50,10.122.140.22 /rest/scriptrunner/behaviours/latest/runvalidator.json [c.o.j.groovy.user.FieldBehaviours] DEMO, Demo_Project, Solutions_Support, [my_agent, my_support_user]

 

While i would have expected to get "cust-demo" - the group name that includes all users allowed to access this project.

 

Can you please help me get this right?

 

Thanks

Gabriel

 

PS: I forgot to mention: I would like that every change of the project selection is added to the groups CF (not to overwrite existing values), to allow  multiple groups access granting.

Answer
Watch
Like Be the first to like this
963 views

1 answer

0 votes
Nic Brough _Adaptavist_
Nic Brough _Adaptavist_ Community Leader Feb 23, 2019

It looks to me like "cust-demo" is not a group listed in the role of "Service Desk Customer - Portal Access" for that project.

The code is returning three other groups and a couple of users.  My best guess is that you're looking in the wrong place - cust-demo being the group you have named in global permissions as users allowed to be "customers"

View More Comments
Gabriel MOSCALU
Gabriel MOSCALU Feb 23, 2019 • edited

Hi Nic,

 

The "cust-demo" is a group and it is added on that project:

 

2019-02-23 17_19_24-Clipboard.png

 

And the group is not empty (that's where the "my_agent" and the "my_support_user" came from (I could make generic the log, but tougher to mangle with the screenshots):2019-02-23 17_21_20-Users - ServiceDesk.png

Any idea how to get the group name, not the members?

 

The global permissions allows "jira-support" & "jira-can-login" members to login, giving access to ServiceDesk features to "jira-support" and "servicedesk-agents", and "jira-can-login" gives access to JIRA Software license seats.

 

All the other users, based on groups and organizations, get access to portals only.

Like
Nic Brough _Adaptavist_
Nic Brough _Adaptavist_ Community Leader Feb 26, 2019

Ahh, ok, the call is "flattening" groups out, and returning the content of the groups.

I can't see how to get to the groups this way, the class is built to get directly to a user, not go via the group.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Core
Jira Core Server
TAGS
Community showcase
Vitalii Blinovskov
Vitalii Blinovskov
Published in Jira

Admins, notify your Jira instance of system-wide changes with the new admin announcement banner

Hi All! We’re excited to share the launch of an announcement banner that lets Jira site administrators communicate directly to their users across their  Jira Cloud instance.  ...

736 views 17 20
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you