Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is there a Java API to determine if a user can view an issue?

Chris Rusby
Chris Rusby
Contributor
September 22, 2016

I'm writing a groovy script (using the script runner plugin) and want to determine if a particular user can view an issue.

 

I was just wondering if there was a simple API to figure this out. Crucially, it needs to take issue level security into consideration - this isn't something I can see in the permissionManager API (which appears to be project-based only).

 

Thanks

Answer
Watch
Like Be the first to like this
1501 views

2 answers

1 accepted

3 votes
Answer accepted
Petar Petrov _Appfire_
Petar Petrov (Appfire)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 22, 2016

Just call this hasPermission() methods from PermissionManager passing the ProjectPermissions.BROWSE_PROJECTS permission - this will also check the issue security level scheme if such is assigned to the project which contains the issue.

There is a similar method in the JIRA 6.x API (the one I've linked is for JIRA 7.x).

View More Comments
Chris Rusby
Chris Rusby
Contributor
September 22, 2016

Yes, this seems to do the trick - there are quite a few hasPermission methods, so I must have overlooked the one with both a user and an issue.

 

Thanks

Like
Reply
0 votes
Thanos Batagiannis [Adaptavist]
Thanos Batagiannis [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 22, 2016

Hi Chris,

Try the script below (JIRA v7), in your script console and check the logs. 

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.issue.Issue
import com.atlassian.jira.issue.security.IssueSecurityLevel
import com.atlassian.jira.issue.security.IssueSecurityLevelManager

def userKey = "aUserKey"
Issue issue = ComponentAccessor.getIssueManager().getIssueObject("TP-1")
def userToCheck = ComponentAccessor.getUserManager().getUserByKey(userKey)

Collection <IssueSecurityLevel> issueSecurityLvlvs = ComponentAccessor.getComponent(IssueSecurityLevelManager)?.getAllSecurityLevelsForUser(userToCheck)
def hasPermission = issueSecurityLvlvs.find {it.id == issue?.securityLevelId} ? true : false
log.debug "${userKey} has permissions to view the issue: ${hasPermission}"

Let me know if this does the trick.

regards, Thanos

View More Comments
Chris Rusby
Chris Rusby
Contributor
September 22, 2016

Hi - this just gives me a collection of issue security levels.

There's nothing I can see about your code sample that ties this to the issue in question... or have I missed something?

Like
Thanos Batagiannis [Adaptavist]
Thanos Batagiannis [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 22, 2016

Ok I updated my script above, was missing the comparison with issue's security level. So there are the project permissions the global permissions and then the issue permission

According to the managing project permissions doc 

Permission to browse projects, use the Issue Navigator and view individual issues (except issues that have been restricted via issue-level security).

Hope that makes things a little more clear

regards, Thanos

Like
Chris Rusby
Chris Rusby
Contributor
September 22, 2016

I still don't think this is going to work quite right.  For instance, say I have an issue security level of "Reporter Only" - i.e. only the reporter can see the issue.

 

I believe that "Reporter Only" will come back for all users.  And the issue's security level will be "Reporter Only".  So all users will pass your check - which is not correct as only the reporter should return true.

 

@Petar Petrov's solution was along the lines I was looking for - I just missed the exact function taking both a user and an issue in the permission manager docs.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.