Accessing all Issues (without respecting permissions)

I’m working on an Export Plug-In for JIRA, where the Admin needs to be able to export all Issues of a Project, even if he is not in all the Appropriate roles to see all Issues.

Now I’m wondering if there is any way of searching in JIRA without respecting permissions or another workaround to get Issues regardless of the role the User is in.

So far I only found SearchService for example, which wants an ApplicationUser as Context to search.

Any Ideas are much Appreciated.

There’s a UserManager that will let you load an ApplicationUser under whose identity you can do whatever you need to do; but I’d be more concerned about the possibility of your add-on breaking out of JIRA’s permission model in ways that a user/installer of your add-on may not expect.

1 Like

SearchService has searchOverrideSecurity:
https://docs.atlassian.com/jira/7.0.4/com/atlassian/jira/bc/issue/search/SearchService.html#searchOverrideSecurity-com.atlassian.jira.user.ApplicationUser-com.atlassian.query.Query-com.atlassian.jira.web.bean.PagerFilter-

The user it’s expecting isn’t really used for anything that I know of (I’m guessing future proofing or maybe Audit Trails?). Pass in the current user and you should be good.

That said - like @david.pinn said - you’re breaking out of JIRA’s permission model so make sure you’re doing it for the right reasons and don’t cause an Information Leak (which would be a bad thing ).

1 Like

Thank you so much guys, looks like I just searched at the wrong places.

VERY good point, but it should be fine.
We are intending to use this as an Systemadmin only tool.


Our Use Case:
Once a Project is over an export is going to be performed and archived, internally by the Systemadministrator.