Default condition in module

andrea · October 15, 2020, 12:42pm

Hi everyone,

We were wondering if there is any default validation of the type of users who can access to Configure Page module (eg, only those included in the site-admin group), before adding conditions.

Thanks in advance!

dmorrow · October 16, 2020, 8:27am

Hi @andrea,

Yes, only Jira administrators will be able to access Configure Page modules because these pages are served under the administration area of Jira.

Regards,
Dugald

andrea · October 21, 2020, 7:06am

Thanks @dmorrow for the reply.

So what would be the permission that is doing that validation? because we want to hide the button to access the settings screen that we have associated with that module, but when checking the ADMINISTER permissions of the users who can see it and have access to it, ‘havePermissions’ is false.

BR,
Andrea

dmorrow · October 22, 2020, 10:13am

Hi Andrea,

I’m unclear on how you are checking the permissions and which button you are referring to. Could you please provide details steps to reproduce this.

Regards,
Dugald

hugo · October 22, 2020, 12:55pm

Hello!
Thanks for your help!

Our app has a “configurePage” mapping so that when you click on the CONFIG button, a request to:
“https://OUR_SERVER/plugins/servlet/ac/PRODUCT_KEY/CONFIG_KEY”
is sent and it resolves our rest api endpoint:
“OUR_SERVER/…/jira/config”

This happens when the user has access on the site and has the TRUSTED role.
BUT, when the user has just BASIC role, this mechanism simply doesn’t work - what is ok -, and the /jira/config endpoint is not called. So, we want to hide the CONFIG button for this type of users.

How do we know if a user doesn’t have TRUSTED access role and we have to hide the button?
We tried with the permissions rest API in :https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-permissions/#api-rest-api-3-permissions-get
but we get the same results for every user, so this is not useful.

Any tips? How do we get the right permissions?

Regards,
Hugo

andrea · October 29, 2020, 11:02am

Hi @dmorrow,
my mate Hugo provided more details about it. Let us know if something is unclear.

BR,
Andrea

MaciejRetowski · November 2, 2020, 11:48am

Hi, the API you have used returns all the possible permissions that exists in Jira. The API to check user’s permission is https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-permissions/#api-rest-api-3-permissions-check-post. We are also working on [ACJIRA-2177] - Ecosystem Jira so soon it will be possible for connect app to request user’s permission without ADMIN scope.
regards,
Maciej