Granting a custom permission to a user group by default

Our plugin sets up multiple custom project permissions so Jira admins can configure who can use the plugin and in which way they can use it. We got everything working: The permissions show up in the permission configuration screen and can be granted to whomever the admin wants, and doing so has the desired effect.
However, when the plugin is installed for the first time on a Jira instance (or after running atlas-clean during development), the permissions are initially granted to nobody, not even to admins. An admin has to configure the permissions manually before anyone can use our plugin. This is why we’d like to grant the permissions to specific user groups by default. These defaults should be set when our plugin is enabled for the first time and should not overwrite any manual changes by an admin, even if that admin decides to grant the permission to nobody.

What is the best way to do that?

Im looking for the same thing.
+1

@LeonHoos @RobinMeese You probably use some way of storing the groups for the custom permissions. Is there anything that stops you from writing a service that checks if the configuration has been saved before? If a value is found -> use this value. Otherwise, return the default one.

Jira handles all that stuff. We just specify the permission keys in our atlassian-plugin.xml so it shows up under Project Permissions in the project admin interface on /jira/plugins/servlet/project-config/PROJECTKEY/permissions.
We then use permissionManager.hasPermission(permissionKey, project, user) to check whether the user trying to use our plugin in a project has been given permission to do so. Our plugin has nothing to do with the way these permissions assigned, saved and evaluated.

@LeonHoos Awesome. I didn’t know that you can create custom permissions via atlassian-plugin.xml.

Two solutions:

  1. Write a PluginUpgradeTask. This guide is for Confluence but adapting it to Jira should be trivial - you just care about the SAL stuff https://developer.atlassian.com/server/confluence/writing-a-plugin-upgrade-task-to-migrate-user-data-to-new-user-keys/ . You can extend from AbstractUpgradeTask. The upgrade task will run once.
  2. Add an EventListener to the PluginInstalledEvent. Store a key-value pair in the plugin settings. If it does not exist -> assume your plugin runs for the first time. Then set the key-value pair. https://developer.atlassian.com/server/framework/atlassian-sdk/store-and-retrieve-plugin-data/