The permission is added in plugin configuration so only some users should have access to the ‘top-menu’ button and ‘custom-page’. I would like to check that in TopButtonCondition class.
It works correctly for ‘top-menu’ button and I’m able to make it invisible for unauthorized users.
The problem is that if someone knows url ‘/secure/WebWorkActionPage.jspa’ - can access to this page.
How is it possible to add condition to webwork? I tried to do in the same way as in the ‘web-section’ (in tags 'webwork1 ', ‘actions’ and ‘action’) but it does not work.
@jportillo I’m not sure what do you mean. The class ‘WebWorkAction’ extends ‘JiraWebAcionSupports’ but there is no ‘doValidation()’ method to override.
Could you explain me the solution please?
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.Permissions;
public class MyProjectAction extends JiraWebActionSupport{
@ComponentImport
private final PermissionManager permissionManager;
@ComponentImport
private final ProjectManager projectManager;
private Long projectId;
private Project project;
@Autowired
public MyProjectAction(PermissionManager permissionManager, ProjectManager projectManager){
this.permissionManager = permissionManager;
this.projectManager = projectManager;
}
@Override
public String doDefault(){
setProject(projectManager.getProjectObj(projectId));
// getters and setters need to be defined for current project and for permissionManager
if (!this.permissionManager.hasPermission(Permissions.PROJECT_ADMIN, getProject(), getLoggedInUser())) {
this.setReturnUrl("/projects/" + getProject().getKey());
return this.getRedirect("/projects/" + getProject().getKey());
}
// Your action here
return "myVelocity";
}
public Project getProject() {
return project;
}
public void setProject(Project project) {
this.project = project;
}
}