How to add condition to webwork

209330 · October 22, 2018, 9:36pm

Hi,

I would like to create a top-menu button like the default ‘create’ that redirects to custom page.

my code id:

<web-item key="topbutton" section="system.top.navigation.bar" weight="50">
        <label key="My button"/>
        <link>/secure/WebWorkActionPage.jspa</link>
        <condition class="com.plugin.TopButtonCondition"/>
    </web-item>

    <webwork1 key="mywebwork" name="My WebWork" class="java.lang.Object">
        <actions>
            <action name="com.WebWorkAction" alias"WebWorkActionPage">
                <view name="success">/templates/myWebWork.vm</view>
            </action>
        </actions>
    </webwork1>

The permission is added in plugin configuration so only some users should have access to the ‘top-menu’ button and ‘custom-page’. I would like to check that in TopButtonCondition class.

It works correctly for ‘top-menu’ button and I’m able to make it invisible for unauthorized users.

The problem is that if someone knows url ‘/secure/WebWorkActionPage.jspa’ - can access to this page.

How is it possible to add condition to webwork? I tried to do in the same way as in the ‘web-section’ (in tags 'webwork1 ', ‘actions’ and ‘action’) but it does not work.

Does anyone know the solution?

jportillo · October 23, 2018, 10:18am

I would also include the validation in the doValidation method of the action in order to redirect to an error page.

209330 · October 24, 2018, 4:10pm

@jportillo I’m not sure what do you mean. The class ‘WebWorkAction’ extends ‘JiraWebAcionSupports’ but there is no ‘doValidation()’ method to override.
Could you explain me the solution please?

jportillo · October 25, 2018, 7:26am

You can use it anyway becasue is a method from ActionSupport Class.

Just include a method like this:

@Override
public void doValidation() {

    }

HussamItani · June 30, 2020, 11:30am

import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.Permissions;

public class MyProjectAction extends JiraWebActionSupport{ 

    @ComponentImport
    private final PermissionManager permissionManager;

    @ComponentImport
    private final ProjectManager projectManager;

    private Long projectId;

    private Project project;

    @Autowired
    public MyProjectAction(PermissionManager permissionManager, ProjectManager projectManager){
        this.permissionManager = permissionManager;
        this.projectManager = projectManager;
    }

    @Override
    public String doDefault(){

        setProject(projectManager.getProjectObj(projectId));

        // getters and setters need to be defined for current project and for permissionManager
        if (!this.permissionManager.hasPermission(Permissions.PROJECT_ADMIN, getProject(), getLoggedInUser())) {
            this.setReturnUrl("/projects/" + getProject().getKey());
            return this.getRedirect("/projects/" + getProject().getKey());
        }
        // Your action here
       return "myVelocity";
    }

    public Project getProject() {
        return project;
    }

    public void setProject(Project project) {
        this.project = project;
    }
}

<webwork1 key="my_webwork" roles-required="use">
        ......
</webwork1>