The app context security docs mention safe context properties that can be used for authorization. For Custom UI in particular, the docs mention the license property.
Please also consider finding new ways to keep the docs up to date. I have been trying to figure out the shapes of the context properties in various places, such as functions, resolvers, web triggers, and scheduled triggers, over the past week, and I am pretty sure the docs are full of mistakes. Unfortunately, TS types in the library are just as bad.
environmentId: marked as required in the docs, but missing in my context payload
environmentType: marked as required in the docs, but missing in my context payload
installation.ari: Docs say they have a toString() method?
installation.context: Docs say they have a toString() method?
userAccess: { enabled: boolean, hasAccess: boolean }: this comes through in my context payload but is nowhere documented. What do these mean?
jobId: undefined: this comes through in my context payload byt is not defined in the docs
In case it matters, all of the above are when calling a resolver from a Custom UI module (jiraServiceManagement:portalRequestDetailPanel) but I would expect module specific attributes to be placed under the extension property.
I am very curious of what userAccess is exactly.
If we could have a proper documentation of what are its value for the different accountType ( licensed, unlicensed, customer, anonymous), that will be very helpful.
But I have no idea who we can ping at Atlassian for that.