Hello Atlassian Data Center team -
We’re looking to improve our support for Jira Data Center’s “archived issues”. Right now, when a Jira issue is archived, the Jira user immediately sees an ugly permissions error.
Our permission check uses
com.atlassian.jira.security.PermissionManager.hasPermission() call to get user permissions.
By default it uses the
ProjectPermissions.VIEW_DEV_TOOLS permission. That permission has the
availableForArchivedEntities flag set to
false. And the
hasPermission() permission call returns
false as well.
ProjectPermissions.VIEW_DEV_TOOLS is not allowed for archived Jira issues.
Do you have any recommendations on how to work through this?
You probably need to add ProjectPermissions.BROWSE_ARCHIVE permission if the issue is archived.
Could you please explain your recommendation?
Let me describe our goal in more detail. Our plugin shows some development information and uses ‘VIEW_DEV_TOOLS’ permission to determine the user’s possibility to see the information.
Yes, we can use other permissions (for example, the ‘BROWSE_PROJECTS’ is enough to see archived Jira issues). But. If we change the ‘VIEW_DEV_TOOLS’ permission to some another one – will it lead to that our development information will be displayed to persons who have no appropriate rights to see it? It seems – yes.
Even if we use the ‘BROWSE_ARCHIVE’ permission only for archived Jira issues – it will still lead to that development information will be displayed to persons who have no development rights, but for archived Jira issues only.
Can you check for multiple permissions? Something like this:
if (user.hasPermission(VIEW_DEV_TOOLS) &&
(!issue.isArchived() || (issue.isArchived() && user.hasPermission(BROWSE_ARCHIVE)
Thank you. Yes, we may do this.
But in that case, a user without the ‘VIEW_DEV_TOOLS’ may be able to see the development information in the archived Jira issues. It looks like an access violation, doesn’t it?
The first clause of the if statement (user.hasPermission(VIEW_DEV_TOOLS)) will ensure that only users with VIEW_DEV_TOOLS permission may view commits.
Oh! Thank you! Your are right.
We’ll try this.