Hello Atlassian Data Center team -
We’re looking to improve our support for Jira Data Center’s “archived issues”. Right now, when a Jira issue is archived, the Jira user immediately sees an ugly permissions error.
Our permission check uses com.atlassian.jira.security.PermissionManager.hasPermission() call to get user permissions.
By default it uses the ProjectPermissions.VIEW_DEV_TOOLS permission. That permission has the availableForArchivedEntities flag set to false. And the hasPermission() permission call returns false as well.
ProjectPermissions.VIEW_DEV_TOOLS is not allowed for archived Jira issues.
Do you have any recommendations on how to work through this?
Let me describe our goal in more detail. Our plugin shows some development information and uses ‘VIEW_DEV_TOOLS’ permission to determine the user’s possibility to see the information.
Yes, we can use other permissions (for example, the ‘BROWSE_PROJECTS’ is enough to see archived Jira issues). But. If we change the ‘VIEW_DEV_TOOLS’ permission to some another one – will it lead to that our development information will be displayed to persons who have no appropriate rights to see it? It seems – yes.
Even if we use the ‘BROWSE_ARCHIVE’ permission only for archived Jira issues – it will still lead to that development information will be displayed to persons who have no development rights, but for archived Jira issues only.
Thank you. Yes, we may do this.
But in that case, a user without the ‘VIEW_DEV_TOOLS’ may be able to see the development information in the archived Jira issues. It looks like an access violation, doesn’t it?