Web-panels conditions

PiotrSobieraj · October 8, 2021, 11:29am

Hi!

Currently, we are implementing additional web panels in Jira and we want to disable them for users which don’t have permission to do these functions based on user groups.

Therefore in your documentation, we found information about conditions that should be applied to each web-panels in the atlassian-connect.json file. And we want to use this condition: “entity_property_contains_any_user_group” but it won’t work.

We found this information in these two docs:
https://developer.atlassian.com/cloud/confluence/connect-conditions/#property-conditions
https://developer.atlassian.com/cloud/jira/platform/connect-conditions/

Our syntax for this condition looks like this:

"condition": "entity_property_contains_any_user_group",
"params": {
"entity": "user",
"propertyKey": "groups",
"objectName": "[\"example-group\"]"
}

In this case, if we swap"example-group" with a proper user group panel is disabled but it should be enabled. In addition, we found in your docs that to access user groups it is necessary to add parameter expand, and in this case, the request looks that “/user?accountId={user.accountId}&expand=groups”. Maybe we should pass something similar into our entity?

Example user entity looks that:

{
"self": "url",
"accountId": "id",
"accountType": "atlassian",
"avatarUrls": {
"48x48": "url",
"24x24": "url",
"16x16": "url",
"32x32": "url"
},
"displayName": "Name",
"active": true,
"timeZone": "Europe/Warsaw",
"locale": "en_GB",
"groups": {
"size": 1,
"items": []
},
"applicationRoles": {
"size": 3,
"items": []
},
"expand": "groups,applicationRoles"
}

We found such a solution Solution but it would be a great help if you can indicate how looks proper syntax for this case or indicate another solution to cope with that.

Regards,
Peter

danielwester · October 8, 2021, 12:48pm

Don’t use entity properties to store permission related configuration. Any user that can modify the entity itself can modify the properties (in your case - the user can craft some js and add themselves to the group).

You should take a look at https://developer.atlassian.com/cloud/jira/platform/modules/global-permission/ or https://developer.atlassian.com/cloud/jira/platform/modules/project-permission/

from there you can make use of the has_global_permission or has_project_permission condition.

PiotrSobieraj · October 8, 2021, 1:35pm

Many thanks for Your reply. The solution you proposed makes sense.

In my case, I have about five web panels and all of them have different permission rules. Therefore in this case which you suggest is it possible to define in global permissions separate permissions for each of them? If yes is it possible to define them in separate files and can You give me a specific example of the define permission rule?

Thanks in advance,
Peter

danielwester · October 8, 2021, 1:41pm

In your descriptor you can do something like:


    "jiraGlobalPermissions": [
      {
        "description": {
          "value": "Description here"
        },
        "anonymousAllowed": false,
        "defaultGrants": [
          "all"
        ],
        "name": {
          "value": "Some permission name"
        },
        "key": "my-special-permission"
      }

Then in each panel:

 "conditions": [
          {
            "condition": "has_global_permission",
            "params": {
            "permission": "my-app-key__my-special-permission"
            }
          }
]

where my-app-key is the app key.

PiotrSobieraj · October 11, 2021, 7:49am

Many thanks for Your reply. Now it’s more clear but still, I don’t understand some matters in the example that you have given.

First: "key": "my-special-permission" where can I define “my-special-permission” and that can have a block of conditions in JSON file? Can I give in this place path to my conditions?
Second: "permission": "my-app-key__my-special-permission" in this case "my-app-key" can be a key name of first element in my additional web panel e.x. "first-web-element"?

Thanks in advance,
Peter