com.atlassian.jira.security
Class WorkflowBasedPermissionManager
java.lang.Object
com.atlassian.jira.security.AbstractPermissionManager
com.atlassian.jira.security.DefaultPermissionManager
com.atlassian.jira.security.WorkflowBasedPermissionManager
- All Implemented Interfaces:
- JiraManager, PermissionManager
- Direct Known Subclasses:
- ThreadLocalCachingPermissionManager
public class WorkflowBasedPermissionManager
- extends DefaultPermissionManager
Permission manager which allows workflow permissions to be further restricted for each workflow step, in the workflow XML descriptor.
For instance, if the workflow contains a step:
<step id="1" name="Open">
<meta name="jira.status.id">1</meta>
<meta name="jira.permission.comment.group">${pkey}-bizusers</meta>
<meta name="jira.permission.comment.user">qa</meta>
<meta name="jira.permission.edit.group.1">jira-developers</meta>
<meta name="jira.permission.edit.group.2">jira-editors</meta>
<meta name="jira.permission.edit.projectrole">10001</meta>
then only members of the project's bizusers group and user 'qa' will be able to comment on open issues, and only members of
'jira-developers' and 'jira-editors' groups or members of the project role with id '10001' will be able to edit issues.
Assuming, of course, these users already have the relevant permission in the permission scheme.
Meta attributes can also modify subtasks' permissions. For example if the 'Bug' workflow's Open step has:
<meta name="jira.permission.subtasks.edit.group">jira-qa</meta>
Then subtasks of Bugs will only be editable by 'jira-qa' members, when their parent is in the Open state.
The format is 'jira.permission.[subtasks.]{permission}.{type}[.suffix]', where:
- {permission} is a short name specified in
Permissions
- {type} is a type (group, user, assignee, reporter, lead, userCF, projectrole)
of permission granted, or denied to deny the permission.
- subtasks., if specified, indicates that the permission
applies to the subtasks of issues in this step.
Important:Workflow permissions can only restrict
permissions set in the permission scheme, not grant permissions.
- See Also:
WorkflowBasedPermissionSchemeManager
Methods inherited from class com.atlassian.jira.security.AbstractPermissionManager |
addPermission, getAllGroups, getPermissionSchemeManager, getProjectManager, getProjectObjects, getProjects, getProjects, getProjects, hasPermission, hasPermission, hasPermission, hasPermission, hasPermission, hasProjectPermission, hasProjects, isGlobalPermission, removeGroupPermissions, removeUserPermissions |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
WorkflowBasedPermissionManager
public WorkflowBasedPermissionManager(WorkflowPermissionFactory workflowPermissionFactory,
PermissionContextFactory permissionContextFactory)
hasPermission
public boolean hasPermission(int permissionId,
org.ofbiz.core.entity.GenericValue entity,
com.atlassian.crowd.embedded.api.User u,
boolean issueCreation)
- Description copied from interface:
PermissionManager
- Does the same as
PermissionManager.hasPermission(int,org.ofbiz.core.entity.GenericValue,User)
except
the entity is a project GenericValue
.
- Specified by:
hasPermission
in interface PermissionManager
- Overrides:
hasPermission
in class AbstractPermissionManager
- Parameters:
permissionId
- Not a global permissionentity
- Not null.u
- User object, possibly null if JIRA is accessed anonymouslyissueCreation
- Whether this permission is being checked during issue creation
- Returns:
- True if there are sufficient rights to access the entity supplied
Copyright © 2002-2012 Atlassian. All Rights Reserved.