com.atlassian.jira.security
Class WorkflowBasedPermissionManager

java.lang.Object
  extended by com.atlassian.jira.security.DefaultPermissionManager
      extended by com.atlassian.jira.security.WorkflowBasedPermissionManager
All Implemented Interfaces:
JiraManager, PermissionManager
Direct Known Subclasses:
ThreadLocalCachingPermissionManager

public class WorkflowBasedPermissionManager
extends DefaultPermissionManager

Permission manager which allows workflow permissions to be further restricted for each workflow step, in the workflow XML descriptor. For instance, if the workflow contains a step:

    <step id="1" name="Open">
    <meta name="jira.status.id">1</meta>
    <meta name="jira.permission.comment.group">${pkey}-bizusers</meta>
    <meta name="jira.permission.comment.user">qa</meta>
    <meta name="jira.permission.edit.group.1">jira-developers</meta>
    <meta name="jira.permission.edit.group.2">jira-editors</meta>
    <meta name="jira.permission.edit.projectrole">10001</meta>
 
then only members of the project's bizusers group and user 'qa' will be able to comment on open issues, and only members of 'jira-developers' and 'jira-editors' groups or members of the project role with id '10001' will be able to edit issues. Assuming, of course, these users already have the relevant permission in the permission scheme.

Meta attributes can also modify subtasks' permissions. For example if the 'Bug' workflow's Open step has:

             <meta name="jira.permission.subtasks.edit.group">jira-qa</meta>
 
Then subtasks of Bugs will only be editable by 'jira-qa' members, when their parent is in the Open state.

The format is 'jira.permission.[subtasks.]{permission}.{type}[.suffix]', where: