|
import com.atlassian.jira.bc.JiraServiceContextImpl |
|
import com.atlassian.jira.bc.filter.SearchRequestService |
|
import com.atlassian.jira.bc.portal.PortalPageService |
|
import com.atlassian.jira.component.ComponentAccessor |
|
import com.atlassian.jira.permission.GlobalPermissionKey |
|
import com.atlassian.jira.permission.GlobalPermissionType |
|
import com.atlassian.jira.portal.PortalPage |
|
import com.atlassian.jira.sharing.SharePermissionImpl |
|
import com.atlassian.jira.sharing.SharedEntity |
|
import com.atlassian.jira.sharing.search.SharedEntitySearchParametersBuilder |
|
import com.atlassian.jira.sharing.type.ShareType |
|
import com.atlassian.sal.api.ApplicationProperties |
|
import com.atlassian.sal.api.UrlMode |
|
import com.onresolve.scriptrunner.runner.ScriptRunnerImpl |
|
import groovy.xml.MarkupBuilder |
|
|
|
/** |
|
* Run this with FIX_MODE = false to report on any problems. |
|
* To rectify all the issues change to: FIX_MODE = true. |
|
*/ |
|
final FIX_MODE = false |
|
|
|
def searchRequestService = ComponentAccessor.getComponent(SearchRequestService) |
|
def currentUser = ComponentAccessor.jiraAuthenticationContext.loggedInUser |
|
def applicationProperties = ScriptRunnerImpl.getOsgiService(ApplicationProperties) |
|
def portalPageService = ComponentAccessor.getComponent(PortalPageService) |
|
def globalPermissionManager = ComponentAccessor.globalPermissionManager |
|
|
|
def contextPath = applicationProperties.getBaseUrl(UrlMode.RELATIVE) |
|
|
|
def writer = new StringWriter() |
|
def markup = new MarkupBuilder(writer) |
|
|
|
def serviceContext = new JiraServiceContextImpl(currentUser) |
|
def publicSharePerm = new SharePermissionImpl(null, ShareType.Name.GLOBAL, null, null) |
|
def searchParameters = new SharedEntitySearchParametersBuilder().setSharePermission(publicSharePerm).toSearchParameters() |
|
|
|
searchRequestService.validateForSearch(serviceContext, searchParameters) |
|
assert !serviceContext.errorCollection.hasAnyErrors() |
|
|
|
def result = searchRequestService.search(serviceContext, searchParameters, 0, Integer.MAX_VALUE) |
|
final authenticatedUserSharePerms = new SharedEntity.SharePermissions([ |
|
new SharePermissionImpl(null, ShareType.Name.AUTHENTICATED, null, null) |
|
] as Set) |
|
|
|
markup.h3('Filters') |
|
|
|
if (!result.results) { |
|
markup.p('No publicly accessible filters found') |
|
} |
|
result.results.each { filter -> |
|
if (FIX_MODE) { |
|
filter.setPermissions(authenticatedUserSharePerms) |
|
|
|
def filterUpdateContext = new JiraServiceContextImpl(filter.owner) |
|
searchRequestService.updateFilter(filterUpdateContext, filter) |
|
if (filterUpdateContext.errorCollection.hasAnyErrors()) { |
|
log.warn("Error updating filter - possibly owner has been deleted. Just delete the filter. " + filterUpdateContext.errorCollection) |
|
} |
|
} |
|
markup.p { |
|
a(href: "$contextPath/issues/?filter=${filter.id}", target: '_blank', filter.name) |
|
i(' publicly accessible. ' + (FIX_MODE ? ' Fixed.' : '')) |
|
} |
|
} |
|
|
|
def dashResults = portalPageService.search(serviceContext, searchParameters, 0, Integer.MAX_VALUE).results.findAll { |
|
!it.systemDefaultPortalPage |
|
} |
|
|
|
markup.h3('Dashboards') |
|
|
|
if (!dashResults) { |
|
markup.p('No publicly accessible dashboards found') |
|
} |
|
dashResults.each { dashboard -> |
|
if (dashboard.isSystemDefaultPortalPage()) { |
|
// can't edit the system default dashboard |
|
return |
|
} |
|
if (FIX_MODE) { |
|
def updatedDashboard = new PortalPage.Builder().portalPage(dashboard).permissions(authenticatedUserSharePerms).build() |
|
portalPageService.updatePortalPageUnconditionally(serviceContext, currentUser, updatedDashboard) |
|
} |
|
markup.p { |
|
a(href: "$contextPath/secure/Dashboard.jspa?selectPageId=${dashboard.id}", target: '_blank', dashboard.name) |
|
i(' publicly accessible. ' + (FIX_MODE ? ' Fixed.' : '')) |
|
} |
|
} |
|
|
|
final GlobalPermissionType GPT_BROWSE_USERS = new GlobalPermissionType(GlobalPermissionKey.USER_PICKER.key, null, null, false); |
|
|
|
markup.h3('Global Permissions') |
|
if (globalPermissionManager.hasPermission(GlobalPermissionKey.USER_PICKER, null)) { |
|
if (FIX_MODE) { |
|
globalPermissionManager.removePermission(GPT_BROWSE_USERS, null) |
|
} |
|
markup.p { |
|
b('Browse Users') |
|
i(' is publicly accessible. ' + (FIX_MODE ? ' : Fixed' : '')) |
|
} |
|
} else { |
|
markup.p('No problems with global permissions found') |
|
} |
|
|
|
writer.toString() |
Thanks @jechlin for this script, we used for bulk fix filters/dashboard for a migration.
We adapted the script to transfer filters ownership for deactivated users to the current user.
Sharing below in case someone needs it (probably the myself in the future...)
Tested in Jira 8.20 and the current user must have Admin rights in Jira.