Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.user.util.UserManager
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.issue.search.SearchProvider
import com.atlassian.jira.issue.MutableIssue
import com.atlassian.jira.jql.parser.JqlQueryParser
import com.atlassian.jira.web.bean.PagerFilter
import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate
import groovy.json.JsonBuilder
import groovy.transform.BaseScript
import javax.ws.rs.core.MultivaluedMap
import javax.ws.rs.core.Response
@BaseScript CustomEndpointDelegate delegate
customerissues(httpMethod: "GET", groups: ["jira-customers", "jira-servicedesk-users"]) {
MultivaluedMap queryParams, String body ->
// following users are allowed to see everything
def admins = [a: "admin", b: "root"]
// hard-coded restrictions for all other user
// possible improvement: query allowed projects based on customer.key
def allowedProjects = [
PROJECTKEY: [a: "userx", b: "usery"],
KEYPROJECT: [a: "usera", b: "userb"]
]
def pid = queryParams.getFirst("pid") as String
def cid = queryParams.getFirst("cid") as String
def sid = queryParams.getFirst("sid") as String
def customer = ComponentAccessor.getJiraAuthenticationContext().getLoggedInUser()
// perform access check for non-admins only
if (!admins.containsValue(customer.key)) {
def condition = allowedProjects.containsKey(pid)
if (!condition) {
// project is not allowed for this REST
return Response.ok(new JsonBuilder([]).toString()).build();
}
condition = allowedProjects[pid].containsValue(customer.key)
if (!condition) {
// customer is not allowed for this REST
return Response.ok(new JsonBuilder([]).toString()).build();
}
}
def jqlQueryParser = ComponentAccessor.getComponent(JqlQueryParser)
def searchProvider = ComponentAccessor.getComponent(SearchProvider)
def issueManager = ComponentAccessor.getIssueManager()
// build the JQL query, JQL injections?
def jql = "" as String
jql += "project = "+ pid
if (sid) {
jql += " AND status IN (\""+ sid +"\")"
}
if (cid) {
jql += " AND component = \""+ cid +"\""
}
def query = jqlQueryParser.parseQuery(jql)
// search as an all-seeing user
ApplicationUser user = ComponentAccessor.getUserManager().getUserByKey("admin")
def results = searchProvider.search(query, user, PagerFilter.getUnlimitedFilter())
def output = []
results.getIssues().each {documentIssue ->
MutableIssue issue = issueManager.getIssueObject(documentIssue.id)
def visible = [:]
visible.type = issue.issueType.name
visible.keycode = issue.key
visible.summary = issue.summary
visible.status = issue.status?.name
visible.component = issue.getComponents().first().name
visible.updated = issue.getUpdated()
// do something to the issue...
output << visible
}
return Response.ok(new JsonBuilder(output).toString()).build();
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.