Du ser en gammel version af denne side. Se den nuværende version.

Sammenlign med nuværende Vis sidehistorik

« Forrige Version 3 Nuværende »

This sample disables a user - by setting the JIRA Context to a user with higher Level:

Also look at https://docs.atlassian.com/software/jira/docs/api/7.6.1/com/atlassian/jira/bc/JiraServiceContext.html

This is a potential thread, as its possible for anyone who can create and execure groovy scripts to elevate rights, just by knowing an admin username

import com.atlassian.crowd.embedded.api.User
import com.atlassian.crowd.embedded.impl.ImmutableUser
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.user.util.UserManager
import com.onresolve.scriptrunner.runner.util.UserMessageUtil
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.jira.user.ApplicationUsers

CrowdService crowdService = ComponentAccessor.crowdService
UserManager userManager = ComponentAccessor.getUserManager()
UserService userService = ComponentAccessor.getComponent(UserService.class)

String adminUsername = "automation"

def jiraAuthenticationContext = ComponentAccessor.jiraAuthenticationContext
def adminUser = ComponentAccessor.userManager.getUserByKey(adminUsername)
def originalUser = jiraAuthenticationContext.loggedInUser
try {
  //Swicth User
   jiraAuthenticationContext.setLoggedInUser(adminUser)
}
finally {
// jiraAuthenticationContext.setLoggedInUser(originalUser)
}

if (jiraAuthenticationContext.getLoggedInUser() == ComponentAccessor.userManager.getUserByKey(adminUsername))
{
  UserService.UpdateUserValidationResult updateUserValidationResult
  UserWithAttributes user = crowdService.getUserWithAttributes(issue.getReporter().getName())
  updateUser = ApplicationUsers.from(ImmutableUser.newUser(user).active(false).toUser())
  updateUserValidationResult = userService.validateUpdateUser(updateUser)
  if (updateUserValidationResult.isValid())
  {
     userService.updateUser(updateUserValidationResult)
     UserMessageUtil.success("The Reporter has been disabled in the User Database")
  }
  else
  {
     UserMessageUtil.error("The Reporter could not be disabled in the User Database")
  }
}
else
{
  UserMessageUtil.error("Elevation of rights failed. Contact Administrator")
}
  • Ingen etiketter