堆栈内存溢出
  简体   繁体   English

将Jira JQL搜索限制为请求用户的权限

[英]Restrict Jira JQL Search to Permissions of Requesting User

 原文  2015-10-06 01:58:45       jira/ jira-rest-api/ jql

问题描述

I have a server that has a Jira account with full permissions to see all issues. 我有一台服务器,其Jira帐户具有完全权限,可以查看所有问题。 Amongst other things, this server will be used to facilitate requests from an end user to search Jira for issues; 除此之外,该服务器还将用于促进最终用户搜索Jira以查找问题的请求; this will be done via the Jira REST API. 这将通过Jira REST API完成。 The end users for whom the requests will be facilitated for all have accounts on Jira with more restrictive permissions (ie they can't see all issues). 为所有人提供便利请求的最终用户在Jira上拥有具有更多限制权限的帐户(即他们无法查看所有问题)。 Using the REST endpoint and JQL, how can I tailor my query on the server such that it performs the search, using the permissions that the end-user has? 使用REST端点和JQL,如何使用最终用户拥有的权限在服务器上定制我的查询,使其执行搜索? In other words, how can I tailor my REST query to only show users issues they have permissions to see even though the request (my server) has full permissions? 换句话说,即使请求(我的服务器)具有完全权限,我如何定制我的REST查询以仅向用户显示他们有权查看的问题? This setup uses crowd for authentication identity management. 此设置使用crowd进行身份验证身份管理。

Sample query I'd like to restrict to the permissions of user "Bob" 示例查询我想限制用户“Bob”的权限

http://kelpie9:8081/rest/api/2/search?jql=project=QA+order+by+duedate&fields=id,key HTTP:// kelpie9:8081 / REST / API / 2 /搜索JQL =项目= QA +订单+由+交货期和领域= ID,钥匙

Workflow: Enduser -> Server -> Jira (REST) 工作流程:最终用户 - >服务器 - > Jira(REST)

1 个解决方案

解决方案1
 0  2016-07-30 15:06:07

The easiest way is probably to create additional users for your scripts that have the same permissions as your end users. 最简单的方法可能是为脚本创建其他用户,这些用户具有与最终用户相同的权限。 When you authenticate your REST calls with the script user that corresponds to an end user, then JIRA will return only appropriate results. 使用与最终用户对应的脚本用户验证REST调用时,JIRA将仅返回适当的结果。 Whether this is feasible will depend on the number of different script users that you need. 这是否可行将取决于您需要的不同脚本用户的数量。

An alternative is to keep using your superuser, but use more specific JQL queries depending on what the end user is allowed to see. 另一种方法是继续使用超级用户,但使用更具体的JQL查询,具体取决于允许最终用户查看的内容。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 JIRA:高级搜索:JQL - JIRA : Advanced Search : JQL Jira 中的 JQL 查询搜索 - JQL query search in Jira 在电子邮件ID JIRA上进行JQL搜索 - JQL search on email id JIRA JIRA API POST jql搜索 - JIRA API POST jql search Jira jql搜索不适用于特殊字符“-”或“&” - Jira jql search not working with special character '-' or '&' Jira 错误“字段‘项目’不存在值‘XXX’。” 与其他用户共享 JQL 搜索字符串时 - Jira error “The value 'XXX' does not exist for the field 'project'.” when sharing a JQL search string with another user JIRA JQL按日期搜索 - 如何在1小时内搜索更新的问题 - JIRA JQL Search by Date - How to search Updated Issues on 1 Hour JIRA REST API jql表达式可按标准问题类型进行搜索 - JIRA REST API jql expression to search by standard issue types 排除使用REST API进行JIRA JQL搜索的属性 - Excluding properies for JIRA JQL search using REST API JIRA JQL:如何单独搜索特定组件的问题? - JIRA JQL: How to search for issue with particular component alone?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM