I've got a need to update user's details when certain types of email arrive. I've got an email handler that does everything needed bar the last step - actually updating the user account. The code below simply tells me "You do not have the permission to update users", which is fair enough, I expected some security, but I can't find a way around it.
I thought it might be that the email was coming from a non-admin at first, but even when the email is from the address of a valid administrator, it fails.
I suspect I either need to get my code to grant itself the permission for that update, bypass the security, or impersonate a user who has admin rights (these all have different logging and security implications, but I can handle those)
User updateUser = ImmutableUser.newUser(userToUpdate).displayName(newUserName).toUser(); updateUserValidationResult = userService.validateUpdateUser(updateUser); if (updateUserValidationResult.isValid()) { userService.updateUser(updateUserValidationResult); } else { ErrorCollection theErrors = updateUserValidationResult.getErrorCollection(); for(String errorLine: theErrors.getErrorMessages()) { System.out.println(errorLine); }
Jira 5.1.8, using internal user directory (embedded crowd).
Community moderators have prevented the ability to post new answers.
Hi Nic,
I think the problem is that the mail handler may not be operating under a JiraAuthenticationContext, normally, a user editing their own profile would be set as such. In any kind of code, sometimes you need to artificially set that context, I do this quite a bit in JEMH.
5.2 'kinda' code for this:
JiraAuthenticationContext jac = ComponentAccessor.getJiraAuthenticationContext();
User currentUser=jac.getUser();
try
{
User privilegedUser=ComponentAccessor.getUserManager().getUser(privUserName);
jac.setLoggedInUser(privilegedUser); // you might even be able to set the 'target' user in this context to mimic a user updating their own profile....
... / your stuff here
}
finally
{
jac.setLoggedInUser(currentUser);
}
Fantastic, thanks Andy, I will give that a try. I had a feeling it was because the listener really didn't have any rights, hence the vague idea around impersonation, but I had no idea where to start (never run into anything that wasn't running as the right user already)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yup, that's cracked it! Thanks Andy!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There's only a handful of people seeing this, and it's a 2 year old thread, with no actual relevance to the question. I'd suggest you ask a new question rather than post on barely related stuff with a small audience.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I ended up having to clean up the target dir. with maven clean and start again. But this time add: <dependency> <groupId>com.atlassian.crowd</groupId> <artifactId>embedded-crowd-core</artifactId> <version>2.7.1</version> <scope>provided</scope> </dependency> The difference is the "<scope>provided</scope>". Then the plugin compile and atlas-run install the plugin with no issue. Reference: https://developer.atlassian.com/docs/faq/troubleshooting/dependency-issues-during-plugin-initialisation
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Nic/Andy, I am developing using Atlassian SDK 5.0.13 and JIRA 6.2.2. My IDE (IntelliJ) can't find these two packages: com.atlassian.crowd.model (hence I can't access com.atlassian.crowd.model.user.UserTemplate) com.atlassian.crowd.embedded.impl.ImmutableUser IntelliJ is showing this dependency: com.atlassian.crowd:embedded-crowd-api:2.8.0-OD-4 Any idea how to fix this so I can update user's e-mail? Thanks in advance. I tried adding this dependency to my pom file: <dependency> <groupId>com.atlassian.crowd</groupId> <artifactId>embedded-crowd-core</artifactId> <version>2.7.1</version> </dependency> Then the IDE wa able to resolve the two packages and complile the code, but failed to build/load when I do atlas-run and gave this error message: 'com.mycompany.jira.plugins.MyPlugin' - 'MyPlugin' failed to load. Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/osgi] Offending resource: URL [bundle://142.0:0/META-INF/spring/atlassian-plugins-components.xml]
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Nic,
I think the problem is that the mail handler may not be operating under a JiraAuthenticationContext, normally, a user editing their own profile would be set as such. In any kind of code, sometimes you need to artificially set that context, I do this quite a bit in JEMH.
5.2 'kinda' code for this:
JiraAuthenticationContext jac = ComponentAccessor.getJiraAuthenticationContext();
User currentUser=jac.getUser();
try
{
User privilegedUser=ComponentAccessor.getUserManager().getUser(privUserName);
jac.setLoggedInUser(privilegedUser);
... / your stuff here
}
finally
{
jac.setLoggedInUser(currentUser);
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Community moderators have prevented the ability to post new answers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.