JQL: Issue Security and Permissions by issue id

ziohimself April 20, 2014

So there's a known issue in the issue search (https://jira.atlassian.com/browse/JRA-34272). In a nutshell - slow JQL queries result in the issue navigator front-end claiming, that the search gave no results.

We have a JIRA plugin, compatible with JIRA 5.0 through JIRA 6.2. We have a custom JQL function, which performs a query to an external table (in an external data source) and selects issue ids from it. Some of the issue ids might be stale (the issues by these ids were deleted from the JIRA). Some of the issues by these ids might not be visible to the searcher (the user performing the search) due to project/global permissions or issue security. So in order to check, whether an issue exists and is visible to the searcher, the JQL function performs 2 costly operations:

  1. gets the issue by id (via issue manager)
  2. checks permissions and security (via permission manager)

The problem:

We have a large list of issue ids (over ten thousand), we need to check permissions for the issues by these ids for the given user.

A small research on the JIRA API has shown that in order to check issue permissions, one needs to acquire an issue object.

The question(s):

  • Is there any common practice for checking a large ammount of issue ids for issue permissions (issue security) without acquiring the issue object by issue id?
  • Is there any API which allows to check the issue permissions by issue ids?

Regards, Serhiy

1 answer

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Answer accepted
ziohimself April 28, 2014

We ended up with the following solution:

instead of checking permissions by ourseleves, we delegate security and issue existance checking to JIRA's Search service by creating a query like

id IN (10000, 10001, ...)

where the operands for the "in" clause are the issue ids from that external DB

final Long[] issueIdsArray = ((List<Long>)issueIds).toArray(new Long[issueIds.size()]);
final com.atlassian.query.operand.Operand queryOperand = new com.atlassian.query.operand.MultiValueOperand(issueIdsArray);
final com.atlassian.query.clause.Clause queryClause = new com.atlassian.query.clause.TerminalClauseImpl("id", Operator.IN, queryOperand);
final com.atlassian.query.Query query = new com.atlassian.query.QueryImpl(queryClause);

...

((com.atlassian.jira.bc.issue.search.SearchService)searchService).search((com.atlassian.crowd.embedded.api.User) user, query, PagerFilter.getUnlimitedFilter());

TAGS
AUG Leaders

Atlassian Community Events