This is already present as a step in releaseWizard.py - Release Checklist > (9) Tasks to do after release > (10) > Clear Security Level of Public Solr JIRA Issues
On Thu, May 21, 2020 at 9:49 AM David Smiley <[email protected]> wrote: > Also, I proposed this being added to our release process as well so that > it happens systemically, and so that issues referred to from any release > are more easily reachable. > ~ David > > > On Thu, May 21, 2020 at 10:38 AM Cassandra Targett <[email protected]> > wrote: > >> Yes, this is a known issue with Jira and the use of security levels. >> Atlassian (the maker of Jira) has known about it for years and has not >> fixed it yet. >> >> This was last discussed about a year ago and that thread has an >> explanation: >> https://lists.apache.org/thread.html/e1ca40af3e4f0c45c1ed2094471fe01aa6e5a835f2a5583b7c3b28a4%40%3Cdev.lucene.apache.org%3E >> . >> >> It basically boils down to the Jira query engine does not default to >> finding issues with either "none" (which is really NULL in Jira's database) >> or "public". If you don't define the security level field in your search, >> it only returns issues with no value (displayed as "none") in that field, >> which omits all the issues that do have a value in that field. It's dumb. >> >> The only solution is to periodically bulk edit the "public" issues so >> they have security level "none". I do it from time to time when I have time >> and remember, but not sure if anyone else does. >> >> Cassandra >> >> On Thu, May 21, 2020 at 8:50 AM Colvin Cowie <[email protected]> >> wrote: >> >>> Hello, >>> >>> Sorry if this has been raised before, I could find it. >>> I was looking at issues that I had reported on JIRA and I was surprised >>> to see that the list of issues was different when I was logged in vs logged >>> out, since none of the issues are confidential. >>> >>> >>> https://issues.apache.org/jira/browse/SOLR-14421?jql=project%20%3D%20SOLR%20AND%20reporter%20in%20(cjcowie)%20ORDER%20BY%20priority%20DESC%2C%20updated%20DESC >>> >>> The JIRA help has this to say about security levels: >>> >>> https://issues.apache.org/jira/secure/ShowConstantsHelp.jspa?decorator=popup#SecurityLevels >>> Security Levels >>> >>> An issue has a security level which indicates which users are able to >>> view the issue. The currently defined security levels are listed below. In >>> addition, you can add more security levels in the administration section. >>> *Private (Security Issue)*Private Issue viewable by the reporter and >>> those in the project PMC Role *Public*Default Security Level. Issues >>> are Public >>> >>> Which to me would suggest that None and Public are the same thing, and >>> that Public issues would be visible to people who are not signed into JIRA >>> - which they are. *Except* they are not searchable. >>> >>> For an issue marked as Public I can visit it directly if I have the >>> issue number, but I cannot search for its text. As soon as I change the >>> Security Level to None on an issue its text is searchable. >>> >>> That doesn't seem right to me, but if it is working as intended, then >>> maybe the help text could be updated? >>> >>> Colvin >>> >>
