[
https://issues.apache.org/jira/browse/CONNECTORS-731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13693998#comment-13693998
]
Maciej Lizewski commented on CONNECTORS-731:
--------------------------------------------
Ok, I think I know how to solve this.
https://docs.atlassian.com/jira/REST/latest/#idp1302560
this API (/jira/rest/api/2/user/viewissue/search) should return list of users
that are allowed to view provided issue ID. This means we may store usernames
able to see each individual issue. Jira security model is so complicated that
it might be difficult to implement model based on some other tokens than
usernames as you may even create security schemas for each project separately
and assign individual users to such schemas.
on the other hand - we need really simple authority that will only check if
user exists in Jira and is active. To do that - there is another API:
https://docs.atlassian.com/jira/REST/latest/#idp1260592
(/rest/api/2/user/search) which returns users matching criteria - should be
fine for our needs.
If users exists - authority must return its username as only one token.
who wants to implement this? :)
> Jira connector needs to provide access tokens and an authority connector
> ------------------------------------------------------------------------
>
> Key: CONNECTORS-731
> URL: https://issues.apache.org/jira/browse/CONNECTORS-731
> Project: ManifoldCF
> Issue Type: Improvement
> Components: JIRA connector
> Affects Versions: ManifoldCF 1.3
> Reporter: Karl Wright
> Assignee: Karl Wright
> Fix For: ManifoldCF next
>
>
> The Jira connector currently allows forced acls only. Jira, though, has a
> security model we should implement. This involves indexing access tokens,
> and providing an authority connector.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
