Merge pull request #98 from Raschudesny/JD-1428

JD-1428. Added usual jira admins permissions to work with WF registry

Author: mashintsev

pom.xml

@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>ru.mail.jira.plugins</groupId>
     <artifactId>groovy</artifactId>
-    <version>1.21.6-jira8</version>
+    <version>1.21.7-jira8</version>
     <organization>
         <name>AtlasTeam</name>
         <url>https://atlasteam.ru/</url>

src/main/java/ru/mail/jira/plugins/groovy/impl/PermissionHelper.java

@@ -26,12 +26,22 @@ public void checkIfAdmin() {
         checkIfAdmin(authenticationContext.getLoggedInUser());
     }
 
+    public void checkIfAdminOrSysAdmin() {
+        if (!isAdminOrSysAdmin())
+            throw new SecurityException("User is not admin");
+    }
+
     public void checkIfAdmin(ApplicationUser user) {
         if (!isAdmin(user)) {
             throw new SecurityException("User is not admin");
         }
     }
 
+    public boolean isAdminOrSysAdmin() {
+        ApplicationUser user = authenticationContext.getLoggedInUser();
+        return globalPermissionManager.hasPermission(GlobalPermissionKey.SYSTEM_ADMIN, user) || globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, user);
+    }
+
     public boolean isAdmin() {
         return isAdmin(authenticationContext.getLoggedInUser());
     }

src/main/java/ru/mail/jira/plugins/groovy/rest/ExecutionResource.java

@@ -29,7 +29,7 @@ public ExecutionResource(
     @Path("/forRegistry/{scriptId}")
     public Response getExecutions(@PathParam("scriptId") int scriptId) {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             return executionRepository.getRegistryExecutions(scriptId);
         }).getResponse();
@@ -39,7 +39,7 @@ public Response getExecutions(@PathParam("scriptId") int scriptId) {
     @Path("/forRegistry/{scriptId}/last")
     public Response getLastExecutions(@PathParam("scriptId") int scriptId) {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             return executionRepository.getLastRegistryExecutions(scriptId);
         }).getResponse();
@@ -49,7 +49,7 @@ public Response getLastExecutions(@PathParam("scriptId") int scriptId) {
     @Path("/forInline/{scriptId}")
     public Response getExecutions(@PathParam("scriptId") String scriptId) {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             return executionRepository.getInlineExecutions(scriptId);
         }).getResponse();
@@ -59,7 +59,7 @@ public Response getExecutions(@PathParam("scriptId") String scriptId) {
     @Path("/forInline/{scriptId}/last")
     public Response getLastExecutions(@PathParam("scriptId") String scriptId) {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             return executionRepository.getLastInlineExecutions(scriptId);
         }).getResponse();

src/main/java/ru/mail/jira/plugins/groovy/rest/RegistryResource.java

@@ -48,7 +48,7 @@ public RegistryResource(
     @WebSudoRequired
     public Response getDirectories() {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             return scriptRepository.getAllDirectories();
         }).getResponse();
@@ -59,7 +59,7 @@ public Response getDirectories() {
     @WebSudoRequired
     public Response getAllScripts() {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             return scriptRepository.getAllScripts();
         }).getResponse();
@@ -70,7 +70,7 @@ public Response getAllScripts() {
     @WebSudoRequired
     public Response getDirectoriesPicker() {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             return scriptRepository.getAllDirectoriesForPicker();
         }).getResponse();
@@ -81,7 +81,7 @@ public Response getDirectoriesPicker() {
     @WebSudoRequired
     public Response getDirectory(@PathParam("id") int id) {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             return scriptRepository.getDirectory(id);
         }).getResponse();
@@ -153,7 +153,7 @@ public Response moveDirectory(@PathParam("id") int id, ParentForm form) {
     @WebSudoRequired
     public Response getAllScripts(@PathParam("type") WorkflowScriptType workflowScriptType) {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             return scriptRepository.getAllScriptDescriptions(workflowScriptType);
         }).getResponse();
@@ -164,7 +164,7 @@ public Response getAllScripts(@PathParam("type") WorkflowScriptType workflowScri
     @WebSudoRequired
     public Response getScript(@PathParam("id") int id) {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             return scriptRepository.getScript(id, true, false, false);
         }).getResponse();
@@ -175,7 +175,7 @@ public Response getScript(@PathParam("id") int id) {
     @WebSudoRequired
     public Response getScriptChangelogs(@PathParam("id") int id) {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             return scriptRepository.getScriptChangelogs(id);
         }).getResponse();
@@ -186,7 +186,7 @@ public Response getScriptChangelogs(@PathParam("id") int id) {
     @WebSudoRequired
     public Response createScript(RegistryScriptForm form) {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             return scriptRepository.createScript(authenticationContext.getLoggedInUser(), form);
         })
@@ -199,7 +199,7 @@ public Response createScript(RegistryScriptForm form) {
     @WebSudoRequired
     public Response updateScript(@PathParam("id") int id, RegistryScriptForm form) {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
             return scriptRepository.updateScript(authenticationContext.getLoggedInUser(), id, form);
         })
             .withExceptionMapper(MultipleCompilationErrorsException.class, Response.Status.BAD_REQUEST, e -> ExceptionHelper.mapCompilationException("scriptBody", e))
@@ -250,7 +250,7 @@ public Response moveScript(@PathParam("id") int id, ParentForm form) {
     @WebSudoRequired
     public Response findScriptWorkflows(@PathParam("id") int id) {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
             return workflowSearchService.search(new ScriptUsageCollector(id)).getResult();
         }).getResponse();
     }
@@ -260,7 +260,7 @@ public Response findScriptWorkflows(@PathParam("id") int id) {
     @WebSudoRequired
     public Response getWorkflowUsage() {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             return workflowSearchService.search(new AllScriptUsageCollector()).getResult();
         }).getResponse();

src/main/java/ru/mail/jira/plugins/groovy/rest/StaticCheckResource.java

@@ -46,7 +46,7 @@ public StaticCheckResource(
     @POST
     public Response checkStatic(StaticCheckForm form) {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             Map<String, String> additionalParams = form.getAdditionalParams();
 

src/main/java/ru/mail/jira/plugins/groovy/rest/WatcherResource.java

@@ -32,7 +32,7 @@ public Response getWatches(
         @PathParam("type") EntityType type
     ) {
         return new RestExecutor<>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             return watcherService.getWatches(type, authenticationContext.getLoggedInUser());
         }).getResponse();
@@ -45,7 +45,7 @@ public Response watch(
         @PathParam("id") int id
     ) {
         return new RestExecutor<Void>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
 
             watcherService.addWatcher(type, id, authenticationContext.getLoggedInUser());
 
@@ -60,7 +60,7 @@ public Response unwatch(
         @PathParam("id") int id
     ) {
         return new RestExecutor<Void>(() -> {
-            permissionHelper.checkIfAdmin();
+            permissionHelper.checkIfAdminOrSysAdmin();
             watcherService.removeWatcher(type, id, authenticationContext.getLoggedInUser());
 
             return null;

src/main/java/ru/mail/jira/plugins/groovy/servlet/GroovyServlet.java

@@ -52,7 +52,12 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
                 return;
             }
 
-            if (!permissionHelper.isAdmin()) {
+            if (path.startsWith("registry") && !permissionHelper.isAdminOrSysAdmin()) {
+                response.sendError(403);
+                return;
+            }
+
+            if (!path.startsWith("registry") && !permissionHelper.isAdmin()) {
                 response.sendError(403);
                 return;
             }

src/main/resources/atlassian-plugin.xml

@@ -244,9 +244,15 @@
         <label key="ru.mail.jira.plugins.groovy.link.registry" />
         <link linkId="mailru-groovy-registry-link">/plugins/servlet/my-groovy/registry</link>
 
-        <condition class="com.atlassian.jira.plugin.webfragment.conditions.JiraGlobalPermissionCondition">
-            <param name="permission">SYSTEM_ADMIN</param>
-        </condition>
+        <coditions type="OR">
+            <condition class="com.atlassian.jira.plugin.webfragment.conditions.JiraGlobalPermissionCondition">
+                <param name="permission">SYSTEM_ADMIN</param>
+            </condition>
+            <condition class="com.atlassian.jira.plugin.webfragment.conditions.JiraGlobalPermissionCondition">
+                <param name="permission">ADMIN</param>
+            </condition>
+
+        </coditions>
     </web-item>
 
     <web-item key="groovy-listeners-menu-item" name="Groovy listeners menu item" section="admin_plugins_menu/admin_mailru_groovy_section">