public void writeTransitions(Issue issue, JsonWriter json) {
json.name("transitions").beginArray();
if (userSession.isLoggedIn()) {
for (Transition transition : issueService.listTransitions(issue)) {
json.value(transition.key());
}
}
json.endArray();
}
/**
* Never return null, but an empty list if the issue does not exist. No security check is done
* since it should already have been done to get the issue
*/
public List<Transition> listTransitions(@Nullable Issue issue) {
if (issue == null) {
return Collections.emptyList();
}
List<Transition> outTransitions = workflow.outTransitions(issue);
List<Transition> allowedTransitions = new ArrayList<>();
for (Transition transition : outTransitions) {
String projectUuid = issue.projectUuid();
if (userSession.isLoggedIn() && StringUtils.isBlank(transition.requiredProjectPermission())
|| (projectUuid != null
&& userSession.hasComponentUuidPermission(
transition.requiredProjectPermission(), projectUuid))) {
allowedTransitions.add(transition);
}
}
return allowedTransitions;
}
private static boolean canModifyFilter(UserSession userSession, IssueFilterDto filter) {
return userSession.isLoggedIn()
&& (StringUtils.equals(filter.getUserLogin(), userSession.getLogin())
|| userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN));
}
private static void appendPermissions(
JsonWriter json, ComponentDto component, UserSession userSession) {
boolean hasBrowsePermission =
userSession.hasComponentPermission(UserRole.USER, component.key());
json.prop("canMarkAsFavourite", userSession.isLoggedIn() && hasBrowsePermission);
}