private void checkTransitionPermission(
     String transitionKey, UserSession userSession, DefaultIssue defaultIssue) {
   List<Transition> outTransitions = workflow.outTransitions(defaultIssue);
   for (Transition transition : outTransitions) {
     String projectKey = defaultIssue.projectKey();
     if (transition.key().equals(transitionKey)
         && StringUtils.isNotBlank(transition.requiredProjectPermission())
         && projectKey != null) {
       userSession.checkComponentPermission(transition.requiredProjectPermission(), projectKey);
     }
   }
 }
 /**
  * Never return null, but an empty list if the issue does not exist. No security check is done
  * since it should already have been done to get the issue
  */
 public List<Transition> listTransitions(@Nullable Issue issue) {
   if (issue == null) {
     return Collections.emptyList();
   }
   List<Transition> outTransitions = workflow.outTransitions(issue);
   List<Transition> allowedTransitions = new ArrayList<>();
   for (Transition transition : outTransitions) {
     String projectUuid = issue.projectUuid();
     if (userSession.isLoggedIn() && StringUtils.isBlank(transition.requiredProjectPermission())
         || (projectUuid != null
             && userSession.hasComponentUuidPermission(
                 transition.requiredProjectPermission(), projectUuid))) {
       allowedTransitions.add(transition);
     }
   }
   return allowedTransitions;
 }
  public Issue doTransition(String issueKey, String transitionKey) {
    verifyLoggedIn();

    DbSession session = dbClient.openSession(false);
    try {
      DefaultIssue defaultIssue = getByKeyForUpdate(session, issueKey).toDefaultIssue();
      IssueChangeContext context =
          IssueChangeContext.createUser(new Date(), userSession.getLogin());
      checkTransitionPermission(transitionKey, userSession, defaultIssue);
      if (workflow.doTransition(defaultIssue, transitionKey, context)) {
        saveIssue(session, defaultIssue, context, null);
      }
      return defaultIssue;

    } finally {
      session.close();
    }
  }
 public List<String> listStatus() {
   return workflow.statusKeys();
 }