private void checkTransitionPermission( String transitionKey, UserSession userSession, DefaultIssue defaultIssue) { List<Transition> outTransitions = workflow.outTransitions(defaultIssue); for (Transition transition : outTransitions) { String projectKey = defaultIssue.projectKey(); if (transition.key().equals(transitionKey) && StringUtils.isNotBlank(transition.requiredProjectPermission()) && projectKey != null) { userSession.checkComponentPermission(transition.requiredProjectPermission(), projectKey); } } }
/** * Never return null, but an empty list if the issue does not exist. No security check is done * since it should already have been done to get the issue */ public List<Transition> listTransitions(@Nullable Issue issue) { if (issue == null) { return Collections.emptyList(); } List<Transition> outTransitions = workflow.outTransitions(issue); List<Transition> allowedTransitions = new ArrayList<>(); for (Transition transition : outTransitions) { String projectUuid = issue.projectUuid(); if (userSession.isLoggedIn() && StringUtils.isBlank(transition.requiredProjectPermission()) || (projectUuid != null && userSession.hasComponentUuidPermission( transition.requiredProjectPermission(), projectUuid))) { allowedTransitions.add(transition); } } return allowedTransitions; }
public Issue doTransition(String issueKey, String transitionKey) { verifyLoggedIn(); DbSession session = dbClient.openSession(false); try { DefaultIssue defaultIssue = getByKeyForUpdate(session, issueKey).toDefaultIssue(); IssueChangeContext context = IssueChangeContext.createUser(new Date(), userSession.getLogin()); checkTransitionPermission(transitionKey, userSession, defaultIssue); if (workflow.doTransition(defaultIssue, transitionKey, context)) { saveIssue(session, defaultIssue, context, null); } return defaultIssue; } finally { session.close(); } }
public List<String> listStatus() { return workflow.statusKeys(); }