private void checkTransitionPermission(
String transitionKey, UserSession userSession, DefaultIssue defaultIssue) {
List<Transition> outTransitions = workflow.outTransitions(defaultIssue);
for (Transition transition : outTransitions) {
String projectKey = defaultIssue.projectKey();
if (transition.key().equals(transitionKey)
&& StringUtils.isNotBlank(transition.requiredProjectPermission())
&& projectKey != null) {
userSession.checkComponentPermission(transition.requiredProjectPermission(), projectKey);
}
}
}
/**
* Never return null, but an empty list if the issue does not exist. No security check is done
* since it should already have been done to get the issue
*/
public List<Transition> listTransitions(@Nullable Issue issue) {
if (issue == null) {
return Collections.emptyList();
}
List<Transition> outTransitions = workflow.outTransitions(issue);
List<Transition> allowedTransitions = new ArrayList<>();
for (Transition transition : outTransitions) {
String projectUuid = issue.projectUuid();
if (userSession.isLoggedIn() && StringUtils.isBlank(transition.requiredProjectPermission())
|| (projectUuid != null
&& userSession.hasComponentUuidPermission(
transition.requiredProjectPermission(), projectUuid))) {
allowedTransitions.add(transition);
}
}
return allowedTransitions;
}