public boolean hasPermission(@Nonnull ProjectPermissionKey permissionKey, @Nonnull Project project, @Nullable ApplicationUser user) { return withPermissionOverriding(doProjectPermissionCheck(permissionKey, project, user, false), permissionKey, project, user); }
public boolean hasPermission(@Nonnull ProjectPermissionKey permissionKey, @Nonnull Project project, @Nullable ApplicationUser user, boolean issueCreation) { return withPermissionOverriding(doProjectPermissionCheck(permissionKey, project, user, issueCreation), permissionKey, project, user); }
private boolean doIssuePermissionCheck(ProjectPermissionKey permissionKey, final Issue issue, final ApplicationUser user) { // JRA-14788: if generic value of issue object is null, need to defer permission check to project object. if (issue.getId() != null) { return doIssuePermissionCheck(permissionKey, issue, user, false); } else { return doProjectPermissionCheck(permissionKey, issue.getProjectObject(), user, true); } }
private boolean doIssuePermissionCheck(ProjectPermissionKey permissionKey, final Issue issue, final ApplicationUser user, final boolean issueCreation) { // Check that the user can actually see the project this issue is in if (!doProjectPermissionCheck(permissionKey, issue.getProjectObject(), user, false)) { return false; } // Check the project permissions that apply to this issue if (!doPermissionSchemeCheck(permissionKey, issue, user, issueCreation)) { return false; } // When checking Issue Visibility (BROWSE_PROJECT permission), also check the Security Level // JRA-40124 Don't check Security Level for other permissions - this is unnecessary and can cause false negatives if (ProjectPermissions.BROWSE_PROJECTS.equals(permissionKey)) { return ComponentAccessor.getComponent(IssueSecuritySchemeManager.class).hasSecurityLevelAccess(issue, user); } return true; }