Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import com.atlassian.jira.bc.JiraServiceContextImpl
- import com.atlassian.jira.bc.filter.SearchRequestService
- import com.atlassian.jira.bc.portal.PortalPageService
- import com.atlassian.jira.component.ComponentAccessor
- import com.atlassian.jira.permission.GlobalPermissionKey
- import com.atlassian.jira.permission.GlobalPermissionType
- import com.atlassian.jira.portal.PortalPage
- import com.atlassian.jira.sharing.SharePermissionImpl
- import com.atlassian.jira.sharing.SharedEntity
- import com.atlassian.jira.sharing.search.SharedEntitySearchParametersBuilder
- import com.atlassian.jira.sharing.type.ShareType
- import com.atlassian.sal.api.ApplicationProperties
- import com.atlassian.sal.api.UrlMode
- import com.onresolve.scriptrunner.runner.ScriptRunnerImpl
- import groovy.xml.MarkupBuilder
- /**
- * Run this with FIX_MODE = false to report on any problems.
- * To rectify all the issues change to: FIX_MODE = true.
- */
- final FIX_MODE = false
- def searchRequestService = ComponentAccessor.getComponent(SearchRequestService)
- def currentUser = ComponentAccessor.jiraAuthenticationContext.loggedInUser
- def applicationProperties = ScriptRunnerImpl.getOsgiService(ApplicationProperties)
- def portalPageService = ComponentAccessor.getComponent(PortalPageService)
- def globalPermissionManager = ComponentAccessor.globalPermissionManager
- def contextPath = applicationProperties.getBaseUrl(UrlMode.RELATIVE)
- def writer = new StringWriter()
- def markup = new MarkupBuilder(writer)
- def serviceContext = new JiraServiceContextImpl(currentUser)
- def publicSharePerm = new SharePermissionImpl(null, ShareType.Name.GLOBAL, null, null)
- def searchParameters = new SharedEntitySearchParametersBuilder().setSharePermission(publicSharePerm).toSearchParameters()
- searchRequestService.validateForSearch(serviceContext, searchParameters)
- assert !serviceContext.errorCollection.hasAnyErrors()
- def result = searchRequestService.search(serviceContext, searchParameters, 0, Integer.MAX_VALUE)
- final authenticatedUserSharePerms = new SharedEntity.SharePermissions([
- new SharePermissionImpl(null, ShareType.Name.AUTHENTICATED, null, null)
- ] as Set)
- markup.h3('Filters')
- if (!result.results) {
- markup.p('No publicly accessible filters found')
- }
- result.results.each { filter ->
- if (FIX_MODE) {
- filter.setPermissions(authenticatedUserSharePerms)
- def filterUpdateContext = new JiraServiceContextImpl(filter.owner)
- searchRequestService.updateFilter(filterUpdateContext, filter)
- if (filterUpdateContext.errorCollection.hasAnyErrors()) {
- log.warn("Error updating filter - possibly owner has been deleted. Just delete the filter. " + filterUpdateContext.errorCollection)
- }
- }
- markup.p {
- a(href: "$contextPath/issues/?filter=${filter.id}", target: '_blank', filter.name)
- i(' publicly accessible. ' + (FIX_MODE ? ' Fixed.' : ''))
- }
- }
- def dashResults = portalPageService.search(serviceContext, searchParameters, 0, Integer.MAX_VALUE).results.findAll {
- !it.systemDefaultPortalPage
- }
- markup.h3('Dashboards')
- if (!dashResults) {
- markup.p('No publicly accessible dashboards found')
- }
- dashResults.each { dashboard ->
- if (dashboard.isSystemDefaultPortalPage()) {
- // can't edit the system default dashboard
- return
- }
- if (FIX_MODE) {
- def updatedDashboard = new PortalPage.Builder().portalPage(dashboard).permissions(authenticatedUserSharePerms).build()
- portalPageService.updatePortalPageUnconditionally(serviceContext, currentUser, updatedDashboard)
- }
- markup.p {
- a(href: "$contextPath/secure/Dashboard.jspa?selectPageId=${dashboard.id}", target: '_blank', dashboard.name)
- i(' publicly accessible. ' + (FIX_MODE ? ' Fixed.' : ''))
- }
- }
- final GlobalPermissionType GPT_BROWSE_USERS = new GlobalPermissionType(GlobalPermissionKey.USER_PICKER.key, null, null, false);
- markup.h3('Global Permissions')
- if (globalPermissionManager.hasPermission(GlobalPermissionKey.USER_PICKER, null)) {
- if (FIX_MODE) {
- globalPermissionManager.removePermission(GPT_BROWSE_USERS, null)
- }
- markup.p {
- b('Browse Users')
- i(' is publicly accessible. ' + (FIX_MODE ? ' : Fixed' : ''))
- }
- } else {
- markup.p('No problems with global permissions found')
- }
- writer.toString()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement