电子商务网站开发实训体会百度客服中心
文章目录
- 概述
- 解决方案
- REST API
- 数据库
概述
为了进行故障排除或某些管理任务,我们可能想知道给定用户拥有的所有权限。
Jira 通过其 UI 提供权限助手和类似工具,但对于所有权限的列表,我们只能通过作为用户本身进行身份验证的 REST API 请求或通过数据库来获取它。
解决方案
此处提供的两个解决方案都包含嵌套组(假设在实例中配置了支持嵌套组)
REST API
当前用户本身,或者通过 Switch User 类似功能,模拟用户。然后在浏览器中打开此 URL
https://Jira-base-URL/rest/api/2/mypermissions
数据库
POSTGRES、MYSQL 和 MSSQL
WITH RECURSIVE nested AS
(select m.* from cwd_membership m where m.membership_type = 'GROUP_USER'and m.lower_child_name = 'charlie'UNION ALLselect m.* from cwd_membership mjoin nested on m.lower_child_name = nested.lower_parent_namewhere m.membership_type = 'GROUP_GROUP'
),
uperm AS
(select distinct 'User' as "Type", sp.permission_key as "Permission", p.pkey as "Project Key", u.lower_user_name as "Source"from nested njoin cwd_user u on u.lower_user_name = n.lower_child_namejoin app_user a on a.lower_user_name = u.lower_user_namejoin schemepermissions sp on sp.perm_type = 'user' and sp.perm_parameter = a.user_keyjoin permissionscheme s on s.id = sp.schemejoin nodeassociation na on na.sink_node_id = s.id and na.sink_node_entity = 'PermissionScheme'join project p on p.id = na.source_node_idwhere n.membership_type = 'GROUP_USER'
),
gperm AS
(select distinct 'Group' as "Type", sp.permission_key as "Permission", p.pkey as "Project Key", sp.perm_parameter as "Source"from nested njoin schemepermissions sp on sp.perm_type = 'group' and sp.perm_parameter = n.lower_parent_namejoin permissionscheme s on s.id = sp.schemejoin nodeassociation na on na.sink_node_id = s.id and na.sink_node_entity = 'PermissionScheme'join project p on p.id = na.source_node_id
),
projrole AS
(select distinct 'Role' as "Type", sp.permission_key as "Permission", p.pkey as "Project Key", concat('Role "', concat(pr.name, concat('": ', pra.roletypeparameter))) as "Source"from nested njoin projectroleactor pra on ((pra.roletype = 'atlassian-group-role-actor' and lower(pra.roletypeparameter) = n.lower_parent_name) or (pra.roletype = 'atlassian-user-role-actor' and lower(pra.roletypeparameter) = n.lower_child_name))join projectrole pr on pr.id = pra.projectroleidjoin schemepermissions sp on sp.perm_type = 'projectrole' and sp.perm_parameter = concat(pr.id, '')join project p on p.id = pra.pid
),
approle AS
(select distinct 'License' as "Type", sp.permission_key as "Permission", p.pkey as "Project Key", l.group_id as "Source"from nested njoin licenserolesgroup l on lower(l.group_id) = n.lower_parent_namejoin schemepermissions sp on sp.perm_type = 'applicationRole'join permissionscheme s on s.id = sp.schemejoin nodeassociation na on na.sink_node_id = s.id and na.sink_node_entity = 'PermissionScheme'join project p on p.id = na.source_node_id
),
globalperm AS
(select distinct 'Global' as "Type", gp.permission as "Permission", null as "Project Key", null as "Source"from globalpermissionentry gp join nested on gp.group_id = nested.lower_parent_name
),
permissions AS
(
select * from uperm
UNION
select * from gperm
UNION
select * from globalperm
UNION
select * from projrole
UNION
select * from approle
)
select "Project Key", "Permission", "Type", "Source" from permissions
-- where ("Project Key" in ('S1', 'S2', 'S3') or "Project Key" is null)
order by "Project Key" asc, "Permission" asc;
ORACLE
WITH nested AS
(
SELECT m.* FROM cwd_membership m
START WITH m.membership_type = 'GROUP_USER' AND m.lower_child_name = 'charlie'CONNECT BY PRIOR m.lower_parent_name = m.lower_child_name AND m.membership_type = 'GROUP_GROUP'
),
uperm AS
(select distinct 'User' as "Type", sp.permission_key as "Permission", p.pkey as "Project Key", u.lower_user_name as "Source"from nested njoin cwd_user u on u.lower_user_name = n.lower_child_namejoin app_user a on a.lower_user_name = u.lower_user_namejoin schemepermissions sp on sp.perm_type = 'user' and sp.perm_parameter = a.user_keyjoin permissionscheme s on s.id = sp.schemejoin nodeassociation na on na.sink_node_id = s.id and na.sink_node_entity = 'PermissionScheme'join project p on p.id = na.source_node_idwhere n.membership_type = 'GROUP_USER'
),
gperm AS
(select distinct 'Group' as "Type", sp.permission_key as "Permission", p.pkey as "Project Key", sp.perm_parameter as "Source"from nested njoin schemepermissions sp on sp.perm_type = 'group' and sp.perm_parameter = n.lower_parent_namejoin permissionscheme s on s.id = sp.schemejoin nodeassociation na on na.sink_node_id = s.id and na.sink_node_entity = 'PermissionScheme'join project p on p.id = na.source_node_id
),
projrole AS
(select distinct 'Role' as "Type", sp.permission_key as "Permission", p.pkey as "Project Key", concat('Role "', concat(pr.name, concat('": ', pra.roletypeparameter))) as "Source"from nested njoin projectroleactor pra on ((pra.roletype = 'atlassian-group-role-actor' and lower(pra.roletypeparameter) = n.lower_parent_name) or (pra.roletype = 'atlassian-user-role-actor' and lower(pra.roletypeparameter) = n.lower_child_name))join projectrole pr on pr.id = pra.projectroleidjoin schemepermissions sp on sp.perm_type = 'projectrole' and sp.perm_parameter = concat(pr.id, '')join project p on p.id = pra.pid
),
approle AS
(select distinct 'License' as "Type", sp.permission_key as "Permission", p.pkey as "Project Key", l.group_id as "Source"from nested njoin licenserolesgroup l on lower(l.group_id) = n.lower_parent_namejoin schemepermissions sp on sp.perm_type = 'applicationRole'join permissionscheme s on s.id = sp.schemejoin nodeassociation na on na.sink_node_id = s.id and na.sink_node_entity = 'PermissionScheme'join project p on p.id = na.source_node_id
),
globalperm AS
(select distinct 'Global' as "Type", gp.permission as "Permission", null as "Project Key", null as "Source"from globalpermissionentry gp join nested on gp.group_id = nested.lower_parent_name
),
permissions AS
(
select * from uperm
UNION
select * from gperm
UNION
select * from globalperm
UNION
select * from projrole
UNION
select * from approle
)
select "Project Key", "Permission", "Type", "Source" from permissions
-- where ("Project Key" in ('S1', 'S2', 'S3') or "Project Key" is null)
order by "Project Key" asc, "Permission" asc;
我们可以根据需要更改第 4 行的用户名,并过滤生成的项目(在从底部开始的第二行)。
输出样例
Project Key | Permission | Type | Source
-------------+--------------------------------------+---------+---------------------S1 | ADD_COMMENTS | License | jira-software-usersS1 | ASSIGNABLE_USER | License | jira-software-usersS1 | ASSIGNABLE_USER | User | charlieS1 | ASSIGN_ISSUES | License | jira-software-usersS1 | BROWSE_PROJECTS | License | jira-software-usersS1 | BROWSE_PROJECTS | Group | group-cS1 | CLOSE_ISSUES | License | jira-software-users