Improve Share Accessibility when user in Jira instance is disabled/removed
Description
When shares are accessed via user API calls and the users linked to these shares are no longer available,
the shares become inaccessible to external users.
Definition:
Access → Jira user account has no access to Jira or account was deleted or maybe some other cases??
We can provide in project configuration an option to automatically select new share actor
if previous share actor lost access to Jira instance.
Can we detect this upon share render?
If yes and we detect that share owner lost access we should change share actor to the one from project configuration.
Can we detect this upon share render
- Yes, we can detect it and change actor.
What was done within this ticket:
-
Added enable/disable button and user picker in project config, to automatically set reserve actor
-
In case of opening share by external link:
-
If current actor has no permission to access Jira instance, we check if reserve actor (one from project config) has permission.
-
If also does not have access, we display the share as if was disabled.
-
If reserve actor has access, we open share as reserve actor (but not change actor permanently in the db)
-
Logic of checking if actor has access to Jira instance:
-
-
In case of user API calls :
-
The situation looks similar to the above, except that if the user does not have access to the Jira instance then 401
UNAUTHORIZED
is returned.
-
For Testing:
-
Set actor of share as TestUser
-
Set, in project config related to this share, reserve actor as one who has access to Jira instance (different from TestUser)
-
Remove TestUser`s Jira instance access like below:
-
Try to open same share (should not be possible because of user`s access lack)
-
Now wait 2+ hours (code that check actor access and replace actor if needed runs every 2 hours)
-
After that actor should be replaced for reserve one and share should be accessible