How to use API (advisor) to query and list restricted work items?
Hi,
I'm using that code to find work items from an Advisor. Now I'm facing a problem: that query is returning work items based on logged user profile. So if a specific user doesn't have access to a specific work item, that query is not returning that specific work item.
To my advisor is important to find that work item and check some atributes.
How to execute that query using an "admin" user or add an option to ignore current user permissions / profile?
|
Accepted answer
Ralph Schoon (63.5k●3●36●46)
| answered Nov 05 '13, 9:53 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
In that case I would suggest to think about creating a service such as the e-mail notification service or another asynchronous task that runs in a different user context. Jorge provides an example that might be a starting point here: http://jorgediazblog.wordpress.com/2013/06/28/rtc-custom-scheduled-async-task-example-explained/
You can find the E-Mail Notification code in the SDK, I found it recently, I would search the SDK for 'mail' or something. I am not sure if there are drawbacks with that approach e.g. potential conflicts if the asynchronous task writes the work items. Bruno Braga selected this answer as the correct answer
Comments
sam detweiler
commented Nov 05 '13, 10:07 a.m.
Problem is he wants this synchronous with the save..
Bruno Braga
commented Nov 05 '13, 10:32 a.m.
Ok.
Using that approach I will lost something... Like: today (removing the read access protection) I could validate if [Work Item 123] exists and show a message to user: you can't create [New Work Item 456] to that iteration because there is no "Service Request" work item associated with that iteration.
So I could find the Service Request work items, validate if it exists and link if it was found.
Using a asynchronous job the end user could create many tasks to iteration that don't have service request and it will be a problem to project reports.
But, maybe it is the only way... :/
Ralph Schoon
commented Nov 05 '13, 10:39 a.m.
| edited Nov 05 '13, 10:40 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Yes, never modify in an advisor.
|
3 other answers
Is it possible to run that query with another user?
Comments
sam detweiler
commented Nov 02 '13, 11:10 a.m.
i am not aware of a way to run under a different user context
|
Ralph Schoon (63.5k●3●36●46)
| answered Nov 02 '13, 3:28 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
If the user running the advisor does not have access to the query results, the only thing you can tell from the result is, if there are restricted work items. You could decide on that if the advisor should fail. I don't think you can hack the user context.
Comments
sam detweiler
commented Nov 02 '13, 3:35 p.m.
I think the user has access to everything in the query results, but maybe everything needed is not IN the query results at all. so you cannot tell (from the result array) that items are not present, cause the user shouldn't see them anyhow.
I know there is a permission aware API that allows you to at least get the handles to items you don't have permission to or that do not show up for other reasons. I am not sure if the permission aware API is accessible from queries. A quick look did not reveal it, so you will most likely only see the results you have access to.
|
My scenario is complicate...
[Work Item 123]
[New Work Item 456]
A specific user is creating the [New Work Item 456] and don't have read access to [Work Item 123].
But using a advisor (precondition or follow-up action) I have to link [New Work Item 456] with [Work Item 123].
To create that link I have to execute a query and find the [Work Item 123] by type and iteration.
My problem is: if [Work Item 123] is protected (read access) I can't find it running a query on that user context.
I would like to change the user context to could find all work items or user the query API to create a query with some parameter that could ignore the read access protection.
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.
Comments
I believe the advisor runs in the context of the user making the workitem change, there is no method to change that, that I know of.