Here at Isos Technology, we often come across problems that could potentially take substantial effort, and ask ourselves how we can provide our clients with a solution that takes less time, less effort, less budget, and is easily repeatable. I recently came across a problem like this—adding a group to a role across all projects in Jira—so in this blog post, I'm going to walk you through how to solve it. Imagine that your instance has already grown to hundreds of projects, when you realize it makes sense to build out a new group that should have a specific permission set across it. Obviously, going into each project one by one, manually, would take a lifetime. The good news is, you can quickly add a group to a specific role across all Jira projects in your instance using a simple Groovy script! To run it, just pull up a Groovy console in Jira (note that a groovy console comes with some typical apps like JMWE and may not be available out-of-the-box).
Let's jump right in:
import com.atlassian.jira.component.ComponentAccessor import com.atlassian.jira.bc.projectroles.ProjectRoleService import com.atlassian.jira.util.ErrorCollection import com.atlassian.jira.security.roles.ProjectRole import com.atlassian.jira.security.roles.ProjectRoleActors import com.atlassian.jira.security.roles.ProjectRoleActor import com.atlassian.jira.security.roles.ProjectRoleManager //THIS SCRIPT ADDS A GROUP TO A ROLE FOR ALL PROJECTS IN JIRA //****EDIT GROUP AND ROLE NAME HERE******* def newGroupName = "jira-administrators" def roleName = "Administrators" //******************************* def projectRoleManager = ComponentAccessor.getComponent(ProjectRoleManager) def projectRoleService = ComponentAccessor.getComponent(ProjectRoleService); ErrorCollection errorCollection def sb = new StringBuffer() //the group we add to the role must be in a list for the functions below to work def listy = [] listy.add(newGroupName) //iterate over each project ComponentAccessor.getProjectManager().getProjectObjects(). each { project -> //get project role ProjectRole projectRole = projectRoleManager.getProjectRole(roleName) //get project role actors projectRoleService.getProjectRoleActors(projectRole, project, errorCollection). each { actors -> //keep track of actors already in role def actorNameList = [] //iterate over project role actors ((ProjectRoleActors) actors).getRoleActors(). each { actor-> //TRACK IF OUR GROUP IS ALREADY IN THIS ROLE if (newGroupName.equals(actor.getParameter())){ actorNameList.add(newGroupName) } } //ACTION: if group not already in the role, add it to the role if (!actorNameList. contains (newGroupName)){ sb. append ( "\nAdding " + newGroupName + " as Admin in project: " + project.getKey()) //THE MAGIC HAPPENS HERE projectRoleService.addActorsToProjectRole(listy,projectRole,project,ProjectRoleActor.GROUP_ROLE_ACTOR_TYPE,errorCollection) } } } return sb.toString() |
As you can see from the above, we use the ProjectRoleManager and ProjectRoleService from the Jira API to iterate over all projects. For each project, it finds the role we defined and checks to see if the group is already in that role. If not, we add it in!
Important lines to remember are lines 12 and 13, where you enter your role and group. Also, line 47 is where you are actually manipulating Jira, so be cautious with this line.
And voilà—it's as simple as that! I hope these script snippets can help speed your admin tasks or client needs. And as always, happy automating!