YouTrack InCloud 2018.1 Help

Restrict Issue Visibility with Workflows

You can use the permission scheme in YouTrack to restrict read access to issues in YouTrack. Users who have Create Issue permission but not Read Issue permission in a project can only see the issues they create themselves. However, this setup is very binary. Users can either read and update only the issues that they reported themselves, or access all of the issues in the project. In real life, the situation is usually much more complex. What happens when you want some people to read and update some issues — not just the issues they created, but also those which are shared with them somehow?

To support this use case, you can grant reporters the Read Issue permission and use a workflow to automatically restrict issue visibility to a group that excludes other reporters. The following workflow rule restricts issue visibility as soon as an issue is reported.

var entities = require('@jetbrains/youtrack-scripting-api/entities'); var workflow = require('@jetbrains/youtrack-scripting-api/workflow'); exports.rule = entities.Issue.onChange({ title: 'Set "Visible to" group on submit', guard: function(ctx) { return ctx.issue.becomesReported; }, action: function(ctx) { ctx.issue.permittedGroups.add(ctx.viewers); workflow.message('Users from group "' + ctx.viewers.name + '" can see this request.'); }, requirements: { viewers: { type: entities.UserGroup } } });

Each issue is visible to its reporter and any member of the Viewers group. However, the reporter or any member of the Viewers group can “share” the issue with any other users who have the Read Issue permission in the project. To share the issue, the user selects another user from the Visible to list.

There are a number of other ways you can use workflows to manage visibility. You might consider adding one or more of the following rules to increase the flexibility of the entire scheme.

Add Mentioned Users

This rule automatically adds users to the Visible to list when they are @mentionedin a comment.

var entities = require('@jetbrains/youtrack-scripting-api/entities'); var workflow = require('@jetbrains/youtrack-scripting-api/workflow'); var loginRegex = /@(([A-Z0-9._@$+\-=|])*)/gi; exports.rule = entities.Issue.onChange({ title: 'Automatically add users to the "visible to" list', guard: function(ctx) { var issue = ctx.issue; return issue.comments.added.isNotEmpty() && (issue.permittedGroups.isNotEmpty() || issue.permittedUsers.isNotEmpty()); }, action: function(ctx) { var issue = ctx.issue; var text = ''; issue.comments.added.forEach(function (comment) { text += comment.text + '\n'; }); var message = ''; var matches = text.match(loginRegex); if (matches) { matches.forEach(function(m) { var login = m.slice(1); if (login) { var user = entities.User.findByLogin(login); if (user) { issue.permittedUsers.add(user); message += 'User "' + user.fullName + '" is added to issue readers. '; } else { message += 'User with login "' + login + '" not found. '; } } }); } if (message) { workflow.message(message); } }, requirements: {} });

Block Updates to Visibility Settings

This rule blocks changes to the Visible to setting for issues that have been reported. This prevents unwanted changes to visibility settings for issues that contain sensitive data.

// This rule assumes that issue visibility is set to a specific group // at the moment when an issue becomes reported. // Each project has its own visibility group. var entities = require('@jetbrains/youtrack-scripting-api/entities'); var workflow = require('@jetbrains/youtrack-scripting-api/workflow'); exports.rule = entities.Issue.onChange({ title: 'Block changes to visibility group for reported issues', guard: function(ctx) { var issue = ctx.issue; return issue.isReported && !issue.becomesReported && issue.isChanged('permittedGroups'); }, action: function(ctx) { workflow.check(false, 'You cannot change group visibility restrictions for reported issues. ' + 'Instead, you can add single users to the "visible to" list.'); }, requirements: {} });

Block Users from Removing Other Users

This rule prevents users from removing other users from the Visible to list.

var entities = require('@jetbrains/youtrack-scripting-api/entities'); var workflow = require('@jetbrains/youtrack-scripting-api/workflow'); exports.rule = entities.Issue.onChange({ title: 'Do not remove users from "visible to" list', guard: function(ctx) { var issue = ctx.issue; return issue.permittedUsers.removed.isNotEmpty(); }, action: function(ctx) { workflow.check(false, 'You cannot remove other users from the "visible to" list.'); }, requirements: {} });

Update Visibility on Assignment

This rule automatically add users to the Visible to list when they are selected in a custom field that stores a user type (for example, Authorizer or Verifier).

You can also use a modified version of this rule to hide sensitive issues from other members of the project team. For example, your company does not want accountants to see payment requests that are processed by other accountants. Here, you could add users to the Visible to list when they are set as the assignee.

var entities = require('@jetbrains/youtrack-scripting-api/entities'); var workflow = require('@jetbrains/youtrack-scripting-api/workflow'); exports.rule = entities.Issue.onChange({ title: 'Add Authorizer to the "visible to" list', guard: function(ctx) { var fs = ctx.issue.fields; return fs.isChanged(ctx.AuthBy) && fs.AuthBy; }, action: function(ctx) { var issue = ctx.issue; issue.permittedUsers.add(issue.fields.AuthBy); workflow.message('The issue is now visible to ' + issue.fields.AuthBy.fullName); }, requirements: { AuthBy: { type: entities.User.fieldType, name: 'Authorizer' } } });
Last modified: 31 May 2018