YouTrack Server 2023.3 Help

Restrict Issue Visibility with Workflows

You can use the permission scheme in YouTrack to restrict read access to issues in YouTrack. Users who have Create Issue permission but not Read Issue permission in a project can only see the issues they create themselves. However, this setup is very binary. Users can either read and update only the issues that they reported themselves, or access all the issues in the project. In real life, the situation is usually much more complex. What happens when you want some people to read and update some issues — not just the issues they created, but also those which are shared with them somehow?

To support this use case, you can grant reporters the Read Issue permission and use a workflow to automatically restrict issue visibility to a group that excludes other reporters. The following workflow rule restricts issue visibility as soon as an issue is reported.

const entities = require('@jetbrains/youtrack-scripting-api/entities'); const workflow = require('@jetbrains/youtrack-scripting-api/workflow'); exports.rule = entities.Issue.onChange({ title: 'Set "Visible to" group on submit', guard: (ctx) => { return ctx.issue.becomesReported; }, action: (ctx) => { ctx.issue.permittedGroups.add(ctx.viewers); workflow.message('Users from group "' + ctx.viewers.name + '" can see this request.'); }, requirements: { viewers: { type: entities.UserGroup } } });

Each issue is visible to its reporter and any member of the Viewers group. However, the reporter or any member of the Viewers group can “share" the issue with any other users who have the Read Issue permission in the project. To share the issue, the user selects another user from the Visible to list.

There are a number of other ways you can use workflows to manage visibility. You might consider adding one or more of the following rules to increase the flexibility of the entire scheme.

Add Mentioned Users

This rule automatically adds users to the Visible to list when they are @mentionedin a comment.

const entities = require('@jetbrains/youtrack-scripting-api/entities'); const workflow = require('@jetbrains/youtrack-scripting-api/workflow'); const loginRegex = /@(([A-Z0-9._@$+\-=|])*)/gi; exports.rule = entities.Issue.onChange({ title: 'Automatically add users to the "visible to" list', guard: (ctx) => { const issue = ctx.issue; return issue.comments.added.isNotEmpty() && (issue.permittedGroups.isNotEmpty() || issue.permittedUsers.isNotEmpty()); }, action: (ctx) => { const issue = ctx.issue; let text = ''; issue.comments.added.forEach(function (comment) { text += comment.text + '\n'; }); let message = ''; const matches = text.match(loginRegex); if (matches) { matches.forEach(function (m) { const login = m.slice(1); if (login) { const user = entities.User.findByLogin(login); if (user) { issue.permittedUsers.add(user); message += 'User "' + user.fullName + '" is added to issue readers. '; } else { message += 'User with login "' + login + '" not found. '; } } }); } if (message) { workflow.message(message); } }, requirements: {} });

Block Updates to Visibility Settings

This rule blocks changes to the Visible to setting for issues that have been reported. This prevents unwanted changes to visibility settings for issues that contain sensitive data.

// This rule assumes that issue visibility is set to a specific group // at the moment when an issue becomes reported. // Each project has its own visibility group. const entities = require('@jetbrains/youtrack-scripting-api/entities'); const workflow = require('@jetbrains/youtrack-scripting-api/workflow'); exports.rule = entities.Issue.onChange({ title: 'Block changes to visibility group for reported issues', guard: (ctx) => { const issue = ctx.issue; return issue.isReported && !issue.becomesReported && issue.isChanged('permittedGroups'); }, action: (ctx) => { workflow.check(false, 'You cannot change group visibility restrictions for reported issues. ' + 'Instead, you can add single users to the "visible to" list.'); }, requirements: {} });

Block Users from Removing Other Users

This rule prevents users from removing other users from the Visible to list.

const entities = require('@jetbrains/youtrack-scripting-api/entities'); const workflow = require('@jetbrains/youtrack-scripting-api/workflow'); exports.rule = entities.Issue.onChange({ title: 'Do not remove users from "visible to" list', guard: (ctx) => { const issue = ctx.issue; return issue.permittedUsers.removed.isNotEmpty(); }, action: (ctx) => { workflow.check(false, 'You cannot remove other users from the "visible to" list.'); }, requirements: {} });

Update Visibility on Assignment

This rule automatically adds users to the Visible to list when they are selected in a custom field that stores a user type (for example, Authorizer or Verifier).

You can also use a modified version of this rule to hide sensitive issues from other members of the project team. For example, your company does not want accountants to see payment requests that are processed by other accountants. Here, you could add users to the Visible to list when they are set as the assignee.

const entities = require('@jetbrains/youtrack-scripting-api/entities'); const workflow = require('@jetbrains/youtrack-scripting-api/workflow'); exports.rule = entities.Issue.onChange({ title: 'Add Authorizer to the "visible to" list', guard: (ctx) => { const fs = ctx.issue.fields; return fs.isChanged(ctx.AuthBy) && fs.AuthBy; }, action: (ctx) => { const issue = ctx.issue; issue.permittedUsers.add(issue.fields.AuthBy); workflow.message('The issue is now visible to ' + issue.fields.AuthBy.fullName); }, requirements: { AuthBy: { type: entities.User.fieldType, name: 'Authorizer' } } });
Last modified: 22 March 2024