Remove the Everyone share option from filters in Jira server

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Fisheye および Crucible は除く

 

要約

Prior to Jira 7.2.2, JIRA Administrators do not wish to allow filters to be shared with 'Everyone', as it makes them visible to anonymous (unauthenticated) users. This is due to the fact that you can't disable anonymous access to general pages in JIRA globally.

This behaviour is changed after the implementation of JRA-23255 - Getting issue details... STATUS whereby JIRA administrators can now disable the ability to share dashboards and filters publicly (anonymous users) via a new global setting "Public sharing". Please read the description of the Suggestion ticket for more information on this change.

This article is a collection of workarounds that you can use to exclude the sharing of filters with anonymous users in Jira versions prior to 7.2.2. Some of these methods may still work in versions greater than 7.2.2 so you can continue using them, though we recommend just disabling the Public sharing (or equivalent) permission of your Jira application instead.


There are two possible solutions. They can be used individually or together if both outcomes are required:

a) You can remove the option from the drop-down select list so it is not possible to share with 'Everyone'.

With this solution the options left for sharing a filter are with a group or project role that the user is member of. See more details on Sharing a Filter.


b) You can restrict access to the page URL for managing filters to only allow authenticated users access. 

If a anonymous user attempts to access the page they will be re-directed to the login page.


You may also be interested on this related article:


ソリューション

The alternatives presented here are considered customizations and are unsupported by Atlassian — only presented AS-IS for Admins to evaluate, assess the tradeoffs and implement at their own risk.

You may learn more of the tradeoffs and caveats of such customizations in How to customize Jira with JavaScript and CSS.

本ページの内容には、Atlassian ソフトウェアのカスタマイズや拡張 (CSS ルール、HTML、JavaScript の追加/変更など) を行う手順が含まれています。アトラシアン サポートの提供 の通り、Atlassia 製品に加えられたカスタマイズはサポートされません。この資料は情報提供のみを目的として提供されています。内容はお客様自身の責任でご利用ください。

本件またはカスタマイズに関するご質問は、コミュニティの Atlassian Answers で質問してください。または、アトラシアン ソリューション パートナー にご相談いただくことをご検討ください。

Option A: Remove 'Everyone' option from list - Click here to expand...

To hide the option 'Everyone' from the list you can either use JavaScript to remove the 'Everyone' option during page load or by modifying the view template file.

(warning) Please note that either of these methods only hides the option from being displayed in the UI, not the functionality itself. It is still possible to send requests that will share filters with 'Everyone', but it requires more technical expertise than simply using the browser.

Using JavaScript in the Announcement Banner

 (info) This solution has been tested on JIRA 7.1.4, and Jira 8.5.0

  • Add the following JavaScript to the Announcement Banner NOTE: This will remove the option from filters AND dashboards.

    <script type='text/javascript'>
    AJS.toInit(function()
    {   
        var urlPath = $(location).attr('pathname');
        console.log(urlPath);
        if (urlPath.toLowerCase().indexOf("editportalpage") >= 0 || urlPath.toLowerCase().indexOf("editfilter")  >= 0 || urlPath.toLowerCase().indexOf("addportalpage")  >= 0) {
            
            AJS.$("#share_type_selector_viewers option[value='global']").remove();
    		AJS.$("#share_type_selector option[value='global']").remove();
        }
    });
    
    </script>





Using CSS in the Announcement Banner

An alternative method is to rely on CSS instead of Javascript. This will work regardless of race-conditions on the browser page load but is more sensitive to version updates. These have been validated on Jira 9.4 and 9.11.

They are described in these two Issues:

JRASERVER-65962 - 課題詳細を取得中... ステータス

<!-- Custom CSS to hide the "Logged in users" option when sharing Filters and Dashboards (JRASERVER-65962) -->
<style>
#share_type_selector_viewers > option[value="loggedin"] {
  display: none !important;
}
</style>


JRASERVER-69095 - 課題詳細を取得中... ステータス

<!-- Custom CSS to hide the "Shared" option on Users profile (JRASERVER-69095) -->
<style>
#update-user-preferences #update-user-preferences-sharing option:nth-child(1) {
  display: none !important;
}
</style>


Modify template

(info) This solution has been tested on JIRA 5.1 and on JIRA 6.3.

Hiding the option 'Everyone' by customizing the edit-share-types.jsp template:

  1. Jira をシャットダウンします。
  2. Open the edit-share-types.jsp located in the JIRA-INSTALL/atlassian-jira/template/aui directory.
    (warning) Make a backup of this file.
  3. Modify the file from:

    edit-share-types.jsp
                        <select id="share_type_selector">
                            <ww:iterator value=".">
                                <option value="<ww:property value="./shareType"/>"><ww:property value="./shareTypeLabel"/></option>
                            </ww:iterator>
                        </select>
                        <ww:iterator value="." status="'typeStatus'">
                            <span id="share_<ww:property value="./shareType"/>" <ww:if test="@typeStatus/first == false">style="display:none"</ww:if>>
                                <ww:property value="./shareTypeEditor" escape="false"/>
                                <ww:if test="./addButtonNeeded == true">
                                    <span class="addShare" id="share_add_<ww:property value="./shareType"/>"><img src="<%= request.getContextPath() %>/images/icons/16add_blue.png" />
                                    <ww:text name="'common.sharing.add.share'"/></span>
                                </ww:if>
                            </span>
                        </ww:iterator>
    

    変更後:

    edit-share-types.jsp
                        <select id="share_type_selector">
                            <ww:iterator value=".">
                                <ww:if test="./shareTypeLabel != 'Everyone'">
                                    <option value="<ww:property value="./shareType"/>"><ww:property value="./shareTypeLabel"/></option>
                                </ww:if>
                            </ww:iterator>
                        </select>
                        <ww:iterator value="." status="'typeStatus'">
                            <span id="share_<ww:property value="./shareType"/>" <ww:if test="@typeStatus/first == false">style="display:none"</ww:if>>
                                <ww:property value="./shareTypeEditor" escape="false"/>
                                    <ww:if test="./shareTypeLabel != 'Everyone'">
                                        <ww:if test="./addButtonNeeded == true">
                                            <span class="addShare" id="share_add_<ww:property value="./shareType"/>"><img src="<%= request.getContextPath() %>/images/icons/16add_blue.png" />
                                            <ww:text name="'common.sharing.add.share'"/></span>
                                        </ww:if>
                                    </ww:if>
                            </span>
                        </ww:iterator>
  4. Delete the contents of the JIRA-INSTALL/work folder.

  5. Jira を再起動します。
Option B: Restrict access to view shared filters for authenticated users only - Click here to expand...

(info) This solution has been tested on JIRA 7.1.4.

  1. Jira をシャットダウンします。
  2. Edit the actions.xml located in the JIRA-INSTALL/atlassian-jira/WEB-INF/classes directory.

  3. Modify the file from:

    <!-- Filter actions -->
    <action name="filter.ManageFilters" alias="ManageFilters">
        <view name="success">/secure/views/filter/managefilters.jsp</view>
        <view name="contentonly">/secure/views/filter/managefilters-content.jsp</view>
        <view name="securitybreach">/secure/views/securitybreach.jsp</view>
        <view name="error">/secure/views/filter/managefilters.jsp</view>
    </action>

変更後:

    <!-- Filter actions -->
    <action name="filter.ManageFilters" alias="ManageFilters" roles-required="use">
        <view name="success">/secure/views/filter/managefilters.jsp</view>
        <view name="contentonly">/secure/views/filter/managefilters-content.jsp</view>
        <view name="securitybreach">/secure/views/securitybreach.jsp</view>
        <view name="error">/secure/views/filter/managefilters.jsp</view>
    </action>

4. Restart JIRA.



最終更新日 2023 年 11 月 20 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.