Restricting Issue Types
Jira issue type schemes are not very flexible, in the sense that you cannot limit the available issue types in a project. If someone has permission to create an issue in a project, they can create every issue type in the project’s issue type scheme.
This allows you to use Behaviours to restrict which issue types are available to different categories of users.
Restricting Available Issue Types
It’s a common requirement that you would like non-core members of the project to only create certain issue types, whereas the developers should be able to create Bugs, Tasks, New Features etc.
You can use setFieldOptions on the issue type field and restrict the available issue types accordingly.
The following script demonstrates that scenario, which you should apply as an initializer:
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.roles.ProjectRoleManager
import static com.atlassian.jira.issue.IssueFieldConstants.ISSUE_TYPE
def projectRoleManager = ComponentAccessor.getComponent(ProjectRoleManager)
def user = ComponentAccessor.jiraAuthenticationContext.getLoggedInUser()
def issueTypeField = getFieldById(ISSUE_TYPE)
def userRoles = projectRoleManager.getProjectRoles(user, issueContext.projectObject)*.name
def availableIssueTypes = []
if ("Users" in userRoles) {
availableIssueTypes.addAll(["Query", "General Request"])
}
if ("Developers" in userRoles) {
availableIssueTypes.addAll(["Bug", "Task", "New Feature"])
}
issueTypeField.setFieldOptions(availableIssueTypes)
The following four outcomes are possible
Current user belongs only to Users role, therefore the only available issue types to select from are: Query and General Request
Current user doesn’t belong either to Users or Developers roles, therefore no issue types will be available and the field will be disabled
Current user belongs only to Developers role, therefore the only available issue types to select from are: Bug, Task and New Feature
Current user belongs to both Users and Developers roles, therefore both the above sets of issue types are available
Restricting to a Single Issue Type
In a slightly different scenario, where there is only one issue type allowed, we can set that issue type and lock the field.
In this example we check the roles in the current project of the remote user - if they are members only of the Users role, we set the issue type to Query and lock the field.
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.roles.ProjectRoleManager
import static com.atlassian.jira.issue.IssueFieldConstants.ISSUE_TYPE
// if the current user is in the Users role only, set the issue type to "Query", and lock it
def projectRoleManager = ComponentAccessor.getComponent(ProjectRoleManager)
def user = ComponentAccessor.jiraAuthenticationContext.getLoggedInUser()
def usersRoles = projectRoleManager.getProjectRoles(user, issueContext.projectObject)*.name
if (usersRoles == ['Users']) {
getFieldById(ISSUE_TYPE)
.setFormValue('Task')
.setReadOnly(true)
}
For people only in the Users role the Create Issue dialog will look like this:
If this is critically important that people only create the allowed issue types, you should consider backing it up with a workflow validator (perhaps a simple scripted validator) on the Create transition. Remember Behaviours are only in effect when using the browser, not when using the REST API.