Question
How do I restrict JIRA's change history tab so that its only visible to members of a certain group?
Answer
A common workaround to the lack of field level security permissions in JIRA is to develop custom fields which include velocity restrictions on who can view and/or edit. However, this workaround also requires that the change history tab be appropriately restricted, as anyone who can view the change history of an issue can also view the previous values of your restricted fields.
Step 1 - Create a new change history tab panel class
This involves extending the existing ChangeHistoryTabPanel class to overwrite the showPanel method. For example, the history tab panel below will restrict the history tab to members of the "jira-developers" group.
import com.atlassian.jira.issue.AttachmentManager;
import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.issue.changehistory.ChangeHistoryManager;
import com.atlassian.jira.issue.tabpanels.ChangeHistoryTabPanel;
import com.atlassian.jira.util.JiraDurationUtils;
import com.opensymphony.user.User;
public class RestrictedChangeHistoryTabPanel extends ChangeHistoryTabPanel {
public RestrictedChangeHistoryTabPanel( ChangeHistoryManager changeHistoryManager,
AttachmentManager attachmentManager, JiraDurationUtils jiraDurationUtils ) {
super( changeHistoryManager, attachmentManager, jiraDurationUtils );
}
public boolean showPanel( Issue issue, User remoteUser ) {
if ( remoteUser != null )
return remoteUser.inGroup( "jira-developers" );
return false;
}
}
This class will then need to be complied and made available to JIRA. The easiest way is to include it as part of JIRA plugin and deploy to JIRA - see the JIRA Plugin Guide.
Step 2 - Reconfigure JIRA to use your new panel
JIRA's issue tab panels are defined in the WEB-INF\classes\system-issuetabpanels-plugin.xml file. Locate the follow section
<issue-tabpanel key="changehistory-tabpanel" i18n-name-key="admin.issue.tabpanels.plugin.change.history.name" name="Change history Tab Panel"
class="com.atlassian.jira.issue.tabpanels.ChangeHistoryTabPanel">
<description key="admin.issue.tabpanels.plugin.change.history.desc">Display change histories</description>
<label key="viewissue.tabs.changehistory">Change History</label>
<param name="alwaysShowHeader" value="false" />
<resource type="velocity" name="view" location="templates/plugins/jira/issuetabpanels/changehistory.vm" />
<order>30</order>
</issue-tabpanel>
and replace it with a reference to your new restricted tab panel
<issue-tabpanel key="changehistory-tabpanel" i18n-name-key="admin.issue.tabpanels.plugin.change.history.name" name="Change history Tab Panel"
class="com.atlassian.jira.issue.tabpanels.RestrictedChangeHistoryTabPanel">
<description key="admin.issue.tabpanels.plugin.change.history.desc">Display change histories</description>
<label key="viewissue.tabs.changehistory">Change History</label>
<param name="alwaysShowHeader" value="false" />
<resource type="velocity" name="view" location="templates/plugins/jira/issuetabpanels/changehistory.vm" />
<order>30</order>
</issue-tabpanel>
Note the line class="com.atlassian.jira.issue.tabpanels.RestrictedChangeHistoryTabPanel"> referring to your new class.
Step 3 - Restart JIRA and test
Restart your JIRA server, you should find that the history tab panel is now restricted based on the logic defined in the showPanel method above.
