Getting Started

Features

Configuration

Atlassian are updating their Cloud REST APIs in response to the much publicized GDPR legislation.

Customers using ScriptRunner for Confluence Cloud must update any scripts that inspect or modify user properties when interacting with the Cloud REST APIs.

The full details of the changes Atlassian are making can be found on their Deprecation notice and migration guide for major changes to Confluence Cloud REST APIs to improve user privacy.

What is changing?

Atlassian are removing the userkey and username from their REST APIs, webhooks and CQL.

From the 29th April 2019 it will no longer be possible to identify a user based on their username or userkey.

Additionally there will be new privacy settings that each user may use to control whether their display name and email address are available to addons.

What do I need to do?

  1. If your scripts refer to a user by their username or userkey (e.g. when setting the value of a user property on content), those scripts need updating to use accountIds instead.

  2. If you run a CQL query from within your script, and that query refers to a user property, that query must be updated to use accountIds instead of userkeys or usernames.

  3. If your scripts read/inspect the value of a user properties (e.g. watcher, contributor, creator) in order to make a decision, you must update your script to only inspect the accountId property of the user property.

  4. If your scripts make REST API calls to endpoints that take a username or userkey as a query parameter, those REST API requests must be updated to use the new query parameter for accountId as documented in the migration guide.

  5. If your scripts read the email address of users, those scripts need to be modified to handle null email addresses (because individual users may change their privacy settings so that ScriptRunner cannot view the email address)

The user properties in Confluence include: creator, mention, contributor, watcher.

Permissions, restrictions and relations are all affected by these changes also.

In other words, only the accountId will be a valid way to set the user on one of those Jira entities, and only the accountId will be a guaranteed way to identify the user specified for that Jira entity.

Can Adaptavist help me?

Yes, we have released a migration tool within ScriptRunner that tells you which scripts we think you need to update and which user fields those scripts reference.

If you have scripts that we think need updating, you’ll see this banner in the ScriptRunner admin section of your Confluence Cloud instance.

gdpr banner

Once you click on the 'Show scripts' link at the bottom of the banner, you’ll see this modal dialog which will tell you which scripts we think need updating and which user properties those scripts reference. You can click on the name of a script to go to the edit page for that script.

gdpr scripts

How do I make the changes?

Here a few examples of scripts before and after the GDPR migration that you need to do. You can find accountIds by searching for users in the /people section of your Confluence Cloud instance.

Setting a user as a watcher

// Before 29th April 2019

def contentId = blog.id
def username = 'bsimpson'
def result = post("/wiki/rest/api/user/watch/content/${contentId}")
        .header('Content-Type', 'application/json')
        .queryString("username", username)
        .asString()

/* -------------------------------------------------------------------------------- */

// After 29th April 2019 the REST APIs will not accept username or userKey in query parameters

def contentId = blog.id
def accountId = '123456:12345a67-bbb1-12c3-dd45-678ee99f99g0'
def result = post("/wiki/rest/api/user/watch/content/${contentId}")
        .header('Content-Type', 'application/json')
        .queryString("accountId", accountId)
        .asString()

Inspecting user details on a blog Script Listener

// Before 29th April 2019

logger.info("'${blog.title}' was written by ${blog.creatorName}")

/* -------------------------------------------------------------------------------- */

// After 29th April 2019 the creatorName and creatorKey properties won't exist any more on webhooks from Confluence

logger.info("'${blog.title}' was written by ${blog.creatorAccountId}")

Inspecting user details on content from the REST API

// Before 29th April 2019

def resp = get("/wiki/rest/api/content/${contentId}")
    .asObject(Map)
    .body

logger.info("${resp.version.by.username} made change #${resp.version.number} to '${resp.title}'")

/* -------------------------------------------------------------------------------- */

// After 29th April 2019 the REST APIs will only return accountId and displayName (this may be hidden by privacy controls)

def resp = get("/wiki/rest/api/content/${contentId}")
        .asObject(Map)
        .body

logger.info("${resp.version.by.accountId} made change #${resp.version.number} to '${resp.title}'")

// or

logger.info("${resp.version.by.displayName} made change #${resp.version.number} to '${resp.title}'")

Searching for content based on a user

// Before 29th April 2019

def username = 'bsimpson'
def query = "type = comment AND creator = ${username}"
def result = get("/wiki/rest/api/search")
        .queryString("cql", query)
        .asObject(Map)

/* -------------------------------------------------------------------------------- */

// After 29th April 2019 CQL queries will only support accountIds to identify users

def user = '123450:pqrst-98765-uvwxyz-43210-abc'
def query = "type = comment AND creator = ${user}"
def result = get("/wiki/rest/api/search")
        .queryString("cql", query)
        .asObject(Map)