jira-disable-old-users

jira-disabled-old-users.groovy

import com.atlassian.jira.ComponentManager
import com.atlassian.jira.bc.projectroles.ProjectRoleService
import com.atlassian.jira.security.GlobalPermissionManager
import com.atlassian.jira.security.Permissions
import com.atlassian.jira.security.roles.actor.UserRoleActorFactory
import com.atlassian.jira.user.util.UserUtil
import com.atlassian.jira.util.SimpleErrorCollection
import com.atlassian.crowd.embedded.api.Group
import com.atlassian.crowd.embedded.api.User
import com.atlassian.jira.user.util.UserManager 
import com.atlassian.jira.user.util.DefaultUserManager
import com.atlassian.jira.component.ComponentAccessor
import org.apache.log4j.Category
import com.atlassian.jira.project.Project;

// Configurable section
isPreview = true
// End

log = Category.getInstance("com.onresolve.jira.groovy.DeactivateOldUsers")
log.debug ("DeactivateOldUsers function running")

//userManager = (UserManager) UserManager.getInstance()
userManager = (UserManager)  ComponentAccessor.getUserManager()

// We only want the service to run the first Sat of the month, but we can't schedule that in JIRA
// Also services run every startup, which we don't want. So schedule this service to run once a day

Calendar cal = Calendar.getInstance()
//if (! (cal.get(Calendar.DAY_OF_MONTH) == 1)) {
    log.debug "Not running DeactivateOldUsers because not the first of the month"
    return
//}

GlobalPermissionManager globalPermissionManager = (GlobalPermissionManager) ComponentManager.getInstance().getComponentInstanceOfType(GlobalPermissionManager.class)

// get the first user of the first group which has the ADMIN privilege...
// cannot use current user, not really sure who that is when run as a service
adminGroup = globalPermissionManager.getGroupNames(Permissions.ADMINISTER)[0]
adminUser = userManager.getGroup(adminGroup).getUsers().get(0)

def deactivateUser (User user) {

    log.debug ("deactivateUser ${user.getName()}")

    UserUtil userUtil = ComponentManager.getInstance().getUserUtil()
    user.getGroups().each {
        Group group = userManager.getGroup(it)
        log.debug ("Remove $user from group: \"$group\"")
        if (! isPreview) {
            userUtil.removeUserFromGroup (group, user)
        }
    }

    ProjectRoleService projectRoleService = (ProjectRoleService) ComponentManager.getComponentInstanceOfType(ProjectRoleService.class);
    SimpleErrorCollection errorCollection = new SimpleErrorCollection();

    log.debug ("Removing all roles references for ${user.getName()}")
    projectRoleService.getProjectsContainingRoleActorByNameAndType(userManager.getUser((String) adminUser), user.getName(), UserRoleActorFactory.TYPE, errorCollection).each {Project project ->
        log.debug ("Remove user ${user.getName()} from role: ${project.getName()}")
    }

    if (! isPreview) {
        projectRoleService.removeAllRoleActorsByNameAndType (userManager.getUser((String) adminUser), user.getName(), UserRoleActorFactory.TYPE, errorCollection)
    }

    println errorCollection.dump()
}

def boolean userStillValid (String userName) {
		// TODO ...
    return true
}

Integer beforeUsers = userManager.getGroup("jira-users").getUsers().size()

userManager.getGroup("jira-users").getUsers().each {
    User user = UserManager.getInstance().getUser(it)
    userName = user.getName()

    if (!userStillValid (userName)) {
        log.warn ("User: $userName should be retired")
        deactivateUser (user)
    }
}

Integer afterUsers =  userManager.getGroup("jira-users").getUsers().size()
log.info ("Was: $beforeUsers, now: $afterUsers, deleted: " + (beforeUsers - afterUsers))