I am using some code for a REST endpoint and I want to make sure that the only users who are allowed to execute this REST endpoint are logged in and are also part of the jira-users group. I am using the following code below and more specifically the line httpMethod: "GET", groups: ["jira-users"]) to ensure that the logged in user is part of the group jira-users, is this correct or should I do it another way?
import groovy.json.JsonBuilderimport groovy.transform.BaseScriptimport com.atlassian.jira.issue.Issue;import javax.ws.rs.core.Responseimport org.apache.log4j.Loggerimport groovy.transform.BaseScriptimport com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegateimport javax.ws.rs.core.MultivaluedMapimport com.atlassian.jira.component.ComponentAccessorimport com.onresolve.scriptrunner.runner.ScriptRunnerImplimport com.atlassian.sal.api.ApplicationPropertiesimport com.atlassian.sal.api.UrlModeimport javax.ws.rs.core.Responseimport Helper@BaseScript CustomEndpointDelegate delegatedef log = Logger.getLogger("atlassian-jira.log")def bulkSplitterHashMap= Helper.getBulkSplitterHashMap()int iTracSuperFeatureSplitterIssueTypeID = bulkSplitterHashMap["iTracSuperFeatureSplitterIssueTypeID"] ;int iTracSuperFeatureSplitterProjectID = bulkSplitterHashMap["iTracSuperFeatureSplitterProjectID"] ;String iTracSuperFeatureSplitterURL =bulkSplitterHashMap["iTracSuperFeatureSplitterURL"];callMounaBulkSplitter(httpMethod: "GET", groups: ["jira-users"]) { MultivaluedMap queryParams, String body -> def user = ComponentAccessor.jiraAuthenticationContext?.loggedInUser def issueId = queryParams.getFirst("issueId") as Long Issue myissue = ComponentAccessor.getIssueManager().getIssueObject(issueId) def issueKey = myissue.getKey() def project = myissue.getProject() def baseUrl = ScriptRunnerImpl.getOsgiService(ApplicationProperties).getBaseUrl(UrlMode.ABSOLUTE) def iTracSuperFeatureSplitterURL2 = iTracSuperFeatureSplitterURL.replaceAll(":1:", issueKey) def iTracSuperFeatureSplitterURL3 = iTracSuperFeatureSplitterURL2.replaceAll(":2:", user.getUsername()) def projectID = project.get("id") int projectIDInt = projectID as int if (iTracSuperFeatureSplitterProjectID == projectIDInt && iTracSuperFeatureSplitterIssueTypeID == Long.valueOf(myissue.getIssueTypeId())) { Response.temporaryRedirect(URI.create(iTracSuperFeatureSplitterURL3)).build() }}