public interface

PermissionService

com.atlassian.bitbucket.permission.PermissionService

Class Overview

Reads the permissions of users and groups. IMPORTANT: This should not be restricted by permissions, and is not intended for querying access levels of users, but rather checking access of the current user at runtime

See Also

Summary

Public Methods
@Nonnull Iterable<EffectivePermission> getEffectivePermissions(ApplicationUser user)
The complete set of effective permissions for the supplied user.
@Nonnull Page<String> getGrantedGroups(Permission permission, PageRequest request)
Get the groups which are granted a permission
@Nonnull Page<ApplicationUser> getGrantedUsers(Permission permission, PageRequest request)
Get the users which are granted a permission
@Nullable Permission getHighestGlobalGroupPermission(String groupName)
Get the highest global permission for a group.
@Nullable Permission getHighestGlobalPermission(ApplicationUser user)
Get the highest global permission for a user.
@Nullable Permission getHighestGlobalPermission(String username)
Get the highest global permission for a user.
@Nonnull Set<String> getUsersWithPermission(Permission permission)
Get the usernames of the users with the given permission (whether directly or though permission inheritance) This includes users granted the permission directly and those who have the permission through their group membership.
boolean hasAnyUserPermission(ApplicationUser user, Permission permission)
boolean hasAnyUserPermission(Permission permission)
boolean hasDirectGlobalUserPermission(Permission permission)
boolean hasDirectProjectUserPermission(Project project, Permission permission)
boolean hasDirectRepositoryUserPermission(Repository repository, Permission permission)
boolean hasGlobalGroupPermission(Permission permission, String group)
boolean hasGlobalPermission(Permission permission)
boolean hasGlobalPermission(ApplicationUser user, Permission permission)
boolean hasGlobalPermission(String username, Permission permission)
boolean hasGlobalPermissionThroughGroupMembership(Permission permission, Set<String> excludedGroups)
boolean hasProjectPermission(Project project, Permission permission)
boolean hasProjectPermission(ApplicationUser user, Project project, Permission permission)
boolean hasProjectPermission(int projectId, Permission permission)
boolean hasProjectPermission(ApplicationUser user, int projectId, Permission permission)
boolean hasProjectPermissionThroughGroupMembership(Project project, Permission permission, Set<String> excludedGroups)
boolean hasRepositoryPermission(ApplicationUser user, int repositoryId, Permission permission)
boolean hasRepositoryPermission(Repository repository, Permission permission)
boolean hasRepositoryPermission(int repositoryId, Permission permission)
boolean hasRepositoryPermission(ApplicationUser user, Repository repository, Permission permission)
boolean hasRepositoryPermissionThroughGroupMembership(Repository repository, Permission permission, Set<String> excludedGroups)
boolean isProjectAccessible(int projectId)
boolean isProjectAccessible(Project project)
Retrieve whether the current user (authenticated or not) has access to the given project.
boolean isPubliclyAccessible(Repository repository)
Retrieves whether the repository is publicly accessible.
boolean isPubliclyAccessible(Project project)
Retrieves whether the project is publicly accessible.
boolean isRepositoryAccessible(Repository repository)
Retrieve whether the current user (authenticated or not) has access to the given repository.
boolean isRepositoryAccessible(int repositoryId)

Public Methods

@Nonnull public Iterable<EffectivePermission> getEffectivePermissions (ApplicationUser user)

The complete set of effective permissions for the supplied user. Only the minimal set of effective permissions is returned by the iterator such that any effective permission that can be inferred from other permissions is not returned.

E.g. if a user is granted SYS_ADMIN permission, a group they belong to is granted REPO_READ on repository with id 1 and project 7 has a default permission of PROJ_READ, the only EffectivePermission to be returned from the iterator will be a GlobalEffectivePermission with permissions SYS_ADMIN since all other permissions can be inferred.

Parameters
user the user
Returns
  • a minimal sequence of effective permissions

@Nonnull public Page<String> getGrantedGroups (Permission permission, PageRequest request)

Get the groups which are granted a permission

Parameters
permission the permission in question
request a page request
Returns
  • the page of group names which have been granted a permission or an inheriting permission

@Nonnull public Page<ApplicationUser> getGrantedUsers (Permission permission, PageRequest request)

Get the users which are granted a permission

Parameters
permission the permission in question
request a page request
Returns
  • the page of users who have been granted a permission or an inheriting permission

@Nullable public Permission getHighestGlobalGroupPermission (String groupName)

Get the highest global permission for a group.

Parameters
groupName the group name
Returns
  • the highest global permission for the group or null if the group has no permissions

@Nullable public Permission getHighestGlobalPermission (ApplicationUser user)

Get the highest global permission for a user.

Parameters
user the user
Returns
  • the highest global permission for the user or null if they have no permissions

@Nullable public Permission getHighestGlobalPermission (String username)

Get the highest global permission for a user.

Parameters
username the user name
Returns
  • the highest global permission for the user or null if they have no permissions

@Nonnull public Set<String> getUsersWithPermission (Permission permission)

Get the usernames of the users with the given permission (whether directly or though permission inheritance) This includes users granted the permission directly and those who have the permission through their group membership.

Parameters
permission the permission for which the users are being fetched. It must be global
Returns
  • The lowercase usernames of all the users who currently have the given permission

public boolean hasAnyUserPermission (ApplicationUser user, Permission permission)

Parameters
user the user in question
permission the requested permission. Must be non-global.
Returns

public boolean hasAnyUserPermission (Permission permission)

Parameters
permission the requested permission. Must be non-global.
Returns
  • true if the current user has the requested Permission for any project / repository

public boolean hasDirectGlobalUserPermission (Permission permission)

Parameters
permission the permission required.
Returns
  • true if the current user has the given global permission directly granted (i.e. not through their group membership)

public boolean hasDirectProjectUserPermission (Project project, Permission permission)

Parameters
project the project on which permission is being checked.
permission the permission required.
Returns
  • true if the current user has the given project permission directly granted (i.e. not through their group membership)

public boolean hasDirectRepositoryUserPermission (Repository repository, Permission permission)

Parameters
repository the repository on which permission is being checked.
permission the permission required.
Returns
  • true if the current user has the given repository permission directly granted (i.e. not through their group membership)

public boolean hasGlobalGroupPermission (Permission permission, String group)

Parameters
permission the permission required.
group the group to be checked.
Returns
  • true if the given group has the given permission.

public boolean hasGlobalPermission (Permission permission)

Parameters
permission the requested permission. Must be global.
Returns
  • true if the current authentication session has the requested Permission
See Also

public boolean hasGlobalPermission (ApplicationUser user, Permission permission)

Parameters
user the user in question
permission the requested permission. Must be global.
Returns
  • true if the given ApplicationUser has the requested Permission. Will return true if the user is active and one of the following conditions is met:
    • permission is granted directly for the given user
    • permission is granted to a group the given user is a member of

public boolean hasGlobalPermission (String username, Permission permission)

Parameters
username the user in question
permission the requested permission. Must be global.
Returns
  • true if the given user identified by username has the requested Permission. Will return true if the user is active and one of the following conditions is met:
    • permission is granted directly for the given user
    • permission is granted to a group the given user is a member of

public boolean hasGlobalPermissionThroughGroupMembership (Permission permission, Set<String> excludedGroups)

Parameters
permission The permission required.
excludedGroups A Set of groups to be excluded from consideration.
Returns
  • true if the current user has the given global permission through its membership of a group

public boolean hasProjectPermission (Project project, Permission permission)

Parameters
project the project in question
permission the requested permission. Must be non-global.
Returns
  • true if the current authentication token has the requested Permission for the given Project
See Also

public boolean hasProjectPermission (ApplicationUser user, Project project, Permission permission)

Parameters
user the user in question
project the project in question
permission the requested permission. Must be non-global.
Returns
  • true if the given ApplicationUser has the requested Permission for the given Project. Will return true if the user is active and one of the following conditions is met:
    • permission is granted directly for the given user on the given project
    • permission is granted for all logged in users on the given project
    • permission is granted to a group the given user is a member of on the given project
    • The given user is directly granted a permission on at least one repository within the given project and the given permission is implied as a result
    • A group the given user is a member of is granted a permission on at least one repository within the given project and the given permission is implied as a result
    • The given project is publicly accessible and the permission is implied as a result
    • the given user is directly granted administration rights
    • A group the given user is a member of is granted administration rights

public boolean hasProjectPermission (int projectId, Permission permission)

Parameters
projectId the id project in question
permission the requested permission. Must be non-global.
Returns
  • true if the current authentication token has the requested Permission for the given Project
See Also

public boolean hasProjectPermission (ApplicationUser user, int projectId, Permission permission)

Parameters
user the user in question
projectId the id of project
permission the requested permission. Must be non-global.
Returns
See Also

public boolean hasProjectPermissionThroughGroupMembership (Project project, Permission permission, Set<String> excludedGroups)

Parameters
project The project on which permission is being checked.
permission The permission required.
excludedGroups A Set of groups to be excluded from consideration.
Returns
  • true if the current user has the given project permission through its membership of a group

public boolean hasRepositoryPermission (ApplicationUser user, int repositoryId, Permission permission)

Parameters
user the user in question
repositoryId the repository in question
permission the requested permission. Must be non-global.
Returns
See Also

public boolean hasRepositoryPermission (Repository repository, Permission permission)

Parameters
repository the repository in question
permission the requested permission. Must be non-global.
Returns
See Also

public boolean hasRepositoryPermission (int repositoryId, Permission permission)

Parameters
repositoryId the repository in question
permission the requested permission. Must be non-global.
Returns
  • true if the current AuthenticationToken has the requested Permission for the given Repository identified by repositoryid.
See Also

public boolean hasRepositoryPermission (ApplicationUser user, Repository repository, Permission permission)

Parameters
user the user in question
repository the repository in question
permission the requested permission. Must be non-global.
Returns
  • true if the given ApplicationUser has the requested Permission for the given Repository. Will return true if the user is active and one of the following conditions is met:
    • permission is granted directly for the given user on the given repository
    • permission is granted to a group the given user is a member of on the given repository
    • The given user is directly granted a permission on the containing project and the given permission is implied as a result
    • A group the given user is a member of is granted a permission on the containing project and the given permission is implied as a result
    • All logged in users are granted a permission to the containing project and the given permission is implied as a result
    • The given repository is publicly accessible and the permission is implied as a result
    • the given user is directly granted administration rights
    • A group the given user is a member of is granted administration rights

public boolean hasRepositoryPermissionThroughGroupMembership (Repository repository, Permission permission, Set<String> excludedGroups)

Parameters
repository The repository on which permission is being checked.
permission The permission required.
excludedGroups A Set of groups to be excluded from consideration.
Returns
  • true if the current user has the given repository permission through its membership of a group

public boolean isProjectAccessible (int projectId)

Parameters
projectId the id of the project on which to check
Returns
  • true if the current user has access to the given project, false otherwise
See Also

public boolean isProjectAccessible (Project project)

Retrieve whether the current user (authenticated or not) has access to the given project.

The user may have access as a result of the following:

Parameters
project the project on which to check
Returns
  • true if the current user has access to the given project, false otherwise

public boolean isPubliclyAccessible (Repository repository)

Retrieves whether the repository is publicly accessible.

Note that a repository will be public if:

  • public access is enabled for the instance; and

To check whether the current user (authenticated or not) can access the repository, use isRepositoryAccessible(Repository) instead.

Parameters
repository the repository on which to check
Returns
  • true if unauthenticated users can access the given repository, false otherwise

public boolean isPubliclyAccessible (Project project)

Retrieves whether the project is publicly accessible.

Note: to check whether the current user (authenticated or not) can access the project, use isProjectAccessible(Project) instead.

Parameters
project the project on which to check
Returns
  • true if unauthenticated users can access the given project, false otherwise

public boolean isRepositoryAccessible (Repository repository)

Retrieve whether the current user (authenticated or not) has access to the given repository.

The user may have access as a result of the following:

Parameters
repository the repository on which to check
Returns
  • true if the current user has access to the given repository, false otherwise

public boolean isRepositoryAccessible (int repositoryId)

Parameters
repositoryId the id of the repository on which to check
Returns
  • true if the current user has access to the given repository, false otherwise
See Also