public interface

SecurityService

implements DeprecatedSecurityService
com.atlassian.stash.user.SecurityService

Class Overview

Plugins may wish to perform operations as a particular user.

This interface allows plugins to perform operations as a particular user.

Summary

Public Methods
@Nonnull EscalatedSecurityContext anonymously(String reason)
Creates a custom security context that is not authenticated that can be used to perform operations.
@Nonnull EscalatedSecurityContext impersonating(StashUser user, String reason)
Creates a custom security context that is authenticated as user that can be used to perform operations.
@Nonnull EscalatedSecurityContext withPermission(Permission permission, Object resource, String reason)
Creates a custom security context with elevated permissions that can be used to perform operations.
@Nonnull EscalatedSecurityContext withPermission(Permission permission, String reason)
Creates a custom security context with elevated permissions that can be used to perform operations.
@Nonnull EscalatedSecurityContext withPermissions(Set<Permission> permissions, String reason)
Creates a custom security context with elevated permissions that can be used to perform operations.
[Expand]
Inherited Methods
From interface com.atlassian.stash.user.DeprecatedSecurityService

Public Methods

@Nonnull public EscalatedSecurityContext anonymously (String reason)

Creates a custom security context that is not authenticated that can be used to perform operations. Permissions that have been granted to the current user will no longer apply. Note that any escalated permissions that are associated with the current security context will still apply.

Parameters
reason a description of the reason for creating the custom security context. This description is used for logging.
Returns
  • the custom security context

@Nonnull public EscalatedSecurityContext impersonating (StashUser user, String reason)

Creates a custom security context that is authenticated as user that can be used to perform operations. Note that any escalated permissions that are associated with the current security context will still apply.

Parameters
user the user to temporarily execute as
reason a description of the reason for creating the custom security context. This description is used for logging.
Returns
  • the custom security context

@Nonnull public EscalatedSecurityContext withPermission (Permission permission, Object resource, String reason)

Creates a custom security context with elevated permissions that can be used to perform operations. The custom context is still authenticated as the current user (if there is one). Note that any escalated permissions that are associated with the current security context will still apply.

Parameters
permission the permission to temporarily grant. This has to be a resource permission that is valid for the provided resource (e.g. REPO_READ for a Repository).
resource the resource to temporarily grant the permission on
reason a description of the reason for creating the custom security context. This description is used for logging.
Returns
  • the custom security context

@Nonnull public EscalatedSecurityContext withPermission (Permission permission, String reason)

Creates a custom security context with elevated permissions that can be used to perform operations. The custom context is still authenticated as the current user (if there is one). Note that any escalated permissions associated with the current security context will still apply.

Parameters
permission the permission to temporarily grant. This can be either a global or a resource permission. If a resource permission is provided, the permission is granted to all resources of that type.
reason a description of the reason for creating the custom security context. This description is used for logging.
Returns
  • the custom security context

@Nonnull public EscalatedSecurityContext withPermissions (Set<Permission> permissions, String reason)

Creates a custom security context with elevated permissions that can be used to perform operations. The custom context is still authenticated as the current user (if there is one). Note that any escalated permissions that are associated with the current security context will still apply.

Parameters
permissions the permissions to temporarily grant. This can be a mix of global and resource permissions. If a resource permission is provided, the permission is granted to all resources of that type.
reason a description of the reason for creating the custom security context. This description is used for logging.
Returns
  • the custom security context