public interface

PermissionService

com.atlassian.bitbucket.permission.PermissionService

Class Overview

Reads the permissions of users and groups. IMPORTANT: This should not be restricted by permissions, and is not intended for querying access levels of users, but rather checking access of the current user at runtime

Summary

Public Methods
@Deprecated @Nonnull Iterable<EffectivePermission> getEffectivePermissions(ApplicationUser user)
This method is deprecated. in 5.5 for removal in 6.0 without replacement
@Nonnull Page<String> getGrantedGroups(Permission permission, PageRequest request)
Get the groups which are granted a permission
@Nonnull Page<ApplicationUser> getGrantedUsers(Permission permission, PageRequest request)
Get the users which are granted a permission
@Nullable Permission getHighestGlobalGroupPermission(String groupName)
Get the highest global permission for a group.
@Nullable Permission getHighestGlobalPermission(ApplicationUser user)
Get the highest global permission for a user.
@Nullable Permission getHighestGlobalPermission(String username)
Get the highest global permission for a user.
@Nonnull Set<String> getUsersWithPermission(Permission permission)
Get the usernames of the users with the given permission (whether directly or though permission inheritance) This includes users granted the permission directly and those who have the permission through their group membership.
boolean hasAnyUserPermission(ApplicationUser user, Permission permission)
boolean hasAnyUserPermission(Permission permission)
boolean hasDirectGlobalUserPermission(Permission permission)
boolean hasDirectProjectUserPermission(Project project, Permission permission)
boolean hasDirectRepositoryUserPermission(Repository repository, Permission permission)
boolean hasGlobalGroupPermission(Permission permission, String group)
boolean hasGlobalPermission(Permission permission)
boolean hasGlobalPermission(ApplicationUser user, Permission permission)
Will return true if the user is active and one of the following conditions is met:
  • permission is granted directly for the given user
  • permission is granted to a group the given user is a member of
boolean hasGlobalPermission(String username, Permission permission)
Will return true if the user is active and one of the following conditions is met:
  • permission is granted directly for the given user
  • permission is granted to a group the given user is a member of
boolean hasGlobalPermissionThroughGroupMembership(Permission permission, Set<String> excludedGroups)
boolean hasProjectPermission(Project project, Permission permission)
boolean hasProjectPermission(ApplicationUser user, Project project, Permission permission)
Will return true if the user is active and one of the following conditions is met:
  • permission is granted directly for the given user on the given project
  • permission is granted for all logged in users on the given project
  • permission is granted to a group the given user is a member of on the given project
  • The given user is directly granted a permission on at least one repository within the given project and the given permission is implied as a result
  • A group the given user is a member of is granted a permission on at least one repository within the given project and the given permission is implied as a result
  • The given project is publicly accessible and the permission is implied as a result
  • the given user is directly granted administration rights
  • A group the given user is a member of is granted administration rights
boolean hasProjectPermission(int projectId, Permission permission)
boolean hasProjectPermission(ApplicationUser user, int projectId, Permission permission)
boolean hasProjectPermissionThroughGroupMembership(Project project, Permission permission, Set<String> excludedGroups)
boolean hasRepositoryPermission(ApplicationUser user, int repositoryId, Permission permission)
boolean hasRepositoryPermission(Repository repository, Permission permission)
boolean hasRepositoryPermission(int repositoryId, Permission permission)
boolean hasRepositoryPermission(ApplicationUser user, Repository repository, Permission permission)
Will return true if the user is active and one of the following conditions is met:
  • permission is granted directly for the given user on the given repository
  • permission is granted to a group the given user is a member of on the given repository
  • The given user is directly granted a permission on the containing project and the given permission is implied as a result
  • A group the given user is a member of is granted a permission on the containing project and the given permission is implied as a result
  • All logged in users are granted a permission to the containing project and the given permission is implied as a result
  • The given repository is publicly accessible and the permission is implied as a result
  • the given user is directly granted administration rights
  • A group the given user is a member of is granted administration rights
This method will always return false if the user given is null as anonymous users cannot be granted permissions by definition.
boolean hasRepositoryPermissionThroughGroupMembership(Repository repository, Permission permission, Set<String> excludedGroups)
boolean hasUserPermission(ApplicationUser user, ApplicationUser targetUser, Permission permission)
boolean hasUserPermission(ApplicationUser targetUser, Permission permission)
boolean hasUserPermission(int targetUserId, Permission permission)
boolean hasUserPermission(Permission permission)
boolean hasUserPermission(ApplicationUser user, int targetUserId, Permission permission)
boolean isProjectAccessible(int projectId)
boolean isProjectAccessible(Project project)
Retrieve whether the current user (authenticated or not) has access to the given project.
boolean isPubliclyAccessible(Repository repository)
Retrieves whether the repository is publicly accessible.
boolean isPubliclyAccessible(Project project)
Retrieves whether the project is publicly accessible.
boolean isRepositoryAccessible(Repository repository)
Retrieve whether the current user (authenticated or not) has access to the given repository.
boolean isRepositoryAccessible(int repositoryId)

Public Methods

@Deprecated @Nonnull public Iterable<EffectivePermission> getEffectivePermissions (ApplicationUser user)

This method is deprecated.
in 5.5 for removal in 6.0 without replacement

The complete set of effective permissions for the supplied user. Only the minimal set of effective permissions is returned by the iterator such that any effective permission that can be inferred from other permissions is not returned.

E.g. if a user is granted SYS_ADMIN permission, a group they belong to is granted REPO_READ on repository with id 1 and project 7 has a default permission of PROJ_READ, the only EffectivePermission to be returned from the iterator will be a GlobalEffectivePermission with permissions SYS_ADMIN since all other permissions can be inferred.

Parameters
user the user
Returns
  • a minimal sequence of effective permissions

@Nonnull public Page<String> getGrantedGroups (Permission permission, PageRequest request)

Get the groups which are granted a permission

Parameters
permission the permission in question
request a page request
Returns
  • the page of group names which have been granted a permission or an inheriting permission

@Nonnull public Page<ApplicationUser> getGrantedUsers (Permission permission, PageRequest request)

Get the users which are granted a permission

Parameters
permission the permission in question
request a page request
Returns
  • the page of users who have been granted a permission or an inheriting permission

@Nullable public Permission getHighestGlobalGroupPermission (String groupName)

Get the highest global permission for a group.

Parameters
groupName the group name
Returns
  • the highest global permission for the group or null if the group has no permissions

@Nullable public Permission getHighestGlobalPermission (ApplicationUser user)

Get the highest global permission for a user.

Parameters
user the user
Returns
  • the highest global permission for the user or null if they have no permissions

@Nullable public Permission getHighestGlobalPermission (String username)

Get the highest global permission for a user.

Parameters
username the user name
Returns
  • the highest global permission for the user or null if they have no permissions

@Nonnull public Set<String> getUsersWithPermission (Permission permission)

Get the usernames of the users with the given permission (whether directly or though permission inheritance) This includes users granted the permission directly and those who have the permission through their group membership.

Parameters
permission the permission for which the users are being fetched. It must be global.
Returns
  • the lowercase usernames of all the users who currently have the given permission

public boolean hasAnyUserPermission (ApplicationUser user, Permission permission)

Parameters
user the user in question
permission the requested permission. Must be non-global.
Returns

public boolean hasAnyUserPermission (Permission permission)

Parameters
permission the requested permission. Must be non-global.
Returns
  • true if the current user has the requested Permission for any project / repository

public boolean hasDirectGlobalUserPermission (Permission permission)

Parameters
permission the permission required
Returns
  • true if the current user has the given global permission directly granted (i.e. not through their group membership)

public boolean hasDirectProjectUserPermission (Project project, Permission permission)

Parameters
project the project on which permission is being checked
permission the permission required
Returns
  • true if the current user has the given project permission directly granted (i.e. not through their group membership)

public boolean hasDirectRepositoryUserPermission (Repository repository, Permission permission)

Parameters
repository the repository on which permission is being checked
permission the permission required
Returns
  • true if the current user has the given repository permission directly granted (i.e. not through their group membership)

public boolean hasGlobalGroupPermission (Permission permission, String group)

Parameters
permission the permission required
group the group to be checked
Returns
  • true if the given group has the given permission

public boolean hasGlobalPermission (Permission permission)

Parameters
permission the requested permission. Must be global.
Returns
  • true if the current authentication session has the requested Permission

public boolean hasGlobalPermission (ApplicationUser user, Permission permission)

Will return true if the user is active and one of the following conditions is met:

  • permission is granted directly for the given user
  • permission is granted to a group the given user is a member of

Parameters
user the user in question
permission the requested permission. Must be global.
Returns

public boolean hasGlobalPermission (String username, Permission permission)

Will return true if the user is active and one of the following conditions is met:

  • permission is granted directly for the given user
  • permission is granted to a group the given user is a member of

Parameters
username the user in question
permission the requested permission. Must be global.
Returns
  • true if the given user identified by username has the requested Permission

public boolean hasGlobalPermissionThroughGroupMembership (Permission permission, Set<String> excludedGroups)

Parameters
permission The permission required.
excludedGroups A Set of groups to be excluded from consideration.
Returns
  • true if the current user has the given global permission through its membership of a group

public boolean hasProjectPermission (Project project, Permission permission)

Parameters
project the project in question
permission the requested permission. Must be non-global.
Returns
  • true if the current authentication token has the requested Permission for the given Project

public boolean hasProjectPermission (ApplicationUser user, Project project, Permission permission)

Will return true if the user is active and one of the following conditions is met:

  • permission is granted directly for the given user on the given project
  • permission is granted for all logged in users on the given project
  • permission is granted to a group the given user is a member of on the given project
  • The given user is directly granted a permission on at least one repository within the given project and the given permission is implied as a result
  • A group the given user is a member of is granted a permission on at least one repository within the given project and the given permission is implied as a result
  • The given project is publicly accessible and the permission is implied as a result
  • the given user is directly granted administration rights
  • A group the given user is a member of is granted administration rights

Parameters
user the user in question
project the project in question
permission the requested permission. Must be non-global.
Returns

public boolean hasProjectPermission (int projectId, Permission permission)

Parameters
projectId the id project in question
permission the requested permission. Must be non-global.
Returns
  • true if the current authentication token has the requested Permission for the given Project

public boolean hasProjectPermission (ApplicationUser user, int projectId, Permission permission)

Parameters
user the user in question
projectId the id of project
permission the requested permission. Must be non-global.
Returns

public boolean hasProjectPermissionThroughGroupMembership (Project project, Permission permission, Set<String> excludedGroups)

Parameters
project The project on which permission is being checked
permission The permission required
excludedGroups A Set of groups to be excluded from consideration
Returns
  • true if the current user has the given project permission through its membership of a group

public boolean hasRepositoryPermission (ApplicationUser user, int repositoryId, Permission permission)

Parameters
user the user in question
repositoryId the repository in question
permission the requested permission. Must be non-global.
Returns

public boolean hasRepositoryPermission (Repository repository, Permission permission)

Parameters
repository the repository in question
permission the requested permission. Must be non-global.
Returns

public boolean hasRepositoryPermission (int repositoryId, Permission permission)

Parameters
repositoryId the repository in question
permission the requested permission. Must be non-global.
Returns
  • true if the current authentication token has the requested Permission for the given Repository identified by repositoryId

public boolean hasRepositoryPermission (ApplicationUser user, Repository repository, Permission permission)

Will return true if the user is active and one of the following conditions is met:

  • permission is granted directly for the given user on the given repository
  • permission is granted to a group the given user is a member of on the given repository
  • The given user is directly granted a permission on the containing project and the given permission is implied as a result
  • A group the given user is a member of is granted a permission on the containing project and the given permission is implied as a result
  • All logged in users are granted a permission to the containing project and the given permission is implied as a result
  • The given repository is publicly accessible and the permission is implied as a result
  • the given user is directly granted administration rights
  • A group the given user is a member of is granted administration rights
This method will always return false if the user given is null as anonymous users cannot be granted permissions by definition.

Parameters
user the user in question
repository the repository in question
permission the requested permission. Must be non-global.
Returns

public boolean hasRepositoryPermissionThroughGroupMembership (Repository repository, Permission permission, Set<String> excludedGroups)

Parameters
repository the repository on which permission is being checked
permission the permission required
excludedGroups a Set of groups to be excluded from consideration
Returns
  • true if the current user has the given repository permission through its membership of a group

public boolean hasUserPermission (ApplicationUser user, ApplicationUser targetUser, Permission permission)

Parameters
user the user requesting the permission
targetUser the user that the permission applies to
permission the requested permission. Must be non-global.
Returns

public boolean hasUserPermission (ApplicationUser targetUser, Permission permission)

Parameters
targetUser the user that the permission applies to
permission the requested permission. Must be non-global.
Returns
  • true if the current authentication token has the requested Permission with respect to targetUser's settings

public boolean hasUserPermission (int targetUserId, Permission permission)

Parameters
targetUserId the ID of the user that the permission applies to
permission the requested permission. Must be non-global.
Returns
  • true if the current authentication token has the requested Permission with respect to the user identified by targetUserId

public boolean hasUserPermission (Permission permission)

Parameters
permission the requested permission. Must be non-global.
Returns
  • true if the current authentication token has the requested Permission for the account of the currently authenticated user

public boolean hasUserPermission (ApplicationUser user, int targetUserId, Permission permission)

Parameters
user the user requesting the permission
targetUserId the ID of the user that the permission applies to
permission the requested permission. Must be non-global.
Returns

public boolean isProjectAccessible (int projectId)

Parameters
projectId the id of the project on which to check
Returns
  • true if the current user has access to the given project, false otherwise

public boolean isProjectAccessible (Project project)

Retrieve whether the current user (authenticated or not) has access to the given project.

The user may have access as a result of the following:

Parameters
project the project on which to check
Returns
  • true if the current user has access to the given project, false otherwise

public boolean isPubliclyAccessible (Repository repository)

Retrieves whether the repository is publicly accessible.

Note that a repository will be public if:

  • public access is enabled for the instance; and

To check whether the current user (authenticated or not) can access the repository, use isRepositoryAccessible(Repository) instead.

Parameters
repository the repository on which to check
Returns
  • true if unauthenticated users can access the given repository, false otherwise

public boolean isPubliclyAccessible (Project project)

Retrieves whether the project is publicly accessible.

Note: to check whether the current user (authenticated or not) can access the project, use isProjectAccessible(Project) instead.

Parameters
project the project on which to check
Returns
  • true if unauthenticated users can access the given project, false otherwise

public boolean isRepositoryAccessible (Repository repository)

Retrieve whether the current user (authenticated or not) has access to the given repository.

The user may have access as a result of the following:

Parameters
repository the repository on which to check
Returns
  • true if the current user has access to the given repository, false otherwise

public boolean isRepositoryAccessible (int repositoryId)

Parameters
repositoryId the id of the repository on which to check
Returns
  • true if the current user has access to the given repository, false otherwise