com.atlassian.bitbucket.user.UserAdminService |
Provides methods for querying, creating and updating users and groups.
Many of the queries provided by this service are also provided by UserService
. The queries provided here
are specifically geared toward administration, retrieving detailed groups
and
detailed groups
. For non-administrative usages, like group and user pickers, the "normal"
queries from UserService
should be used instead.
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Adds one or more users to a group.
| |||||||||||
Adds a user to one or more groups.
| |||||||||||
Retrieves a flag indicating whether it is possible to create a group.
| |||||||||||
Retrieves a flag indicating whether it is possible to create a user.
| |||||||||||
Retrieves a flag indicating whether it is possible to delete a group.
| |||||||||||
Retrieves a flag indicating whether it is possible to update groups.
| |||||||||||
Clears any CAPTCHA challenge that may constrain the user with the supplied username when they authenticate.
| |||||||||||
Creates a new group.
| |||||||||||
Creates a new
service user. | |||||||||||
Creates a new user and adds them to the default group, if it exists.
| |||||||||||
Creates a new user and optionally adds them to the default group, if it exists.
| |||||||||||
Creates a new user with a randomly-generated password.
| |||||||||||
Deletes a group.
| |||||||||||
Deletes a user.
| |||||||||||
Erases personally identifying user data for a deleted user.
| |||||||||||
Retrieves a page of groups with full
details . | |||||||||||
Retrieves a page of groups with full
details , optionally filtering the returned results
to those containing the specified groupName . | |||||||||||
Retrieves a page of groups which the specified user is a member of, with full
details ,
optionally filtering the returned results to those containing the specified groupName . | |||||||||||
Retrieves a page of groups which the specified user is not a member of, with full
details , optionally filtering the returned results to those containing the specified groupName . | |||||||||||
Find a password reset request using the token generated by
requestPasswordReset(String) . | |||||||||||
Retrieves a page of users with full
details . | |||||||||||
Retrieves a page of users, optionally filtering the returned results to those containing the specified
username . | |||||||||||
Find the users within a group that match the page request.
| |||||||||||
Find the users outside a group that match the page request.
| |||||||||||
Retrieves a flag indicating whether the new user is able to set a password or not
| |||||||||||
Removes a user from a group.
| |||||||||||
Change the name of a user
| |||||||||||
Generates a unique token which can be used to perform a
password reset
for the specified user and e-mails it to the address associated with their account. | |||||||||||
Resets the password for the
user associated with the specified token to the provided value. | |||||||||||
Updates the password of the specified user.
| |||||||||||
Updates the details of the specified
user | |||||||||||
Updates the
display name and e-mail address of the specified user. | |||||||||||
Validate if a username can be erased.
|
Adds one or more users to a group.
groupName | names of the group to which the users will be added |
---|---|
usernames | names of the users who will receive the new group membership |
ForbiddenException | if the group would grant SYS_ADMIN permission
and the current user isn't a SYS_ADMIN; only SYS_ADMINs can grant SYS_ADMIN permission |
---|---|
LicenseLimitException | if the additions would grant LICENSED_USER
permission to more users than the active license allows |
NoSuchGroupException | if the specified group does not exist |
NoSuchUserException | if any of the specified users does not exist |
Adds a user to one or more groups.
username | name of the user who will receive the new group memberships |
---|---|
groupNames | names of the groups to add to the user |
ForbiddenException | if one of the groups would grant SYS_ADMIN permission
and the current user isn't a SYS_ADMIN; only SYS_ADMINs can grant SYS_ADMIN permission |
---|---|
LicenseLimitException | if one of the groups would grant LICENSED_USER
permission to more users than the active license allows |
NoSuchGroupException | if any of the specified groups does not exist |
NoSuchUserException | if the specified user does not exist |
Retrieves a flag indicating whether it is possible to create a group.
true
if any directory exists in which a group can be created; otherwise, false
Retrieves a flag indicating whether it is possible to create a user.
true
if any directory exists in which a user can be created; otherwise, false
Retrieves a flag indicating whether it is possible to delete a group.
true
if any directory exists in which a group can be deleted; otherwise false
Retrieves a flag indicating whether it is possible to update groups.
true
if any directory exists in which a group can be updated; otherwise, false
Clears any CAPTCHA challenge that may constrain the user with the supplied username when they authenticate. Additionally any counter or metric that contributed towards the user being issued the CAPTCHA challenge (for instance too many consecutive failed logins) will also be reset.
username | the user whose CAPTCHA challenge should be cleared |
---|
Creates a new group.
groupName | the name for the new group |
---|
IntegrityException | if a group with the same already exists |
---|
Creates a new service
user. Service users cannot be added to any groups. The user
is created without any permissions.
It is suggested that consumers use the ID
of the user created as the foreign key for
related content because their name, slug and other properties can be updated.
userRequest | the user's details |
---|
IntegrityException | if a service user with the provided username already exists |
---|
Creates a new user and adds them to the default group, if it exists. If the user should be created without being
added to the default group, use createUser(String, String, String, String, boolean)
instead.
A non-null
, non-blank password
must be provided. It may be further vetted by the user store,
for example by applying complexity restrictions. Alternatively, if an e-mail server has been configured, new
users can be created with generated passwords
,
allowing new users to set their own password when they first access the system.
username | the username for the new user |
---|---|
password | the user's initial password, which may not be null or empty |
displayName | the display name for the new user |
emailAddress | the e-mail address for the new user |
IntegrityException | if a user with the same username already exists |
---|---|
LicenseLimitException | if the new user can not be added to the default group because it would grant
LICENSED_USER permission to more users than
the active license allows |
Creates a new user and optionally adds them to the default group, if it exists.
A non-null
, non-blank password
must be provided. It may be further vetted by the user store,
for example by applying complexity restrictions. Alternatively, if an e-mail server has been configured, new
users can be created with generated passwords
,
allowing new users to set their own password when they first access the system.
This method is not intended to be exposed via services like REST for general consumption. It exists to satisfy specific use cases where the system, or a plugin, may wish to create a user without adding them to the default group. Generally it is expected that new users should be added to the default group, as it defines the set of "common" permissions for all users of the system.
username | the username for the new user |
---|---|
password | the user's initial password, which may not be null or empty |
displayName | the display name for the new user |
emailAddress | the e-mail address for the new user |
IntegrityException | if a user with the same username already exists |
---|---|
LicenseLimitException | if the new user can not be added to the default group because it would grant
LICENSED_USER permission to more users than
the active license allows |
Creates a new user with a randomly-generated password. An e-mail notification will be sent to the new user's e-mail address with instructions on how to reset their password and finish activating their account.
username | the username for the new user |
---|---|
displayName | the display name for the new user |
emailAddress | the e-mail address for the new user |
IntegrityException | if a user with the same username already exists or if the user will be created in a directory that does not allow passwords to be reset |
---|---|
LicenseLimitException | if the new user can not be added to the default group because it would grant
LICENSED_USER permission to more users than
the active license allows |
MailException | if the e-mail notification could not be sent to the created user to allow them to set their initial password |
NoMailHostConfigurationException | if no e-mail server has been configured |
Deletes a group. Deleting a group will also revoke all permissions which had been granted to that group.
Note: Future releases may remove the return value from this method. For best portability across versions, the return value for this method should not be used.
groupName | the name of the group to delete |
---|
ForbiddenException | if the group grants SYS_ADMIN permission but the
current user is not a SYS_ADMIN |
---|---|
IntegrityException | if deleting the group would revoke the ADMIN or
SYS_ADMIN permissions of the current user |
NoSuchGroupException | if the group does not exist |
Deletes a user. Deleting a user will also revoke all permissions which had been granted to that user, as well as invalidating any cached authentication tokens they may have.
Note: Future releases may remove the return value from this method. For best portability across versions, the return value for this method should not be used.
username | the username of the user to delete |
---|
ForbiddenException | if the user to delete is a SYS_ADMIN and the current
user is not |
---|---|
IntegrityException | if the user to delete is the current user |
NoSuchUserException | if the user does not exist |
Erases personally identifying user data for a deleted user. References in the application to the original username will be either removed or updated to a new non-identifying username.
A UserErasedEvent
is then raised once erasure has completed.
Erasing user data is irreversible and may lead to a degraded user experience. This method should not be used as part of a standard user deletion and cleanup process.
username | the username of the user to erase data for |
---|
IllegalUserStateException | if the supplied username is the username of a non-deleted user |
---|---|
NoSuchUserException | if the supplied username does not exist |
UserErasureException | if some of the delegated user erasure operations failed |
Retrieves a page of groups with full details
.
Note: To filter the retrieved groups by name, use findGroupsByName(String, PageRequest)
instead.
pageRequest | defines the page of groups to retrieve |
---|
null
Retrieves a page of groups with full details
, optionally filtering the returned results
to those containing the specified groupName
. If the provided groupName
is null
, this
method behaves identically to findGroups(PageRequest)
.
groupName | 0 or more characters to apply as a filter on returned groups |
---|---|
pageRequest | defines the page of groups to retrieve |
null
Retrieves a page of groups which the specified user is a member of, with full details
,
optionally filtering the returned results to those containing the specified groupName
. If the provided
groupName
is null
or empty groups will not be filtered. If no user exists with the specified
username
, no groups will be returned.
username | the exact name of the user to retrieve groups for |
---|---|
groupName | 0 or more characters to apply as a filter on returned groups |
pageRequest | defines the page of groups to retrieve |
null
Retrieves a page of groups which the specified user is not a member of, with full details
, optionally filtering the returned results to those containing the specified groupName
. If the
provided groupName
is null
or empty groups will not be filtered. If no user exists with the
specified username
, no groups will be returned.
username | the exact name of the user to retrieve groups for |
---|---|
groupName | 0 or more characters to apply as a filter on returned groups |
pageRequest | defines the page of groups to retrieve |
null
Find a password reset request using the token generated by requestPasswordReset(String)
.
token | token identifying the password reset request |
---|
null
if no request matches the token or if
the request has expiredRetrieves a page of users with full details
.
Note: To filter the retrieved users by name, use findUsersByName(String, PageRequest)
instead.
pageRequest | defines the page of users to retrieve |
---|
null
Retrieves a page of users, optionally filtering the returned results to those containing the specified
username
. If the provided username
is null
, this method behaves identically to
findUsers(PageRequest)
. Otherwise, the username
is matched against:
username | 0 or more characters to apply as a filter on returned users |
---|---|
pageRequest | defines the page of users to retrieve |
null
Find the users within a group that match the page request.
groupName | name of the group the users must belong to |
---|---|
pageRequest | page request |
ApplicationUser
Find the users outside a group that match the page request.
groupName | name of the group the users must not belong to |
---|---|
pageRequest | page request |
ApplicationUser
Retrieves full details
for the specified user
. This method is intended to
"promote" from a ApplicationUser
to a DetailedUser
, providing access to mutability details and other
information for the user.
user | the user to retrieve details for |
---|
details
for the specified userNoSuchUserException | if the specified user does not exist in the underlying user store
|
---|
Retrieves a flag indicating whether the new user is able to set a password or not
false
Removes a user from a group.
groupName | name of the group the user will be removed from |
---|---|
username | name of the user to remove from the group |
ForbiddenException | if the group grants SYS_ADMIN permission but the
current user is not a SYS_ADMIN |
---|---|
IntegrityException | if the current user belongs to the specified group and removing them from the
group would revoke their SYS_ADMIN or
ADMIN permission |
NoSuchGroupException | if the specified group does not exist |
NoSuchUserException | if the specified user does not exist |
Change the name of a user
currentUsername | the current name of the user |
---|---|
newUsername | the new name of the user |
NoSuchUserException | if the specified user does not exist |
---|---|
IntegrityException | if a user already exists in the directory with the new name |
ForbiddenException | if renaming is not supported by the directory the target user belongs to |
Generates a unique token which can be used to perform a password reset
for the specified user and e-mails it to the address associated with their account.
username | username of the user |
---|
MailException | if the e-mail notification could not be sent to the user (ex: the mail server is down) |
---|---|
NoMailHostConfigurationException | if no e-mail server has been configured |
NoSuchUserException | if the user does not exist |
Resets the password for the user
associated with the specified token to the provided value.
token | the token identifying the user whose password should be reset |
---|---|
password | the new password for the user |
InvalidPasswordResetTokenException | if no user matches the specified token |
---|---|
NoSuchEntityException |
Updates the details of the specified user
request | the user's new details |
---|
Updates the display name
and e-mail address
of the specified user.
username | the user's username |
---|---|
displayName | the user's new display name |
emailAddress | the user's new email address |
Validate if a username can be erased.
A username is only valid for erasure if it exists as the username of a deleted user. This method will throw an appropriate exception if the user for the supplied username is invalid for erasure.
username | the username of the user to validate erasability for |
---|
IllegalUserStateException | if the supplied username is the username of a non-deleted user |
---|---|
NoSuchUserException | if the supplied username does not exist |