PermissionAdminService (Bitbucket Server

```
public interface PermissionAdminService
```
Updates and queries the permissions of users and groups.

See Also:

PermissionService

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`void`	`canAddUserToGroup(String group)` Check if the current user can add users to the given group.
`void`	`canDeleteGroup(String group)` Check if the current user can delete a group without affecting their permissions
`void`	`canDeleteUser(String userName)` Check if the `normal` user can be deleted.
`void`	`canRemoveUserFromGroup(String username, String group)` Check if a `normal` user can remove themselves from the given group.
`Page<PermittedGroup>`	`findGroupsWithGlobalPermission(String filter, PageRequest pageRequest)` Retrieves a page of `groups` and their highest global permission.
`Page<String>`	`findGroupsWithoutGlobalPermission(String filter, PageRequest pageRequest)` Retrieves a page of groups who have not been explicitly granted any global permission
`Page<String>`	`findGroupsWithoutProjectPermission(Project project, String filter, PageRequest pageRequest)` Retrieves a page of groups who have not been explicitly granted any project permission
`Page<String>`	`findGroupsWithoutRepositoryPermission(Repository repository, String filter, PageRequest pageRequest)` Retrieves a page of groups who have not been explicitly granted any repository permission.
`Page<PermittedGroup>`	`findGroupsWithProjectPermission(Project project, String filter, PageRequest pageRequest)` Retrieves a page of `groups` and their highest granted permission for the specified project.
`Page<PermittedGroup>`	`findGroupsWithRepositoryPermission(Repository repository, String filter, PageRequest pageRequest)` Retrieves a page of `groups` and their highest granted permission for the specified repository.
`Page<ApplicationUser>`	`findLicensedUsersWithoutProjectPermission(Project project, String filter, PageRequest pageRequest)` Retrieves a page of `active` and `licensed` users who have not been explicitly granted any project permission
`Page<ApplicationUser>`	`findLicensedUsersWithoutRepositoryPermission(Repository repository, String filter, PageRequest pageRequest)` Retrieves a page of `active` and `licensed` users who have not been explicitly granted any repository permission.
`Page<PermittedUser>`	`findUsersWithGlobalPermission(String filter, PageRequest pageRequest)` Retrieves a page of `users` and their highest global permission.
`Page<ApplicationUser>`	`findUsersWithoutGlobalPermission(String filter, PageRequest pageRequest)` Retrieves a page of `active` users who have not been explicitly granted any global permission
`Page<PermittedUser>`	`findUsersWithProjectPermission(Project project, String filter, PageRequest pageRequest)` Retrieves a page of `users` and their highest granted permission for the specified project.
`Page<PermittedUser>`	`findUsersWithRepositoryPermission(Repository repository, String filter, PageRequest pageRequest)` Retrieves a page of `users` and their highest granted permission for the specified repository.
`void`	`grantAllProjectPermission(Permission permission, Project project)` Grant a project permission to all users users
`boolean`	`hasAllProjectPermission(Permission permission, Project project)` Check if the given project permission has been granted to every logged in user for the given project.
`void`	`revokeAllGlobalPermissions(ApplicationUser user)` Revoke all global permissions for the given user.
`void`	`revokeAllGlobalPermissions(String group)` Revoke all global permissions for the given group.
`void`	`revokeAllGroupPermissions(String name)` Revoke all permissions granted to a group.
`void`	`revokeAllProjectPermission(Permission permission, Project project)` Revoked a project permission from all users users
`void`	`revokeAllProjectPermissions(Project project, ApplicationUser user)` Revoke all project permissions for the given user.
`void`	`revokeAllProjectPermissions(Project project, String group)` Revoke all project permissions for the given group.
`void`	`revokeAllRepositoryPermissions(Repository repository, ApplicationUser user)` Revoke all repository permissions for the given user.
`void`	`revokeAllRepositoryPermissions(Repository repository, String group)` Revoke all repository permissions for the given group.
`void`	`revokeAllUserPermissions(ApplicationUser user)` Revoke all permissions from a user.
`void`	`revokeAllUserPermissions(String name)` Revoke all permissions from a `normal` user.
`void`	`setPermission(SetPermissionRequest request)` Assigns a permission to multiple users and/or groups.

Method Detail

canRemoveUserFromGroup

void canRemoveUserFromGroup(@Nonnull
                            String username,
                            @Nonnull
                            String group)

Check if a normal user can remove themselves from the given group.

Parameters:: username - the user to check; group - the group from which the user is to be removed.

canAddUserToGroup
```
void canAddUserToGroup(@Nonnull
                       String group)
```
Check if the current user can add users to the given group.

Parameters:

group - the group to which users will be added.

canDeleteGroup
```
void canDeleteGroup(@Nonnull
                    String group)
```
Check if the current user can delete a group without affecting their permissions

Parameters:

group - the group to be deleted.

canDeleteUser
```
void canDeleteUser(@Nonnull
                   String userName)
```
Check if the normal user can be deleted.

Parameters:

userName - the name of the user being deleted

findGroupsWithGlobalPermission

@Nonnull
Page<PermittedGroup> findGroupsWithGlobalPermission(@Nullable
                                                             String filter,
                                                             @Nonnull
                                                             PageRequest pageRequest)

Retrieves a page of groups and their highest global permission. Groups which do not have any global permissions explicitly assigned to them will not be returned.

Parameters:: filter - if non-null non-empty then the groups returned must include this text; pageRequest - bounds the page of groups to be returned
Returns:: a page containing zero or more groups which have been explicitly granted a global permission, and their highest granted permission

findGroupsWithoutGlobalPermission

@Nonnull
Page<String> findGroupsWithoutGlobalPermission(@Nullable
                                                        String filter,
                                                        @Nonnull
                                                        PageRequest pageRequest)

Retrieves a page of groups who have not been explicitly granted any global permission

Parameters:: filter - if non-null non-empty then the groups returned must include this text; pageRequest - bounds the page of groups to be returned
Returns:: a page of groupnames.

findGroupsWithoutProjectPermission

@Nonnull
Page<String> findGroupsWithoutProjectPermission(@Nonnull
                                                         Project project,
                                                         @Nullable
                                                         String filter,
                                                         @Nonnull
                                                         PageRequest pageRequest)

Retrieves a page of groups who have not been explicitly granted any project permission

Parameters:: project - the project for which the permissions are required.; filter - if non-null non-empty then the groups returned must include this text; pageRequest - bounds the page of groups to be returned
Returns:: a page of groupnames.

findGroupsWithoutRepositoryPermission

@Nonnull
Page<String> findGroupsWithoutRepositoryPermission(@Nonnull
                                                            Repository repository,
                                                            @Nullable
                                                            String filter,
                                                            @Nonnull
                                                            PageRequest pageRequest)

Retrieves a page of groups who have not been explicitly granted any repository permission.

Parameters:: repository - the repository for which the permissions are required.; filter - if non-null non-empty then the groups returned must include this text; pageRequest - bounds the page of groups to be returned
Returns:: a page of groupnames.

findGroupsWithProjectPermission

@Nonnull
Page<PermittedGroup> findGroupsWithProjectPermission(@Nonnull
                                                              Project project,
                                                              @Nullable
                                                              String filter,
                                                              @Nonnull
                                                              PageRequest pageRequest)

Retrieves a page of groups and their highest granted permission for the specified project. Groups which do not have any permissions explicitly assigned to them for the specified project will not be returned.

Parameters:: project - the project for which permissions should be considered; filter - if non-null non-empty then the groups returned must include this text; pageRequest - bounds the page of groups to be returned
Returns:: a page containing zero or more groups which have been explicitly granted a permission for the specified project, and their highest granted permission

findGroupsWithRepositoryPermission

@Nonnull
Page<PermittedGroup> findGroupsWithRepositoryPermission(@Nonnull
                                                                 Repository repository,
                                                                 @Nullable
                                                                 String filter,
                                                                 @Nonnull
                                                                 PageRequest pageRequest)

Retrieves a page of groups and their highest granted permission for the specified repository. Groups which do not have any permissions explicitly assigned to them for the specified repository will not be returned.

Parameters:: repository - the repository for which permissions should be considered; filter - if non-null non-empty then the groups returned must include this text; pageRequest - bounds the page of groups to be returned
Returns:: a page containing zero or more groups which have been explicitly granted a permission for the specified repository, and their highest granted permission

findLicensedUsersWithoutProjectPermission

@Nonnull
Page<ApplicationUser> findLicensedUsersWithoutProjectPermission(@Nonnull
                                                                         Project project,
                                                                         @Nullable
                                                                         String filter,
                                                                         @Nonnull
                                                                         PageRequest pageRequest)

Retrieves a page of active and licensed users who have not been explicitly granted any project permission

Parameters:: project - the project for which the permissions are required.; filter - if non-null non-empty then the usernames returned must include this text; pageRequest - bounds the page of users to be returned
Returns:: a page of ApplicationUser instances.

findLicensedUsersWithoutRepositoryPermission

@Nonnull
Page<ApplicationUser> findLicensedUsersWithoutRepositoryPermission(@Nonnull
                                                                            Repository repository,
                                                                            @Nullable
                                                                            String filter,
                                                                            @Nonnull
                                                                            PageRequest pageRequest)

Retrieves a page of active and licensed users who have not been explicitly granted any repository permission.

Parameters:: repository - the repository for which the permissions are required.; filter - if non-null non-empty then the usernames returned must include this text; pageRequest - bounds the page of users to be returned
Returns:: a page of ApplicationUser instances.

findUsersWithGlobalPermission

@Nonnull
Page<PermittedUser> findUsersWithGlobalPermission(@Nullable
                                                           String filter,
                                                           @Nonnull
                                                           PageRequest pageRequest)

Retrieves a page of users and their highest global permission. Users which do not have any global permissions explicitly assigned to them will not be returned.

Parameters:: filter - if non-null non-empty then the usernames returned must include this text; pageRequest - bounds the page of users to be returned
Returns:: a page containing zero or more users who have been explicitly granted a global permission, and their highest granted permission

findUsersWithoutGlobalPermission

@Nonnull
Page<ApplicationUser> findUsersWithoutGlobalPermission(@Nullable
                                                                String filter,
                                                                @Nonnull
                                                                PageRequest pageRequest)

Retrieves a page of active users who have not been explicitly granted any global permission

Parameters:: filter - if non-null non-empty then the usernames returned must include this text; pageRequest - bounds the page of users to be returned
Returns:: a page of ApplicationUser instances.

findUsersWithProjectPermission

@Nonnull
Page<PermittedUser> findUsersWithProjectPermission(@Nonnull
                                                            Project project,
                                                            @Nullable
                                                            String filter,
                                                            @Nonnull
                                                            PageRequest pageRequest)

Retrieves a page of users and their highest granted permission for the specified project. Users which do not have any permissions explicitly assigned to them for the specified project will not be returned.

Parameters:: project - the project for which permissions should be considered; filter - if non-null non-empty then the usernames returned must include this text; pageRequest - bounds the page of users to be returned
Returns:: a page containing zero or more users who have been explicitly granted a permission for the specified project, and their highest granted permission

findUsersWithRepositoryPermission

@Nonnull
Page<PermittedUser> findUsersWithRepositoryPermission(@Nonnull
                                                               Repository repository,
                                                               @Nullable
                                                               String filter,
                                                               @Nonnull
                                                               PageRequest pageRequest)

Retrieves a page of users and their highest granted permission for the specified repository. Users which do not have any permissions explicitly assigned to them for the specified repository will not be returned.

Parameters:: repository - the repository for which permissions should be considered; filter - if non-null non-empty then the usernames returned must include this text; pageRequest - bounds the page of users to be returned
Returns:: a page containing zero or more users who have been explicitly granted a permission for the specified repository, and their highest granted permission

setPermission
```
void setPermission(@Nonnull
                   SetPermissionRequest request)
```
Assigns a permission to multiple users and/or groups.
Note that:
- granting a global permission to users or groups will remove their other global permissions,
- granting a project permission to users or groups will remove their other project permissions on the same project,
- granting a repository permission to users or groups will remove their other repository permissions on the same repository.
Parameters:

request - request specifying which permission to grant to which users and/or groups

See Also:

to grant default project permissions

revokeAllGlobalPermissions

void revokeAllGlobalPermissions(@Nonnull
                                String group)

Revoke all global permissions for the given group.

Parameters:: group - name of the group

revokeAllProjectPermissions

void revokeAllProjectPermissions(@Nonnull
                                 Project project,
                                 @Nonnull
                                 String group)

Revoke all project permissions for the given group.

Parameters:: project - the project on which permissions are to be revoked; group - name of the group

revokeAllRepositoryPermissions

void revokeAllRepositoryPermissions(@Nonnull
                                    Repository repository,
                                    @Nonnull
                                    String group)

Revoke all repository permissions for the given group.

Parameters:: repository - the repository on which permissions are to be revoked; group - name of the group

revokeAllGlobalPermissions

void revokeAllGlobalPermissions(@Nonnull
                                ApplicationUser user)

Revoke all global permissions for the given user.

Parameters:: user - user to revoke permissions from

revokeAllProjectPermissions

void revokeAllProjectPermissions(@Nonnull
                                 Project project,
                                 @Nonnull
                                 ApplicationUser user)

Revoke all project permissions for the given user.

Parameters:: project - the project on which permissions are to be revoked; user - user to revoke permissions from

revokeAllRepositoryPermissions

void revokeAllRepositoryPermissions(@Nonnull
                                    Repository repository,
                                    @Nonnull
                                    ApplicationUser user)

Revoke all repository permissions for the given user.

Parameters:: repository - the repository on which permissions are to be revoked; user - user to revoke permissions from

hasAllProjectPermission
```
boolean hasAllProjectPermission(@Nonnull
                                Permission permission,
                                @Nonnull
                                Project project)
```
Check if the given project permission has been granted to every logged in user for the given project.

Parameters:

permission - the permission to be checked.

project - the project for which the permissions are required.

Returns:

true if the given global permission is granted to all users.

grantAllProjectPermission

void grantAllProjectPermission(@Nonnull
                               Permission permission,
                               @Nonnull
                               Project project)

Grant a project permission to all users users

Parameters:: permission - the project permission to be granted; project - the project on which permission is to be revoked

revokeAllProjectPermission

void revokeAllProjectPermission(@Nonnull
                                Permission permission,
                                @Nonnull
                                Project project)

Revoked a project permission from all users users

Parameters:: permission - the project permission to be revoked; project - the project on which permission is to be revoked

revokeAllUserPermissions
```
void revokeAllUserPermissions(@Nonnull
                              String name)
```
Revoke all permissions from a normal user. service users can not be identified by username hence their permission cannot be revoked by this method.

Parameters:

name - name of the normal user

revokeAllUserPermissions

void revokeAllUserPermissions(@Nonnull
                              ApplicationUser user)

Revoke all permissions from a user.

Parameters:: user - the user

revokeAllGroupPermissions

void revokeAllGroupPermissions(@Nonnull
                               String name)

Revoke all permissions granted to a group.

Parameters:: name - name of the group

Interface PermissionAdminService

Method Summary

Method Detail

canRemoveUserFromGroup

canAddUserToGroup

canDeleteGroup

canDeleteUser

findGroupsWithGlobalPermission

findGroupsWithoutGlobalPermission

findGroupsWithoutProjectPermission

findGroupsWithoutRepositoryPermission

findGroupsWithProjectPermission

findGroupsWithRepositoryPermission

findLicensedUsersWithoutProjectPermission

findLicensedUsersWithoutRepositoryPermission

findUsersWithGlobalPermission

findUsersWithoutGlobalPermission

findUsersWithProjectPermission

findUsersWithRepositoryPermission

setPermission

revokeAllGlobalPermissions

revokeAllProjectPermissions

revokeAllRepositoryPermissions

revokeAllGlobalPermissions

revokeAllProjectPermissions

revokeAllRepositoryPermissions

hasAllProjectPermission

grantAllProjectPermission

revokeAllProjectPermission

revokeAllUserPermissions

revokeAllUserPermissions

revokeAllGroupPermissions