public interface UserAdminService
Many of the queries provided by this service are also provided by UserService
. The queries provided here
are specifically geared toward administration, retrieving detailed groups
and
detailed groups
. For non-administrative usages, like group and user pickers, the "normal"
queries from UserService
should be used instead.
UserService
Modifier and Type | Method and Description |
---|---|
void |
addMembersToGroup(String groupName,
Set<String> usernames)
Adds one or more users to a group.
|
void |
addUserToGroups(String username,
Set<String> groupNames)
Adds a user to one or more groups.
|
boolean |
canCreateGroups()
Retrieves a flag indicating whether it is possible to create a group.
|
boolean |
canCreateUsers()
Retrieves a flag indicating whether it is possible to create a user.
|
boolean |
canDeleteGroups()
Retrieves a flag indicating whether it is possible to delete a group.
|
boolean |
canUpdateGroups()
Retrieves a flag indicating whether it is possible to update groups.
|
void |
clearCaptchaChallenge(String username)
Clears any CAPTCHA challenge that may constrain the user with the supplied username when they authenticate.
|
DetailedGroup |
createGroup(String groupName)
Creates a new group.
|
ServiceUser |
createServiceUser(ServiceUserCreateRequest userRequest)
Creates a new
service user. |
void |
createUser(String username,
String password,
String displayName,
String emailAddress)
Creates a new user and adds them to the default group, if it exists.
|
void |
createUser(String username,
String password,
String displayName,
String emailAddress,
boolean addToDefaultGroup)
Creates a new user and optionally adds them to the default group, if it exists.
|
void |
createUserWithGeneratedPassword(String username,
String displayName,
String emailAddress)
Creates a new user with a randomly-generated password.
|
DetailedGroup |
deleteGroup(String groupName)
Deletes a group.
|
DetailedUser |
deleteUser(String username)
Deletes a user.
|
String |
eraseUser(String username)
Erases personally identifying user data for a deleted user.
|
Page<DetailedGroup> |
findGroups(PageRequest pageRequest)
Retrieves a page of groups with full
details . |
Page<DetailedGroup> |
findGroupsByName(String groupName,
PageRequest pageRequest)
Retrieves a page of groups with full
details , optionally filtering the returned results
to those containing the specified groupName . |
Page<DetailedGroup> |
findGroupsWithoutUser(String username,
String groupName,
PageRequest pageRequest)
Retrieves a page of groups which the specified user is not a member of, with full
details , optionally filtering the returned results to those containing the specified groupName . |
Page<DetailedGroup> |
findGroupsWithUser(String username,
String groupName,
PageRequest pageRequest)
Retrieves a page of groups which the specified user is a member of, with full
details ,
optionally filtering the returned results to those containing the specified groupName . |
DetailedUser |
findUserByPasswordResetToken(String token)
Find a password reset request using the token generated by
requestPasswordReset(String) . |
Page<DetailedUser> |
findUsers(PageRequest pageRequest)
Retrieves a page of users with full
details . |
Page<DetailedUser> |
findUsersByName(String username,
PageRequest pageRequest)
Retrieves a page of users, optionally filtering the returned results to those containing the specified
username . |
Page<DetailedUser> |
findUsersWithGroup(String groupName,
String username,
PageRequest pageRequest)
Find the users within a group that match the page request.
|
Page<DetailedUser> |
findUsersWithoutGroup(String groupName,
String username,
PageRequest pageRequest)
Find the users outside a group that match the page request.
|
DetailedUser |
getUserDetails(ApplicationUser user)
|
DetailedUser |
getUserDetails(String username)
|
boolean |
newUserCanResetPassword()
Retrieves a flag indicating whether the new user is able to set a password or not
|
void |
removeUserFromGroup(String groupName,
String username)
Removes a user from a group.
|
DetailedUser |
renameUser(String currentUsername,
String newUsername)
Change the name of a user
|
void |
requestPasswordReset(String username)
Generates a unique token which can be used to perform a
password reset
for the specified user and e-mails it to the address associated with their account. |
void |
resetPassword(String token,
String password)
Resets the password for the
user associated with the specified token to the provided value. |
void |
updatePassword(String username,
String newPassword)
Updates the password of the specified user.
|
ServiceUser |
updateServiceUser(ServiceUserUpdateRequest request)
Updates the details of the specified
user |
DetailedUser |
updateUser(String username,
String displayName,
String emailAddress)
Updates the
display name and e-mail address of the specified user. |
void |
validateErasable(String username)
Validate if a username can be erased.
|
void addUserToGroups(@Nonnull String username, @Nonnull Set<String> groupNames) throws ForbiddenException, LicenseLimitException, NoSuchGroupException, NoSuchUserException
username
- name of the user who will receive the new group membershipsgroupNames
- names of the groups to add to the userForbiddenException
- if one of the groups would grant SYS_ADMIN
permission
and the current user isn't a SYS_ADMIN; only SYS_ADMINs can grant SYS_ADMIN permissionLicenseLimitException
- if one of the groups would grant LICENSED_USER
permission to more users than the active license allowsNoSuchGroupException
- if any of the specified groups does not existNoSuchUserException
- if the specified user does not existvoid addMembersToGroup(@Nonnull String groupName, @Nonnull Set<String> usernames) throws ForbiddenException, LicenseLimitException, NoSuchGroupException, NoSuchUserException
groupName
- names of the group to which the users will be addedusernames
- names of the users who will receive the new group membershipForbiddenException
- if the group would grant SYS_ADMIN
permission
and the current user isn't a SYS_ADMIN; only SYS_ADMINs can grant SYS_ADMIN permissionLicenseLimitException
- if the additions would grant LICENSED_USER
permission to more users than the active license allowsNoSuchGroupException
- if the specified group does not existNoSuchUserException
- if any of the specified users does not existboolean canCreateGroups()
true
if any directory exists in which a group can be created; otherwise, false
boolean canUpdateGroups()
true
if any directory exists in which a group can be updated; otherwise, false
boolean canCreateUsers()
true
if any directory exists in which a user can be created; otherwise, false
boolean canDeleteGroups()
true
if any directory exists in which a group can be deleted; otherwise false
boolean newUserCanResetPassword()
true
if user is able to set a password; otherwise false
void clearCaptchaChallenge(@Nonnull String username)
username
- the user whose CAPTCHA challenge should be cleared@Nonnull DetailedGroup createGroup(@Nonnull String groupName) throws IntegrityException
groupName
- the name for the new groupIntegrityException
- if a group with the same already exists@Nonnull ServiceUser createServiceUser(@Nonnull ServiceUserCreateRequest userRequest) throws IntegrityException
service
user. Service users cannot be added to any groups. The user
is created without any permissions.
It is suggested that consumers use the ID
of the user created as the foreign key for
related content because their name, slug and other properties can be updated.
userRequest
- the user's detailsIntegrityException
- if a service user with the provided username already existsvoid createUser(@Nonnull String username, @Nonnull String password, @Nonnull String displayName, @Nonnull String emailAddress) throws IntegrityException, LicenseLimitException
createUser(String, String, String, String, boolean)
instead.
A non-null
, non-blank password
must be provided. It may be further vetted by the user store,
for example by applying complexity restrictions. Alternatively, if an e-mail server has been configured, new
users can be created with generated passwords
,
allowing new users to set their own password when they first access the system.
username
- the username
for the new userpassword
- the user's initial password, which may not be null
or emptydisplayName
- the display name
for the new useremailAddress
- the e-mail address
for the new userIntegrityException
- if a user with the same username already existsLicenseLimitException
- if the new user can not be added to the default group because it would grant
LICENSED_USER
permission to more users than
the active license allowscreateUser(String, String, String, String, boolean)
void createUser(@Nonnull String username, @Nonnull String password, @Nonnull String displayName, @Nonnull String emailAddress, boolean addToDefaultGroup) throws IntegrityException, LicenseLimitException
A non-null
, non-blank password
must be provided. It may be further vetted by the user store,
for example by applying complexity restrictions. Alternatively, if an e-mail server has been configured, new
users can be created with generated passwords
,
allowing new users to set their own password when they first access the system.
This method is not intended to be exposed via services like REST for general consumption. It exists to satisfy specific use cases where the system, or a plugin, may wish to create a user without adding them to the default group. Generally it is expected that new users should be added to the default group, as it defines the set of "common" permissions for all users of the system.
username
- the username
for the new userpassword
- the user's initial password, which may not be null
or emptydisplayName
- the display name
for the new useremailAddress
- the e-mail address
for the new useraddToDefaultGroup
- true if the new user should be added to the default groupIntegrityException
- if a user with the same username already existsLicenseLimitException
- if the new user can not be added to the default group because it would grant
LICENSED_USER
permission to more users than
the active license allowscreateUser(String, String, String, String)
void createUserWithGeneratedPassword(@Nonnull String username, @Nonnull String displayName, @Nonnull String emailAddress) throws IntegrityException, LicenseLimitException, MailException
username
- the username
for the new userdisplayName
- the display name
for the new useremailAddress
- the e-mail address
for the new userIntegrityException
- if a user with the same username already exists or if the user will be created
in a directory that does not allow passwords to be resetLicenseLimitException
- if the new user can not be added to the default group because it would grant
LICENSED_USER
permission to more users than
the active license allowsMailException
- if the e-mail notification could not be sent to the created user to allow them
to set their initial passwordNoMailHostConfigurationException
- if no e-mail server has been configured@Nonnull DetailedGroup deleteGroup(@Nonnull String groupName) throws ForbiddenException, IntegrityException, NoSuchGroupException
Note: Future releases may remove the return value from this method. For best portability across versions, the return value for this method should not be used.
groupName
- the name of the group to deleteForbiddenException
- if the group grants SYS_ADMIN
permission but the
current user is not a SYS_ADMINIntegrityException
- if deleting the group would revoke the ADMIN
or
SYS_ADMIN
permissions of the current userNoSuchGroupException
- if the group does not exist@Nonnull DetailedUser deleteUser(@Nonnull String username) throws ForbiddenException, IntegrityException, NoSuchUserException
Note: Future releases may remove the return value from this method. For best portability across versions, the return value for this method should not be used.
username
- the username
of the user to deleteForbiddenException
- if the user to delete is a SYS_ADMIN
and the current
user is notIntegrityException
- if the user to delete is the current userNoSuchUserException
- if the user does not exist@Nonnull String eraseUser(@Nonnull String username) throws IllegalUserStateException, NoSuchUserException, UserErasureException
A UserErasedEvent
is then raised once erasure has completed.
Erasing user data is irreversible and may lead to a degraded user experience. This method should not be used as part of a standard user deletion and cleanup process.
username
- the username
of the user to erase data forIllegalUserStateException
- if the supplied username
is the username of a non-deleted userNoSuchUserException
- if the supplied username
does not existUserErasureException
- if some of the delegated user erasure operations failedUserErasedEvent
@Nonnull Page<DetailedGroup> findGroups(@Nonnull PageRequest pageRequest)
details
.
Note: To filter the retrieved groups by name, use findGroupsByName(String, PageRequest)
instead.
pageRequest
- defines the page of groups to retrievenull
findGroupsByName(String, PageRequest)
,
UserService.findGroups(PageRequest)
@Nonnull Page<DetailedGroup> findGroupsByName(@Nullable String groupName, @Nonnull PageRequest pageRequest)
details
, optionally filtering the returned results
to those containing the specified groupName
. If the provided groupName
is null
, this
method behaves identically to findGroups(PageRequest)
.groupName
- 0 or more characters to apply as a filter on returned groupspageRequest
- defines the page of groups to retrievenull
findGroups(PageRequest)
,
UserService.findGroupsByName(String, PageRequest)
@Nonnull Page<DetailedGroup> findGroupsWithUser(@Nonnull String username, @Nullable String groupName, @Nonnull PageRequest pageRequest)
details
,
optionally filtering the returned results to those containing the specified groupName
. If the provided
groupName
is null
or empty groups will not be filtered. If no user exists with the specified
username
, no groups will be returned.username
- the exact name of the user to retrieve groups forgroupName
- 0 or more characters to apply as a filter on returned groupspageRequest
- defines the page of groups to retrievenull
findGroupsWithoutUser(String, String, PageRequest)
,
findUsersWithGroup(String, String, PageRequest)
,
UserService.findGroupsByUser(String, PageRequest)
@Nonnull Page<DetailedGroup> findGroupsWithoutUser(@Nonnull String username, @Nullable String groupName, @Nonnull PageRequest pageRequest)
details
, optionally filtering the returned results to those containing the specified groupName
. If the
provided groupName
is null
or empty groups will not be filtered. If no user exists with the
specified username
, no groups will be returned.username
- the exact name of the user to retrieve groups forgroupName
- 0 or more characters to apply as a filter on returned groupspageRequest
- defines the page of groups to retrievenull
findGroupsWithUser(String, String, PageRequest)
,
findUsersWithGroup(String, String, PageRequest)
,
UserService.findGroupsByUser(String, PageRequest)
@Nullable DetailedUser findUserByPasswordResetToken(@Nonnull String token)
requestPasswordReset(String)
.token
- token identifying the password reset requestnull
if no request matches the token or if
the request has expiredrequestPasswordReset(String)
@Nonnull Page<DetailedUser> findUsers(@Nonnull PageRequest pageRequest)
details
.
Note: To filter the retrieved users by name, use findUsersByName(String, PageRequest)
instead.
pageRequest
- defines the page of users to retrievenull
findUsersByName(String, PageRequest)
,
UserService.findUsers(PageRequest)
@Nonnull Page<DetailedUser> findUsersByName(@Nullable String username, @Nonnull PageRequest pageRequest)
username
. If the provided username
is null
, this method behaves identically to
findUsers(PageRequest)
. Otherwise, the username
is matched against:
username
- 0 or more characters to apply as a filter on returned userspageRequest
- defines the page of users to retrievenull
findUsers(PageRequest)
,
UserService.findUsersByName(String, PageRequest)
@Nonnull Page<DetailedUser> findUsersWithGroup(@Nonnull String groupName, @Nullable String username, @Nonnull PageRequest pageRequest)
groupName
- name of the group the users must belong tousername
- 0 or more characters to apply as a filter on returned userspageRequest
- page request@Nonnull Page<DetailedUser> findUsersWithoutGroup(@Nonnull String groupName, @Nullable String username, @Nonnull PageRequest pageRequest)
groupName
- name of the group the users must not belong tousername
- 0 or more characters to apply as a filter on returned userspageRequest
- page requestApplicationUser
@Nullable DetailedUser getUserDetails(@Nonnull String username)
username
- the exact username of the user to retrievedetails
for the specified user, or null
if no user@Nonnull DetailedUser getUserDetails(@Nonnull ApplicationUser user)
details
for the specified user
. This method is intended to
"promote" from a ApplicationUser
to a DetailedUser
, providing access to mutability details and other
information for the user.user
- the user to retrieve details fordetails
for the specified userNoSuchUserException
- if the specified user
does not exist in the underlying user storevoid removeUserFromGroup(@Nonnull String groupName, @Nonnull String username) throws ForbiddenException, IntegrityException, NoSuchGroupException, NoSuchUserException
groupName
- name of the group the user will be removed fromusername
- name of the user to remove from the groupForbiddenException
- if the group grants SYS_ADMIN
permission but the
current user is not a SYS_ADMINIntegrityException
- if the current user belongs to the specified group and removing them from the
group would revoke their SYS_ADMIN
or
ADMIN
permissionNoSuchGroupException
- if the specified group does not existNoSuchUserException
- if the specified user does not exist@Nonnull DetailedUser renameUser(@Nonnull String currentUsername, @Nonnull String newUsername)
currentUsername
- the current name of the usernewUsername
- the new name of the userNoSuchUserException
- if the specified user does not existIntegrityException
- if a user already exists in the directory with the new nameForbiddenException
- if renaming is not supported by the directory the target user belongs tovoid requestPasswordReset(@Nonnull String username) throws MailException, NoSuchUserException
password reset
for the specified user and e-mails it to the address associated with their account.username
- username of the userMailException
- if the e-mail notification could not be sent to the user (ex: the mail server is down)NoMailHostConfigurationException
- if no e-mail server has been configuredNoSuchUserException
- if the user does not existvoid resetPassword(@Nonnull String token, @Nonnull String password) throws InvalidPasswordResetTokenException, NoSuchEntityException
user
associated with the specified token to the provided value.token
- the token identifying the user whose password should be resetpassword
- the new password for the userInvalidPasswordResetTokenException
- if no user matches the specified tokenNoSuchEntityException
void updatePassword(@Nonnull String username, @Nonnull String newPassword)
username
- the user's usernamenewPassword
- the user's new password@Nonnull ServiceUser updateServiceUser(@Nonnull ServiceUserUpdateRequest request)
user
request
- the user's new details@Nonnull DetailedUser updateUser(@Nonnull String username, @Nonnull String displayName, @Nonnull String emailAddress)
display name
and e-mail address
of the specified user.
username
- the user's usernamedisplayName
- the user's new display nameemailAddress
- the user's new email addressvoid validateErasable(@Nonnull String username) throws IllegalUserStateException, NoSuchUserException
A username is only valid for erasure if it exists as the username of a deleted user. This method will throw an appropriate exception if the user for the supplied username is invalid for erasure.
username
- the username
of the user to validate erasability forIllegalUserStateException
- if the supplied username
is the username of a non-deleted userNoSuchUserException
- if the supplied username
does not existCopyright © 2020 Atlassian. All rights reserved.