Interface PermissionAdminService


public interface PermissionAdminService
Updates and queries the permissions of users and groups.
See Also:
  • Method Details

    • canRemoveUserFromGroup

      void canRemoveUserFromGroup(@Nonnull String username, @Nonnull String group)
      Check if a normal user can remove themselves from the given group.
      Parameters:
      username - the user to check
      group - the group from which the user is to be removed.
    • canAddUserToGroup

      void canAddUserToGroup(@Nonnull String group)
      Check if the current user can add users to the given group.
      Parameters:
      group - the group to which users will be added.
    • canDeleteGroup

      void canDeleteGroup(@Nonnull String group)
      Check if the current user can delete a group without affecting their permissions
      Parameters:
      group - the group to be deleted.
    • canDeleteUser

      void canDeleteUser(@Nonnull String userName)
      Check if the normal user can be deleted.
      Parameters:
      userName - the name of the user being deleted
    • findGroupsWithGlobalPermission

      @Nonnull Page<PermittedGroup> findGroupsWithGlobalPermission(@Nullable String filter, @Nonnull PageRequest pageRequest)
      Retrieves a page of groups and their highest global permission. Groups which do not have any global permissions explicitly assigned to them will not be returned.
      Parameters:
      filter - if non-null non-empty then the groups returned must include this text
      pageRequest - bounds the page of groups to be returned
      Returns:
      a page containing zero or more groups which have been explicitly granted a global permission, and their highest granted permission
    • findGroupsWithoutGlobalPermission

      @Nonnull Page<String> findGroupsWithoutGlobalPermission(@Nullable String filter, @Nonnull PageRequest pageRequest)
      Retrieves a page of groups who have not been explicitly granted any global permission
      Parameters:
      filter - if non-null non-empty then the groups returned must include this text
      pageRequest - bounds the page of groups to be returned
      Returns:
      a page of groupnames.
    • findGroupsWithoutProjectPermission

      @Nonnull Page<String> findGroupsWithoutProjectPermission(@Nonnull Project project, @Nullable String filter, @Nonnull PageRequest pageRequest)
      Retrieves a page of groups who have not been explicitly granted any project permission
      Parameters:
      project - the project for which the permissions are required.
      filter - if non-null non-empty then the groups returned must include this text
      pageRequest - bounds the page of groups to be returned
      Returns:
      a page of groupnames.
    • findGroupsWithoutRepositoryPermission

      @Nonnull Page<String> findGroupsWithoutRepositoryPermission(@Nonnull Repository repository, @Nullable String filter, @Nonnull PageRequest pageRequest)
      Retrieves a page of groups who have not been explicitly granted any repository permission.
      Parameters:
      repository - the repository for which the permissions are required.
      filter - if non-null non-empty then the groups returned must include this text
      pageRequest - bounds the page of groups to be returned
      Returns:
      a page of groupnames.
    • findGroupsWithProjectPermission

      @Nonnull Page<PermittedGroup> findGroupsWithProjectPermission(@Nonnull Project project, @Nullable String filter, @Nonnull PageRequest pageRequest)
      Retrieves a page of groups and their highest granted permission for the specified project. Groups which do not have any permissions explicitly assigned to them for the specified project will not be returned.
      Parameters:
      project - the project for which permissions should be considered
      filter - if non-null non-empty then the groups returned must include this text
      pageRequest - bounds the page of groups to be returned
      Returns:
      a page containing zero or more groups which have been explicitly granted a permission for the specified project, and their highest granted permission
    • findGroupsWithRepositoryPermission

      @Nonnull Page<PermittedGroup> findGroupsWithRepositoryPermission(@Nonnull Repository repository, @Nullable String filter, @Nonnull PageRequest pageRequest)
      Retrieves a page of groups and their highest granted permission for the specified repository. Groups which do not have any permissions explicitly assigned to them for the specified repository will not be returned.
      Parameters:
      repository - the repository for which permissions should be considered
      filter - if non-null non-empty then the groups returned must include this text
      pageRequest - bounds the page of groups to be returned
      Returns:
      a page containing zero or more groups which have been explicitly granted a permission for the specified repository, and their highest granted permission
    • findLicensedUsersWithoutProjectPermission

      @Nonnull Page<ApplicationUser> findLicensedUsersWithoutProjectPermission(@Nonnull Project project, @Nullable String filter, @Nonnull PageRequest pageRequest)
      Retrieves a page of active and licensed users who have not been explicitly granted any project permission
      Parameters:
      project - the project for which the permissions are required.
      filter - if non-null non-empty then the usernames returned must include this text
      pageRequest - bounds the page of users to be returned
      Returns:
      a page of ApplicationUser instances.
    • findLicensedUsersWithoutRepositoryPermission

      @Nonnull Page<ApplicationUser> findLicensedUsersWithoutRepositoryPermission(@Nonnull Repository repository, @Nullable String filter, @Nonnull PageRequest pageRequest)
      Retrieves a page of active and licensed users who have not been explicitly granted any repository permission.
      Parameters:
      repository - the repository for which the permissions are required.
      filter - if non-null non-empty then the usernames returned must include this text
      pageRequest - bounds the page of users to be returned
      Returns:
      a page of ApplicationUser instances.
    • findUsersWithGlobalPermission

      @Nonnull Page<PermittedUser> findUsersWithGlobalPermission(@Nullable String filter, @Nonnull PageRequest pageRequest)
      Retrieves a page of users and their highest global permission. Users which do not have any global permissions explicitly assigned to them will not be returned.
      Parameters:
      filter - if non-null non-empty then the usernames returned must include this text
      pageRequest - bounds the page of users to be returned
      Returns:
      a page containing zero or more users who have been explicitly granted a global permission, and their highest granted permission
    • findUsersWithoutGlobalPermission

      @Nonnull Page<ApplicationUser> findUsersWithoutGlobalPermission(@Nullable String filter, @Nonnull PageRequest pageRequest)
      Retrieves a page of active users who have not been explicitly granted any global permission
      Parameters:
      filter - if non-null non-empty then the usernames returned must include this text
      pageRequest - bounds the page of users to be returned
      Returns:
      a page of ApplicationUser instances.
    • findUsersWithProjectPermission

      @Nonnull Page<PermittedUser> findUsersWithProjectPermission(@Nonnull Project project, @Nullable String filter, @Nonnull PageRequest pageRequest)
      Retrieves a page of users and their highest granted permission for the specified project. Users which do not have any permissions explicitly assigned to them for the specified project will not be returned.
      Parameters:
      project - the project for which permissions should be considered
      filter - if non-null non-empty then the usernames returned must include this text
      pageRequest - bounds the page of users to be returned
      Returns:
      a page containing zero or more users who have been explicitly granted a permission for the specified project, and their highest granted permission
    • findUsersWithRepositoryPermission

      @Nonnull Page<PermittedUser> findUsersWithRepositoryPermission(@Nonnull Repository repository, @Nullable String filter, @Nonnull PageRequest pageRequest)
      Retrieves a page of users and their highest granted permission for the specified repository. Users which do not have any permissions explicitly assigned to them for the specified repository will not be returned.
      Parameters:
      repository - the repository for which permissions should be considered
      filter - if non-null non-empty then the usernames returned must include this text
      pageRequest - bounds the page of users to be returned
      Returns:
      a page containing zero or more users who have been explicitly granted a permission for the specified repository, and their highest granted permission
    • setPermission

      void setPermission(@Nonnull SetPermissionRequest request)
      Assigns a permission to multiple users and/or groups.

      Note that:

      • granting a global permission to users or groups will remove their other global permissions,
      • granting a project permission to users or groups will remove their other project permissions on the same project,
      • granting a repository permission to users or groups will remove their other repository permissions on the same repository.
      Parameters:
      request - request specifying which permission to grant to which users and/or groups
      See Also:
    • revokeAllGlobalPermissions

      void revokeAllGlobalPermissions(@Nonnull String group)
      Revoke all global permissions for the given group.
      Parameters:
      group - name of the group
    • revokeAllProjectPermissions

      void revokeAllProjectPermissions(@Nonnull Project project, @Nonnull String group)
      Revoke all project permissions for the given group.
      Parameters:
      project - the project on which permissions are to be revoked
      group - name of the group
    • revokeAllRepositoryPermissions

      void revokeAllRepositoryPermissions(@Nonnull Repository repository, @Nonnull String group)
      Revoke all repository permissions for the given group.
      Parameters:
      repository - the repository on which permissions are to be revoked
      group - name of the group
    • revokeAllGlobalPermissions

      void revokeAllGlobalPermissions(@Nonnull ApplicationUser user)
      Revoke all global permissions for the given user.
      Parameters:
      user - user to revoke permissions from
    • revokeAllProjectPermissions

      void revokeAllProjectPermissions(@Nonnull Project project, @Nonnull ApplicationUser user)
      Revoke all project permissions for the given user.
      Parameters:
      project - the project on which permissions are to be revoked
      user - user to revoke permissions from
    • revokeAllRepositoryPermissions

      void revokeAllRepositoryPermissions(@Nonnull Repository repository, @Nonnull ApplicationUser user)
      Revoke all repository permissions for the given user.
      Parameters:
      repository - the repository on which permissions are to be revoked
      user - user to revoke permissions from
    • revokeAllProjectPermissions

      void revokeAllProjectPermissions(@Nonnull Project project, @Nonnull Set<String> groups, @Nonnull Set<ApplicationUser> users)
      Revoke all project permissions for the given users and groups.
      Parameters:
      project - the project on which permissions are to be revoked
      users - the users to revoke permissions from
      groups - the groups to revoke permissions from
      Since:
      8.3
    • revokeAllRepositoryPermissions

      void revokeAllRepositoryPermissions(@Nonnull Repository repository, @Nonnull Set<String> groups, @Nonnull Set<ApplicationUser> users)
      Revoke all repository permissions for the given users and groups.
      Parameters:
      repository - the repository on which permissions are to be revoked
      users - the users to revoke permissions from
      groups - the groups to revoke permissions from
      Since:
      8.3
    • hasAllProjectPermission

      boolean hasAllProjectPermission(@Nonnull Permission permission, @Nonnull Project project)
      Check if the given project permission has been granted to every logged in user for the given project.
      Parameters:
      permission - the permission to be checked.
      project - the project for which the permissions are required.
      Returns:
      true if the given global permission is granted to all users.
    • grantAllProjectPermission

      void grantAllProjectPermission(@Nonnull Permission permission, @Nonnull Project project)
      Grant a project permission to all users users
      Parameters:
      permission - the project permission to be granted
      project - the project on which permission is to be revoked
    • revokeAllProjectPermission

      void revokeAllProjectPermission(@Nonnull Permission permission, @Nonnull Project project)
      Revoked a project permission from all users users
      Parameters:
      permission - the project permission to be revoked
      project - the project on which permission is to be revoked
    • revokeAllUserPermissions

      void revokeAllUserPermissions(@Nonnull String name)
      Revoke all permissions from a normal user. service users can not be identified by username hence their permission cannot be revoked by this method.
      Parameters:
      name - name of the normal user
    • revokeAllUserPermissions

      void revokeAllUserPermissions(@Nonnull ApplicationUser user)
      Revoke all permissions from a user.
      Parameters:
      user - the user
    • revokeAllGroupPermissions

      void revokeAllGroupPermissions(@Nonnull String name)
      Revoke all permissions granted to a group.
      Parameters:
      name - name of the group