Interface PermissionAdminService
public interface PermissionAdminService
Updates and queries the permissions of users and groups.
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionvoid
canAddUserToGroup
(String group) Check if the current user can add users to the given group.void
canDeleteGroup
(String group) Check if the current user can delete a group without affecting their permissionsvoid
canDeleteUser
(String userName) Check if thenormal
user can be deleted.void
canRemoveUserFromGroup
(String username, String group) Check if anormal
user can remove themselves from the given group.findGroupsWithGlobalPermission
(String filter, PageRequest pageRequest) Retrieves a page ofgroups
and their highest global permission.findGroupsWithoutGlobalPermission
(String filter, PageRequest pageRequest) Retrieves a page of groups who have not been explicitly granted any global permissionfindGroupsWithoutProjectPermission
(Project project, String filter, PageRequest pageRequest) Retrieves a page of groups who have not been explicitly granted any project permissionfindGroupsWithoutRepositoryPermission
(Repository repository, String filter, PageRequest pageRequest) Retrieves a page of groups who have not been explicitly granted any repository permission.findGroupsWithProjectPermission
(Project project, String filter, PageRequest pageRequest) Retrieves a page ofgroups
and their highest granted permission for the specified project.findGroupsWithRepositoryPermission
(Repository repository, String filter, PageRequest pageRequest) Retrieves a page ofgroups
and their highest granted permission for the specified repository.findLicensedUsersWithoutProjectPermission
(Project project, String filter, PageRequest pageRequest) findLicensedUsersWithoutRepositoryPermission
(Repository repository, String filter, PageRequest pageRequest) findUsersWithGlobalPermission
(String filter, PageRequest pageRequest) Retrieves a page ofusers
and their highest global permission.findUsersWithoutGlobalPermission
(String filter, PageRequest pageRequest) Retrieves a page ofactive
users who have not been explicitly granted any global permissionfindUsersWithProjectPermission
(Project project, String filter, PageRequest pageRequest) Retrieves a page ofusers
and their highest granted permission for the specified project.findUsersWithRepositoryPermission
(Repository repository, String filter, PageRequest pageRequest) Retrieves a page ofusers
and their highest granted permission for the specified repository.void
grantAllProjectPermission
(Permission permission, Project project) Grant a project permission to all users usersboolean
hasAllProjectPermission
(Permission permission, Project project) Check if the given project permission has been granted to every logged in user for the given project.void
Revoke all global permissions for the given user.void
revokeAllGlobalPermissions
(String group) Revoke all global permissions for the given group.void
Revoke all permissions granted to a group.void
revokeAllProjectPermission
(Permission permission, Project project) Revoked a project permission from all users usersvoid
revokeAllProjectPermissions
(Project project, ApplicationUser user) Revoke all project permissions for the given user.void
revokeAllProjectPermissions
(Project project, String group) Revoke all project permissions for the given group.void
revokeAllProjectPermissions
(Project project, Set<String> groups, Set<ApplicationUser> users) Revoke all project permissions for the given users and groups.void
revokeAllRepositoryPermissions
(Repository repository, ApplicationUser user) Revoke all repository permissions for the given user.void
revokeAllRepositoryPermissions
(Repository repository, String group) Revoke all repository permissions for the given group.void
revokeAllRepositoryPermissions
(Repository repository, Set<String> groups, Set<ApplicationUser> users) Revoke all repository permissions for the given users and groups.void
Revoke all permissions from a user.void
Revoke all permissions from anormal
user.void
setPermission
(SetPermissionRequest request) Assigns a permission to multiple users and/or groups.
-
Method Details
-
canRemoveUserFromGroup
Check if anormal
user can remove themselves from the given group.- Parameters:
username
- the user to checkgroup
- the group from which the user is to be removed.
-
canAddUserToGroup
Check if the current user can add users to the given group.- Parameters:
group
- the group to which users will be added.
-
canDeleteGroup
Check if the current user can delete a group without affecting their permissions- Parameters:
group
- the group to be deleted.
-
canDeleteUser
Check if thenormal
user can be deleted.- Parameters:
userName
- the name of the user being deleted
-
findGroupsWithGlobalPermission
@Nonnull Page<PermittedGroup> findGroupsWithGlobalPermission(@Nullable String filter, @Nonnull PageRequest pageRequest) Retrieves a page ofgroups
and their highest global permission. Groups which do not have any global permissions explicitly assigned to them will not be returned.- Parameters:
filter
- if non-null non-empty then the groups returned must include this textpageRequest
- bounds the page of groups to be returned- Returns:
- a page containing zero or more groups which have been explicitly granted a global permission, and their highest granted permission
-
findGroupsWithoutGlobalPermission
@Nonnull Page<String> findGroupsWithoutGlobalPermission(@Nullable String filter, @Nonnull PageRequest pageRequest) Retrieves a page of groups who have not been explicitly granted any global permission- Parameters:
filter
- if non-null non-empty then the groups returned must include this textpageRequest
- bounds the page of groups to be returned- Returns:
- a page of groupnames.
-
findGroupsWithoutProjectPermission
@Nonnull Page<String> findGroupsWithoutProjectPermission(@Nonnull Project project, @Nullable String filter, @Nonnull PageRequest pageRequest) Retrieves a page of groups who have not been explicitly granted any project permission- Parameters:
project
- the project for which the permissions are required.filter
- if non-null non-empty then the groups returned must include this textpageRequest
- bounds the page of groups to be returned- Returns:
- a page of groupnames.
-
findGroupsWithoutRepositoryPermission
@Nonnull Page<String> findGroupsWithoutRepositoryPermission(@Nonnull Repository repository, @Nullable String filter, @Nonnull PageRequest pageRequest) Retrieves a page of groups who have not been explicitly granted any repository permission.- Parameters:
repository
- the repository for which the permissions are required.filter
- if non-null non-empty then the groups returned must include this textpageRequest
- bounds the page of groups to be returned- Returns:
- a page of groupnames.
-
findGroupsWithProjectPermission
@Nonnull Page<PermittedGroup> findGroupsWithProjectPermission(@Nonnull Project project, @Nullable String filter, @Nonnull PageRequest pageRequest) Retrieves a page ofgroups
and their highest granted permission for the specified project. Groups which do not have any permissions explicitly assigned to them for the specified project will not be returned.- Parameters:
project
- the project for which permissions should be consideredfilter
- if non-null non-empty then the groups returned must include this textpageRequest
- bounds the page of groups to be returned- Returns:
- a page containing zero or more groups which have been explicitly granted a permission for the specified project, and their highest granted permission
-
findGroupsWithRepositoryPermission
@Nonnull Page<PermittedGroup> findGroupsWithRepositoryPermission(@Nonnull Repository repository, @Nullable String filter, @Nonnull PageRequest pageRequest) Retrieves a page ofgroups
and their highest granted permission for the specified repository. Groups which do not have any permissions explicitly assigned to them for the specified repository will not be returned.- Parameters:
repository
- the repository for which permissions should be consideredfilter
- if non-null non-empty then the groups returned must include this textpageRequest
- bounds the page of groups to be returned- Returns:
- a page containing zero or more groups which have been explicitly granted a permission for the specified repository, and their highest granted permission
-
findLicensedUsersWithoutProjectPermission
@Nonnull Page<ApplicationUser> findLicensedUsersWithoutProjectPermission(@Nonnull Project project, @Nullable String filter, @Nonnull PageRequest pageRequest) Retrieves a page ofactive
andlicensed
users who have not been explicitly granted any project permission- Parameters:
project
- the project for which the permissions are required.filter
- if non-null non-empty then the usernames returned must include this textpageRequest
- bounds the page of users to be returned- Returns:
- a page of ApplicationUser instances.
-
findLicensedUsersWithoutRepositoryPermission
@Nonnull Page<ApplicationUser> findLicensedUsersWithoutRepositoryPermission(@Nonnull Repository repository, @Nullable String filter, @Nonnull PageRequest pageRequest) Retrieves a page ofactive
andlicensed
users who have not been explicitly granted any repository permission.- Parameters:
repository
- the repository for which the permissions are required.filter
- if non-null non-empty then the usernames returned must include this textpageRequest
- bounds the page of users to be returned- Returns:
- a page of ApplicationUser instances.
-
findUsersWithGlobalPermission
@Nonnull Page<PermittedUser> findUsersWithGlobalPermission(@Nullable String filter, @Nonnull PageRequest pageRequest) Retrieves a page ofusers
and their highest global permission. Users which do not have any global permissions explicitly assigned to them will not be returned.- Parameters:
filter
- if non-null non-empty then the usernames returned must include this textpageRequest
- bounds the page of users to be returned- Returns:
- a page containing zero or more users who have been explicitly granted a global permission, and their highest granted permission
-
findUsersWithoutGlobalPermission
@Nonnull Page<ApplicationUser> findUsersWithoutGlobalPermission(@Nullable String filter, @Nonnull PageRequest pageRequest) Retrieves a page ofactive
users who have not been explicitly granted any global permission- Parameters:
filter
- if non-null non-empty then the usernames returned must include this textpageRequest
- bounds the page of users to be returned- Returns:
- a page of ApplicationUser instances.
-
findUsersWithProjectPermission
@Nonnull Page<PermittedUser> findUsersWithProjectPermission(@Nonnull Project project, @Nullable String filter, @Nonnull PageRequest pageRequest) Retrieves a page ofusers
and their highest granted permission for the specified project. Users which do not have any permissions explicitly assigned to them for the specified project will not be returned.- Parameters:
project
- the project for which permissions should be consideredfilter
- if non-null non-empty then the usernames returned must include this textpageRequest
- bounds the page of users to be returned- Returns:
- a page containing zero or more users who have been explicitly granted a permission for the specified project, and their highest granted permission
-
findUsersWithRepositoryPermission
@Nonnull Page<PermittedUser> findUsersWithRepositoryPermission(@Nonnull Repository repository, @Nullable String filter, @Nonnull PageRequest pageRequest) Retrieves a page ofusers
and their highest granted permission for the specified repository. Users which do not have any permissions explicitly assigned to them for the specified repository will not be returned.- Parameters:
repository
- the repository for which permissions should be consideredfilter
- if non-null non-empty then the usernames returned must include this textpageRequest
- bounds the page of users to be returned- Returns:
- a page containing zero or more users who have been explicitly granted a permission for the specified repository, and their highest granted permission
-
setPermission
Assigns a permission to multiple users and/or groups.Note that:
- granting a global permission to users or groups will remove their other global permissions,
- granting a project permission to users or groups will remove their other project permissions on the same project,
- granting a repository permission to users or groups will remove their other repository permissions on the same repository.
- Parameters:
request
- request specifying which permission to grant to which users and/or groups- See Also:
-
revokeAllGlobalPermissions
Revoke all global permissions for the given group.- Parameters:
group
- name of the group
-
revokeAllProjectPermissions
Revoke all project permissions for the given group.- Parameters:
project
- the project on which permissions are to be revokedgroup
- name of the group
-
revokeAllRepositoryPermissions
Revoke all repository permissions for the given group.- Parameters:
repository
- the repository on which permissions are to be revokedgroup
- name of the group
-
revokeAllGlobalPermissions
Revoke all global permissions for the given user.- Parameters:
user
- user to revoke permissions from
-
revokeAllProjectPermissions
Revoke all project permissions for the given user.- Parameters:
project
- the project on which permissions are to be revokeduser
- user to revoke permissions from
-
revokeAllRepositoryPermissions
Revoke all repository permissions for the given user.- Parameters:
repository
- the repository on which permissions are to be revokeduser
- user to revoke permissions from
-
revokeAllProjectPermissions
void revokeAllProjectPermissions(@Nonnull Project project, @Nonnull Set<String> groups, @Nonnull Set<ApplicationUser> users) Revoke all project permissions for the given users and groups.- Parameters:
project
- the project on which permissions are to be revokedusers
- the users to revoke permissions fromgroups
- the groups to revoke permissions from- Since:
- 8.3
-
revokeAllRepositoryPermissions
void revokeAllRepositoryPermissions(@Nonnull Repository repository, @Nonnull Set<String> groups, @Nonnull Set<ApplicationUser> users) Revoke all repository permissions for the given users and groups.- Parameters:
repository
- the repository on which permissions are to be revokedusers
- the users to revoke permissions fromgroups
- the groups to revoke permissions from- Since:
- 8.3
-
hasAllProjectPermission
Check if the given project permission has been granted to every logged in user for the given project.- Parameters:
permission
- the permission to be checked.project
- the project for which the permissions are required.- Returns:
- true if the given global permission is granted to all users.
-
grantAllProjectPermission
Grant a project permission to all users users- Parameters:
permission
- the project permission to be grantedproject
- the project on which permission is to be revoked
-
revokeAllProjectPermission
Revoked a project permission from all users users- Parameters:
permission
- the project permission to be revokedproject
- the project on which permission is to be revoked
-
revokeAllUserPermissions
Revoke all permissions from anormal
user.service
users can not be identified by username hence their permission cannot be revoked by this method.- Parameters:
name
- name of the normal user
-
revokeAllUserPermissions
Revoke all permissions from a user.- Parameters:
user
- the user
-
revokeAllGroupPermissions
Revoke all permissions granted to a group.- Parameters:
name
- name of the group
-