Package com.atlassian.bitbucket.permission

Interface PermissionService

public interface PermissionService
Reads the permissions of users and groups. IMPORTANT: This should not be restricted by permissions, and is not intended for querying access levels of users, but rather checking access of the current user at runtime
See Also:

  • Method Details

    • hasGlobalPermission

      boolean hasGlobalPermission(@Nullable String username, @Nonnull Permission permission)
      Will return true if the user is active and one of the following conditions is met:
      • permission is granted directly for the given user
      • permission is granted to a group the given user is a member of
      Parameters:
      username - the user in question
      permission - the requested permission. Must be global.
      Returns:
      true if the given user identified by username has the requested Permission

    • hasGlobalPermission

      boolean hasGlobalPermission(@Nullable ApplicationUser user, @Nonnull Permission permission)
      Will return true if the user is active and one of the following conditions is met:
      • permission is granted directly for the given user
      • permission is granted to a group the given user is a member of
      Parameters:
      user - the user in question
      permission - the requested permission. Must be global.
      Returns:
      true if the given ApplicationUser has the requested Permission

    • hasGlobalPermission

      boolean hasGlobalPermission(@Nonnull Permission permission)
      Parameters:
      permission - the requested permission. Must be global.
      Returns:
      true if the current authentication session has the requested Permission
      See Also:

    • hasProjectPermission

      boolean hasProjectPermission(@Nullable ApplicationUser user, @Nonnull Project project, @Nonnull Permission permission)
      Will return true if the user is active and one of the following conditions is met:
      • permission is granted directly for the given user on the given project
      • permission is granted for all logged in users on the given project
      • permission is granted to a group the given user is a member of on the given project
      • The given user is directly granted a permission on at least one repository within the given project and the given permission is implied as a result
      • A group the given user is a member of is granted a permission on at least one repository within the given project and the given permission is implied as a result
      • The given project is publicly accessible and the permission is implied as a result
      • the given user is directly granted administration rights
      • A group the given user is a member of is granted administration rights
      Parameters:
      user - the user in question
      project - the project in question
      permission - the requested permission. Must be non-global.
      Returns:
      true if the given ApplicationUser has the requested Permission for the given Project

    • hasProjectPermission

      boolean hasProjectPermission(@Nonnull Project project, @Nonnull Permission permission)
      Parameters:
      project - the project in question
      permission - the requested permission. Must be non-global.
      Returns:
      true if the current authentication token has the requested Permission for the given Project
      See Also:

    • hasProjectPermission

      boolean hasProjectPermission(@Nullable ApplicationUser user, int projectId, @Nonnull Permission permission)
      Parameters:
      user - the user in question
      projectId - the ID of project
      permission - the requested permission. Must be non-global.
      Returns:
      true if the given ApplicationUser has the requested Permission for the Project identified by projectId
      See Also:

    • hasProjectPermission

      boolean hasProjectPermission(int projectId, @Nonnull Permission permission)
      Parameters:
      projectId - the ID project in question
      permission - the requested permission. Must be non-global.
      Returns:
      true if the current authentication token has the requested Permission for the given Project
      See Also:

    • hasRepositoryPermission

      boolean hasRepositoryPermission(@Nullable ApplicationUser user, @Nonnull Repository repository, @Nonnull Permission permission)
      Will return true if the user is active and one of the following conditions is met:
      • permission is granted directly for the given user on the given repository
      • permission is granted to a group the given user is a member of on the given repository
      • The given user is directly granted a permission on the containing project and the given permission is implied as a result
      • A group the given user is a member of is granted a permission on the containing project and the given permission is implied as a result
      • All logged in users are granted a permission to the containing project and the given permission is implied as a result
      • The given repository is publicly accessible and the permission is implied as a result
      • the given user is directly granted administration rights
      • A group the given user is a member of is granted administration rights
      This method will always return false if the user given is null as anonymous users cannot be granted permissions by definition.
      Parameters:
      user - the user in question
      repository - the repository in question
      permission - the requested permission. Must be non-global.
      Returns:
      true if the given ApplicationUser has the requested Permission for the given Repository

    • hasRepositoryPermission

      boolean hasRepositoryPermission(@Nullable ApplicationUser user, int repositoryId, @Nonnull Permission permission)
      Parameters:
      user - the user in question
      repositoryId - the repository in question
      permission - the requested permission. Must be non-global.
      Returns:
      true if the given ApplicationUser has the requested Permission for the given Repository
      See Also:

    • hasRepositoryPermission

      boolean hasRepositoryPermission(@Nonnull Repository repository, @Nonnull Permission permission)
      Parameters:
      repository - the repository in question
      permission - the requested permission. Must be non-global.
      Returns:
      true if the current authentication token has the requested Permission for the given Repository
      See Also:

    • hasRepositoryPermission

      boolean hasRepositoryPermission(int repositoryId, @Nonnull Permission permission)
      Parameters:
      repositoryId - the repository in question
      permission - the requested permission. Must be non-global.
      Returns:
      true if the current authentication token has the requested Permission for the given Repository identified by repositoryId
      See Also:

    • hasUserPermission

      boolean hasUserPermission(@Nonnull ApplicationUser user, @Nonnull ApplicationUser targetUser, @Nonnull Permission permission)
      Parameters:
      user - the user requesting the permission
      targetUser - the user that the permission applies to
      permission - the requested permission. Must be non-global.
      Returns:
      true if the provided user has the requested Permission with respect to targetUser's settings
      Since:
      5.5
      See Also:

    • hasUserPermission

      boolean hasUserPermission(@Nonnull ApplicationUser user, int targetUserId, @Nonnull Permission permission)
      Parameters:
      user - the user requesting the permission
      targetUserId - the ID of the user that the permission applies to
      permission - the requested permission. Must be non-global.
      Returns:
      true if the provided user has the requested Permission with respect to of the ApplicationUser identified by targetUserId
      Since:
      5.5
      See Also:

    • hasUserPermission

      boolean hasUserPermission(@Nonnull ApplicationUser targetUser, @Nonnull Permission permission)
      Parameters:
      targetUser - the user that the permission applies to
      permission - the requested permission. Must be non-global.
      Returns:
      true if the current authentication token has the requested Permission with respect to targetUser's settings
      Since:
      5.5
      See Also:

    • hasUserPermission

      boolean hasUserPermission(int targetUserId, @Nonnull Permission permission)
      Parameters:
      targetUserId - the ID of the user that the permission applies to
      permission - the requested permission. Must be non-global.
      Returns:
      true if the current authentication token has the requested Permission with respect to the user identified by targetUserId
      Since:
      5.5
      See Also:

    • hasUserPermission

      boolean hasUserPermission(@Nonnull Permission permission)
      Parameters:
      permission - the requested permission. Must be non-global.
      Returns:
      true if the current authentication token has the requested Permission for the account of the currently authenticated user
      Since:
      5.5
      See Also:

    • hasAnyUserPermission

      boolean hasAnyUserPermission(@Nonnull ApplicationUser user, @Nonnull Permission permission)
      Parameters:
      user - the user in question
      permission - the requested permission. Must be non-global.
      Returns:
      true if the given ApplicationUser has the requested Permission for any project / repository

    • hasAnyUserPermission

      boolean hasAnyUserPermission(@Nonnull Permission permission)
      Parameters:
      permission - the requested permission. Must be non-global.
      Returns:
      true if the current user has the requested Permission for any project / repository

    • hasGlobalPermissionThroughGroupMembership

      boolean hasGlobalPermissionThroughGroupMembership(@Nonnull Permission permission, @Nonnull Set<String> excludedGroups)
      Parameters:
      permission - The permission required.
      excludedGroups - A Set of groups to be excluded from consideration.
      Returns:
      true if the current user has the given global permission through its membership of a group

    • hasProjectPermissionThroughGroupMembership

      boolean hasProjectPermissionThroughGroupMembership(@Nonnull Project project, @Nonnull Permission permission, @Nonnull Set<String> excludedGroups)
      Parameters:
      project - The project on which permission is being checked
      permission - The permission required
      excludedGroups - A Set of groups to be excluded from consideration
      Returns:
      true if the current user has the given project permission through its membership of a group

    • hasRepositoryPermissionThroughGroupMembership

      boolean hasRepositoryPermissionThroughGroupMembership(@Nonnull Repository repository, @Nonnull Permission permission, @Nonnull Set<String> excludedGroups)
      Parameters:
      repository - the repository on which permission is being checked
      permission - the permission required
      excludedGroups - a Set of groups to be excluded from consideration
      Returns:
      true if the current user has the given repository permission through its membership of a group

    • hasDirectGlobalUserPermission

      boolean hasDirectGlobalUserPermission(@Nonnull Permission permission)
      Parameters:
      permission - the permission required
      Returns:
      true if the current user has the given global permission directly granted (i.e. not through their group membership)

    • hasDirectProjectUserPermission

      boolean hasDirectProjectUserPermission(@Nonnull Project project, @Nonnull Permission permission)
      Parameters:
      project - the project on which permission is being checked
      permission - the permission required
      Returns:
      true if the current user has the given project permission directly granted (i.e. not through their group membership)

    • hasDirectRepositoryUserPermission

      boolean hasDirectRepositoryUserPermission(@Nonnull Repository repository, @Nonnull Permission permission)
      Parameters:
      repository - the repository on which permission is being checked
      permission - the permission required
      Returns:
      true if the current user has the given repository permission directly granted (i.e. not through their group membership)

    • hasGlobalGroupPermission

      boolean hasGlobalGroupPermission(@Nonnull Permission permission, @Nonnull String group)
      Parameters:
      permission - the permission required
      group - the group to be checked
      Returns:
      true if the given group has the given permission

    • isProjectAccessible

      boolean isProjectAccessible(@Nonnull Project project)
      Retrieve whether the current user (authenticated or not) has access to the given project.

      The user may have access as a result of the following:

      Parameters:
      project - the project on which to check
      Returns:
      true if the current user has access to the given project, false otherwise

    • isProjectAccessible

      boolean isProjectAccessible(int projectId)
      Parameters:
      projectId - the ID of the project on which to check
      Returns:
      true if the current user has access to the given project, false otherwise
      See Also:

    • isRepositoryAccessible

      boolean isRepositoryAccessible(@Nonnull Repository repository)
      Retrieve whether the current user (authenticated or not) has access to the given repository.

      The user may have access as a result of the following:

      Parameters:
      repository - the repository on which to check
      Returns:
      true if the current user has access to the given repository, false otherwise

    • isRepositoryAccessible

      boolean isRepositoryAccessible(int repositoryId)
      Parameters:
      repositoryId - the ID of the repository on which to check
      Returns:
      true if the current user has access to the given repository, false otherwise
      See Also:

    • isPubliclyAccessible

      boolean isPubliclyAccessible(@Nonnull Repository repository)
      Retrieves whether the repository is publicly accessible.

      Note that a repository will be public if:

      • public access is enabled for the instance; and

      To check whether the current user (authenticated or not) can access the repository, use isRepositoryAccessible(Repository) instead.

      Parameters:
      repository - the repository on which to check
      Returns:
      true if unauthenticated users can access the given repository, false otherwise

    • isPubliclyAccessible

      boolean isPubliclyAccessible(@Nonnull Project project)
      Retrieves whether the project is publicly accessible.

      Note: to check whether the current user (authenticated or not) can access the project, use isProjectAccessible(Project) instead.

      Parameters:
      project - the project on which to check
      Returns:
      true if unauthenticated users can access the given project, false otherwise

    • getGrantedUsers

      @Nonnull Page<ApplicationUser> getGrantedUsers(@Nonnull Permission permission, @Nonnull PageRequest request)
      Get the users which are granted a permission
      Parameters:
      permission - the permission in question
      request - a page request
      Returns:
      the page of users who have been granted a permission or an inheriting permission

    • getGrantedGroups

      @Nonnull Page<String> getGrantedGroups(@Nonnull Permission permission, @Nonnull PageRequest request)
      Get the groups which are granted a permission
      Parameters:
      permission - the permission in question
      request - a page request
      Returns:
      the page of group names which have been granted a permission or an inheriting permission

    • getUsersWithPermission

      @Nonnull Set<String> getUsersWithPermission(@Nonnull Permission permission)
      Get the usernames of the users with the given permission (whether directly or though permission inheritance) This includes users granted the permission directly and those who have the permission through their group membership.
      Parameters:
      permission - the permission for which the users are being fetched. It must be global.
      Returns:
      the lowercase usernames of all the users who currently have the given permission

    • getHighestGlobalPermission

      @Nullable Permission getHighestGlobalPermission(@Nullable ApplicationUser user)
      Get the highest global permission for a user.
      Parameters:
      user - the user
      Returns:
      the highest global permission for the user or null if they have no permissions

    • getHighestGlobalPermission

      @Nullable Permission getHighestGlobalPermission(@Nullable String username)
      Get the highest global permission for a user.
      Parameters:
      username - the user name
      Returns:
      the highest global permission for the user or null if they have no permissions

    • getHighestGlobalGroupPermission

      @Nullable Permission getHighestGlobalGroupPermission(@Nullable String groupName)
      Get the highest global permission for a group.
      Parameters:
      groupName - the group name
      Returns:
      the highest global permission for the group or null if the group has no permissions