Package com.atlassian.bitbucket.user

Interface SecurityService

public interface SecurityService

Plugins may wish to perform operations as a particular user.

This interface allows plugins to perform operations as a particular user.

Method Summary

Modifier and Type	Method	Description
EscalatedSecurityContext	anonymously(String reason)	Creates a custom security context that is not authenticated that can be used to perform operations.
EscalatedSecurityContext	escalate(String reason)	Creates a custom security context with no difference to the current security context but allows adding further permissions on the returned EscalatedSecurityContext.
EscalatedSecurityContext	impersonating(ApplicationUser user, String reason)	Creates a custom security context that is authenticated as user that can be used to perform operations.
EscalatedSecurityContext	withPermission(Permission permission, Object resource, String reason)	Creates a custom security context with elevated permissions that can be used to perform operations.
EscalatedSecurityContext	withPermission(Permission permission, String reason)	Creates a custom security context with elevated permissions that can be used to perform operations.
EscalatedSecurityContext	withPermissions(Set<Permission> permissions, String reason)	Creates a custom security context with elevated permissions that can be used to perform operations.

Method Details

anonymously

@Nonnull
EscalatedSecurityContext anonymously(@Nonnull
 String reason)

Creates a custom security context that is not authenticated that can be used to perform operations. Permissions that have been granted to the current user will no longer apply. Note that any escalated permissions that are associated with the current security context will still apply.

Parameters:

reason - a description of the reason for creating the custom security context. This description is used for logging.

Returns:

the custom security context

escalate

@Nonnull
EscalatedSecurityContext escalate(@Nonnull
 String reason)

Creates a custom security context with no difference to the current security context but allows adding further permissions on the returned EscalatedSecurityContext.

Parameters:

reason - a description of the reason for creating the custom security context. This description is used for logging.

Returns:

the custom security context

impersonating

@Nonnull
EscalatedSecurityContext impersonating(@Nonnull
 ApplicationUser user,
 @Nonnull
 String reason)

Creates a custom security context that is authenticated as user that can be used to perform operations. Note that any escalated permissions that are associated with the current security context will still apply.

Parameters:

user - the user to temporarily execute as

reason - a description of the reason for creating the custom security context. This description is used for logging.

Returns:

the custom security context

withPermission

@Nonnull
EscalatedSecurityContext withPermission(@Nonnull
 Permission permission,
 @Nonnull
 String reason)

Creates a custom security context with elevated permissions that can be used to perform operations. The custom context is still authenticated as the current user (if there is one). Note that any escalated permissions associated with the current security context will still apply.

Parameters:

permission - the permission to temporarily grant. This can be either a global or a resource permission. If a resource permission is provided, the permission is granted to all resources of that type.

reason - a description of the reason for creating the custom security context. This description is used for logging.

Returns:

the custom security context

withPermission

@Nonnull
EscalatedSecurityContext withPermission(@Nonnull
 Permission permission,
 @Nonnull
 Object resource,
 @Nonnull
 String reason)

Creates a custom security context with elevated permissions that can be used to perform operations. The custom context is still authenticated as the current user (if there is one). Note that any escalated permissions that are associated with the current security context will still apply.

Parameters:

permission - the permission to temporarily grant. This has to be a resource permission that is valid for the provided resource (e.g. REPO_READ for a Repository).

resource - the resource to temporarily grant the permission on

reason - a description of the reason for creating the custom security context. This description is used for logging.

Returns:

the custom security context

withPermissions

@Nonnull
EscalatedSecurityContext withPermissions(@Nonnull
 Set<Permission> permissions,
 @Nonnull
 String reason)

Creates a custom security context with elevated permissions that can be used to perform operations. The custom context is still authenticated as the current user (if there is one). Note that any escalated permissions that are associated with the current security context will still apply.

Parameters:

permissions - the permissions to temporarily grant. This can be a mix of global and resource permissions. If a resource permission is provided, the permission is granted to all resources of that type.

reason - a description of the reason for creating the custom security context. This description is used for logging.

Returns:

the custom security context