Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bitbucket group members vs ScriptRunner isUserInGroup

NIT
NIT May 21, 2020

Hi,

In User Directories we are positioning Microsoft Active Directory (Read Only, with Local Groups) above JIRA-Atlassian Crowd. We are loading users from Active Directory and groups from JIRA. As a result of user directories order change our scripts stopped working. According to Bitbucket GUI users are in old groups but according to ScritpRunner they are not (below code returns false).

 

import com.atlassian.sal.api.component.ComponentLocator

import com.atlassian.bitbucket.user.UserService

 

def userService = ComponentLocator.getComponent(UserService.class)

return userService.isUserInGroup("USER_1234", "IT-GROUP")

 

What is strange this simple code returns true when JIRA-Atlassian Crowd is above Microsoft Active Directory.

Is this ScriptRunner error or “isUserInGroup” is used incorrectly?

 

Bitbucket: v6.10.0

ScriptRunner: 5.7.0.1-p5

 

Regards

Piotr Palak

Answer
Watch
Like Be the first to like this
1002 views

1 answer

1 accepted

0 votes
Answer accepted
Robert Giddings [Adaptavist]
Robert Giddings [Adaptavist]
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 22, 2020

Hi @NIT ,

I don't believe this is a ScriptRunner error, because ScriptRunner is just executing the Bitbucket API code. So I believe the issue is with the setup, which is causing isUserInGroup to return false.

Here is the documentation for UserService: https://docs.atlassian.com/bitbucket-server/javadoc/6.10.0/api/com/atlassian/bitbucket/user/UserService.html

And here is specifically the documentation for isUserInGroup: https://docs.atlassian.com/bitbucket-server/javadoc/6.10.0/api/com/atlassian/bitbucket/user/UserService.html#isUserInGroup-java.lang.String-java.lang.String-

I notice it says that it returns false when either the user or group do not exist, in addition to the user not belonging in the group.

With that said, are you able to use other service classes in the Bitbucket API to query for the existence of the user and group with your Active Directory setup, to help determine the reason behind why isUserInGroup is returning false?

Kind regards,

Robert Giddings,

Product Manager, ScriptRunner for Bitbucket

View More Comments
NIT
NIT May 22, 2020

Hi Robert,

Thank you for your response, which resulted in another experiment: I’m finding users in a group and then I’m asking if this user exists in the group.

{code}

def us = ComponentLocator.getComponent(UserService.class)

def users = us.findUsersByGroup("IT-GROUP", getUnlimitedPager()).values

return users[1].slug +" "+ us.isUserInGroup(users[1].slug, "IT-GROUP")

{code}

Code returns “login true” when JIRA-Atlassian Crowd is above Microsoft Active Directory and

Code returns “login false” when Microsoft Active Directory is above JIRA-Atlassian Crowd

This means that user exists and group exists, but “isUserInGroup” returns different values that depend on user directory order.

Do you have any other suggestions?

Regards

Piotr Palak

Like
Robert Giddings [Adaptavist]
Robert Giddings [Adaptavist]
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 22, 2020

Hi Piotr,

Please can you try the UserAdminService method findGroupsWithUser() instead and see what it returns?

The documentation is here: https://docs.atlassian.com/bitbucket-server/javadoc/6.10.0/api/com/atlassian/bitbucket/user/UserAdminService.html#findGroupsWithUser-java.lang.String-java.lang.String-com.atlassian.bitbucket.util.PageRequest-

The reason I ask, is because I think that is the service class Bitbucket is using internally, when displaying groups for a user.

Also, there might be a caching of results at play here.

Are you able to restart the Bitbucket server after making the User Directory changes to see if the Bitbucket UI still displays the groups for a user at that point?

Kind regards,

Robert Giddings

Like
Audun Røe _Kantega SSO_
Audun Røe _Kantega SSO_ May 22, 2020

While I have zero experience with ScriptRunner, you might also want to try SAL's com.atlassian.sal.api.user.UserManager. It has a isUserInGroup method and might  handle things better than UserService.

There's also com.atlassian.crowd.embedded.api.CrowdService from embedded-crowd-api, which should be available in all Atlassian apps now.

I'm guessing it could be some form of aggregation issue. I have never used this particular API, but the Crowd APIs in general is a delightful jumble of services that either do- or don't aggregate results across directories. For example, the methods in CrowdDirectoryService or DirectoryManager all operate on a single specific directory, while CrowdService,  mentioned above, aggregates. 

Like NIT likes this
NIT
NIT May 25, 2020

Hi Robert,

I did some small script fragment:

import com.atlassian.bitbucket.user.UserAdminService

def us = ComponentLocator.getComponent(UserAdminService.class)

return us.findGroupsWithUser("USER_1234", "IT-GROUP", getUnlimitedPager()).getSize() ;

 

Code returns “1” when JIRA-Atlassian Crowd is above Microsoft Active Directory and

Code returns “1” when Microsoft Active Directory is above JIRA-Atlassian Crowd

 

After restart Bitbucket UI still displays old groups and all users in groups (which is correct).

 

Regards

Piotr Palak

Like
NIT
NIT May 25, 2020

Hi Audun,

Thank you for your contribution, unfortunately com.atlassian.sal.api.user.UserManager  has similar behavior to com.atlassian.bitbucket.user.UserService for:

import com.atlassian.sal.api.user.UserManager

def us = ComponentLocator.getComponent(UserManager.class)

return  us.isUserInGroup("USER_1234", "IT-GROUP")

 

Code returns “true” when JIRA-Atlassian Crowd is above Microsoft Active Directory and

Code returns “false” when Microsoft Active Directory is above JIRA-Atlassian Crowd

 

But for:

import com.atlassian.crowd.embedded.api.CrowdService

def us = ComponentLocator.getComponent(CrowdService.class)

return  us.isUserMemberOfGroup("USER_1234", "IT-GROUP")

 

Code returns “true” when JIRA-Atlassian Crowd is above Microsoft Active Directory and

Code returns “true” when Microsoft Active Directory is above JIRA-Atlassian Crowd

 

It means this service is working, THANK YOU.

Regards

Piotr Palak

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events