Plugin Development

Hi,

I'm currently developing a plugin for Bitbucket. This plugin has a merge hook and a n EventListenet that listens of pull-request events. The problem that I'm facing is that when a pull-request event is triggered for a repository, I try to check if the hook is enabled for that repository. But if the user creating the pull-request has no admin rights for that repository I get an com.atlassian.bitbucket.AuthorisationException: You are not permitted to access this resource. Everything works fine if the user has admin rights.

 

final RepositoryHook repositoryHook = repositoryHookService.getByKey(repository, REPO_HOOK_KEY);

 

[INFO] [talledLocalContainer] Caused by: com.atlassian.bitbucket.AuthorisationException: You are not permitted to access this resource
[INFO] [talledLocalContainer]   at com.atlassian.stash.internal.aop.ExceptionRewriteAdvice.afterThrowing(ExceptionRewriteAdvice.java:36) ~[bitbucket-platform-4.9.1.jar:na]
[INFO] [talledLocalContainer]   at com.atlassian.plugin.util.ContextClassLoaderSettingInvocationHandler.invoke(ContextClassLoaderSettingInvocationHandler.java:26) ~[atlassian-plugins-core-4.2.4.jar:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57) ~[na:na]

Where is the documentation that shows how to run some code as another user not the one logged in?

 

Regards,

Mircea

1 answer

Try EscalatedSecurityContext.call() with securityService.withPermission( REPO_ADMIN ).   Here's a real example from my paid add-on (Bit-Booster - Rebase Squash Amend):

 


Operation<Page<BuildStatus>, RuntimeException> op =
new Operation<Page<BuildStatus>, RuntimeException>() {
@Override
public Page<BuildStatus> perform() throws RuntimeException {
return buildStatusService.findAll(previousFromHash);
}
};


Set<Permission> perms = Sets.newHashSet(LICENSED_USER, REPO_READ);
EscalatedSecurityContext ctx = securityService.withPermissions(
perms, "BitBoosterGetBuildStatuses"
);
Page<BuildStatus> buildStatuses = ctx.call(op);

 

Note:  in my specific case I needed both LICENSED_USER and REPO_READ privileges, so that's why I combined them in the Set.  For your situation a single direct call to withPermission(REPO_ADMIN, "Reason") is probably sufficient.

It worked.

Thanks  a lot.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Aug 21, 2018 in Bitbucket

Branch Management with Bitbucket

As a project manager, I have discovered that different developers want to bring their previous branching method with them when they join the team. Some developers are used to performing individual wo...

1,303 views 8 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you