Plugin Development

Hi,

I'm currently developing a plugin for Bitbucket. This plugin has a merge hook and a n EventListenet that listens of pull-request events. The problem that I'm facing is that when a pull-request event is triggered for a repository, I try to check if the hook is enabled for that repository. But if the user creating the pull-request has no admin rights for that repository I get an com.atlassian.bitbucket.AuthorisationException: You are not permitted to access this resource. Everything works fine if the user has admin rights.

 

final RepositoryHook repositoryHook = repositoryHookService.getByKey(repository, REPO_HOOK_KEY);

 

[INFO] [talledLocalContainer] Caused by: com.atlassian.bitbucket.AuthorisationException: You are not permitted to access this resource
[INFO] [talledLocalContainer]   at com.atlassian.stash.internal.aop.ExceptionRewriteAdvice.afterThrowing(ExceptionRewriteAdvice.java:36) ~[bitbucket-platform-4.9.1.jar:na]
[INFO] [talledLocalContainer]   at com.atlassian.plugin.util.ContextClassLoaderSettingInvocationHandler.invoke(ContextClassLoaderSettingInvocationHandler.java:26) ~[atlassian-plugins-core-4.2.4.jar:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57) ~[na:na]

Where is the documentation that shows how to run some code as another user not the one logged in?

 

Regards,

Mircea

1 answer

Try EscalatedSecurityContext.call() with securityService.withPermission( REPO_ADMIN ).   Here's a real example from my paid add-on (Bit-Booster - Rebase Squash Amend):

 


Operation<Page<BuildStatus>, RuntimeException> op =
new Operation<Page<BuildStatus>, RuntimeException>() {
@Override
public Page<BuildStatus> perform() throws RuntimeException {
return buildStatusService.findAll(previousFromHash);
}
};


Set<Permission> perms = Sets.newHashSet(LICENSED_USER, REPO_READ);
EscalatedSecurityContext ctx = securityService.withPermissions(
perms, "BitBoosterGetBuildStatuses"
);
Page<BuildStatus> buildStatuses = ctx.call(op);

 

Note:  in my specific case I needed both LICENSED_USER and REPO_READ privileges, so that's why I combined them in the Set.  For your situation a single direct call to withPermission(REPO_ADMIN, "Reason") is probably sufficient.

It worked.

Thanks  a lot.

Suggest an answer

Log in or Join to answer
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

636 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot