Plugin Development

Hi,

I'm currently developing a plugin for Bitbucket. This plugin has a merge hook and a n EventListenet that listens of pull-request events. The problem that I'm facing is that when a pull-request event is triggered for a repository, I try to check if the hook is enabled for that repository. But if the user creating the pull-request has no admin rights for that repository I get an com.atlassian.bitbucket.AuthorisationException: You are not permitted to access this resource. Everything works fine if the user has admin rights.

 

final RepositoryHook repositoryHook = repositoryHookService.getByKey(repository, REPO_HOOK_KEY);

 

[INFO] [talledLocalContainer] Caused by: com.atlassian.bitbucket.AuthorisationException: You are not permitted to access this resource
[INFO] [talledLocalContainer]   at com.atlassian.stash.internal.aop.ExceptionRewriteAdvice.afterThrowing(ExceptionRewriteAdvice.java:36) ~[bitbucket-platform-4.9.1.jar:na]
[INFO] [talledLocalContainer]   at com.atlassian.plugin.util.ContextClassLoaderSettingInvocationHandler.invoke(ContextClassLoaderSettingInvocationHandler.java:26) ~[atlassian-plugins-core-4.2.4.jar:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57) ~[na:na]

Where is the documentation that shows how to run some code as another user not the one logged in?

 

Regards,

Mircea

1 answer

Try EscalatedSecurityContext.call() with securityService.withPermission( REPO_ADMIN ).   Here's a real example from my paid add-on (Bit-Booster - Rebase Squash Amend):

 


Operation<Page<BuildStatus>, RuntimeException> op =
new Operation<Page<BuildStatus>, RuntimeException>() {
@Override
public Page<BuildStatus> perform() throws RuntimeException {
return buildStatusService.findAll(previousFromHash);
}
};


Set<Permission> perms = Sets.newHashSet(LICENSED_USER, REPO_READ);
EscalatedSecurityContext ctx = securityService.withPermissions(
perms, "BitBoosterGetBuildStatuses"
);
Page<BuildStatus> buildStatuses = ctx.call(op);

 

Note:  in my specific case I needed both LICENSED_USER and REPO_READ privileges, so that's why I combined them in the Set.  For your situation a single direct call to withPermission(REPO_ADMIN, "Reason") is probably sufficient.

It worked.

Thanks  a lot.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jun 12, 2018 in Bitbucket

Do you use any Atlassian products for your personal projects?

After spinning my wheels trying to get organized enough to write a book for National Novel Writing Month (NaNoWriMo) I took my affinity for Atlassian products from my work life and decided to tr...

21,857 views 26 11
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you