Plugin Development


I'm currently developing a plugin for Bitbucket. This plugin has a merge hook and a n EventListenet that listens of pull-request events. The problem that I'm facing is that when a pull-request event is triggered for a repository, I try to check if the hook is enabled for that repository. But if the user creating the pull-request has no admin rights for that repository I get an com.atlassian.bitbucket.AuthorisationException: You are not permitted to access this resource. Everything works fine if the user has admin rights.


final RepositoryHook repositoryHook = repositoryHookService.getByKey(repository, REPO_HOOK_KEY);


[INFO] [talledLocalContainer] Caused by: com.atlassian.bitbucket.AuthorisationException: You are not permitted to access this resource
[INFO] [talledLocalContainer]   at com.atlassian.stash.internal.aop.ExceptionRewriteAdvice.afterThrowing( ~[bitbucket-platform-4.9.1.jar:na]
[INFO] [talledLocalContainer]   at com.atlassian.plugin.util.ContextClassLoaderSettingInvocationHandler.invoke( ~[atlassian-plugins-core-4.2.4.jar:na]
[INFO] [talledLocalContainer]   at ~[na:na]
[INFO] [talledLocalContainer]   at ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged( ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke( ~[na:na]
[INFO] [talledLocalContainer]   at ~[na:na]

Where is the documentation that shows how to run some code as another user not the one logged in?




1 answer

Try with securityService.withPermission( REPO_ADMIN ).   Here's a real example from my paid add-on (Bit-Booster - Rebase Squash Amend):


Operation<Page<BuildStatus>, RuntimeException> op =
new Operation<Page<BuildStatus>, RuntimeException>() {
public Page<BuildStatus> perform() throws RuntimeException {
return buildStatusService.findAll(previousFromHash);

Set<Permission> perms = Sets.newHashSet(LICENSED_USER, REPO_READ);
EscalatedSecurityContext ctx = securityService.withPermissions(
perms, "BitBoosterGetBuildStatuses"
Page<BuildStatus> buildStatuses =;


Note:  in my specific case I needed both LICENSED_USER and REPO_READ privileges, so that's why I combined them in the Set.  For your situation a single direct call to withPermission(REPO_ADMIN, "Reason") is probably sufficient.

It worked.

Thanks  a lot.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 06, 2018 in Bitbucket

Upgrade Best Practices

Hello! My name is Mark Askew and I am a Premier Support Engineer for products Bitbucket Server/Data Center, Fisheye & Crucible. Today, I want to bring the discussion that Jennifer, Matt, and ...

1,949 views 7 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you