Plugin Development

mpem September 25, 2017

Hi,

I'm currently developing a plugin for Bitbucket. This plugin has a merge hook and a n EventListenet that listens of pull-request events. The problem that I'm facing is that when a pull-request event is triggered for a repository, I try to check if the hook is enabled for that repository. But if the user creating the pull-request has no admin rights for that repository I get an com.atlassian.bitbucket.AuthorisationException: You are not permitted to access this resource. Everything works fine if the user has admin rights.

 

final RepositoryHook repositoryHook = repositoryHookService.getByKey(repository, REPO_HOOK_KEY);

 

[INFO] [talledLocalContainer] Caused by: com.atlassian.bitbucket.AuthorisationException: You are not permitted to access this resource
[INFO] [talledLocalContainer]   at com.atlassian.stash.internal.aop.ExceptionRewriteAdvice.afterThrowing(ExceptionRewriteAdvice.java:36) ~[bitbucket-platform-4.9.1.jar:na]
[INFO] [talledLocalContainer]   at com.atlassian.plugin.util.ContextClassLoaderSettingInvocationHandler.invoke(ContextClassLoaderSettingInvocationHandler.java:26) ~[atlassian-plugins-core-4.2.4.jar:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53) ~[na:na]
[INFO] [talledLocalContainer]   at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57) ~[na:na]

Where is the documentation that shows how to run some code as another user not the one logged in?

 

Regards,

Mircea

1 answer

0 votes
Julius Davies _bit-booster_com_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 25, 2017

Try EscalatedSecurityContext.call() with securityService.withPermission( REPO_ADMIN ).   Here's a real example from my paid add-on (Bit-Booster - Rebase Squash Amend):

 


Operation<Page<BuildStatus>, RuntimeException> op =
new Operation<Page<BuildStatus>, RuntimeException>() {
@Override
public Page<BuildStatus> perform() throws RuntimeException {
return buildStatusService.findAll(previousFromHash);
}
};


Set<Permission> perms = Sets.newHashSet(LICENSED_USER, REPO_READ);
EscalatedSecurityContext ctx = securityService.withPermissions(
perms, "BitBoosterGetBuildStatuses"
);
Page<BuildStatus> buildStatuses = ctx.call(op);

 

Note:  in my specific case I needed both LICENSED_USER and REPO_READ privileges, so that's why I combined them in the Set.  For your situation a single direct call to withPermission(REPO_ADMIN, "Reason") is probably sufficient.

mpem September 27, 2017

It worked.

Thanks  a lot.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events