Merged in SAL-371-permission-enforcer (pull request #118)
4d364e4·Author: Michael Heemskerk·Closed by: Lukasz Pater·2018-03-27
Description
Introduces PermissionEnforcer, which can be used by plugins to verify that the caller has sufficient permissions. The enforceXyz methods throw an AuthorisationException if the caller does not have the required permissions.
Host applications are expected to configure exception handling in such a way that
unauthenticated web requests are redirected to the login page
authenticated web requests where the user has insuffcient permissions are redirected to an appropriate error page.
REST requests return a 401 response if an AuthorisationException is thrown.
Introduces PermissionEnforcer, which can be used by plugins to verify that the caller has sufficient permissions. The enforceXyz methods throw an AuthorisationException if the caller does not have the required permissions.
Host applications are expected to configure exception handling in such a way that
unauthenticated web requests are redirected to the login page
authenticated web requests where the user has insuffcient permissions are redirected to an appropriate error page.
REST requests return a 401 response if an AuthorisationException is thrown.
Â
Examples of usage:
PermissionEnforcer implementation in Bitbucket Server
PermissionEnforcer usage in atlassian-monitor