Details
-
Bug
-
Resolution: Done
-
Low
-
None
-
3.7.1
-
SDK instance started with atlas-run
-
Severity 3 - Minor
-
Description
Developing a plugin which provides an alternative view on selected repository content, I used to check the file access permissions with
permissionService.hasRepositoryPermission(stashUser, repository, Permission.REPO_READ)
or
permissionValidationService.validateForRepository(repository, Permission.REPO_READ);
According to https://developer.atlassian.com/static/javadoc/stash/3.7.1/api/reference/com/atlassian/stash/user/PermissionService.html#hasRepositoryPermission(com.atlassian.stash.user.StashUser,%20com.atlassian.stash.repository.Repository,%20com.atlassian.stash.user.Permission) at least the first call should work for anonymous users if the repository is public. But it doesn't seem to work: Access was always denied for anonymous users.
Please fix JavaDocs or implementation.
I now use
permissionService.isRepositoryAccessible(repository);
which seem to work as expected. Is this the recommended use?
Edit: Additionally I will have to write my own Condition to allow anonymous users access to public repositories, because
<condition class="com.atlassian.stash.web.conditions.HasRepositoryPermissionCondition"> <param name="repository">$repository</param> <param name="permission">REPO_READ</param> </condition>
denies access for anonymous users.
Attachments
Issue Links
- is related to
-
BSERV-4417 RepositoryService#countByProject does not take into account repositories that are publicly accesible
- Gathering Impact
- mentioned in
-
Page Loading...