How to add a role to a user

I want to add a role to a user from within my plugin like this:

user.addRole(RoleScope.projectScope(newProject.getProjectId()), role);

My question is, how do I get 'role' I can't find an API where I get the list of all the roles available.

Also, I want my plugin to create a new project (I have this working) but I don't want to give the user running the plugin the permission to create projects. Is there anyway to override the current permissions before I call: myServer.getProjectManager().createProject()?

Thanks in advance

Simon

7 comments
Comment actions Permalink

I'm still looking for an answer to this. There is an API to add a role to a user, but where do you get the 'Role' from? if there is no public API to get the roles, is there a private one?

0
Comment actions Permalink

Sorry for delay. You can use jetbrains.buildServer.serverSide.auth.RolesManager from the server.jar for this task. Unfortunately this is not an open API, but the interface is quite stable, and I think at some point we'll just move it to the open API. RolesManager is available as Spring bean.
Use findRoleById() method to find specific role.

0
Comment actions Permalink

Hi Pavel,

Thanks for the info, that appears to work, however I'm stuck as the user permissions prevent me from adding roles to myself (even though I'm administrator). Is there a way to make the plugin perform actions as a super user?

The idea of my plugin is to allow users to clone a project (our main branch) in order to test their user branch, but to allow the plugin to work I have to grant the user rights to create and edit projects and VCS roots, which results in them having the ability to modify the original main branch

Thanks again,

Simon

0
Comment actions Permalink

I've been continuing with this, but to no avail. I've been trying to work around the permissions by changing to another user account, adding the configuration, and switching back.

It appears I can get the current user:

     SUser user = SessionUser.getUser(request);

The change to some dummy user that has permissions:
     SUser NewUser = myWebLoginModel.checkPassword("pluginadmin", "password");
     SessionUser.setUser(request, NewUser);


And then change back to the original user:
     SessionUser.setUser(request, user);

However, I get permission denied errors if I try to create a project/vcs root/etc. whilst I'm the pluginadmin user.
If I don't switch the user back to the original I appear to be left as the new user.

I've also looked at using the WebLoginModel.login to change to the new user, but then I can't switch back to the original as I don't know the password.

Any thoughts?
0
Comment actions Permalink

Simon,

Seems like you can use another piece of non-open API (changes can be introduced in it in the future versions) to run in no-restricitons mode.

For an exampole see occurrences of "mySecurityContext.runAsSystem" in REST API:
http://svn.jetbrains.org/teamcity/plugins/rest-api/trunk/src/jetbrains/buildServer/server/rest/APIController.java


A note that might be related: You should try not to create VCS roots with the same settings (sharing a VCS root and using checkout rules is a recommended approach).

0
Comment actions Permalink

Fantastic, that does exactly what I wanted.

On the VCS note, whilst I do copy the VCS root, I then modify it. We use perforce here, so I copy the VCS root of the parent branch (which is in fact a shared root) and create a new private one, and then I modify the client mapping so that the child branch is pulled in instead, but the rest of the settings remain the same. I'm basically using it as a templete. I then go through the configurations looking for the parent VCS root, detatching it and attaching the new one.

Thank you for you help.

0
Comment actions Permalink

FYI, in TeamCity you can modify set of permissions in the roles, you can do this on the Administration -> Users and Groups -> Roles page.

0

Please sign in to leave a comment.