Package com.atlassian.confluence.security

Class DefaultPermissionManager

java.lang.Object
com.atlassian.confluence.security.DefaultPermissionManager
All Implemented Interfaces:
PermissionDelegateRegistry, PermissionManager
public class DefaultPermissionManager extends Object implements PermissionManager, PermissionDelegateRegistry
Default implementation of PermissionManager. Delegates all the decision-making to a collection of delegates that handle the per-target-type permission checking.
Since:
2.0
See Also:

  • Constructor Details

    • DefaultPermissionManager

      public DefaultPermissionManager()

  • Method Details

    • hasPermission

      public boolean hasPermission(ConfluenceUser user, Permission permission, Object target)
      Description copied from interface: PermissionManager
      Determine whether a user has a particular permission against a given target.
      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check
      target - the object that the permission is being checked against. If this object is null, the method will return false
      Returns:
      true if the user has this permission, false otherwise

    • hasPermission

      public boolean hasPermission(ConfluenceUser user, Permission permission, Class targetType)
      Description copied from interface: PermissionManager
      Determine whether a user has a particular permission for all instances of the specified target type.
      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      user - the user
      permission - the permission to check (see Permission
      targetType - the type of the target
      Returns:
      true if the user has this permission, false otherwise.

    • hasPermissionNoExemptions

      public boolean hasPermissionNoExemptions(ConfluenceUser user, Permission permission, Object target)
      Returns true if the user has the specified permission on the target object. Does not allow exemptions for super-users like hasPermission(ConfluenceUser, Permission, Object) does.

      This implementation should become the default one once the exemption for the 'confluence-administrators' group is removed.

      For parameter and return value information, see hasPermission(ConfluenceUser, Permission, Object).

      Specified by:
      hasPermissionNoExemptions in interface PermissionManager

    • hasCreatePermission

      public boolean hasCreatePermission(ConfluenceUser user, Object container, Class<?> typeToCreate)
      Description copied from interface: PermissionManager
      Determine whether a user has permission to create an entity of a particular type within a given container.

      The container is the natural container of the object being created. For example, a comment is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

      This overload should not be used when creating CustomContentEntityObject instances. In that case, permission checks should use

      invalid reference 
      #hasCreatePermission(com.atlassian.user.User, Object, Object)
      .

      Specified by:
      hasCreatePermission in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      container - the target that the object is being created within. If this object is null, the method will return false
      typeToCreate - the type of object being created (see above)
      Returns:
      true if the user has permission, false otherwise
      See Also:

    • hasCreatePermission

      public boolean hasCreatePermission(ConfluenceUser user, Object container, Object objectToCreate)
      Description copied from interface: PermissionManager
      Determine whether a user has permission to create a particular entity within a given container.

      The container is the natural container of the object being created. For example, a comment is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

      This overload is best when creating CustomContentEntityObject instances. Other permission checks should use

      invalid reference 
      #hasCreatePermission(com.atlassian.user.User, Object, Class)
      .

      Specified by:
      hasCreatePermission in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      container - the target that the object is being created within. If this object is null, the method will return false
      objectToCreate - the object being created (see above)
      Returns:
      true if the user has permission, false otherwise

    • getPermittedEntities

      public <X> List<X> getPermittedEntities(ConfluenceUser user, Permission permission, List<? extends X> objects)
      Description copied from interface: PermissionManager
      Filter a list based on which entities in the list have a particular permission.
      Specified by:
      getPermittedEntities in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • getPermittedEntities

      public <X> List<X> getPermittedEntities(ConfluenceUser user, Permission permission, Iterator<? extends X> objects, int maxResults)
      Description copied from interface: PermissionManager
      Filter an iterator based on which entities in the list have a particular permission.
      Specified by:
      getPermittedEntities in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • getPermittedEntities

      public <X> List<X> getPermittedEntities(ConfluenceUser user, Permission permission, Iterator<X> entities, int maxResults, Collection<? extends PermissionManager.Criterion> otherCriteria)
      Description copied from interface: PermissionManager
      Filter an iterator based on which entities in the list have a particular permission. You may also supply additional criteria through which to filter the iterator.
      Specified by:
      getPermittedEntities in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      entities - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      otherCriteria - a collection of PermissionManager.Criterion objects through which the permitted entities must also be filtered
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • getPermittedEntitiesNoExemptions

      public <X> List<X> getPermittedEntitiesNoExemptions(ConfluenceUser user, Permission permission, List<? extends X> objects)
      Description copied from interface: PermissionManager
      Filter a list based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like PermissionManager.getPermittedEntities(User, Permission, List) does.
      Specified by:
      getPermittedEntitiesNoExemptions in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • getPermittedEntitiesNoExemptions

      public <X> List<X> getPermittedEntitiesNoExemptions(ConfluenceUser user, Permission permission, Iterator<? extends X> objects, int maxResults)
      Description copied from interface: PermissionManager
      Filter an iterator based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like PermissionManager.getPermittedEntities(User, Permission, Iterator, int) does.
      Specified by:
      getPermittedEntitiesNoExemptions in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • getPermittedEntitiesNoExemptions

      public <X> List<X> getPermittedEntitiesNoExemptions(ConfluenceUser user, Permission permission, Iterator<X> entities, int maxResults, Collection<? extends PermissionManager.Criterion> otherCriteria)
      Description copied from interface: PermissionManager
      Filter an iterator based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like PermissionManager.getPermittedEntities(User, Permission, Iterator, int, Collection) does. You may also supply additional criteria through which to filter the iterator.
      Specified by:
      getPermittedEntitiesNoExemptions in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      entities - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      otherCriteria - a collection of PermissionManager.Criterion objects through which the permitted entities must also be filtered
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • isConfluenceAdministrator

      public boolean isConfluenceAdministrator(ConfluenceUser user)
      Description copied from interface: PermissionManager
      Determine if the user is a Confluence administrator. Calling this method is identical to calling hasPermission(user, Permission.ADMINISTER, PermissionManager.TARGET_APPLICATION).
      Specified by:
      isConfluenceAdministrator in interface PermissionManager
      Parameters:
      user - the user to check permissions against
      Returns:
      true if the user is a Confluence administrator, false otherwise

    • isSystemAdministrator

      public boolean isSystemAdministrator(ConfluenceUser user)
      Description copied from interface: PermissionManager
      Determine if the user is a system administrator. Calling this method is identical to calling hasPermission(user, Permission.ADMINISTER, PermissionManager.TARGET_SYSTEM).
      Specified by:
      isSystemAdministrator in interface PermissionManager
      Parameters:
      user - the user to check permissions against
      Returns:
      true if the user is a system administrator, false otherwise

    • withExemption

      public void withExemption(Runnable runnable)
      Description copied from interface: PermissionManager
      Execute the given task with permission exemption.

      Calls to:

      • invalid reference 
        #hasPermission(com.atlassian.user.User, Permission, Object)
      • invalid reference 
        #hasPermission(com.atlassian.user.User, Permission, Class)
      • invalid reference 
        #hasCreatePermission(com.atlassian.user.User, Object, Object)
      • invalid reference 
        #hasCreatePermission(com.atlassian.user.User, Object, Class)
      within the executed task will all return true. This will also affect permission checks in SpacePermissionManager and ConfluenceAccessManager, unless "noExemptions" variants are called.

      Use with care.

      Specified by:
      withExemption in interface PermissionManager
      Parameters:
      runnable - task to execute with permission exemption

    • withExemption

      public <T> T withExemption(Supplier<T> supplier)
      Description copied from interface: PermissionManager
      Execute the given task with permission exemption.

      Calls to:

      • invalid reference 
        #hasPermission(com.atlassian.user.User, Permission, Object)
      • invalid reference 
        #hasPermission(com.atlassian.user.User, Permission, Class)
      • invalid reference 
        #hasCreatePermission(com.atlassian.user.User, Object, Object)
      • invalid reference 
        #hasCreatePermission(com.atlassian.user.User, Object, Class)
      within the executed task will all return true. This will also affect permission checks in SpacePermissionManager and ConfluenceAccessManager, unless "noExemptions" variants are called.

      Use with care.

      Specified by:
      withExemption in interface PermissionManager
      Parameters:
      supplier - task to execute with permission exemption

    • setPermissionCheckExemptions

      public void setPermissionCheckExemptions(PermissionCheckExemptions permissionCheckExemptions)

    • setContentTypeModuleResolver

      public void setContentTypeModuleResolver(ContentTypeModuleResolver contentTypeModuleResolver)
      Since:
      7.16

    • setConfluenceAccessManager

      public void setConfluenceAccessManager(ConfluenceAccessManager confluenceAccessManager)

    • setAccessModeManager

      public void setAccessModeManager(AccessModeManager accessModeManager)

    • setScopesRequestCacheDelegate

      public void setScopesRequestCacheDelegate(ScopesRequestCacheDelegate scopesRequestCache)

    • hasMovePermission

      public boolean hasMovePermission(ConfluenceUser user, Object source, Object target, String movePoint)
      Description copied from interface: PermissionManager
      Determine whether a user has permission to move a particular entity to a given target.

      The target is the natural container of the object being moved to. For example, a pages is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

      Specified by:
      hasMovePermission in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      source - the object and all it descendants is being moved. If this object is null, the method will return false
      target - where is the source being moved to (see above)
      movePoint - indicate where source node and target node relative (i.a before, after, append)
      Returns:
      true if the user has permission, false otherwise

    • hasRemoveHierarchyPermission

      public boolean hasRemoveHierarchyPermission(ConfluenceUser user, Object target)
      Description copied from interface: PermissionManager
      Determine whether a user has permission to remove a particular entity and all it children.

      The target is the natural container of the object being removed. For example, a page and all its descendants in a page, which is contained within a space.

      Specified by:
      hasRemoveHierarchyPermission in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      target - where is the object and all its descendant are being removed
      Returns:
      true if the user has permission, false otherwise

    • register

      public void register(String key, PermissionDelegate<?> delegate)
      Specified by:
      register in interface PermissionDelegateRegistry
      Since:
      7.15

    • setServiceAccountPermissionManager

      public void setServiceAccountPermissionManager(ServiceAccountPermissionManager serviceAccountPermissionManager)