Package com.atlassian.confluence.core
Interface PermissionOverrideExtension
@PublicApi
@ExperimentalApi
public interface PermissionOverrideExtension
Implementations of this module are supposed to provide a decision whether the content is protected for a given
permission and permission target.
These overrides can only further tighten a permission or abstain from making a decision. The override can not be used to further relax the permissions.
NOTE: These override extensions are bound by the behaviour of the existing permission system. Users that are part of the `confluence-administrators` group are exempt from permissions checks in many common scenarios, subsequently in those same locations these overrides will also be ignored.
These overrides can only further tighten a permission or abstain from making a decision. The override can not be used to further relax the permissions.
NOTE: These override extensions are bound by the behaviour of the existing permission system. Users that are part of the `confluence-administrators` group are exempt from permissions checks in many common scenarios, subsequently in those same locations these overrides will also be ignored.
- Since:
- 9.2.6
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic enumDecision outcomes for the permission override. -
Method Summary
Modifier and TypeMethodDescriptionhasContentLevelPermission(ConfluenceUser user, String permissionType, ContentEntityObject contentEntityObject) The implementation of this method is supposed to either deny permissions or abstain from decision if the user has permissions against the content.default List<SimplePageContent> restrictBulkPageVisibility(ConfluenceUser user, List<SimplePageContent> pages, boolean isExport) Hooks into the fast permission system and returns a reduced subset of the pages based on the permission type.
-
Method Details
-
hasContentLevelPermission
default PermissionOverrideExtension.Decision hasContentLevelPermission(ConfluenceUser user, String permissionType, ContentEntityObject contentEntityObject) The implementation of this method is supposed to either deny permissions or abstain from decision if the user has permissions against the content. These overrides are applied at the content level, users that are part of the group `confluence-administrators` are exempt and will always have access to the content.- Parameters:
user- user whose permissions are going to be overridden.permissionType- identifier of the permission. seeContentPermissioncontentEntityObject- content to which permissions are overridden.- Returns:
- the decision.
-
restrictBulkPageVisibility
default List<SimplePageContent> restrictBulkPageVisibility(ConfluenceUser user, List<SimplePageContent> pages, boolean isExport) Hooks into the fast permission system and returns a reduced subset of the pages based on the permission type. For example if the bulk permission service returns pages {1,2,3} and the implementation restricts the pages 2 and 3 then it should return {2, 3}. This feels counterintuitive, but means that the returned list is only ever reductive, and we don't need to keep checking the returned subset against the original list.- Parameters:
pages- list of pages to checkisExport- true if the export permission is checked, false if the view permission is checked- Returns:
- a reduced set of the original pages.
-