Package com.atlassian.confluence.security

Class DefaultPermissionManager

java.lang.Object
com.atlassian.confluence.security.DefaultPermissionManager
All Implemented Interfaces:
PermissionDelegateRegistry, PermissionManager
public class DefaultPermissionManager extends Object implements PermissionManager, PermissionDelegateRegistry
Default implementation of PermissionManager. Delegates all the decision-making to a collection of delegates that handle the per-target-type permission checking.
Since:
2.0
See Also:

  • Constructor Details

    • DefaultPermissionManager

      public DefaultPermissionManager()

  • Method Details

    • hasPermission

      public boolean hasPermission(ConfluenceUser user, Permission permission, Object target)
      Description copied from interface: PermissionManager
      Determine whether a user has a particular permission against a given target.
      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check
      target - the object that the permission is being checked against. If this object is null, the method will return false
      Returns:
      true if the user has this permission, false otherwise

    • hasPermission

      public boolean hasPermission(ConfluenceUser user, Permission permission, Object target, boolean checkScopePermission)
      Determine whether a user has a particular permission against a given target, with control over scope permission checking.
      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check
      target - the object that the permission is being checked against. If this object is null, the method will return false
      checkScopePermission - Flag to indicate if permissions associated with scope should be validated. Skip for granular scopes that are not associated with permissions.
      Returns:
      true if the user has this permission, false otherwise
      Throws:
      IllegalStateException - if the permission being checked against does not apply to the target

    • hasPermission

      public boolean hasPermission(ConfluenceUser user, Permission permission, Class targetType)
      Description copied from interface: PermissionManager
      Determine whether a user has a particular permission for all instances of the specified target type.
      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      user - the user
      permission - the permission to check (see Permission
      targetType - the type of the target
      Returns:
      true if the user has this permission, false otherwise.

    • hasPermission

      public boolean hasPermission(ConfluenceUser user, Permission permission, Class targetType, boolean checkScopePermission)
      Determine whether a user has a particular permission for all instances of the specified target type, with control over scope permission checking.
      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      user - the user
      permission - the permission to check (see Permission
      targetType - the type of the target
      checkScopePermission - Flag to indicate if permissions associated with scope should be validated. Skip for granular scopes that are not associated with permissions.
      Returns:
      true if the user has this permission, false otherwise.

    • hasPermissionNoExemptions

      public boolean hasPermissionNoExemptions(ConfluenceUser user, Permission permission, Object target)
      Returns true if the user has the specified permission on the target object. Does not allow exemptions for super-users like hasPermission(ConfluenceUser, Permission, Object) does.

      This implementation should become the default one once the exemption for the 'confluence-administrators' group is removed.

      For parameter and return value information, see hasPermission(ConfluenceUser, Permission, Object).

      Specified by:
      hasPermissionNoExemptions in interface PermissionManager

    • hasPermissionNoExemptions

      public boolean hasPermissionNoExemptions(ConfluenceUser user, Permission permission, Object target, boolean checkScopePermission)
      Returns true if the user has the specified permission on the target object, with control over scope permission checking. Does not allow exemptions for super-users like hasPermission(ConfluenceUser, Permission, Object) does.

      This implementation should become the default one once the exemption for the 'confluence-administrators' group is removed.

      For parameter and return value information, see hasPermission(ConfluenceUser, Permission, Object).

      Specified by:
      hasPermissionNoExemptions in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check
      target - the object that the permission is being checked against
      checkScopePermission - Flag to indicate if permissions associated with scope should be validated. Skip for granular scopes that are not associated with permissions.
      Returns:
      true if the user has this permission, false otherwise

    • hasCreatePermission

      public boolean hasCreatePermission(ConfluenceUser user, Object container, Class<?> typeToCreate)
      Description copied from interface: PermissionManager
      Determine whether a user has permission to create an entity of a particular type within a given container.

      The container is the natural container of the object being created. For example, a comment is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

      This overload should not be used when creating CustomContentEntityObject instances. In that case, permission checks should use

      invalid reference 
      #hasCreatePermission(com.atlassian.user.User, Object, Object)
      .

      Specified by:
      hasCreatePermission in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      container - the target that the object is being created within. If this object is null, the method will return false
      typeToCreate - the type of object being created (see above)
      Returns:
      true if the user has permission, false otherwise
      See Also:

    • hasCreatePermission

      public boolean hasCreatePermission(ConfluenceUser user, Object container, Object objectToCreate)
      Description copied from interface: PermissionManager
      Determine whether a user has permission to create a particular entity within a given container.

      The container is the natural container of the object being created. For example, a comment is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

      This overload is best when creating CustomContentEntityObject instances. Other permission checks should use

      invalid reference 
      #hasCreatePermission(com.atlassian.user.User, Object, Class)
      .

      Specified by:
      hasCreatePermission in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      container - the target that the object is being created within. If this object is null, the method will return false
      objectToCreate - the object being created (see above)
      Returns:
      true if the user has permission, false otherwise

    • getPermittedEntities

      public <X> List<X> getPermittedEntities(ConfluenceUser user, Permission permission, List<? extends X> objects)
      Description copied from interface: PermissionManager
      Filter a list based on which entities in the list have a particular permission.
      Specified by:
      getPermittedEntities in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • getPermittedEntities

      public <X> List<X> getPermittedEntities(ConfluenceUser user, Permission permission, Iterator<? extends X> objects, int maxResults)
      Description copied from interface: PermissionManager
      Filter an iterator based on which entities in the list have a particular permission.
      Specified by:
      getPermittedEntities in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • getPermittedEntities

      public <X> List<X> getPermittedEntities(ConfluenceUser user, Permission permission, Iterator<X> entities, int maxResults, Collection<? extends PermissionManager.Criterion> otherCriteria)
      Description copied from interface: PermissionManager
      Filter an iterator based on which entities in the list have a particular permission. You may also supply additional criteria through which to filter the iterator.
      Specified by:
      getPermittedEntities in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      entities - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      otherCriteria - a collection of PermissionManager.Criterion objects through which the permitted entities must also be filtered
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • getPermittedEntitiesNoExemptions

      public <X> List<X> getPermittedEntitiesNoExemptions(ConfluenceUser user, Permission permission, List<? extends X> objects)
      Description copied from interface: PermissionManager
      Filter a list based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like PermissionManager.getPermittedEntities(User, Permission, List) does.
      Specified by:
      getPermittedEntitiesNoExemptions in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • getPermittedEntitiesNoExemptions

      public <X> List<X> getPermittedEntitiesNoExemptions(ConfluenceUser user, Permission permission, Iterator<? extends X> objects, int maxResults)
      Description copied from interface: PermissionManager
      Filter an iterator based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like PermissionManager.getPermittedEntities(User, Permission, Iterator, int) does.
      Specified by:
      getPermittedEntitiesNoExemptions in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • getPermittedEntitiesNoExemptions

      public <X> List<X> getPermittedEntitiesNoExemptions(ConfluenceUser user, Permission permission, Iterator<X> entities, int maxResults, Collection<? extends PermissionManager.Criterion> otherCriteria)
      Description copied from interface: PermissionManager
      Filter an iterator based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like PermissionManager.getPermittedEntities(User, Permission, Iterator, int, Collection) does. You may also supply additional criteria through which to filter the iterator.
      Specified by:
      getPermittedEntitiesNoExemptions in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      entities - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      otherCriteria - a collection of PermissionManager.Criterion objects through which the permitted entities must also be filtered
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • isConfluenceAdministrator

      public boolean isConfluenceAdministrator(ConfluenceUser user)
      Description copied from interface: PermissionManager
      Determine if the user is a Confluence administrator. Calling this method is identical to calling hasPermission(user, Permission.ADMINISTER, PermissionManager.TARGET_APPLICATION).
      Specified by:
      isConfluenceAdministrator in interface PermissionManager
      Parameters:
      user - the user to check permissions against
      Returns:
      true if the user is a Confluence administrator, false otherwise

    • isSystemAdministrator

      public boolean isSystemAdministrator(ConfluenceUser user)
      Description copied from interface: PermissionManager
      Determine if the user is a system administrator. Calling this method is identical to calling hasPermission(user, Permission.ADMINISTER, PermissionManager.TARGET_SYSTEM).
      Specified by:
      isSystemAdministrator in interface PermissionManager
      Parameters:
      user - the user to check permissions against
      Returns:
      true if the user is a system administrator, false otherwise

    • withExemption

      public void withExemption(Runnable runnable)
      Description copied from interface: PermissionManager
      Execute the given task with permission exemption.

      Calls to:

      • invalid reference 
        #hasPermission(com.atlassian.user.User, Permission, Object)
      • invalid reference 
        #hasPermission(com.atlassian.user.User, Permission, Class)
      • invalid reference 
        #hasCreatePermission(com.atlassian.user.User, Object, Object)
      • invalid reference 
        #hasCreatePermission(com.atlassian.user.User, Object, Class)
      within the executed task will all return true. This will also affect permission checks in SpacePermissionManager and ConfluenceAccessManager, unless "noExemptions" variants are called.

      Use with care.

      Specified by:
      withExemption in interface PermissionManager
      Parameters:
      runnable - task to execute with permission exemption

    • withExemption

      public <T> T withExemption(Supplier<T> supplier)
      Description copied from interface: PermissionManager
      Execute the given task with permission exemption.

      Calls to:

      • invalid reference 
        #hasPermission(com.atlassian.user.User, Permission, Object)
      • invalid reference 
        #hasPermission(com.atlassian.user.User, Permission, Class)
      • invalid reference 
        #hasCreatePermission(com.atlassian.user.User, Object, Object)
      • invalid reference 
        #hasCreatePermission(com.atlassian.user.User, Object, Class)
      within the executed task will all return true. This will also affect permission checks in SpacePermissionManager and ConfluenceAccessManager, unless "noExemptions" variants are called.

      Use with care.

      Specified by:
      withExemption in interface PermissionManager
      Parameters:
      supplier - task to execute with permission exemption

    • setPermissionCheckExemptions

      public void setPermissionCheckExemptions(PermissionCheckExemptions permissionCheckExemptions)

    • setContentTypeModuleResolver

      public void setContentTypeModuleResolver(ContentTypeModuleResolver contentTypeModuleResolver)
      Since:
      7.16

    • setConfluenceAccessManager

      public void setConfluenceAccessManager(ConfluenceAccessManager confluenceAccessManager)

    • setAccessModeManager

      public void setAccessModeManager(AccessModeManager accessModeManager)

    • setScopesRequestCacheDelegate

      public void setScopesRequestCacheDelegate(ScopesRequestCacheDelegate scopesRequestCache)

    • hasMovePermission

      public boolean hasMovePermission(ConfluenceUser user, Object source, Object target, String movePoint)
      Description copied from interface: PermissionManager
      Determine whether a user has permission to move a particular entity to a given target.

      The target is the natural container of the object being moved to. For example, a pages is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

      Specified by:
      hasMovePermission in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      source - the object and all it descendants is being moved. If this object is null, the method will return false
      target - where is the source being moved to (see above)
      movePoint - indicate where source node and target node relative (i.a before, after, append)
      Returns:
      true if the user has permission, false otherwise

    • hasRemoveHierarchyPermission

      public boolean hasRemoveHierarchyPermission(ConfluenceUser user, Object target)
      Description copied from interface: PermissionManager
      Determine whether a user has permission to remove a particular entity and all it children.

      The target is the natural container of the object being removed. For example, a page and all its descendants in a page, which is contained within a space.

      Specified by:
      hasRemoveHierarchyPermission in interface PermissionManager
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      target - where is the object and all its descendant are being removed
      Returns:
      true if the user has permission, false otherwise

    • register

      public void register(String key, PermissionDelegate<?> delegate)
      Specified by:
      register in interface PermissionDelegateRegistry
      Since:
      7.15

    • setServiceAccountPermissionManager

      public void setServiceAccountPermissionManager(ServiceAccountPermissionManager serviceAccountPermissionManager)