Class SpacePermissionCoordinator
- java.lang.Object
-
- com.atlassian.confluence.security.SpacePermissionCoordinator
-
- All Implemented Interfaces:
SpacePermissionManagerInternal,SpacePermissionSaverInternal,SpacePermissionManager,SpacePermissionSaver
@ParametersAreNonnullByDefault public class SpacePermissionCoordinator extends Object implements SpacePermissionManagerInternal
Space permission manager that adds a layer of security over the write operations in this class. That is, it performs permission checking via thePermissionManagerandSetSpacePermissionCheckerbefore forwarding the call to the underlying space permission manager.
-
-
Constructor Summary
Constructors Constructor Description SpacePermissionCoordinator()
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description voidcreateDefaultSpacePermissions(Space space)voidcreatePrivateSpacePermissions(Space space)voidflushCaches()List<SpacePermission>getAllPermissionsForGroup(String group)Set<SpacePermission>getDefaultGlobalPermissions()Returns the default global permissions that are created when Confluence is set up.List<SpacePermission>getGlobalPermissions()List<SpacePermission>getGlobalPermissions(String permissionType)Map<String,Long>getGroupsForPermissionType(String permissionType, Space space)Collection<com.atlassian.user.Group>getGroupsWithPermissions(@Nullable Space space)Returns all groups which have permissions in a space or on a global level.Map<String,Long>getUsersForPermissionType(String permissionType, Space space)Collection<com.atlassian.user.User>getUsersWithPermissions(@Nullable Space space)Returns a collection of user objects with VIEWSPACE_PERMISSION in the space.booleangroupHasPermission(String permissionType, @Nullable Space space, String group)Checks whether the given group has the given permissionbooleanhasAllPermissions(List<String> permissionTypes, @Nullable Space space, @Nullable ConfluenceUser remoteUser)Determines if remoteUser has all of the given permissions in spacebooleanhasPermission(String permissionType, @Nullable Space space, @Nullable ConfluenceUser remoteUser)Determines if remoteUser has the given permission in spacebooleanhasPermissionForSpace(@Nullable ConfluenceUser user, List permissionTypes, @Nullable Space space)booleanhasPermissionNoExemptions(String permissionType, @Nullable Space space, @Nullable ConfluenceUser remoteUser)Returns true if the user has the specified permission on the target space.booleanisPermittedInReadOnlyAccessMode(String permissionType)Check if the permission type is permitted in read only access modebooleanpermissionExists(SpacePermission permission)Check whether the given SpacePermission exists.voidremoveAllPermissions(Space space)Deprecated.voidremoveAllPermissions(Space space, SpacePermissionContext context)Removes allSpacePermission's from the specified space.voidremoveAllPermissionsForGroup(String groupName)Removes all theSpacePermission's for the specified group.voidremoveAllPermissionsForGroup(String groupName, SpacePermissionContext context)Removes all permissions for the given group.voidremoveAllUserPermissions(@NonNull ConfluenceUser user)Removes all theSpacePermission's for the specified user.voidremoveAllUserPermissions(ConfluenceUser user, SpacePermissionContext context)Removes all theSpacePermission's for the specified user.voidremoveGlobalPermissionForUser(ConfluenceUser user, String permissionType)Removes the specified Global Permissions of type 'permissionType' from the uservoidremoveGlobalPermissionForUser(ConfluenceUser user, String permissionType, SpacePermissionContext context)Removes the specified Global Permissions of type 'permissionType' from the uservoidremovePermission(SpacePermission permission)Deprecated.voidremovePermission(SpacePermission permission, SpacePermissionContext context)Removes the specified permission.voidsavePermission(SpacePermission permission)Deprecated.voidsavePermission(SpacePermission permission, SpacePermissionContext context)Saves the permission.voidsetGroupManager(com.atlassian.user.GroupManager groupManager)voidsetPermissionManager(PermissionManager permissionManager)voidsetSetSpacePermissionChecker(SetSpacePermissionChecker setSpacePermissionChecker)voidsetSpacePermissionManager(SpacePermissionManagerInternal spacePermissionManager)voidsetUserManager(com.atlassian.user.UserManager unused)Deprecated.since 7.7 unused-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.atlassian.confluence.security.SpacePermissionManager
hasAllPermissions, hasPermission, hasPermissionForSpace, hasPermissionNoExemptions
-
-
-
-
Method Detail
-
savePermission
@Deprecated public void savePermission(SpacePermission permission)
Deprecated.Saves the specified permission.- Specified by:
savePermissionin interfaceSpacePermissionSaver- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckSetSpacePermissionChecker.canSetPermission(User, SpacePermission)first.
-
savePermission
public void savePermission(SpacePermission permission, SpacePermissionContext context)
Description copied from interface:SpacePermissionSaverInternalSaves the permission.May generate a
SpacePermissionSaveEventin the process, depending on the context.- Specified by:
savePermissionin interfaceSpacePermissionSaverInternal- Parameters:
permission- the permission to savecontext- the context for the save
-
removeAllPermissions
@Deprecated public void removeAllPermissions(Space space)
Deprecated.Removes allSpacePermission's from the specified space.- Specified by:
removeAllPermissionsin interfaceSpacePermissionManager- Parameters:
space- The space to remove the permissions for- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckPermission.SET_PERMISSIONSonPermissionManagerfirst.
-
removeAllPermissions
public void removeAllPermissions(Space space, SpacePermissionContext context)
Removes allSpacePermission's from the specified space.- Specified by:
removeAllPermissionsin interfaceSpacePermissionManagerInternal- Parameters:
space- The space to remove the permissions forcontext- The context for this removal- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckPermission.SET_PERMISSIONSonPermissionManagerfirst.
-
removePermission
@Deprecated public void removePermission(SpacePermission permission)
Deprecated.Removes the specified permission.- Specified by:
removePermissionin interfaceSpacePermissionManager- Parameters:
permission- the permission to remove- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckSetSpacePermissionChecker.canSetPermission(User, SpacePermission)first.
-
removePermission
public void removePermission(SpacePermission permission, SpacePermissionContext context)
Removes the specified permission.- Specified by:
removePermissionin interfaceSpacePermissionManagerInternal- Parameters:
permission- the permission to removecontext- the context for the removal- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckSetSpacePermissionChecker.canSetPermission(User, SpacePermission)first.
-
createDefaultSpacePermissions
public void createDefaultSpacePermissions(Space space)
- Specified by:
createDefaultSpacePermissionsin interfaceSpacePermissionManager
-
createPrivateSpacePermissions
public void createPrivateSpacePermissions(Space space)
- Specified by:
createPrivateSpacePermissionsin interfaceSpacePermissionManager
-
removeAllUserPermissions
public void removeAllUserPermissions(@NonNull ConfluenceUser user)
Removes all theSpacePermission's for the specified user.- Specified by:
removeAllUserPermissionsin interfaceSpacePermissionManager- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckPermission.SET_PERMISSIONSusingPermissionManagerfirst.
-
removeAllUserPermissions
public void removeAllUserPermissions(ConfluenceUser user, SpacePermissionContext context)
Removes all theSpacePermission's for the specified user.- Specified by:
removeAllUserPermissionsin interfaceSpacePermissionManagerInternal- Parameters:
user- the user to remove permissions forcontext- the context for the removal- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckPermission.SET_PERMISSIONSusingPermissionManagerfirst.
-
removeGlobalPermissionForUser
public void removeGlobalPermissionForUser(ConfluenceUser user, String permissionType)
Removes the specified Global Permissions of type 'permissionType' from the user- Specified by:
removeGlobalPermissionForUserin interfaceSpacePermissionManager- Parameters:
user- the user to look uppermissionType- the permission type to remove- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckPermission.SET_PERMISSIONSusingPermissionManagerfirst.
-
removeGlobalPermissionForUser
public void removeGlobalPermissionForUser(ConfluenceUser user, String permissionType, SpacePermissionContext context)
Removes the specified Global Permissions of type 'permissionType' from the user- Specified by:
removeGlobalPermissionForUserin interfaceSpacePermissionManagerInternal- Parameters:
user- the user to look uppermissionType- the permission type to removecontext- the context for the removal- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckPermission.SET_PERMISSIONSusingPermissionManagerfirst.
-
removeAllPermissionsForGroup
public void removeAllPermissionsForGroup(String groupName)
Removes all theSpacePermission's for the specified group.- Specified by:
removeAllPermissionsForGroupin interfaceSpacePermissionManager- Parameters:
groupName- the group to remove- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckPermission.SET_PERMISSIONSusingPermissionManagerfirst.EntityRuntimeException- if there is an error retrieving the group with the specified group name
-
removeAllPermissionsForGroup
public void removeAllPermissionsForGroup(String groupName, SpacePermissionContext context)
Description copied from interface:SpacePermissionManagerInternalRemoves all permissions for the given group.May generate a
SpacePermissionsRemoveForGroupEventin the process, depending on the context.- Specified by:
removeAllPermissionsForGroupin interfaceSpacePermissionManagerInternal- Parameters:
groupName- the group to remove
-
hasPermission
public boolean hasPermission(String permissionType, @Nullable Space space, @Nullable ConfluenceUser remoteUser)
Description copied from interface:SpacePermissionManagerDetermines if remoteUser has the given permission in spaceUnless you're writing code that is part of the permission checking implementation, or you're changing space permissions, you should be using
PermissionManagerinstead.- Specified by:
hasPermissionin interfaceSpacePermissionManager- Parameters:
permissionType- The permission type to look upspace- The space the permission applies to (can be null for global permissions)- Returns:
- true if remoteUser has the permission, false otherwise
-
hasPermissionNoExemptions
public boolean hasPermissionNoExemptions(String permissionType, @Nullable Space space, @Nullable ConfluenceUser remoteUser)
Description copied from interface:SpacePermissionManagerReturns true if the user has the specified permission on the target space. This method does not allow exemptions for super-users likeSpacePermissionManager.hasPermission(String, Space, User)does.For parameter and return value information, see
SpacePermissionManager.hasPermission(String, Space, User).- Specified by:
hasPermissionNoExemptionsin interfaceSpacePermissionManager
-
hasAllPermissions
public boolean hasAllPermissions(List<String> permissionTypes, @Nullable Space space, @Nullable ConfluenceUser remoteUser)
Description copied from interface:SpacePermissionManagerDetermines if remoteUser has all of the given permissions in spaceIf remoteUser lacks any of the given permissions, false is returned.
Unless you're writing code that is part of the permission checking implementation, or you're changing space permissions, you should be using
PermissionManagerinstead.- Specified by:
hasAllPermissionsin interfaceSpacePermissionManager- Parameters:
permissionTypes- A List of permission types (see SpacePermission) to checkspace- The space the permissions apply toremoteUser- The user to look up- Returns:
- true if remoteUser has the permission, false otherwise
-
getAllPermissionsForGroup
public List<SpacePermission> getAllPermissionsForGroup(String group)
- Specified by:
getAllPermissionsForGroupin interfaceSpacePermissionManager
-
getGlobalPermissions
public List<SpacePermission> getGlobalPermissions()
- Specified by:
getGlobalPermissionsin interfaceSpacePermissionManager
-
getGlobalPermissions
public List<SpacePermission> getGlobalPermissions(String permissionType)
- Specified by:
getGlobalPermissionsin interfaceSpacePermissionManager
-
flushCaches
public void flushCaches()
- Specified by:
flushCachesin interfaceSpacePermissionManager
-
groupHasPermission
public boolean groupHasPermission(String permissionType, @Nullable Space space, String group)
Description copied from interface:SpacePermissionManagerChecks whether the given group has the given permissionIf a null space is specified, this method looks up matching global permissions, otherwise space's permissions list is queried to see if the permission matches.
Similarly, if permissionType is not a space permission, a matching global permission is looked up.
- Specified by:
groupHasPermissionin interfaceSpacePermissionManager- Parameters:
permissionType- The permission type to look upspace- The space the permission applies to (can be null for global permissions)group- The group to look up the permission for- Returns:
- true if the group has the required permission, false otherwise
-
hasPermissionForSpace
public boolean hasPermissionForSpace(@Nullable ConfluenceUser user, List permissionTypes, @Nullable Space space)
- Specified by:
hasPermissionForSpacein interfaceSpacePermissionManager
-
getGroupsWithPermissions
public Collection<com.atlassian.user.Group> getGroupsWithPermissions(@Nullable Space space)
Description copied from interface:SpacePermissionManagerReturns all groups which have permissions in a space or on a global level. If space is null, permissions on the global level will be checked.- Specified by:
getGroupsWithPermissionsin interfaceSpacePermissionManager- Parameters:
space- - space to query, if null global permissions returned- Returns:
- Collection of groups with permissions
-
getGroupsForPermissionType
public Map<String,Long> getGroupsForPermissionType(String permissionType, Space space)
- Specified by:
getGroupsForPermissionTypein interfaceSpacePermissionManager
-
getUsersWithPermissions
public Collection<com.atlassian.user.User> getUsersWithPermissions(@Nullable Space space)
Description copied from interface:SpacePermissionManagerReturns a collection of user objects with VIEWSPACE_PERMISSION in the space. If no space is provided A list of users with USE_CONFLUENCE_PERMISSION will be returned- Specified by:
getUsersWithPermissionsin interfaceSpacePermissionManager- Parameters:
space- - space to query, if null global permissions returned- Returns:
- Collection of User objects
-
getUsersForPermissionType
public Map<String,Long> getUsersForPermissionType(String permissionType, Space space)
- Specified by:
getUsersForPermissionTypein interfaceSpacePermissionManager
-
permissionExists
public boolean permissionExists(SpacePermission permission)
Description copied from interface:SpacePermissionManagerCheck whether the given SpacePermission exists. Checks by attribute equality rather than by id.- Specified by:
permissionExistsin interfaceSpacePermissionManager- Parameters:
permission- the permission to look for.- Returns:
- true if the permission is recognised by the manager as existing.
-
getDefaultGlobalPermissions
public Set<SpacePermission> getDefaultGlobalPermissions()
Description copied from interface:SpacePermissionManagerReturns the default global permissions that are created when Confluence is set up. These will exist in a newly set up system but may be removed afterwards. Note that the returned objects are freshly created and therefore do not have IDs or other persistence data.By default, confluence-administrators group has admin access, the default confluence users group can view the system and anonymous access is disabled.
- Specified by:
getDefaultGlobalPermissionsin interfaceSpacePermissionManager- Returns:
- a collection of
SpacePermissions.
-
isPermittedInReadOnlyAccessMode
public boolean isPermittedInReadOnlyAccessMode(String permissionType)
Description copied from interface:SpacePermissionManagerCheck if the permission type is permitted in read only access mode- Specified by:
isPermittedInReadOnlyAccessModein interfaceSpacePermissionManager- Parameters:
permissionType- the permission type to be checked- Returns:
- true if the permission type is permitted in read only access mode
-
setPermissionManager
public void setPermissionManager(PermissionManager permissionManager)
-
setSpacePermissionManager
public void setSpacePermissionManager(SpacePermissionManagerInternal spacePermissionManager)
-
setSetSpacePermissionChecker
public void setSetSpacePermissionChecker(SetSpacePermissionChecker setSpacePermissionChecker)
-
setUserManager
@Deprecated public void setUserManager(com.atlassian.user.UserManager unused)
Deprecated.since 7.7 unused
-
setGroupManager
public void setGroupManager(com.atlassian.user.GroupManager groupManager)
-
-