Package com.atlassian.confluence.core

Interface ContentPermissionManager

All Known Subinterfaces:
ContentPermissionManagerInternal
All Known Implementing Classes:
DefaultContentPermissionManager
@Transactional public interface ContentPermissionManager

  • Method Details

    • addContentPermission

      void addContentPermission(ContentPermission permission, ContentEntityObject content)
      Add permissions to the content entity objecct through the manager. This will ensure that already existing permissions are updated and that the content will be reindexed.
      Parameters:
      permission -
      content -

    • setContentPermissions

      void setContentPermissions(Collection<ContentPermission> contentPermissions, ContentEntityObject content, String type)
      Set the Content Permissions on the CEO to be the list of ContentPermissions passed. Passing an empty list removes all permissions. Passing a list containing just the existing permissions does nothing.
      Parameters:
      contentPermissions - set of ContentPermissions
      content -
      type -

    • setContentPermissions

      void setContentPermissions(@NonNull Map<String,Collection<ContentPermission>> requiredPermissionsMap, ContentEntityObject content)
      Set the Content Permissions on the CEO to be the list of ContentPermissions passed. Passing an empty list removes all permissions. Passing a list containing just the existing permissions does nothing. It is recommended to use this method for setting different types of content permissions in a batch, because it performs more smart and performant caching updates than setContentPermissions(java.util.Collection, ContentEntityObject, String) does
      Parameters:
      requiredPermissionsMap - - map of ContentPermissions for each type
      content -
      Since:
      5.8

    • removeContentPermission

      void removeContentPermission(ContentPermission permission)

    • removeAllGroupPermissions

      void removeAllGroupPermissions(String groupName)
      Remove all content permission associated with a given group.
      Parameters:
      groupName -

    • removeAllUserPermissions

      void removeAllUserPermissions(ConfluenceUser user)
      Remove all content permission associated with a given user.
      Parameters:
      user -
      Since:
      5.3

    • getInheritedContentUserPermissions

      @Transactional(readOnly=true) List<ContentPermission> getInheritedContentUserPermissions(ContentEntityObject contentEntityObject)

    • getInheritedContentPermissionSets

      @Transactional(readOnly=true) List<ContentPermissionSet> getInheritedContentPermissionSets(ContentEntityObject contentEntityObject)
      Returns:
      a list of ContentPermissionSets of type ContentPermission.VIEW_PERMISSION of all ancestors of contentEntityObject

    • hasContentLevelPermission

      boolean hasContentLevelPermission(ConfluenceUser user, String permissionType, ContentEntityObject content)
      fetches the inherited and explicit content level permissions for this content object and determines whether the user has access.
      Parameters:
      permissionType - ContentPermission.VIEW_PERMISSION or ContentPermission.EDIT_PERMISSION
      Returns:
      true if the user has the specified type of permission on the given content
      Since:
      8.8

    • hasContentLevelPermission

      @Deprecated default boolean hasContentLevelPermission(com.atlassian.user.User user, String permissionType, ContentEntityObject content)
      Deprecated.
      since 8.8 use hasContentLevelPermission(ConfluenceUser, String, ContentEntityObject)
      fetches the inherited and explicit content level permissions for this content object and determines whether the user has access.
      Parameters:
      permissionType - ContentPermission.VIEW_PERMISSION or ContentPermission.EDIT_PERMISSION
      Returns:
      true if the user has the specified type of permission on the given content

    • getPermittedChildren

      @Transactional(readOnly=true) List<Page> getPermittedChildren(Page page, ConfluenceUser user)
      Returns a list of Page objects that are direct children of the passed in page. This method will only return the children the passed in user has permission to view.
      Since:
      8.8

    • getPermittedChildren

      @Transactional(readOnly=true) @Deprecated default List<Page> getPermittedChildren(Page page, com.atlassian.user.User user)
      Deprecated.
      since 8.8 use getPermittedChildren(Page, ConfluenceUser)
      Returns a list of Page objects that are direct children of the passed in page. This method will only return the children the passed in user has permission to view.

    • hasPermittedChildrenIgnoreInheritedPermissions

      boolean hasPermittedChildrenIgnoreInheritedPermissions(Page page, ConfluenceUser remoteUser)
      Does the given page have children visible to the given user. This method assumes that the given page is already visible to the given user and does not check the inherited permissions.
      Since:
      8.8

    • hasPermittedChildrenIgnoreInheritedPermissions

      @Deprecated default boolean hasPermittedChildrenIgnoreInheritedPermissions(Page page, com.atlassian.user.User remoteUser)
      Deprecated.
      since 8.8 use hasPermittedChildrenIgnoreInheritedPermissions(Page, ConfluenceUser)
      Does the given page have children visible to the given user. This method assumes that the given page is already visible to the given user and does not check the inherited permissions.

    • getPermittedChildrenIgnoreInheritedPermissions

      @Transactional(readOnly=true) List<Page> getPermittedChildrenIgnoreInheritedPermissions(Page page, ConfluenceUser user)
      Gets the list of child pages under the given page that are visible to the given user. This method assumes that the given page is already visible to the given user and does not check the inherited permissions.
      Since:
      8.8

    • getPermittedChildrenIgnoreInheritedPermissions

      @Transactional(readOnly=true) @Deprecated default List<Page> getPermittedChildrenIgnoreInheritedPermissions(Page page, com.atlassian.user.User user)
      Deprecated.
      since 8.8 use getPermittedChildrenIgnoreInheritedPermissions(Page, ConfluenceUser)
      Gets the list of child pages under the given page that are visible to the given user. This method assumes that the given page is already visible to the given user and does not check the inherited permissions.
      Since:
      5.10

    • getViewContentPermissions

      @Deprecated @Transactional(readOnly=true) Set<ContentPermission> getViewContentPermissions(Page page)
      Deprecated.
      since 5.8. use getContentPermissionSets(ContentEntityObject, String) passing permission type ContentPermission.VIEW_PERMISSION
      Get view permissions on this page and its ancestors.
      Parameters:
      page -
      Returns:
      a list of ContentPermission instances

    • getInheritedContentPermissionSets

      @Transactional(readOnly=true) List<ContentPermissionSet> getInheritedContentPermissionSets(ContentEntityObject contentEntityObject, boolean includeEditPermissions)
      Get the inherited ContentPermissionSets that affect this ceo. Note that EDIT Permissions are not currently inherited, however edit permissions are treated as view permissions when considering inheritance, unless the boolean 'includeEditPermissions' is set to false.
      Parameters:
      contentEntityObject - whose permissions will be returned. Not null.
      includeEditPermissions - which specifies whether or not edit permissions should be additionally treated as view permissions.
      Returns:
      a list of ContentPermissionSets. Not null, but can be empty.
      Since:
      5.8

    • getContentPermissionSets

      @Transactional(readOnly=true) List<ContentPermissionSet> getContentPermissionSets(ContentEntityObject ceo, String type)
      Get the ContentPermissionSets that affect this ceo, both inherited and directly. Note that EDIT Permissions are not currently inherited, so calling this method with EDIT will return only the direct ContentPermissionSet.
      Parameters:
      ceo - whose permissions will be returned. Not null.
      type - one of ContentPermission.VIEW_PERMISSION or ContentPermission.EDIT_PERMISSION
      Returns:
      a list of ContentPermissionSets. Not null, but can be empty.

    • isPermissionInherited

      boolean isPermissionInherited(Page childPage)
      Does the child page get its permissions from any ancestor?
      Parameters:
      childPage -
      Returns:
      boolean True if the child page does not have a view permission set, and an ancestor does.

    • copyContentPermissions

      @Deprecated void copyContentPermissions(AbstractPage from, AbstractPage to)
      Deprecated.
      since 5.10.1 use copyContentPermissions(ContentEntityObject, ContentEntityObject)
      Copies all content permissions from one page to another.
      Since:
      5.10

    • copyContentPermissions

      void copyContentPermissions(ContentEntityObject from, ContentEntityObject to)
      Copies all content permissions from one content entity to another.
      Since:
      5.10.1

    • getPermissionSets

      @Transactional(readOnly=true) Map<Long,Boolean> getPermissionSets(ConfluenceUser user, Space space)
      Retrieves the configured permissions regarding whether the specified user can view the pages inside a space. If a page is not configured in the tables - CONTENT_PERM_SET and CONTENT_PERM, then the permission of that page will not be included here. Note: the permission returned here does not consider the inherited permission from parent page.
      Parameters:
      user - - confluence user to be checked
      space - - confluence space
      Returns:
      a Map where the key is the page id and the value indicates the view permission.
      Since:
      8.8

    • getPermissionSets

      @Transactional(readOnly=true) @Deprecated default Map<Long,Boolean> getPermissionSets(com.atlassian.user.User user, Space space)
      Deprecated.
      since 8.8 use getPermissionSets(ConfluenceUser, Space)
      Retrieves the configured permissions regarding whether the specified user can view the pages inside a space. If a page is not configured in the tables - CONTENT_PERM_SET and CONTENT_PERM, then the permission of that page will not be included here. Note: the permission returned here does not consider the inherited permission from parent page.
      Parameters:
      user - - confluence user to be checked
      space - - confluence space
      Returns:
      a Map where the key is the page id and the value indicates the view permission.
      Since:
      5.10.8

    • isSharedAccessAllowed

      boolean isSharedAccessAllowed(ConfluenceUser user, ContentEntityObject contentEntity)
      Checks if this draft can be accessed by users other than the creator (shared access)

      IMPORTANT NOTE: if shared access is disallowed it prevails over permissions (only creator has access), BUT if it is allowed normal permissions still need to be checked

      Drafts for existing objects are considered automatically shared according to the permissions set, but drafts that have never been published are considered private even without permissions set, so if a user if trying to access one of them it should be verified that is doing so with the proper share id in addition to permissions.

      Parameters:
      user - User to check
      Returns:
      true if this draft can be accessed given a share id, false otherwise
      Since:
      9.3
      See Also: