Package com.atlassian.confluence.impl.security.access

Interface SpacePermissionAccessMapper

All Known Implementing Classes:
DefaultSpacePermissionAccessMapper
@Internal public interface SpacePermissionAccessMapper

Centralised logic to determine how permissions should be checked, depending on a user's type of access to Confluence (see ConfluenceAccessManager).

This has become necessary to make sense of logic that was originally duplicated between:

Not for use outside core space permission checking.

  • Method Details

    • getPermissionCheckSubjectTypes

      io.atlassian.fugue.Either<AccessDenied,Set<SpacePermissionSubjectType>> getPermissionCheckSubjectTypes(@NonNull AccessStatus accessStatus, @NonNull String permissionType)

      Determines the permission subject types that apply for a given user's AccessStatus and the space permission type being checked.

      Examples:

      • licensed users receive a permission if any permission subject type grants them that permission
      • users with unlicensed authenticated access only receive a permission if the "all users" subject type has that permission
      • anonymous users only receive a permission if the "anonymous" permission subject type has that permission
      • anonymous and users with unlicensed authenticated access users can't ever receive SpacePermission.ADMINISTER_SPACE_PERMISSION, so will be denied
      • users without access to Confluence can't receive any permissions, so will be denied

      A result of AccessDenied will be returned if either: the user (may be anonymous) does not have access to Confluence OR the given permission type is invalid for the user's AccessStatus.

      Parameters:
      accessStatus - access status for the user
      permissionType - the type of SpacePermission being checked
      Returns:
      Either.Right containing a NON-EMPTY set of permission subject types that apply for the given access status and permission type, or Either.Left if there are no permission subject types that apply