Package com.atlassian.confluence.plugins.restapi.experimental.resources

Class ExperimentalContentRestrictionsResource

java.lang.Object
com.atlassian.confluence.plugins.restapi.experimental.resources.ExperimentalContentRestrictionsResource
@Consumes("application/json") @Produces("application/json") @Path("/content/{id}/restriction") public class ExperimentalContentRestrictionsResource extends Object

  • Constructor Details

    • ExperimentalContentRestrictionsResource

      @Inject public ExperimentalContentRestrictionsResource(ContentRestrictionService service)

  • Method Details

    • getRestrictions

      @GET public PageResponse<ContentRestriction> getRestrictions(@PathParam("id") ContentId contentId, @QueryParam("expand") @DefaultValue("restrictions.user,restrictions.group") String expand, @Context javax.ws.rs.core.UriInfo uriInfo, @QueryParam("start") @DefaultValue("0") int start, @QueryParam("limit") @DefaultValue("100") int limit)

      Returns all the restrictions which are directly specified on a piece of content identified by contentId param

      Example request URI:

      • http://example.com/confluence/rest/experimental/content/1234567/restriction?expand=
      Parameters:
      contentId - content to get restrictions for
      expand - a coma separated list of properties to expand in the response. Default is restrictions.user,restrictions.group
      uriInfo - injected by Jersey
      start - the start point of the collection to return
      limit - the limit of the number of items to return, this may be restricted by fixed system limits
      Returns:
      PageResponse with all the restrictions which are specified directly on a Content

    • updateRestrictions

      @PUT public PageResponse<ContentRestriction> updateRestrictions(@PathParam("id") ContentId contentId, @QueryParam("expand") @DefaultValue("restrictions.user,restrictions.group") String expand, PageResponse<ContentRestriction> contentRestrictions)
      Sets all the restrictions specified to a piece of content identified by contentId, replacing any existing permissions. Setting per-content restrictions is currently allowed for Pages or BlogPosts only.

      Example request URI:

      • http://example.com/confluence/rest/experimental/content/1234567/restriction?expand=

      Accepts same input format as the response of GET to the same resource would return. For the sake of simplicity also allows stripping of {"results": ... }" part and inlining arrays of specific users/groups directly.

      E.g.

      Example request (simplified)

      
 [
   {
     "operation": "update",
     "restrictions":
     {
       "user": [
         {
           "type": "known",
           "username": "admin"
         }
       ]
     }
   }
 ]

      Rules of applying restrictions via this method:

      • Provided collection of ContentRestrictions is allowed to have only 1 (ONE) ContentRestriction object for each operation.
      • Provided ContentRestrictions will replace (overwrite) any pre-existing restrictions on the Content under the corresponding operations.
      • In case provided collection of ContentRestriction does not have any of the operations supported it is assumed that restrictions for such operation should not be changed at all.
      • Restrictions with the "users" and/or "groups" map entries explicitly set to be empty arrays will result in removing corresponding restrictions for the content.
      • Restrictions with the "users" and/or "groups" map entries missing will result in not changing corresponding operation's user/group restrictions for the content.
      • It is not allowed to edit the restrictions in such a way which would remove requesting user's access.
      • Only Page and BlogPost contents are supported.
      Parameters:
      contentId - content to set restrictions for
      expand - a coma separated list of properties to expand in the response. Default is restrictions.user,restrictions.group
      Returns:
      the new state of the resource. PageResponse with all the restrictions which are specified directly on a Content. Result is the same as the response of GET to the same resource would return.

    • addRestrictions

      @POST public PageResponse<ContentRestriction> addRestrictions(@PathParam("id") ContentId contentId, @QueryParam("expand") @DefaultValue("restrictions.user,restrictions.group") String expand, PageResponse<ContentRestriction> contentRestrictions)
      Adds all the restrictions specified to a piece of content identified by contentId. Does not replace/remove/alter any pre-existing ContentRestrictions. Provided ContentRestrictions will be added, i.e. "merged with" any pre-existing restrictions on the Content under the corresponding operations. Changing per-content restrictions is currently allowed for Pages or BlogPosts only.

      Example request URI:

      • http://example.com/confluence/rest/experimental/content/1234567/restriction?expand=

      Accepts same input format as the response of GET to the same resource would return. For the sake of simplicity also allows stripping of {"results": ... }" part and inlining arrays of specific users/groups directly.

      E.g.

      Example request (simplified)

      
 [
   {
     "operation": "update",
     "restrictions":
     {
       "user": [
         {
           "type": "known",
           "username": "admin"
         }
       ]
     }
   }
 ]

      Rules of applying restrictions via this method:

      • Provided collection of ContentRestrictions is allowed to have only 1 (ONE) ContentRestriction object for each operation.
      • Provided ContentRestrictions will be added, i.e. "merged with" any pre-existing restrictions on the Content under the corresponding operations.
      • In case provided collection of ContentRestriction does not have any of the operations supported no changes will happen.
      • Restrictions with the "users" and/or "groups" map entries explicitly set to be empty arrays, or null, or missing will result in not changing corresponding operation's user/group restrictions for the content.
      • It is not allowed to edit the restrictions in such a way which would remove requesting user's access.
      • Only Page and BlogPost contents are supported.
      Parameters:
      contentId - the id of the content to add restrictions to
      contentRestrictions - Collection of ContentRestrictions to add to the Content specified
      expand - the expansions to the ContentRestriction. To be expanded on response.
      Returns:
      the new state of the resource. PageResponse with all the restrictions which are specified directly on a Content. Result is the same as the response of GET to the same resource would return.

    • deleteRestrictions

      @DELETE public PageResponse<ContentRestriction> deleteRestrictions(@PathParam("id") ContentId contentId, @QueryParam("expand") @DefaultValue("restrictions.user,restrictions.group") String expand)
      Removes all the restrictions specified directly on the content. I.e. makes READ and UPDATE operations unrestricted directly on the content.

      User performing this operation must have enough rights to edit the content specified as well as restrictions associated with it in order to proceed.

      Parameters:
      contentId - the id of the content to remove all restrictions from
      expand - the expansions to the ContentRestriction. To be expanded on response.
      Returns:
      the new state of the resource. PageResponse with all the restrictions which are specified directly on a Content. Result is the same as the response of GET to the same resource would return.

    • getIndividualUserRestrictionStatus

      @GET @Path("/byOperation/{operationKey}/user") public javax.ws.rs.core.Response getIndividualUserRestrictionStatus(@PathParam("id") ContentId contentId, @PathParam("operationKey") OperationKey operationKey, @QueryParam("key") com.atlassian.sal.api.user.UserKey userKey, @QueryParam("userName") String userName)
      Answers the question "Whether user, identified by userKey is a subject of the restriction for operation operationKey directly specified on a content with ID of ccontentId"

      Content identified by the id must exist and be accessible by the user performing this operation.

      Parameters:
      contentId - the id of the content to perform the test on
      operationKey - key for the Operation for which restrictions are to be checked
      userKey - userKey identifying the user in question
      Returns:
      true if the user in question is listed as a subject in one of the ContentRestircions directly specified on the content, false otherwise

    • getIndividualGroupRestrictionStatus

      @GET @Path("/byOperation/{operationKey}/group/{groupName}") public javax.ws.rs.core.Response getIndividualGroupRestrictionStatus(@PathParam("id") ContentId contentId, @PathParam("operationKey") OperationKey operationKey, @PathParam("groupName") Group group)
      Answers the question "Whether group, identified by groupName is a subject of the restriction for operation operationKey directly specified on a content with ID of ccontentId"

      Content identified by the id must exist and be accessible by the user performing this operation.

      Parameters:
      contentId - the id of the content to perform the test on
      operationKey - key for the Operation for which restrictions are to be checked
      group - group in question identified by the groupName path parameter
      Returns:
      true if the group in question is listed as a subject in one of the ContentRestircions directly specified on the content, false otherwise

    • deleteIndividualUserRestriction

      @DELETE @Path("/byOperation/{operationKey}/user") public javax.ws.rs.core.Response deleteIndividualUserRestriction(@PathParam("id") ContentId contentId, @PathParam("operationKey") OperationKey operationKey, @QueryParam("key") com.atlassian.sal.api.user.UserKey userKey, @QueryParam("userName") String userName)
      Deletes singular direct ContentRestriction for operationKey and user from the content identified by contentId parameter. Throws subclasses of ServiceException in case of various problems (cannot find content, restrictions to be deleted does not exist, etc...)

      Content identified by the id must exist and be accessible by the user performing this operation. User performing this operation must have all the required permissions for that Restriction to be deleted must exist

      Parameters:
      contentId - the id of the content which the restriction to be removed from
      operationKey - the operation to remove restriction for
      userKey - userKey identifying the User who's restriction is to be deleted
      userName - userName identifying the User who's restriction is to be deleted
      Returns:
      HTTP.200 if the deletion was successful

    • deleteIndividualGroupRestriction

      @DELETE @Path("/byOperation/{operationKey}/group/{groupName}") public javax.ws.rs.core.Response deleteIndividualGroupRestriction(@PathParam("id") ContentId contentId, @PathParam("operationKey") OperationKey operationKey, @PathParam("groupName") Group group)
      Deletes singular direct ContentRestriction for operationKey and user from the content identified by contentId parameter. Throws subclasses of ServiceException in case of various problems (cannot find content, restrictions to be deleted does not exist, etc...)

      Content identified by the id must exist and be accessible by the user performing this operation. User performing this operation must have all the required permissions for that Restriction to be deleted must exist

      Parameters:
      contentId - the id of the content which the restriction to be removed from
      operationKey - the operation to remove restriction for
      group - group (constructed from the groupName) identifying the Group who's restriction is to be deleted
      Returns:
      HTTP.200 if the deletion was successful

    • addIndividualUserRestriction

      @PUT @Path("/byOperation/{operationKey}/user") public javax.ws.rs.core.Response addIndividualUserRestriction(@PathParam("id") ContentId contentId, @PathParam("operationKey") OperationKey operationKey, @QueryParam("key") com.atlassian.sal.api.user.UserKey userKey, @QueryParam("userName") String userName)
      Adds singular direct ContentRestriction for operationKey and user for the content identified by contentId parameter. Throws subclasses of ServiceException in case of various problems (cannot find content, wrong opkey, not enought permissions, etc...)

      Content identified by the id must exist and be accessible by the user performing this operation. User performing this operation must have all the required permissions for that

      Parameters:
      contentId - the id of the content which the restriction to be added to
      operationKey - the operation to add restriction for
      userKey - userKey identifying the User who's restriction is to be added
      userName - userName identifying the User who's restriction is to be added
      Returns:
      HTTP.200 if the addition was successful

    • addIndividualGroupRestriction

      @PUT @Path("/byOperation/{operationKey}/group/{groupName}") public javax.ws.rs.core.Response addIndividualGroupRestriction(@PathParam("id") ContentId contentId, @PathParam("operationKey") OperationKey operationKey, @PathParam("groupName") Group group)
      Adds singular direct ContentRestriction for operationKey and group for the content identified by contentId parameter. Throws subclasses of ServiceException in case of various problems (cannot find content, wrong opkey, not enought permissions, etc...)

      Content identified by the id must exist and be accessible by the user performing this operation. User performing this operation must have all the required permissions for that

      Parameters:
      contentId - the id of the content which the restriction to be added to
      operationKey - the operation to add restriction for
      group - group (constructed from the groupName) identifying the Group who's restriction is to be added
      Returns:
      HTTP.200 if the addition was successful