Class SpacePermissionCoordinator
java.lang.Object
com.atlassian.confluence.security.SpacePermissionCoordinator
- All Implemented Interfaces:
SpacePermissionManagerInternal,SpacePermissionSaverInternal,SpacePermissionManager,SpacePermissionSaver
@ParametersAreNonnullByDefault
public class SpacePermissionCoordinator
extends Object
implements SpacePermissionManagerInternal
Space permission manager that adds a layer of security over the write operations in this class. That is, it performs
permission checking via the
PermissionManager and SetSpacePermissionChecker before forwarding the call to the underlying space permission manager.-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidvoidvoidgetAllPermissionsForGroup(String group) Returns the default global permissions that are created when Confluence is set up.getGlobalPermissions(String permissionType) getGroupsForPermissionType(String permissionType, Space space) Collection<com.atlassian.user.Group>getGroupsWithPermissions(@Nullable Space space) Returns all groups which have permissions in a space or on a global level.Get all permissions granted to the anonymous users in the given spacegetPermissionsForGroup(String group, Space space) Get all permissions for the given group in the specified spacegetPermissionsForUser(ConfluenceUser user, Space space) Get all permissions for the given user in the specified spacegetUsersForPermissionType(String permissionType, Space space) Collection<com.atlassian.user.User>getUsersWithPermissions(@Nullable Space space) Returns a collection of user objects with VIEWSPACE_PERMISSION in the space.booleangroupHasPermission(String permissionType, @Nullable Space space, String group) Checks whether the given group has the given permissionbooleangroupInheritsPermission(String permissionType, @Nullable Space space, String group) Checks whether the given group inherits the given permission and not has it directly.booleanhasAllPermissions(List<String> permissionTypes, @Nullable Space space, @Nullable ConfluenceUser remoteUser) Determines if remoteUser has all of the given permissions in spacebooleanhasPermission(String permissionType, @Nullable Space space, @Nullable ConfluenceUser remoteUser) Determines if remoteUser has the given permission in spacebooleanhasPermissionForSpace(@Nullable ConfluenceUser user, List permissionTypes, @Nullable Space space) booleanhasPermissionNoExemptions(String permissionType, @Nullable Space space, @Nullable ConfluenceUser remoteUser) Returns true if the user has the specified permission on the target space.booleanhasPermissionNoExemptionsExceptViaNestedGroups(String permissionType, @Nullable Space space, @Nullable ConfluenceUser remoteUser) Returns true if the user has the specified permission on the target space except if it gets it from some parent of its parent group.booleanisPermittedInReadOnlyAccessMode(String permissionType) Check if the permission type is permitted in read only access modebooleanpermissionExists(SpacePermission permission) Check whether the given SpacePermission exists.voidremoveAllPermissions(Space space) Deprecated.voidremoveAllPermissions(Space space, SpacePermissionContext context) Removes allSpacePermission's from the specified space.voidremoveAllPermissionsForGroup(String groupName) Removes all theSpacePermission's for the specified group.voidremoveAllPermissionsForGroup(String groupName, SpacePermissionContext context) Removes all permissions for the given group.voidremoveAllUserPermissions(@NonNull ConfluenceUser user) Removes all theSpacePermission's for the specified user.voidremoveAllUserPermissions(ConfluenceUser user, SpacePermissionContext context) Removes all theSpacePermission's for the specified user.voidremoveGlobalPermissionForUser(ConfluenceUser user, String permissionType) Removes the specified Global Permissions of type 'permissionType' from the uservoidremoveGlobalPermissionForUser(ConfluenceUser user, String permissionType, SpacePermissionContext context) Removes the specified Global Permissions of type 'permissionType' from the uservoidremovePermission(SpacePermission permission) Deprecated.voidremovePermission(SpacePermission permission, SpacePermissionContext context) Removes the specified permission.voidremovePermissions(Collection<SpacePermission> permissionsToRemove, SpacePermissionContext context) Removes the given permissions.voidsaveGlobalPermissions(Collection<SpacePermission> spacePermissions, SpacePermissionContext context) Adds global permissionsvoidsavePermission(SpacePermission permission) Deprecated.voidsavePermission(SpacePermission permission, SpacePermissionContext context) Saves the permission.voidsaveSpacePermissions(Space space, Collection<SpacePermission> spacePermissions, SpacePermissionContext context) Adds space permissions to the spacevoidsetGroupManager(com.atlassian.user.GroupManager groupManager) voidsetPermissionManager(PermissionManager permissionManager) voidsetSetSpacePermissionChecker(SetSpacePermissionChecker setSpacePermissionChecker) voidsetSpacePermissionManager(SpacePermissionManagerInternal spacePermissionManager) voidsetUserManager(com.atlassian.user.UserManager unused) Deprecated.since 7.7 unusedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface com.atlassian.confluence.security.SpacePermissionManager
hasAllPermissions, hasPermission, hasPermissionForSpace, hasPermissionNoExemptions
-
Constructor Details
-
SpacePermissionCoordinator
public SpacePermissionCoordinator()
-
-
Method Details
-
savePermission
Deprecated.Saves the specified permission.- Specified by:
savePermissionin interfaceSpacePermissionSaver- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckSetSpacePermissionChecker.canSetPermission(User, SpacePermission)first.
-
savePermission
Description copied from interface:SpacePermissionSaverInternalSaves the permission.May generate a
SpacePermissionSaveEventin the process, depending on the context.- Specified by:
savePermissionin interfaceSpacePermissionSaverInternal- Parameters:
permission- the permission to savecontext- the context for the save
-
saveSpacePermissions
public void saveSpacePermissions(Space space, Collection<SpacePermission> spacePermissions, SpacePermissionContext context) Description copied from interface:SpacePermissionSaverInternalAdds space permissions to the space- Specified by:
saveSpacePermissionsin interfaceSpacePermissionSaverInternal- Parameters:
space- Space to which permissions should be grantedspacePermissions- Collection of space permissions. They should all belong to the same space.context- the context of the save
-
saveGlobalPermissions
public void saveGlobalPermissions(Collection<SpacePermission> spacePermissions, SpacePermissionContext context) Description copied from interface:SpacePermissionSaverInternalAdds global permissions- Specified by:
saveGlobalPermissionsin interfaceSpacePermissionSaverInternal- Parameters:
spacePermissions- Collection of global permissions.context- the context of the save
-
removeAllPermissions
Deprecated.Removes allSpacePermission's from the specified space.- Specified by:
removeAllPermissionsin interfaceSpacePermissionManager- Parameters:
space- The space to remove the permissions for- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckPermission.SET_PERMISSIONSonPermissionManagerfirst.
-
removeAllPermissions
Removes allSpacePermission's from the specified space.- Specified by:
removeAllPermissionsin interfaceSpacePermissionManagerInternal- Parameters:
space- The space to remove the permissions forcontext- The context for this removal- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckPermission.SET_PERMISSIONSonPermissionManagerfirst.
-
removePermission
Deprecated.Removes the specified permission.- Specified by:
removePermissionin interfaceSpacePermissionManager- Parameters:
permission- the permission to remove- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckSetSpacePermissionChecker.canSetPermission(User, SpacePermission)first.
-
removePermission
Removes the specified permission.- Specified by:
removePermissionin interfaceSpacePermissionManagerInternal- Parameters:
permission- the permission to removecontext- the context for the removal- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckSetSpacePermissionChecker.canSetPermission(User, SpacePermission)first.
-
removePermissions
public void removePermissions(Collection<SpacePermission> permissionsToRemove, SpacePermissionContext context) Description copied from interface:SpacePermissionManagerInternalRemoves the given permissions.May generate a
SpacePermissionRemoveEventin the process, depending on the context.- Specified by:
removePermissionsin interfaceSpacePermissionManagerInternal- Parameters:
permissionsToRemove- the permissions to removecontext- the context for the removal
-
createDefaultSpacePermissions
- Specified by:
createDefaultSpacePermissionsin interfaceSpacePermissionManager
-
createPrivateSpacePermissions
- Specified by:
createPrivateSpacePermissionsin interfaceSpacePermissionManager
-
removeAllUserPermissions
Removes all theSpacePermission's for the specified user.- Specified by:
removeAllUserPermissionsin interfaceSpacePermissionManager- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckPermission.SET_PERMISSIONSusingPermissionManagerfirst.
-
removeAllUserPermissions
Removes all theSpacePermission's for the specified user.- Specified by:
removeAllUserPermissionsin interfaceSpacePermissionManagerInternal- Parameters:
user- the user to remove permissions forcontext- the context for the removal- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckPermission.SET_PERMISSIONSusingPermissionManagerfirst.
-
removeGlobalPermissionForUser
Removes the specified Global Permissions of type 'permissionType' from the user- Specified by:
removeGlobalPermissionForUserin interfaceSpacePermissionManager- Parameters:
user- the user to look uppermissionType- the permission type to remove- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckPermission.SET_PERMISSIONSusingPermissionManagerfirst.
-
removeGlobalPermissionForUser
public void removeGlobalPermissionForUser(ConfluenceUser user, String permissionType, SpacePermissionContext context) Removes the specified Global Permissions of type 'permissionType' from the user- Specified by:
removeGlobalPermissionForUserin interfaceSpacePermissionManagerInternal- Parameters:
user- the user to look uppermissionType- the permission type to removecontext- the context for the removal- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckPermission.SET_PERMISSIONSusingPermissionManagerfirst.
-
removeAllPermissionsForGroup
Removes all theSpacePermission's for the specified group.- Specified by:
removeAllPermissionsForGroupin interfaceSpacePermissionManager- Parameters:
groupName- the group to remove- Throws:
InsufficientPrivilegeException- if the current logged in user does not have sufficient permissions to do this. CheckPermission.SET_PERMISSIONSusingPermissionManagerfirst.EntityRuntimeException- if there is an error retrieving the group with the specified group name
-
removeAllPermissionsForGroup
Description copied from interface:SpacePermissionManagerInternalRemoves all permissions for the given group.May generate a
SpacePermissionsRemoveForGroupEventin the process, depending on the context.- Specified by:
removeAllPermissionsForGroupin interfaceSpacePermissionManagerInternal- Parameters:
groupName- the group to remove
-
hasPermission
public boolean hasPermission(String permissionType, @Nullable Space space, @Nullable ConfluenceUser remoteUser) Description copied from interface:SpacePermissionManagerDetermines if remoteUser has the given permission in spaceUnless you're writing code that is part of the permission checking implementation, or you're changing space permissions, you should be using
PermissionManagerinstead.- Specified by:
hasPermissionin interfaceSpacePermissionManager- Parameters:
permissionType- The permission type to look upspace- The space the permission applies to (can be null for global permissions)- Returns:
- true if remoteUser has the permission, false otherwise
-
hasPermissionNoExemptions
public boolean hasPermissionNoExemptions(String permissionType, @Nullable Space space, @Nullable ConfluenceUser remoteUser) Description copied from interface:SpacePermissionManagerReturns true if the user has the specified permission on the target space. This method does not allow exemptions for super-users likeSpacePermissionManager.hasPermission(String, Space, User)does.For parameter and return value information, see
SpacePermissionManager.hasPermission(String, Space, User).- Specified by:
hasPermissionNoExemptionsin interfaceSpacePermissionManager
-
hasPermissionNoExemptionsExceptViaNestedGroups
public boolean hasPermissionNoExemptionsExceptViaNestedGroups(String permissionType, @Nullable Space space, @Nullable ConfluenceUser remoteUser) Description copied from interface:SpacePermissionManagerReturns true if the user has the specified permission on the target space except if it gets it from some parent of its parent group. This method does not allow exemptions for super-users likeSpacePermissionManager.hasPermission(String, Space, User)does.For parameter and return value information, see
SpacePermissionManager.hasPermission(String, Space, User).- Specified by:
hasPermissionNoExemptionsExceptViaNestedGroupsin interfaceSpacePermissionManager
-
hasAllPermissions
public boolean hasAllPermissions(List<String> permissionTypes, @Nullable Space space, @Nullable ConfluenceUser remoteUser) Description copied from interface:SpacePermissionManagerDetermines if remoteUser has all of the given permissions in spaceIf remoteUser lacks any of the given permissions, false is returned.
Unless you're writing code that is part of the permission checking implementation, or you're changing space permissions, you should be using
PermissionManagerinstead.- Specified by:
hasAllPermissionsin interfaceSpacePermissionManager- Parameters:
permissionTypes- A List of permission types (see SpacePermission) to checkspace- The space the permissions apply toremoteUser- The user to look up- Returns:
- true if remoteUser has the permission, false otherwise
-
getAllPermissionsForGroup
- Specified by:
getAllPermissionsForGroupin interfaceSpacePermissionManager
-
getGlobalPermissions
- Specified by:
getGlobalPermissionsin interfaceSpacePermissionManager
-
getGlobalPermissions
- Specified by:
getGlobalPermissionsin interfaceSpacePermissionManager
-
flushCaches
public void flushCaches()- Specified by:
flushCachesin interfaceSpacePermissionManager
-
groupHasPermission
Description copied from interface:SpacePermissionManagerChecks whether the given group has the given permissionIf a null space is specified, this method looks up matching global permissions, otherwise space's permissions list is queried to see if the permission matches.
Similarly, if permissionType is not a space permission, a matching global permission is looked up.
- Specified by:
groupHasPermissionin interfaceSpacePermissionManager- Parameters:
permissionType- The permission type to look upspace- The space the permission applies to (can be null for global permissions)group- The group to look up the permission for- Returns:
- true if the group has the required permission, false otherwise
-
hasPermissionForSpace
public boolean hasPermissionForSpace(@Nullable ConfluenceUser user, List permissionTypes, @Nullable Space space) - Specified by:
hasPermissionForSpacein interfaceSpacePermissionManager
-
getGroupsWithPermissions
Description copied from interface:SpacePermissionManagerReturns all groups which have permissions in a space or on a global level. If space is null, permissions on the global level will be checked.- Specified by:
getGroupsWithPermissionsin interfaceSpacePermissionManager- Parameters:
space- - space to query, if null global permissions returned- Returns:
- Collection of groups with permissions
-
getGroupsForPermissionType
- Specified by:
getGroupsForPermissionTypein interfaceSpacePermissionManager
-
getUsersWithPermissions
Description copied from interface:SpacePermissionManagerReturns a collection of user objects with VIEWSPACE_PERMISSION in the space. If no space is provided A list of users with USE_CONFLUENCE_PERMISSION will be returned- Specified by:
getUsersWithPermissionsin interfaceSpacePermissionManager- Parameters:
space- - space to query, if null global permissions returned- Returns:
- Collection of User objects
-
getUsersForPermissionType
- Specified by:
getUsersForPermissionTypein interfaceSpacePermissionManager
-
permissionExists
Description copied from interface:SpacePermissionManagerCheck whether the given SpacePermission exists. Checks by attribute equality rather than by id.- Specified by:
permissionExistsin interfaceSpacePermissionManager- Parameters:
permission- the permission to look for.- Returns:
- true if the permission is recognised by the manager as existing.
-
getDefaultGlobalPermissions
Description copied from interface:SpacePermissionManagerReturns the default global permissions that are created when Confluence is set up. These will exist in a newly set up system but may be removed afterwards. Note that the returned objects are freshly created and therefore do not have IDs or other persistence data.By default, confluence-administrators group has admin access, the default confluence users group can view the system and anonymous access is disabled.
- Specified by:
getDefaultGlobalPermissionsin interfaceSpacePermissionManager- Returns:
- a collection of
SpacePermissions.
-
isPermittedInReadOnlyAccessMode
Description copied from interface:SpacePermissionManagerCheck if the permission type is permitted in read only access mode- Specified by:
isPermittedInReadOnlyAccessModein interfaceSpacePermissionManager- Parameters:
permissionType- the permission type to be checked- Returns:
- true if the permission type is permitted in read only access mode
-
getPermissionsForUser
Description copied from interface:SpacePermissionManagerGet all permissions for the given user in the specified space- Specified by:
getPermissionsForUserin interfaceSpacePermissionManager- Parameters:
user- the user to look upspace- the space entity- Returns:
- a list of space permissions granted to the user in the given space
-
getPermissionsForGroup
Description copied from interface:SpacePermissionManagerGet all permissions for the given group in the specified space- Specified by:
getPermissionsForGroupin interfaceSpacePermissionManager- Parameters:
group- the name of the groupspace- the space entity- Returns:
- a list of space permissions granted to the group in the given space
-
getPermissionsForAnonymousUsers
Description copied from interface:SpacePermissionManagerGet all permissions granted to the anonymous users in the given space- Specified by:
getPermissionsForAnonymousUsersin interfaceSpacePermissionManager- Parameters:
space- the space entity- Returns:
- a list of space permissions granted to anonymous users in the given space
-
groupInheritsPermission
Description copied from interface:SpacePermissionManagerChecks whether the given group inherits the given permission and not has it directly.If a null space is specified, this method looks up matching global permissions, otherwise space's permissions list is queried to see if the permission matches.
Similarly, if permissionType is not a space permission, a matching global permission is looked up.
- Specified by:
groupInheritsPermissionin interfaceSpacePermissionManager- Parameters:
permissionType- The permission type to look upspace- The space the permission applies to (can be null for global permissions)group- The group to look up the permission for- Returns:
- true only if the group inherits the required permission and not has it directly, false otherwise
-
setPermissionManager
-
setSpacePermissionManager
-
setSetSpacePermissionChecker
-
setUserManager
Deprecated.since 7.7 unused -
setGroupManager
public void setGroupManager(com.atlassian.user.GroupManager groupManager)
-