Class BambooAclUpdateHelper
- java.lang.Object
-
- com.atlassian.bamboo.security.acegi.acls.BambooAclUpdateHelper
-
public class BambooAclUpdateHelper extends Object
A helper class used in Acl update and creation operationsIt converts between
AclandAccessControlEntryobjects and a "permissionKey" which is aStringrepresentation of aAclandAccessControlEntrycombination.The "permissionKeys" are in the format: bambooPermission_TYPE_PRINCIPAL_PERMISSION
The permission configuration UI understands this format.
-
-
Field Summary
Fields Modifier and Type Field Description static StringBAMBOO_PERMISSION_FORM_GROUP_PREFIXstatic StringBAMBOO_PERMISSION_PREFIXstatic com.google.common.base.JoinerPERMISSION_KEY_JOINER
-
Constructor Summary
Constructors Constructor Description BambooAclUpdateHelper()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description voidaddPermissionsToAclForCurrentUser(@NotNull org.acegisecurity.acls.MutableAcl acl, @NotNull List<BambooPermission> permissions)Adds the givenpermissionsfor the currently logged in user to theaclentry.voidaddReadPermissionForAnonymousAndLoggedinUsers(@NotNull org.acegisecurity.acls.MutableAcl acl)Grant READ permission for Anonymous and Logged-in users.@NotNull List<String>addViewPermissionsForEditPermissions(@NotNull List<String> permissionKeys)For each of the WRITE permission keys in the list make sure there's corresponding READ permission.voidbuildPermissionAndUserGroupListsFromAcl(@NotNull List<String> grantedPermissions, @NotNull List<String> grantedUsers, @NotNull List<String> grantedGroups, @NotNull List<String> nonProcessedGrantedPermissions, @NotNull org.acegisecurity.acls.Acl acl, boolean showAdminPermissions, @NotNull BambooPermissionManager bambooPermissionManager)Helper conversion method for the permission configuration pages.voidbuildUserGroupListsFromPermissions(List<String> grantedPermissions, List<String> grantedUsers, List<String> grantedGroups)Given a list of granted permissions (permissionKeyStrings), it will populate the grantedUsers list with unique usernames of those users which have permissions.@NotNull org.acegisecurity.acls.MutableAclclonePermissions(@Nullable com.atlassian.user.User user, Class<? extends BambooIdProvider> permissionObject, long id, org.acegisecurity.acls.Acl parentAcl)@NotNull org.acegisecurity.acls.MutableAclclonePermissions(@Nullable com.atlassian.user.User user, Class<? extends BambooIdProvider> permissionObject, long id, org.acegisecurity.acls.Acl parentAcl, Set<org.acegisecurity.acls.Permission> permissionsToSkip)@NotNull org.acegisecurity.acls.MutableAclcopyProjectPermissionsToEnvironment(@Nullable com.atlassian.user.User user, Class<? extends BambooIdProvider> permissionObject, long id, org.acegisecurity.acls.Acl parentAcl, boolean accessForAllUsers)static StringcreateGroupPermissionKey(String sid, String permissionName)Create permission key for a group permission@NotNull org.acegisecurity.acls.MutableAclcreateNewDefaultAcl(@Nullable com.atlassian.user.User user, Class<? extends Plan> planType, boolean accessForAllUsers)Creates a default Acl for a specific plan types which has: - All permissions for the creator (user argument) of the plan - READ permission for all logged in users - READ permission for all anonymous users@NotNull org.acegisecurity.acls.MutableAclcreateNewObjectAcl(@Nullable com.atlassian.user.User user, Class<? extends BambooIdProvider> permissionObject, long id, boolean accessForAllUsers)Creates a default Acl for a object which has: - EDIT permission for the creator (user argument) of the deployment project - READ permission for all logged in users - READ permission for all anonymous usersstatic StringcreatePermissionKey(@NotNull String sidType, @NotNull String authority, @NotNull String permissionName)Create permission key for a permissionstatic StringcreatePermissionKey(@NotNull org.acegisecurity.acls.sid.Sid sid, @NotNull String permissionName)Create permission key for a permissionstatic StringcreateRolePermissionKey(String sid, String permissionName)Create permission key for a role permissionstatic StringcreateUserPermissionKey(String sid, String permissionName)Create permission key for a user permissionstatic @NotNull StringextractPrincipalFromSid(@NotNull org.acegisecurity.acls.sid.Sid sid)Extract a principal as a String from aSid.static StringextractSidTypeFromSid(@NotNull org.acegisecurity.acls.sid.Sid sid)Extract a principal type as String from aSid.Iterable<org.acegisecurity.acls.Permission>getGroupPermissions(@NotNull String groupName, @NotNull org.acegisecurity.acls.Acl acl, @NotNull BambooPermissionManager bambooPermissionManager, boolean showAdminPermission)Retrieve granted global permission of the given group Name.org.acegisecurity.acls.PermissiongetPermission(String permissionKey)static Optional<String>getPermissionKeyFromAce(@NotNull org.acegisecurity.acls.AccessControlEntry ace)Given anAccessControlEntryreturn aStringrepresentation.Map<String,List<org.acegisecurity.acls.Permission>>getRolePermissions(@NotNull org.acegisecurity.acls.Acl acl, @NotNull BambooPermissionManager bambooPermissionManager, boolean showAdminPermission)Retrieve global permissions of the two known roles, logged in user and anonymous user.@NotNull org.acegisecurity.acls.sid.SidgetSidFromIdAndType(@NotNull String id, @NotNull String type)Attempt to extractSidfrom a given sid id and type.@NotNull org.acegisecurity.acls.sid.SidgetSidFromPermissionKey(@NotNull String permissionKey)Get theSidbased on a permission key.Iterable<org.acegisecurity.acls.Permission>getUserPermissions(@NotNull String userName, @NotNull org.acegisecurity.acls.Acl acl, @NotNull BambooPermissionManager bambooPermissionManager, boolean showAdminPermissions)Retrieve granted global permission of the given user.voidmodifyAclAces(org.acegisecurity.acls.MutableAcl acl, List<String> newPermissionKeys)Updates anMutableAclwith newAccessControlEntrys with permissions represented by a list ofStringpermissionKeys.static StringretrievePermissionFromACE(@NotNull org.acegisecurity.acls.AccessControlEntry ace)Deprecated.since 5.11, usegetPermissionKeyFromAce(AccessControlEntry)voidupdateGroupPermissions(@NotNull com.atlassian.user.Group group, @NotNull List<org.acegisecurity.acls.Permission> permissions, @NotNull BambooPermissionManager bambooPermissionManager, @NotNull HibernateMutableAclService aclService)Update global permissions of the given group.voidupdateGroupPermissions(@Nullable String groupName, @NotNull List<org.acegisecurity.acls.Permission> permissions, @NotNull BambooPermissionManager bambooPermissionManager, @NotNull HibernateMutableAclService aclService, @NotNull BambooUserManager userManager, @NotNull com.atlassian.sal.api.message.I18nResolver i18nResolver)voidupdateGroupPermissions(@Nullable String groupName, @NotNull List<org.acegisecurity.acls.Permission> permissions, @NotNull BambooPermissionManager bambooPermissionManager, @NotNull HibernateMutableAclService aclService, @NotNull BambooUserManager userManager, @NotNull com.atlassian.struts.TextProvider textProvider)voidupdateRolePermissions(@Nullable String roleName, @NotNull List<org.acegisecurity.acls.Permission> permissions, @NotNull BambooPermissionManager permissionManager, @NotNull HibernateMutableAclService aclService, @NotNull AdministrationConfigurationAccessor administrationConfigurationAccessor, @NotNull AdministrationConfigurationPersister administrationConfigurationPersister)Update permission of a given role.voidupdateUserPermissions(@Nullable String userName, @NotNull List<org.acegisecurity.acls.Permission> permissions, @NotNull BambooUserManager bambooUserManager, @NotNull BambooPermissionManager bambooPermissionManager, @NotNull HibernateMutableAclService aclService, @NotNull com.atlassian.sal.api.message.I18nResolver i18nResolver)Update global permissions of the given user.protected ErrorCollectionvalidateRolePermissionUpdateRequest(@NotNull String roleName, @NotNull List<org.acegisecurity.acls.Permission> permissions)protected @NotNull ErrorCollectionvalidateUpdateRequest(@Nullable com.atlassian.user.Group group, @NotNull List<org.acegisecurity.acls.Permission> permissions, @NotNull BambooPermissionManager bambooPermissionManager)
-
-
-
Field Detail
-
BAMBOO_PERMISSION_PREFIX
public static final String BAMBOO_PERMISSION_PREFIX
- See Also:
- Constant Field Values
-
BAMBOO_PERMISSION_FORM_GROUP_PREFIX
public static final String BAMBOO_PERMISSION_FORM_GROUP_PREFIX
- See Also:
- Constant Field Values
-
PERMISSION_KEY_JOINER
public static com.google.common.base.Joiner PERMISSION_KEY_JOINER
-
-
Method Detail
-
createUserPermissionKey
public static String createUserPermissionKey(String sid, String permissionName)
Create permission key for a user permission
-
createGroupPermissionKey
public static String createGroupPermissionKey(String sid, String permissionName)
Create permission key for a group permission
-
createRolePermissionKey
public static String createRolePermissionKey(String sid, String permissionName)
Create permission key for a role permission
-
createPermissionKey
public static String createPermissionKey(@NotNull @NotNull org.acegisecurity.acls.sid.Sid sid, @NotNull @NotNull String permissionName)
Create permission key for a permission
-
createPermissionKey
public static String createPermissionKey(@NotNull @NotNull String sidType, @NotNull @NotNull String authority, @NotNull @NotNull String permissionName)
Create permission key for a permission
-
getPermissionKeyFromAce
public static Optional<String> getPermissionKeyFromAce(@NotNull @NotNull org.acegisecurity.acls.AccessControlEntry ace)
Given anAccessControlEntryreturn aStringrepresentation.
-
buildUserGroupListsFromPermissions
public void buildUserGroupListsFromPermissions(List<String> grantedPermissions, List<String> grantedUsers, List<String> grantedGroups)
Given a list of granted permissions (permissionKeyStrings), it will populate the grantedUsers list with unique usernames of those users which have permissions. Likewise, it will populate the grantedGroups list with unique group names of those groups which have permissions.
-
addViewPermissionsForEditPermissions
@NotNull public @NotNull List<String> addViewPermissionsForEditPermissions(@NotNull @NotNull List<String> permissionKeys)
For each of the WRITE permission keys in the list make sure there's corresponding READ permission.
-
getUserPermissions
public Iterable<org.acegisecurity.acls.Permission> getUserPermissions(@NotNull @NotNull String userName, @NotNull @NotNull org.acegisecurity.acls.Acl acl, @NotNull @NotNull BambooPermissionManager bambooPermissionManager, boolean showAdminPermissions)
Retrieve granted global permission of the given user. It callsbuildPermissionAndUserGroupListsFromAcland filter out permissions for the user name- Parameters:
userName- name of the user to be filteredacl-showAdminPermissions-- Returns:
- A list of
Permissionof the given user
-
getGroupPermissions
public Iterable<org.acegisecurity.acls.Permission> getGroupPermissions(@NotNull @NotNull String groupName, @NotNull @NotNull org.acegisecurity.acls.Acl acl, @NotNull @NotNull BambooPermissionManager bambooPermissionManager, boolean showAdminPermission)
Retrieve granted global permission of the given group Name. It callsbuildPermissionAndUserGroupListsFromAcland filter out permissions for the group name- Parameters:
groupName- group name to be filteredacl-showAdminPermission-- Returns:
- A list of
Permissionof the given group name
-
getRolePermissions
public Map<String,List<org.acegisecurity.acls.Permission>> getRolePermissions(@NotNull @NotNull org.acegisecurity.acls.Acl acl, @NotNull @NotNull BambooPermissionManager bambooPermissionManager, boolean showAdminPermission)
Retrieve global permissions of the two known roles, logged in user and anonymous user.- Parameters:
acl-bambooPermissionManager-showAdminPermission-- Returns:
- Map of roles and their global permissions
-
updateRolePermissions
public void updateRolePermissions(@Nullable @Nullable String roleName, @NotNull @NotNull List<org.acegisecurity.acls.Permission> permissions, @NotNull @NotNull BambooPermissionManager permissionManager, @NotNull @NotNull HibernateMutableAclService aclService, @NotNull @NotNull AdministrationConfigurationAccessor administrationConfigurationAccessor, @NotNull @NotNull AdministrationConfigurationPersister administrationConfigurationPersister) throws WebValidationExceptionUpdate permission of a given role. Require current user to have System Admin or Restricted Admin permission. OtherwiseUnauthorisedExceptionwill be thrown.If updating ROLE_ANONYMOUS it will also update the anonymous access flag in the administration configuration depending on the READ permission.
- Parameters:
roleName- Role name. Must be one of the know roles, ROLE_USER or ROLE_ANONYMOUS. ROLE_USER can only have ACCESS or CREATE permissions. ROLE_ANONYMOUS can only have ACCESS permission.permissions-permissionManager-aclService-administrationConfigurationAccessor-administrationConfigurationPersister-- Throws:
WebValidationException- If the role name is invalid or the role is given extra permission than it should have.
-
validateRolePermissionUpdateRequest
protected ErrorCollection validateRolePermissionUpdateRequest(@NotNull @NotNull String roleName, @NotNull @NotNull List<org.acegisecurity.acls.Permission> permissions)
-
updateUserPermissions
public void updateUserPermissions(@Nullable @Nullable String userName, @NotNull @NotNull List<org.acegisecurity.acls.Permission> permissions, @NotNull @NotNull BambooUserManager bambooUserManager, @NotNull @NotNull BambooPermissionManager bambooPermissionManager, @NotNull @NotNull HibernateMutableAclService aclService, @NotNull @NotNull com.atlassian.sal.api.message.I18nResolver i18nResolver) throws WebValidationExceptionUpdate global permissions of the given user. Require current user to have System Admin or Restricted Admin permission. OtherwiseUnauthorisedExceptionwill be thrown.- Parameters:
userName- name of user for which permissions should be updatedpermissions- updated permissions- Throws:
WebValidationException
-
updateGroupPermissions
public void updateGroupPermissions(@Nullable @Nullable String groupName, @NotNull @NotNull List<org.acegisecurity.acls.Permission> permissions, @NotNull @NotNull BambooPermissionManager bambooPermissionManager, @NotNull @NotNull HibernateMutableAclService aclService, @NotNull @NotNull BambooUserManager userManager, @NotNull @NotNull com.atlassian.sal.api.message.I18nResolver i18nResolver) throws WebValidationException- Throws:
WebValidationException
-
updateGroupPermissions
public void updateGroupPermissions(@Nullable @Nullable String groupName, @NotNull @NotNull List<org.acegisecurity.acls.Permission> permissions, @NotNull @NotNull BambooPermissionManager bambooPermissionManager, @NotNull @NotNull HibernateMutableAclService aclService, @NotNull @NotNull BambooUserManager userManager, @NotNull @NotNull com.atlassian.struts.TextProvider textProvider) throws WebValidationException- Throws:
WebValidationException
-
updateGroupPermissions
public void updateGroupPermissions(@NotNull @NotNull com.atlassian.user.Group group, @NotNull @NotNull List<org.acegisecurity.acls.Permission> permissions, @NotNull @NotNull BambooPermissionManager bambooPermissionManager, @NotNull @NotNull HibernateMutableAclService aclService) throws WebValidationExceptionUpdate global permissions of the given group. Require current user to have System Admin or Restricted Admin permission. OtherwiseUnauthorisedExceptionwill be thrown.- Parameters:
group-permissions-- Throws:
WebValidationException
-
retrievePermissionFromACE
@Deprecated public static String retrievePermissionFromACE(@NotNull @NotNull org.acegisecurity.acls.AccessControlEntry ace)
Deprecated.since 5.11, usegetPermissionKeyFromAce(AccessControlEntry)
-
validateUpdateRequest
@NotNull protected @NotNull ErrorCollection validateUpdateRequest(@Nullable @Nullable com.atlassian.user.Group group, @NotNull @NotNull List<org.acegisecurity.acls.Permission> permissions, @NotNull @NotNull BambooPermissionManager bambooPermissionManager)
-
buildPermissionAndUserGroupListsFromAcl
public void buildPermissionAndUserGroupListsFromAcl(@NotNull @NotNull List<String> grantedPermissions, @NotNull @NotNull List<String> grantedUsers, @NotNull @NotNull List<String> grantedGroups, @NotNull @NotNull List<String> nonProcessedGrantedPermissions, @NotNull @NotNull org.acegisecurity.acls.Acl acl, boolean showAdminPermissions, @NotNull @NotNull BambooPermissionManager bambooPermissionManager)Helper conversion method for the permission configuration pages.Takes in an
Acland populates three lists from this Acl: - grantedPermissions - a list ofStringin format: bambooPermission_TYPE_PRINCIPAL_PERMISSION - grantedUsers - a list ofStringusernames - who have at least oneAccessControlEntryagainst theAcl- grantedGroups - a list ofStringgroupnames - who have at least oneAccessControlEntryagainst theAcl- nonProcessedGrantedPermissions - a list of permissions, that are not processed - so could not be changed here. It is introduced to avoid cleaning up permissions, that are not visible for user performing this action- Parameters:
grantedPermissions-grantedUsers-grantedGroups-nonProcessedGrantedPermissions-acl-showAdminPermissions-bambooPermissionManager-
-
modifyAclAces
public void modifyAclAces(org.acegisecurity.acls.MutableAcl acl, List<String> newPermissionKeys)Updates anMutableAclwith newAccessControlEntrys with permissions represented by a list ofStringpermissionKeys.- Parameters:
acl-newPermissionKeys-
-
addPermissionsToAclForCurrentUser
public void addPermissionsToAclForCurrentUser(@NotNull @NotNull org.acegisecurity.acls.MutableAcl acl, @NotNull @NotNull List<BambooPermission> permissions)Adds the givenpermissionsfor the currently logged in user to theaclentry. This method will not persist the modifications on theMutableAcl.- Parameters:
acl- acl to updatepermissions- permissions to grant
-
createNewDefaultAcl
@NotNull public @NotNull org.acegisecurity.acls.MutableAcl createNewDefaultAcl(@Nullable @Nullable com.atlassian.user.User user, Class<? extends Plan> planType, boolean accessForAllUsers)Creates a default Acl for a specific plan types which has: - All permissions for the creator (user argument) of the plan - READ permission for all logged in users - READ permission for all anonymous users- Parameters:
user- to create acl for.planType- to create acl for.accessForAllUsers- to create acl for anonymous and logged-in user- Returns:
MutableAclrepresenting a default permission set
-
createNewObjectAcl
@NotNull public @NotNull org.acegisecurity.acls.MutableAcl createNewObjectAcl(@Nullable @Nullable com.atlassian.user.User user, Class<? extends BambooIdProvider> permissionObject, long id, boolean accessForAllUsers)Creates a default Acl for a object which has: - EDIT permission for the creator (user argument) of the deployment project - READ permission for all logged in users - READ permission for all anonymous users- Parameters:
user- to create acl for.permissionObject- to create acl for.- Returns:
MutableAclrepresenting a default permission set
-
copyProjectPermissionsToEnvironment
@NotNull public @NotNull org.acegisecurity.acls.MutableAcl copyProjectPermissionsToEnvironment(@Nullable @Nullable com.atlassian.user.User user, Class<? extends BambooIdProvider> permissionObject, long id, org.acegisecurity.acls.Acl parentAcl, boolean accessForAllUsers)
-
clonePermissions
@NotNull public @NotNull org.acegisecurity.acls.MutableAcl clonePermissions(@Nullable @Nullable com.atlassian.user.User user, Class<? extends BambooIdProvider> permissionObject, long id, org.acegisecurity.acls.Acl parentAcl)
-
clonePermissions
@NotNull public @NotNull org.acegisecurity.acls.MutableAcl clonePermissions(@Nullable @Nullable com.atlassian.user.User user, Class<? extends BambooIdProvider> permissionObject, long id, org.acegisecurity.acls.Acl parentAcl, Set<org.acegisecurity.acls.Permission> permissionsToSkip)
-
extractPrincipalFromSid
@NotNull public static @NotNull String extractPrincipalFromSid(@NotNull @NotNull org.acegisecurity.acls.sid.Sid sid)
Extract a principal as a String from aSid. ThrowsIllegalStateExceptionif the sid type is unknown.- Parameters:
sid- ACEGI sid- Returns:
- principal extracted from sid, e.g.
GroupPrincipalSid.getPrincipal()orPrincipalSid.getPrincipal(). - Throws:
IllegalStateException- when sid type is not recognized
-
extractSidTypeFromSid
public static String extractSidTypeFromSid(@NotNull @NotNull org.acegisecurity.acls.sid.Sid sid)
Extract a principal type as String from aSid. ThrowsIllegalStateExceptionif the sid type is unknown.- Parameters:
sid- ACEGI sid- Returns:
- sid type, e.g.
BAMBOO_PERMISSION_FORM_GROUPorBAMBOO_PERMISSION_FORM_USER.
-
getSidFromPermissionKey
@NotNull public @NotNull org.acegisecurity.acls.sid.Sid getSidFromPermissionKey(@NotNull @NotNull String permissionKey)Get theSidbased on a permission key.- Parameters:
permissionKey- full permission key, containing sid type, principal name and permission name- Returns:
- correct instance of
Sidbased on the passed key - Throws:
IllegalArgumentException- if the key can't be used to properly construct aSid
-
addReadPermissionForAnonymousAndLoggedinUsers
public void addReadPermissionForAnonymousAndLoggedinUsers(@NotNull @NotNull org.acegisecurity.acls.MutableAcl acl)Grant READ permission for Anonymous and Logged-in users.
-
getSidFromIdAndType
@NotNull public @NotNull org.acegisecurity.acls.sid.Sid getSidFromIdAndType(@NotNull @NotNull String id, @NotNull @NotNull String type)Attempt to extractSidfrom a given sid id and type.- Parameters:
id- unique id of the sidtype- type of the sid, one of the values defined inHibernateSidUserType- Throws:
IllegalArgumentException- if the sid type is not recognised
-
getPermission
public org.acegisecurity.acls.Permission getPermission(String permissionKey)
-
-