Package com.atlassian.confluence.impl.security.access

Interface SpacePermissionAccessMapper

All Known Implementing Classes:

DefaultSpacePermissionAccessMapper

@Internal
public interface SpacePermissionAccessMapper

Centralised logic to determine how permissions should be checked, depending on a user's type of access to Confluence (see ConfluenceAccessManager).

This has become necessary to make sense of logic that was originally duplicated between:

• invalid reference

  com.atlassian.confluence.security.AbstractSpacePermissionManager

• HibernateSpacesQueryBuilder
• HibernatePageDao
• HibernateSpacePermissionsFilterDao

Not for use outside core space permission checking.

Method Summary

Modifier and Type	Method	Description
io.atlassian.fugue.Either<AccessDenied,Set<SpacePermissionSubjectType>>	getPermissionCheckSubjectTypes(@NonNull AccessStatus accessStatus, @NonNull String permissionType)	Determines the permission subject types that apply for a given user's AccessStatus and the space permission type being checked.

Method Details

getPermissionCheckSubjectTypes

io.atlassian.fugue.Either<AccessDenied,Set<SpacePermissionSubjectType>> getPermissionCheckSubjectTypes(@NonNull AccessStatus accessStatus,
 @NonNull String permissionType)

Determines the permission subject types that apply for a given user's AccessStatus and the space permission type being checked.

Examples:

• licensed users receive a permission if any permission subject type grants them that permission
• users with unlicensed authenticated access only receive a permission if the "all users" subject type has that permission
• anonymous users only receive a permission if the "anonymous" permission subject type has that permission
• anonymous and users with unlicensed authenticated access users can't ever receive SpacePermission.ADMINISTER_SPACE_PERMISSION, so will be denied
• users without access to Confluence can't receive any permissions, so will be denied

A result of AccessDenied will be returned if either: the user (may be anonymous) does not have access to Confluence OR the given permission type is invalid for the user's AccessStatus.

Parameters:

accessStatus - access status for the user

permissionType - the type of SpacePermission being checked

Returns:

invalid reference

Either.Right

containing a NON-EMPTY set of permission subject types that apply for the given access status and permission type, or

invalid reference

Either.Left

if there are no permission subject types that apply