Package com.atlassian.confluence.security

Class SpacePermission

java.lang.Object
com.atlassian.core.bean.EntityObject
com.atlassian.confluence.core.AnnotatedEntityObject
com.atlassian.confluence.core.ConfluenceEntityObject
com.atlassian.confluence.security.SpacePermission
All Implemented Interfaces:
Serializable, Cloneable
public class SpacePermission extends ConfluenceEntityObject implements Serializable
A SpacePermission restricts access to different functions on a space. A a SpacePermission is defined for a permissionType then that permissionType is not permitted, otherwise if it's not it's permitted.
Version:
$Revision: 1.41 $
Author:
$Author: sleberrigaud $
See Also:

  • Field Details

    • USE_CONFLUENCE_PERMISSION

      public static final String USE_CONFLUENCE_PERMISSION
      Note: this should no longer be checked directly, use ConfluenceAccessManager instead.
      See Also:

    • LIMITED_USE_CONFLUENCE_PERMISSION

      public static final String LIMITED_USE_CONFLUENCE_PERMISSION
      Users can be granted unlicensed authenticated access (limited) to Confluence, by being assigned this permission. Do not check this permission directly, use ConfluenceAccessManager OR annotations such as UnlicensedSiteAccess instead.
      Since:
      5.9
      See Also:

    • UPDATE_USER_STATUS_PERMISSION

      public static final String UPDATE_USER_STATUS_PERMISSION
      A permission type to control whether a user can update their user status.
      See Also:

    • VIEW_USER_PROFILES_PERMISSION

      @Deprecated public static final String VIEW_USER_PROFILES_PERMISSION
      Deprecated.
      since 5.9. Use BROWSE_USERS_PERMISSION instead.
      A permission type to control whether a user can view user profiles within the system. This only applies to the anonymous and unlicensed users.
      See Also:

    • BROWSE_USERS_PERMISSION

      public static final String BROWSE_USERS_PERMISSION
      A permission type to control whether a user can browse for users in the system, such as in user auto-completes or view profile information of other users. This currently only applies to the anonymous and unlicensed users, but may be expanded in future.
      See Also:

    • SYSTEM_ADMINISTRATOR_PERMISSION

      public static final String SYSTEM_ADMINISTRATOR_PERMISSION
      Permission type to do anything at all in Confluence. Users with this permission should be allowed to do virtually anything in Confluence. All actions should check for this permission.
      See Also:

    • CONFLUENCE_ADMINISTRATOR_PERMISSION

      public static final String CONFLUENCE_ADMINISTRATOR_PERMISSION
      Permission type to do anything in Confluence that can't affect the system on which it runs. Users with this permission should be allowed to perform most administration tasks but not install plugins or write macros.
      See Also:

    • PERSONAL_SPACE_PERMISSION

      public static final String PERSONAL_SPACE_PERMISSION
      See Also:

    • CREATE_SPACE_PERMISSION

      public static final String CREATE_SPACE_PERMISSION
      See Also:

    • PROFILE_ATTACHMENT_PERMISSION

      public static final String PROFILE_ATTACHMENT_PERMISSION
      See Also:

    • VIEWSPACE_PERMISSION

      public static final String VIEWSPACE_PERMISSION
      View content within the space, including pages, blogposts etc.
      See Also:

    • REMOVE_OWN_CONTENT_PERMISSION

      public static final String REMOVE_OWN_CONTENT_PERMISSION
      See Also:

    • COMMENT_PERMISSION

      public static final String COMMENT_PERMISSION
      See Also:

    • CREATEEDIT_PAGE_PERMISSION

      public static final String CREATEEDIT_PAGE_PERMISSION
      See Also:

    • ADMINISTER_SPACE_PERMISSION

      public static final String ADMINISTER_SPACE_PERMISSION
      See Also:

    • REMOVE_PAGE_PERMISSION

      public static final String REMOVE_PAGE_PERMISSION
      See Also:

    • REMOVE_COMMENT_PERMISSION

      public static final String REMOVE_COMMENT_PERMISSION
      See Also:

    • REMOVE_BLOG_PERMISSION

      public static final String REMOVE_BLOG_PERMISSION
      See Also:

    • CREATE_ATTACHMENT_PERMISSION

      public static final String CREATE_ATTACHMENT_PERMISSION
      See Also:

    • REMOVE_ATTACHMENT_PERMISSION

      public static final String REMOVE_ATTACHMENT_PERMISSION
      See Also:

    • EDITBLOG_PERMISSION

      public static final String EDITBLOG_PERMISSION
      See Also:

    • EXPORT_SPACE_PERMISSION

      public static final String EXPORT_SPACE_PERMISSION
      See Also:

    • REMOVE_MAIL_PERMISSION

      public static final String REMOVE_MAIL_PERMISSION
      See Also:

    • SET_PAGE_PERMISSIONS_PERMISSION

      public static final String SET_PAGE_PERMISSIONS_PERMISSION
      See Also:

    • SET_SPACE_PERMISSIONS_PERMISSION

      public static final String SET_SPACE_PERMISSIONS_PERMISSION
      See Also:

    • VIEW_PERMISSION

      public static final String VIEW_PERMISSION
      See Also:

    • REMOVE_PERMISSION

      public static final String REMOVE_PERMISSION
      See Also:

    • ADMINISTER

      public static final String ADMINISTER
      See Also:

    • PERMISSION_TYPES

      public static final Collection<String> PERMISSION_TYPES
      A list of all possible permissions

    • GENERIC_SPACE_PERMISSIONS

      public static final Collection<String> GENERIC_SPACE_PERMISSIONS
      represents all permissions which can be used to build SpacePermissions.

    • READ_ONLY_SPACE_PERMISSIONS

      public static final Collection<String> READ_ONLY_SPACE_PERMISSIONS
      SpacePermissions available when Read Only Mode is enabled.

    • READ_ALL_SCOPE_SPACE_PERMISSIONS

      public static final Collection<String> READ_ALL_SCOPE_SPACE_PERMISSIONS
      SpacePermissions implicitly granted when using an OAuth token with READ_ALL scope.

    • GLOBAL_PERMISSIONS

      public static final Collection<String> GLOBAL_PERMISSIONS
      A list of all global permissions

    • INVALID_ANONYMOUS_PERMISSIONS

      public static final Collection<String> INVALID_ANONYMOUS_PERMISSIONS
      A list of all permissions that can not be assigned to the anonymous user

    • READ_SERVICE_ACCOUNT_PERMISSIONS

      public static final Collection<String> READ_SERVICE_ACCOUNT_PERMISSIONS
      A list of all permissions that can not be assigned to the anonymous user

    • WRITE_SERVICE_ACCOUNT_PERMISSIONS

      public static final Collection<String> WRITE_SERVICE_ACCOUNT_PERMISSIONS
      A list of all permissions that can not be assigned to the anonymous user

  • Constructor Details

    • SpacePermission

      public SpacePermission(SpacePermission spacePermission)
      Creates a new SpacePermission with the attributes of another. Does not copy the id, or other ConfluenceEntityObject state.
      Parameters:
      spacePermission - a spacePermission to replicate.

  • Method Details

    • getSpace

      public @Nullable Space getSpace()
      The space of this permission.

    • setSpace

      public void setSpace(@Nullable Space space)

    • getSpaceId

      public long getSpaceId()

    • getType

      public String getType()

    • setType

      @Deprecated public void setType(String type)
      Deprecated.
      since 5.9. Use one of the factory methods such as createGroupSpacePermission(java.lang.String, com.atlassian.confluence.spaces.Space, java.lang.String) instead.

    • getGroup

      public @Nullable String getGroup()

    • setGroup

      @Deprecated public void setGroup(String group)
      Deprecated.
      since 5.9. Use createGroupSpacePermission(java.lang.String, com.atlassian.confluence.spaces.Space, java.lang.String) instead.

    • getAllUsersSubject

      public String getAllUsersSubject()

    • setAllUsersSubject

      protected void setAllUsersSubject(String storedValue)

    • getUserName

      @Deprecated public @Nullable String getUserName()
      Deprecated.
      since 5.2. Use getUserSubject() instead.

    • setUserName

      @Deprecated public void setUserName(String userName)
      Deprecated.
      since 5.2. See setUserSubject(ConfluenceUser) instead.

    • getUserSubject

      public @Nullable ConfluenceUser getUserSubject()
      Since:
      5.2

    • setUserSubject

      public void setUserSubject(@Nullable ConfluenceUser user)
      Deprecated.
      since 5.9 use createUserSpacePermission(java.lang.String, com.atlassian.confluence.spaces.Space, com.atlassian.confluence.user.ConfluenceUser)
      Since:
      5.2

    • isUserPermission

      @EnsuresNonNullIf(expression={"getUserSubject()","getUserName()"}, result=true) public boolean isUserPermission()

    • isGroupPermission

      @EnsuresNonNullIf(expression="getGroup()", result=true) public boolean isGroupPermission()

    • isAnonymousPermission

      public boolean isAnonymousPermission()

    • isAuthenticatedUsersPermission

      public boolean isAuthenticatedUsersPermission()
      Since:
      5.9

    • isGlobalPermission

      @EnsuresNonNullIf(expression="getSpace()", result=false) public boolean isGlobalPermission()

    • isSpacePermission

      @EnsuresNonNullIf(expression="getSpace()", result=true) public boolean isSpacePermission()

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class com.atlassian.core.bean.EntityObject

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class com.atlassian.core.bean.EntityObject

    • toFormParameterName

      @Deprecated public String toFormParameterName(String parameterType)
      Deprecated.
      As of 2.7.2, use PermissionRow.buildParameterName(String, String).
      Convert the space permission into a form parameter name that can be used for form checkboxes. The reverse of this method is PermissionsFormHandler.fromFormParameterName(java.lang.String, com.atlassian.confluence.spaces.Space, java.lang.String)

      The format of the parameter name is:

      confluence_[parameterType]_[permissionType]_[user/group/anonymous]_[user/group name]

      Note: the space is NOT encoded in the form parameter name, and must be kept separately.

      Parameters:
      parameterType - distinguishes the parameter from other parameters created with the same permission.
      Returns:
      the space permission as a form parameter.

    • isGuardPermission

      public boolean isGuardPermission()
      Is this a guard permission, either globally or at the space level? Guard permissions are required before any more permissions can be added for a particular user/group in a particular scope. Globally, USE_CONFLUENCE and LIMITED_USE_CONFLUENCE are guard permissions, at the space level, VIEWSPACE is the guard.
      Returns:
      true if this is a guard permission, false otherwise.

    • isDependentOn

      public boolean isDependentOn(SpacePermission otherPermission)
      One permission is dependent on another if the other permission is a guard permission that applies to the same space/global scope, and to the same group / user / "all users" subject as this permission. It is used when determining which permissions should be removed as the result of removing a guard permission.
      Parameters:
      otherPermission - - permission to check against
      Returns:
      true if this permission is dependent on otherPermission, false otherwise.

    • isInvalidAnonymousPermission

      public boolean isInvalidAnonymousPermission()
      Some permissions are not valid as they can not be assigned to the anonymous user. Really, we should just refuse to create such permissions from the outset, but for now we've just got this check.
      Returns:
      true if this permission is invalid due to being anonymous, and of a type not available to anonymous users

    • isValidAnonymousPermission

      public static boolean isValidAnonymousPermission(String permissionType)

    • isInvalidAuthenticatedUsersPermission

      public boolean isInvalidAuthenticatedUsersPermission()
      Returns:
      true if this permission is for authenticated

    • isValidAuthenticatedUsersPermission

      public static boolean isValidAuthenticatedUsersPermission(String permissionType)

    • createAnonymousSpacePermission

      public static SpacePermission createAnonymousSpacePermission(String type, @Nullable Space space)

    • createUserSpacePermission

      public static SpacePermission createUserSpacePermission(String type, @Nullable Space space, ConfluenceUser subject)

    • createGroupSpacePermission

      public static SpacePermission createGroupSpacePermission(String type, @Nullable Space space, String group)

    • createAuthenticatedUsersSpacePermission

      public static SpacePermission createAuthenticatedUsersSpacePermission(String type, @Nullable Space space)
      Creates a permission which is granted to all authenticated users, including unlicensed users.