com.atlassian.confluence.impl.security.access

Interface SpacePermissionAccessMapper

All Known Implementing Classes:

DefaultSpacePermissionAccessMapper

@Internal
public interface SpacePermissionAccessMapper

Centralised logic to determine how permissions should be checked, depending on a user's type of access to Confluence (see ConfluenceAccessManager).

This has become necessary to make sense of logic that was originally duplicated between:

• AbstractSpacePermissionManager
• HibernateSpacesQueryBuilder
• HibernatePageDao
• HibernateSpacePermissionsFilterDao

Not for use outside core space permission checking.

Method Summary

Modifier and Type	Method and Description
com.atlassian.fugue.Either<AccessDenied,Set<SpacePermissionSubjectType>>	getPermissionCheckSubjectTypes(AccessStatus accessStatus, String permissionType) Determines the permission subject types that apply for a given user's AccessStatus and the space permission type being checked.

Method Detail

getPermissionCheckSubjectTypes

com.atlassian.fugue.Either<AccessDenied,Set<SpacePermissionSubjectType>> getPermissionCheckSubjectTypes(@Nonnull
                                                                                                        AccessStatus accessStatus,
                                                                                                        @Nonnull
                                                                                                        String permissionType)

Determines the permission subject types that apply for a given user's AccessStatus and the space permission type being checked.

Examples:

• licensed users receive a permission if any permission subject type grants them that permission
• users with unlicensed authenticated access only receive a permission if the "all users" subject type has that permission
• anonymous users only receive a permission if the "anonymous" permission subject type has that permission
• anonymous and users with unlicensed authenticated access users can't ever receive SpacePermission.ADMINISTER_SPACE_PERMISSION, so will be denied
• users without access to Confluence can't receive any permissions, so will be denied

A result of AccessDenied will be returned if either: the user (may be anonymous) does not have access to Confluence OR the given permission type is invalid for the user's AccessStatus.

Parameters:

accessStatus - access status for the user

permissionType - the type of SpacePermission being checked

Returns:

Either.Right containing a NON-EMPTY set of permission subject types that apply for the given access status and permission type, or Either.Left if there are no permission subject types that apply