Package com.atlassian.confluence.api.impl.service.permissions

Class ContentRestrictionServiceImpl

java.lang.Object

com.atlassian.confluence.api.impl.service.permissions.ContentRestrictionServiceImpl

All Implemented Interfaces:

ContentRestrictionService

public class ContentRestrictionServiceImpl
extends Object
implements ContentRestrictionService

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	ContentRestrictionServiceImpl.MergeMode	Defines how pre-existing and passed ContentRestrictions are getting merged during mutative operations

Nested classes/interfaces inherited from interface com.atlassian.confluence.api.service.permissions.ContentRestrictionService

ContentRestrictionService.Validator

Field Summary

Fields inherited from interface com.atlassian.confluence.api.service.permissions.ContentRestrictionService

DEFAULT_BY_OPERATION_EXPANSIONS, DEFAULT_FOR_OPERATION_AND_CONTENT_EXPANSIONS, DEFAULT_FOR_OPERATION_EXPANSIONS

Constructor Summary

Constructors

Constructor	Description
ContentRestrictionServiceImpl(ContentEntityManagerInternal contentEntityManager, ContentPermissionManager contentPermissionManager, ContentRestrictionFactory contentRestrictionFactory, ConfluenceUserResolver confluenceUserResolver, NavigationService navigationService, ContentRestrictionService.Validator contentRestrictionServiceValidator)

Method Summary

Modifier and Type	Method	Description
void	addDirectRestrictionForSubject(ContentId contentId, OperationKey operationKey, Subject subject)	Adds singular direct ContentRestriction for operationKey and subject to the content identified by contentId parameter.
ContentRestrictionsPageResponse	addRestrictions(ContentId target, Collection<? extends ContentRestriction> contentRestrictions, Expansion... expansions)	Attempts to add all the restrictions specified to a piece of content identified by contentId.
ContentRestrictionsPageResponse	deleteAllDirectRestrictions(ContentId target, Expansion... expansions)	Attempts to delete all the restrictions specified directly on a piece of content identified by contentId.
void	deleteDirectRestrictionForSubject(ContentId contentId, OperationKey operationKey, Subject subject)	Deletes singular direct ContentRestriction for operationKey and subject from the content identified by contentId parameter.
protected @NonNull Map<String,Collection<ContentPermission>>	getMergedContentPermissions(@NonNull ContentEntityObject ceo, @NonNull Collection<? extends ContentRestriction> givenContentRestrictions, @NonNull ContentRestrictionServiceImpl.MergeMode mergeMode)	Builds a Map of ContentPermissions mapped to their PermissionType from givenContentRestrictions provided and the ones already existing on ContentEntityObject
protected @NonNull Optional<ContentPermission>	getPreExistingContentPermissionForGroup(@Nullable ContentEntityObject ceo, @Nullable String permissionType, @Nullable Group group)	Gets pre-existing ContentPermission (singular, optional) for the Group and OperationKey (as String permissionType) specified.
protected @NonNull Optional<ContentPermission>	getPreExistingContentPermissionForSubject(@Nullable ContentEntityObject ceo, @Nullable String permissionType, @Nullable Subject subject)	Gets pre-existing ContentPermission (singular, optional) for the Subject and OperationKey (as String permissionType) specified.
protected @NonNull Optional<ContentPermission>	getPreExistingContentPermissionForUser(@Nullable ContentEntityObject ceo, @Nullable String permissionType, @NonNull User user)	Gets pre-existing ContentPermission (singular, optional) for the User and OperationKey (as String permissionType) specified.
protected @NonNull Set<ContentPermission>	getPreExistingContentPermissions(@Nullable ContentEntityObject ceo, @Nullable String permissionType)	Gets Set of all the distinct ContentPermissions of the specified permissionType pre-existing on the ContentEntityObject passed.
protected @NonNull Set<ContentPermission>	getPreExistingContentPermissions(@Nullable ContentEntityObject ceo, @Nullable String permissionType, @Nullable Predicate<ContentPermission> filterBy)	Gets Set of all the distinct ContentPermissions of the specified permissionType pre-existing on the ContentEntityObject passed.
protected @NonNull Set<ContentPermission>	getPreExistingContentPermissionsForSubjectType(@Nullable ContentEntityObject ceo, @Nullable String permissionType, @Nullable SubjectType subjectType)	Gets pre-existing ContentPermissions (plural) for the SubjectType and OperationKey (as String permissionType) specified.
ContentRestrictionsPageResponse	getRestrictions(ContentId target, PageRequest pageRequest, Expansion... allExpansions)	Retrieves all the restrictions for all the operations on a given Content.
ContentRestriction	getRestrictionsForOperation(ContentId target, OperationKey operationKey, PageRequest pageRequest, Expansion... allExpansions)	Retrieves all restrictions for given operation key on given content.
Map<OperationKey,ContentRestriction>	getRestrictionsGroupByOperation(ContentId target, Expansion... allExpansions)	List all restrictions that exist directly on the given content.
boolean	hasDirectRestrictionForSubject(ContentId contentId, OperationKey operationKey, Subject subject)	Returns true if the User or Group specified by the subject parameter has restriction(s) for the operationKey operation which are specified directly on the Content identified by contentId parameter.
protected @NonNull NotImplementedServiceException	throwableUnsupportedSubjectType(@Nullable Object something)	Returns throwable to indicate that certain SubjectType is not supported for ContentRestrictions operations.
ContentRestrictionsPageResponse	updateRestrictions(ContentId target, Collection<? extends ContentRestriction> contentRestrictions, Expansion... expansions)	Sets all the restrictions specified to a piece of content identified by contentId, replacing any existing permissions.
protected @NonNull ValidationResult	validateSelfAccessRetained(@NonNull Map<String,Collection<ContentPermission>> contentPermissionByPermissionTypeMap)	Validates that currently logged in user will have direct specific ContentPermission specified for self in case when provided contentPermissionByPermissionTypeMap will become the actual ContentPermissions.
ContentRestrictionService.Validator	validator()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ContentRestrictionServiceImpl

public ContentRestrictionServiceImpl(ContentEntityManagerInternal contentEntityManager,
                                     ContentPermissionManager contentPermissionManager,
                                     ContentRestrictionFactory contentRestrictionFactory,
                                     ConfluenceUserResolver confluenceUserResolver,
                                     NavigationService navigationService,
                                     ContentRestrictionService.Validator contentRestrictionServiceValidator)

Method Detail

validator

public ContentRestrictionService.Validator validator()

Specified by:

validator in interface ContentRestrictionService

Returns:

instance of ContentRestrictionService.Validator

getRestrictionsGroupByOperation

public Map<OperationKey,ContentRestriction> getRestrictionsGroupByOperation(ContentId target,
                                                                                  Expansion... allExpansions)
                                                                           throws ServiceException

Description copied from interface: ContentRestrictionService

List all restrictions that exist directly on the given content. Note that the subjects returned in each ContentRestriction are hard-limited to an arbitrary maximum size. Obtaining more can be done via the ContentRestrictionService.getRestrictionsForOperation(com.atlassian.confluence.api.model.content.id.ContentId, com.atlassian.confluence.api.model.permissions.OperationKey, com.atlassian.confluence.api.model.pagination.PageRequest, com.atlassian.confluence.api.model.Expansion...) method.

Specified by:

getRestrictionsGroupByOperation in interface ContentRestrictionService

Parameters:

target - the id of the content to look up permissions for

allExpansions - the expansions to apply to the returned data. These expansions start from the operation itself.

Returns:

a Map of all ContentRestrictions, grouped by operation key

Throws:

NotFoundException - if given content id does not exist, or is not viewable by user

ServiceException

getRestrictionsForOperation

public ContentRestriction getRestrictionsForOperation(ContentId target,
                                                      OperationKey operationKey,
                                                      PageRequest pageRequest,
                                                      Expansion... allExpansions)
                                               throws ServiceException

Description copied from interface: ContentRestrictionService

Retrieves all restrictions for given operation key on given content.

Specified by:

getRestrictionsForOperation in interface ContentRestrictionService

Parameters:

target - the id of the content to look up permissions for

operationKey - the operation key to look up restrictions for

pageRequest - pagination through the subjects contained within the ContentRestriction

allExpansions - the expansions to the ContentRestriction.

Returns:

ContentRestriction containing relevant restrictions for given operation key, or null if operation key does not have corresponding restrictions.

Throws:

NotFoundException - if given content id does not exist, or is not viewable by user, or if the given operation key is not recognised for the content.

ServiceException

getRestrictions

public ContentRestrictionsPageResponse getRestrictions(ContentId target,
                                                       PageRequest pageRequest,
                                                       Expansion... allExpansions)
                                                throws ServiceException

Description copied from interface: ContentRestrictionService

Retrieves all the restrictions for all the operations on a given Content.

Specified by:

getRestrictions in interface ContentRestrictionService

Parameters:

target - the id of the content to look up permissions for

pageRequest - pagination through the list of all the ContentRestrictions returned

allExpansions - the expansions to the ContentRestriction

Returns:

a paginated response, containing all the ContentRestrictions for the given content

Throws:

NotFoundException - if given content id does not exist, or is not viewable by user

ServiceException

updateRestrictions

public ContentRestrictionsPageResponse updateRestrictions(ContentId target,
                                                          Collection<? extends ContentRestriction> contentRestrictions,
                                                          Expansion... expansions)
                                                   throws ServiceException

Description copied from interface: ContentRestrictionService

Sets all the restrictions specified to a piece of content identified by contentId, replacing any existing permissions. Setting per-content restrictions is currently allowed for Pages or BlogPosts only.

Rules of applying restrictions via this method:

• Provided collection of ContentRestrictions is allowed to have only 1 (ONE) ContentRestriction object for each operation.
• Provided ContentRestrictions will replace (overwrite) any pre-existing restrictions on the Content under the corresponding operations.
• In case provided collection of ContentRestriction does not have any of the operations supported it is assumed that restrictions for such operation should not be changed at all.
• Restrictions with the "users" and/or "groups" map entries explicitly set to be empty arrays will result in removing corresponding restrictions for the content.
• Restrictions with the "users" and/or "groups" map entries missing will result in not changing corresponding operation's user/group restrictions for the content.
• It is not allowed to edit the restrictions in such a way which would remove requesting user's access.
• Only Page, BlogPost and other add-on provided Content Types that support direct content restrictions are supported.

Specified by:

updateRestrictions in interface ContentRestrictionService

Parameters:

target - the id of the content to assign restrictions to

contentRestrictions - Collection of ContentRestrictions to apply to the Content specified

expansions - the expansions to the ContentRestriction. To be expanded on response.

Returns:

ContentRestrictionsPageResponse describing the new state of the content identified by contentId (same as ContentRestrictionService.getRestrictions(ContentId, PageRequest, Expansion...) would return)

Throws:

ServiceException - or one of it subtypes.

NotFoundException - in case there's no Content with ID provided or user does not have enough rights to view it

PermissionException - in case user is not allowed to alter restrictions on the content specified

BadRequestException - in case when data supplied is not enough/corrupt, etc... many reasons. Exception generally would have message which explains what's wrong.

addRestrictions

public ContentRestrictionsPageResponse addRestrictions(ContentId target,
                                                       Collection<? extends ContentRestriction> contentRestrictions,
                                                       Expansion... expansions)
                                                throws ServiceException

Description copied from interface: ContentRestrictionService

Attempts to add all the restrictions specified to a piece of content identified by contentId. Does not replace/remove/alter any pre-existing ContentRestrictions. Provided ContentRestrictions will be added, i.e. "merged with" any pre-existing restrictions on the Content under the corresponding operations. Changing per-content restrictions is currently allowed for Pages or BlogPosts only.

Rules of applying restrictions via this method:

• Provided collection of ContentRestrictions is allowed to have only 1 (ONE) ContentRestriction object for each operation.
• Provided ContentRestrictions will be added, i.e. "merged with" any pre-existing restrictions on the Content under the corresponding operations.
• In case provided collection of ContentRestriction does not have any of the operations supported no changes will happen.
• Restrictions with the "users" and/or "groups" map entries explicitly set to be empty arrays will result in not changing corresponding operation's user/group restrictions for the content.
• Restrictions with the "users" and/or "groups" map entries missing will result in not changing corresponding operation's user/group restrictions for the content.
• It is not allowed to edit the restrictions in such a way which would remove requesting user's access.
• Only Page, BlogPost and other add-on provided Content Types that support direct content restrictions are supported.

Specified by:

addRestrictions in interface ContentRestrictionService

Parameters:

target - the id of the content to add restrictions to

contentRestrictions - Collection of ContentRestrictions to apply to the Content specified

expansions - the expansions to the ContentRestriction. To be expanded on response.

Returns:

ContentRestrictionsPageResponse describing the new state of the content identified by contentId (same as ContentRestrictionService.getRestrictions(ContentId, PageRequest, Expansion...) would return)

Throws:

ServiceException - or one of it subtypes.

NotFoundException - in case there's no Content with ID provided or user does not have enough rights to view it

PermissionException - in case user is not allowed to alter restrictions on the content specified

BadRequestException - in case when data supplied is not enough/corrupt, etc... many reasons. Exception generally would have message which explains what's wrong.

deleteAllDirectRestrictions

public ContentRestrictionsPageResponse deleteAllDirectRestrictions(ContentId target,
                                                                   Expansion... expansions)
                                                            throws ServiceException

Description copied from interface: ContentRestrictionService

Attempts to delete all the restrictions specified directly on a piece of content identified by contentId. "specified directly" means that deleting restrictions on some content won't affect any restrictions inherited from its parents. Changing per-content restrictions is currently allowed for Pages, Blog Posts and other add-on provided Content Types that support direct content restrictions.

Specified by:

deleteAllDirectRestrictions in interface ContentRestrictionService

Parameters:

target - the id of the content to remove all directly specified restrictions from

expansions - the expansions to the ContentRestriction. To be expanded on response.

Returns:

ContentRestrictionsPageResponse describing the new state of the content identified by contentId (same as ContentRestrictionService.getRestrictions(ContentId, PageRequest, Expansion...) would return)

Throws:

ServiceException - or one of it subtypes.

NotFoundException - in case there's no Content with ID provided or user does not have enough rights to view it

PermissionException - in case user is not allowed to alter restrictions on the content specified

hasDirectRestrictionForSubject

public boolean hasDirectRestrictionForSubject(ContentId contentId,
                                              OperationKey operationKey,
                                              Subject subject)
                                       throws ServiceException

Description copied from interface: ContentRestrictionService

Returns true if the User or Group specified by the subject parameter has restriction(s) for the operationKey operation which are specified directly on the Content identified by contentId parameter.

Returns false otherwise.

Can throw BadRequestException or PermissionException and other various subtypes of ServiceException in case of bad IDs, parameters, permission problems, etc.

Specified by:

hasDirectRestrictionForSubject in interface ContentRestrictionService

Parameters:

contentId - the id of the content which the check will be performed on

operationKey - the operation key to check restrictions against

subject - either User or Group who's restriction is in question

Returns:

true or false depending on whether user/group specified have any direct restrictions on a content specified

Throws:

ServiceException - or one of it subtypes.

NotFoundException - in case there's no Content with ID provided or user does not have enough rights to view it

deleteDirectRestrictionForSubject

public void deleteDirectRestrictionForSubject(ContentId contentId,
                                              OperationKey operationKey,
                                              Subject subject)
                                       throws ServiceException

Description copied from interface: ContentRestrictionService

Deletes singular direct ContentRestriction for operationKey and subject from the content identified by contentId parameter. Throws subclasses of ServiceException in case of various problems (cannot find content, restrictions to be deleted does not exist, etc...)

Specified by:

deleteDirectRestrictionForSubject in interface ContentRestrictionService

Parameters:

contentId - the id of the content which the restriction to be removed from

operationKey - the operation to remove restriction for

subject - either User or Group who's restriction is to be deleted

Throws:

ServiceException

addDirectRestrictionForSubject

public void addDirectRestrictionForSubject(ContentId contentId,
                                           OperationKey operationKey,
                                           Subject subject)
                                    throws ServiceException

Description copied from interface: ContentRestrictionService

Adds singular direct ContentRestriction for operationKey and subject to the content identified by contentId parameter. Throws subclasses of ServiceException in case of various problems (cannot find content, wrong operationKey, restricting self, etc...)

Specified by:

addDirectRestrictionForSubject in interface ContentRestrictionService

Parameters:

contentId - the id of the content which the restriction to be added to

operationKey - the operation to remove restriction for

subject - either User or Group who's restriction is to be added

Throws:

ServiceException

getMergedContentPermissions

protected @NonNull Map<String,Collection<ContentPermission>> getMergedContentPermissions(@NonNull ContentEntityObject ceo,
                                                                                               @NonNull Collection<? extends ContentRestriction> givenContentRestrictions,
                                                                                               @NonNull ContentRestrictionServiceImpl.MergeMode mergeMode)

Builds a Map of ContentPermissions mapped to their PermissionType from givenContentRestrictions provided and the ones already existing on ContentEntityObject

Result depends on mergeMode passed.

• When MergeMode.ADD.equals(mergeMode)==true will try to add all the ContentRestrictions provided to the ones already existing on the ContentEntityObject
• When MergeMode.REPLACE.equals(mergeMode)==true will try to replace all the ContentRestrictions already existing on the ContentEntityObject with the ones provided (users and groups separately)
• When MergeMode.SUBTRACT.equals(mergeMode)==true will try to subtract all the ContentRestrictions provided from the ones already existing on the ContentEntityObject

In case when MergeMode.REPLACE.equals(mergeMode)==true only those ContentRestrictions will be replaced, for which there's a mapping in the givenContentRestrictions provided. I.e. if there's no mappings for say "group" in the givenContentRestrictions, it means restrictions for groups will not be affected as the result of calling this method.

Parameters:

ceo - ContentEntityObject to figure out merged ContentPermissions for

givenContentRestrictions - Collection of ContentRestrictions objects containing restrictions which should be merged with existing ones depending on the mergeMode

mergeMode - ContentRestrictionServiceImpl.MergeMode for applying givenContentRestrictions (one of "ADD", "REPLACE", "SUBTRACT").

Returns:

Map of ContentPermissions mapped by their PermissionTypes representing a MERGE result between what was on ceo before + what's specified by user

throwableUnsupportedSubjectType

protected @NonNull NotImplementedServiceException throwableUnsupportedSubjectType(@Nullable Object something)

Returns throwable to indicate that certain SubjectType is not supported for ContentRestrictions operations.

Parameters:

something - - whatever were passed as the wrong Subject or SubjectType.

Returns:

NotImplementedServiceException explaining what happened.

getPreExistingContentPermissions

protected @NonNull Set<ContentPermission> getPreExistingContentPermissions(@Nullable ContentEntityObject ceo,
                                                                           @Nullable String permissionType,
                                                                           @Nullable Predicate<ContentPermission> filterBy)

Gets Set of all the distinct ContentPermissions of the specified permissionType pre-existing on the ContentEntityObject passed. Results are optionally filtered by the filterBy

Never returns null, returns empty Set in case nothing found or cannot be calculated.

Returns:

Set of all the distinct ContentPermissions of the specified permissionType pre-existing on the ContentEntityObject passed, optionally filtered by the predicate provided. Never null.

getPreExistingContentPermissions

protected @NonNull Set<ContentPermission> getPreExistingContentPermissions(@Nullable ContentEntityObject ceo,
                                                                           @Nullable String permissionType)

Gets Set of all the distinct ContentPermissions of the specified permissionType pre-existing on the ContentEntityObject passed.

For the filtered options see getPreExistingContentPermissions(ContentEntityObject, String, Predicate)

Never returns null, returns empty Set in case nothing found or cannot be calculated.

Returns:

Set of all the distinct ContentPermissions of the specified permissionType pre-existing on the ContentEntityObject passed. Never null.

See Also:

getPreExistingContentPermissions(ContentEntityObject, String, Predicate)

getPreExistingContentPermissionsForSubjectType

protected @NonNull Set<ContentPermission> getPreExistingContentPermissionsForSubjectType(@Nullable ContentEntityObject ceo,
                                                                                         @Nullable String permissionType,
                                                                                         @Nullable SubjectType subjectType)

Gets pre-existing ContentPermissions (plural) for the SubjectType and OperationKey (as String permissionType) specified.

See Also:

getPreExistingContentPermissions(ContentEntityObject, String, Predicate)

getPreExistingContentPermissionForSubject

protected @NonNull Optional<ContentPermission> getPreExistingContentPermissionForSubject(@Nullable ContentEntityObject ceo,
                                                                                         @Nullable String permissionType,
                                                                                         @Nullable Subject subject)

Gets pre-existing ContentPermission (singular, optional) for the Subject and OperationKey (as String permissionType) specified.

See Also:

getPreExistingContentPermissions(ContentEntityObject, String, Predicate)

getPreExistingContentPermissionForUser

protected @NonNull Optional<ContentPermission> getPreExistingContentPermissionForUser(@Nullable ContentEntityObject ceo,
                                                                                      @Nullable String permissionType,
                                                                                      @NonNull User user)

Gets pre-existing ContentPermission (singular, optional) for the User and OperationKey (as String permissionType) specified.

See Also:

getPreExistingContentPermissions(ContentEntityObject, String, Predicate)

getPreExistingContentPermissionForGroup

protected @NonNull Optional<ContentPermission> getPreExistingContentPermissionForGroup(@Nullable ContentEntityObject ceo,
                                                                                       @Nullable String permissionType,
                                                                                       @Nullable Group group)

Gets pre-existing ContentPermission (singular, optional) for the Group and OperationKey (as String permissionType) specified.

See Also:

getPreExistingContentPermissions(ContentEntityObject, String, Predicate)

validateSelfAccessRetained

protected @NonNull ValidationResult validateSelfAccessRetained(@NonNull Map<String,Collection<ContentPermission>> contentPermissionByPermissionTypeMap)

Validates that currently logged in user will have direct specific ContentPermission specified for self in case when provided contentPermissionByPermissionTypeMap will become the actual ContentPermissions.

Parameters:

contentPermissionByPermissionTypeMap -

Returns: