Package com.atlassian.confluence.security

Class SpacePermissionCoordinator

java.lang.Object

com.atlassian.confluence.security.SpacePermissionCoordinator

All Implemented Interfaces:

SpacePermissionManagerInternal, SpacePermissionSaverInternal, SpacePermissionManager, SpacePermissionSaver

@ParametersAreNonnullByDefault
public class SpacePermissionCoordinator
extends Object
implements SpacePermissionManagerInternal

Space permission manager that adds a layer of security over the write operations in this class. That is, it performs permission checking via the PermissionManager and SetSpacePermissionChecker before forwarding the call to the underlying space permission manager.

Constructor Summary

Constructors

Constructor	Description
SpacePermissionCoordinator()

Method Summary

Modifier and Type	Method	Description
void	createDefaultSpacePermissions(Space space)
void	createPrivateSpacePermissions(Space space)
void	flushCaches()
List<SpacePermission>	getAllPermissionsForGroup(String group)
Set<SpacePermission>	getDefaultGlobalPermissions()	Returns the default global permissions that are created when Confluence is set up.
List<SpacePermission>	getGlobalPermissions()
List<SpacePermission>	getGlobalPermissions(String permissionType)
Map<String,Long>	getGroupsForPermissionType(String permissionType, Space space)
Collection<com.atlassian.user.Group>	getGroupsWithPermissions(@Nullable Space space)	Returns all groups which have permissions in a space or on a global level.
Map<String,Long>	getUsersForPermissionType(String permissionType, Space space)
Collection<com.atlassian.user.User>	getUsersWithPermissions(@Nullable Space space)	Returns a collection of user objects with VIEWSPACE_PERMISSION in the space.
boolean	groupHasPermission(String permissionType, @Nullable Space space, String group)	Checks whether the given group has the given permission
boolean	hasAllPermissions(List<String> permissionTypes, @Nullable Space space, @Nullable com.atlassian.user.User remoteUser)	Determines if remoteUser has all of the given permissions in space
boolean	hasPermission(String permissionType, @Nullable Space space, @Nullable com.atlassian.user.User remoteUser)	Determines if remoteUser has the given permission in space
boolean	hasPermissionForSpace(@Nullable com.atlassian.user.User user, List permissionTypes, @Nullable Space space)
boolean	hasPermissionNoExemptions(String permissionType, @Nullable Space space, @Nullable com.atlassian.user.User remoteUser)	Returns true if the user has the specified permission on the target space.
boolean	isPermittedInReadOnlyAccessMode(String permissionType)	Check if the permission type is permitted in read only access mode
boolean	permissionExists(SpacePermission permission)	Check whether the given SpacePermission exists.
void	removeAllPermissions(Space space)	Deprecated.
void	removeAllPermissions(Space space, SpacePermissionContext context)	Removes all SpacePermission's from the specified space.
void	removeAllPermissionsForGroup(String groupName)	Removes all the SpacePermission's for the specified group.
void	removeAllPermissionsForGroup(String groupName, SpacePermissionContext context)	Removes all permissions for the given group.
void	removeAllUserPermissions(@NonNull ConfluenceUser user)	Removes all the SpacePermission's for the specified user.
void	removeAllUserPermissions(ConfluenceUser user, SpacePermissionContext context)	Removes all the SpacePermission's for the specified user.
void	removeGlobalPermissionForUser(ConfluenceUser user, String permissionType)	Removes the specified Global Permissions of type 'permissionType' from the user
void	removeGlobalPermissionForUser(ConfluenceUser user, String permissionType, SpacePermissionContext context)	Removes the specified Global Permissions of type 'permissionType' from the user
void	removePermission(SpacePermission permission)	Deprecated.
void	removePermission(SpacePermission permission, SpacePermissionContext context)	Removes the specified permission.
void	savePermission(SpacePermission permission)	Deprecated.
void	savePermission(SpacePermission permission, SpacePermissionContext context)	Saves the permission.
void	setGroupManager(com.atlassian.user.GroupManager groupManager)
void	setPermissionManager(PermissionManager permissionManager)
void	setSetSpacePermissionChecker(SetSpacePermissionChecker setSpacePermissionChecker)
void	setSpacePermissionManager(SpacePermissionManagerInternal spacePermissionManager)
void	setUserManager(com.atlassian.user.UserManager unused)	Deprecated. since 7.7 unused

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SpacePermissionCoordinator

public SpacePermissionCoordinator()

Method Detail

savePermission

@Deprecated
public void savePermission(SpacePermission permission)

Deprecated.

Saves the specified permission.

Specified by:

savePermission in interface SpacePermissionSaver

Throws:

InsufficientPrivilegeException - if the current logged in user does not have sufficient permissions to do this. Check SetSpacePermissionChecker.canSetPermission(User, SpacePermission) first.

savePermission

public void savePermission(SpacePermission permission,
                           SpacePermissionContext context)

Description copied from interface: SpacePermissionSaverInternal

Saves the permission.

May generate a SpacePermissionSaveEvent in the process, depending on the context.

Specified by:

savePermission in interface SpacePermissionSaverInternal

Parameters:

permission - the permission to save

context - the context for the save

removeAllPermissions

@Deprecated
public void removeAllPermissions(Space space)

Deprecated.

Removes all SpacePermission's from the specified space.

Specified by:

removeAllPermissions in interface SpacePermissionManager

Parameters:

space - The space to remove the permissions for

Throws:

InsufficientPrivilegeException - if the current logged in user does not have sufficient permissions to do this. Check Permission.SET_PERMISSIONS on PermissionManager first.

removeAllPermissions

public void removeAllPermissions(Space space,
                                 SpacePermissionContext context)

Removes all SpacePermission's from the specified space.

Specified by:

removeAllPermissions in interface SpacePermissionManagerInternal

Parameters:

space - The space to remove the permissions for

context - The context for this removal

Throws:

InsufficientPrivilegeException - if the current logged in user does not have sufficient permissions to do this. Check Permission.SET_PERMISSIONS on PermissionManager first.

removePermission

@Deprecated
public void removePermission(SpacePermission permission)

Deprecated.

Removes the specified permission.

Specified by:

removePermission in interface SpacePermissionManager

Parameters:

permission - the permission to remove

Throws:

InsufficientPrivilegeException - if the current logged in user does not have sufficient permissions to do this. Check SetSpacePermissionChecker.canSetPermission(User, SpacePermission) first.

removePermission

public void removePermission(SpacePermission permission,
                             SpacePermissionContext context)

Removes the specified permission.

Specified by:

removePermission in interface SpacePermissionManagerInternal

Parameters:

permission - the permission to remove

context - the context for the removal

Throws:

InsufficientPrivilegeException - if the current logged in user does not have sufficient permissions to do this. Check SetSpacePermissionChecker.canSetPermission(User, SpacePermission) first.

createDefaultSpacePermissions

public void createDefaultSpacePermissions(Space space)

Specified by:

createDefaultSpacePermissions in interface SpacePermissionManager

createPrivateSpacePermissions

public void createPrivateSpacePermissions(Space space)

Specified by:

createPrivateSpacePermissions in interface SpacePermissionManager

removeAllUserPermissions

public void removeAllUserPermissions(@NonNull ConfluenceUser user)

Removes all the SpacePermission's for the specified user.

Specified by:

removeAllUserPermissions in interface SpacePermissionManager

Throws:

InsufficientPrivilegeException - if the current logged in user does not have sufficient permissions to do this. Check Permission.SET_PERMISSIONS using PermissionManager first.

removeAllUserPermissions

public void removeAllUserPermissions(ConfluenceUser user,
                                     SpacePermissionContext context)

Removes all the SpacePermission's for the specified user.

Specified by:

removeAllUserPermissions in interface SpacePermissionManagerInternal

Parameters:

user - the user to remove permissions for

context - the context for the removal

Throws:

InsufficientPrivilegeException - if the current logged in user does not have sufficient permissions to do this. Check Permission.SET_PERMISSIONS using PermissionManager first.

removeGlobalPermissionForUser

public void removeGlobalPermissionForUser(ConfluenceUser user,
                                          String permissionType)

Removes the specified Global Permissions of type 'permissionType' from the user

Specified by:

removeGlobalPermissionForUser in interface SpacePermissionManager

Parameters:

user - the user to look up

permissionType - the permission type to remove

Throws:

InsufficientPrivilegeException - if the current logged in user does not have sufficient permissions to do this. Check Permission.SET_PERMISSIONS using PermissionManager first.

removeGlobalPermissionForUser

public void removeGlobalPermissionForUser(ConfluenceUser user,
                                          String permissionType,
                                          SpacePermissionContext context)

Removes the specified Global Permissions of type 'permissionType' from the user

Specified by:

removeGlobalPermissionForUser in interface SpacePermissionManagerInternal

Parameters:

user - the user to look up

permissionType - the permission type to remove

context - the context for the removal

Throws:

InsufficientPrivilegeException - if the current logged in user does not have sufficient permissions to do this. Check Permission.SET_PERMISSIONS using PermissionManager first.

removeAllPermissionsForGroup

public void removeAllPermissionsForGroup(String groupName)

Removes all the SpacePermission's for the specified group.

Specified by:

removeAllPermissionsForGroup in interface SpacePermissionManager

Parameters:

groupName - the group to remove

Throws:

InsufficientPrivilegeException - if the current logged in user does not have sufficient permissions to do this. Check Permission.SET_PERMISSIONS using PermissionManager first.

EntityRuntimeException - if there is an error retrieving the group with the specified group name

removeAllPermissionsForGroup

public void removeAllPermissionsForGroup(String groupName,
                                         SpacePermissionContext context)

Description copied from interface: SpacePermissionManagerInternal

Removes all permissions for the given group.

May generate a SpacePermissionsRemoveForGroupEvent in the process, depending on the context.

Specified by:

removeAllPermissionsForGroup in interface SpacePermissionManagerInternal

Parameters:

groupName - the group to remove

hasPermission

public boolean hasPermission(String permissionType,
                             @Nullable Space space,
                             @Nullable com.atlassian.user.User remoteUser)

Description copied from interface: SpacePermissionManager

Determines if remoteUser has the given permission in space

Unless you're writing code that is part of the permission checking implementation, or you're changing space permissions, you should be using PermissionManager instead.

Specified by:

hasPermission in interface SpacePermissionManager

Parameters:

permissionType - The permission type to look up

space - The space the permission applies to (can be null for global permissions)

remoteUser - The user to look up (can be null for the anonymous user)

Returns:

true if remoteUser has the permission, false otherwise

hasPermissionNoExemptions

public boolean hasPermissionNoExemptions(String permissionType,
                                         @Nullable Space space,
                                         @Nullable com.atlassian.user.User remoteUser)

Description copied from interface: SpacePermissionManager

Returns true if the user has the specified permission on the target space. This method does not allow exemptions for super-users like SpacePermissionManager.hasPermission(String, Space, User) does.

For parameter and return value information, see SpacePermissionManager.hasPermission(String, Space, User).

Specified by:

hasPermissionNoExemptions in interface SpacePermissionManager

hasAllPermissions

public boolean hasAllPermissions(List<String> permissionTypes,
                                 @Nullable Space space,
                                 @Nullable com.atlassian.user.User remoteUser)

Description copied from interface: SpacePermissionManager

Determines if remoteUser has all of the given permissions in space

If remoteUser lacks any of the given permissions, false is returned.

Unless you're writing code that is part of the permission checking implementation, or you're changing space permissions, you should be using PermissionManager instead.

Specified by:

hasAllPermissions in interface SpacePermissionManager

Parameters:

permissionTypes - A List of permission types (see SpacePermission) to check

space - The space the permissions apply to

remoteUser - The user to look up

Returns:

true if remoteUser has the permission, false otherwise

getAllPermissionsForGroup

public List<SpacePermission> getAllPermissionsForGroup(String group)

Specified by:

getAllPermissionsForGroup in interface SpacePermissionManager

getGlobalPermissions

public List<SpacePermission> getGlobalPermissions()

Specified by:

getGlobalPermissions in interface SpacePermissionManager

getGlobalPermissions

public List<SpacePermission> getGlobalPermissions(String permissionType)

Specified by:

getGlobalPermissions in interface SpacePermissionManager

flushCaches

public void flushCaches()

Specified by:

flushCaches in interface SpacePermissionManager

groupHasPermission

public boolean groupHasPermission(String permissionType,
                                  @Nullable Space space,
                                  String group)

Description copied from interface: SpacePermissionManager

Checks whether the given group has the given permission

If a null space is specified, this method looks up matching global permissions, otherwise space's permissions list is queried to see if the permission matches.

Similarly, if permissionType is not a space permission, a matching global permission is looked up.

Specified by:

groupHasPermission in interface SpacePermissionManager

Parameters:

permissionType - The permission type to look up

space - The space the permission applies to (can be null for global permissions)

group - The group to look up the permission for

Returns:

true if the group has the required permission, false otherwise

hasPermissionForSpace

public boolean hasPermissionForSpace(@Nullable com.atlassian.user.User user,
                                     List permissionTypes,
                                     @Nullable Space space)

Specified by:

hasPermissionForSpace in interface SpacePermissionManager

getGroupsWithPermissions

public Collection<com.atlassian.user.Group> getGroupsWithPermissions(@Nullable Space space)

Description copied from interface: SpacePermissionManager

Returns all groups which have permissions in a space or on a global level. If space is null, permissions on the global level will be checked.

Specified by:

getGroupsWithPermissions in interface SpacePermissionManager

Parameters:

space - - space to query, if null global permissions returned

Returns:

Collection of groups with permissions

getGroupsForPermissionType

public Map<String,Long> getGroupsForPermissionType(String permissionType,
                                                         Space space)

Specified by:

getGroupsForPermissionType in interface SpacePermissionManager

getUsersWithPermissions

public Collection<com.atlassian.user.User> getUsersWithPermissions(@Nullable Space space)

Description copied from interface: SpacePermissionManager

Returns a collection of user objects with VIEWSPACE_PERMISSION in the space. If no space is provided A list of users with USE_CONFLUENCE_PERMISSION will be returned

Specified by:

getUsersWithPermissions in interface SpacePermissionManager

Parameters:

space - - space to query, if null global permissions returned

Returns:

Collection of User objects

getUsersForPermissionType

public Map<String,Long> getUsersForPermissionType(String permissionType,
                                                        Space space)

Specified by:

getUsersForPermissionType in interface SpacePermissionManager

permissionExists

public boolean permissionExists(SpacePermission permission)

Description copied from interface: SpacePermissionManager

Check whether the given SpacePermission exists. Checks by attribute equality rather than by id.

Specified by:

permissionExists in interface SpacePermissionManager

Parameters:

permission - the permission to look for.

Returns:

true if the permission is recognised by the manager as existing.

getDefaultGlobalPermissions

public Set<SpacePermission> getDefaultGlobalPermissions()

Description copied from interface: SpacePermissionManager

Returns the default global permissions that are created when Confluence is set up. These will exist in a newly set up system but may be removed afterwards. Note that the returned objects are freshly created and therefore do not have IDs or other persistence data.

By default, confluence-administrators group has admin access, the default confluence users group can view the system and anonymous access is disabled.

Specified by:

getDefaultGlobalPermissions in interface SpacePermissionManager

Returns:

a collection of SpacePermissions.

isPermittedInReadOnlyAccessMode

public boolean isPermittedInReadOnlyAccessMode(String permissionType)

Description copied from interface: SpacePermissionManager

Check if the permission type is permitted in read only access mode

Specified by:

isPermittedInReadOnlyAccessMode in interface SpacePermissionManager

Parameters:

permissionType - the permission type to be checked

Returns:

true if the permission type is permitted in read only access mode

setPermissionManager

public void setPermissionManager(PermissionManager permissionManager)

setSpacePermissionManager

public void setSpacePermissionManager(SpacePermissionManagerInternal spacePermissionManager)

setSetSpacePermissionChecker

public void setSetSpacePermissionChecker(SetSpacePermissionChecker setSpacePermissionChecker)

setUserManager

@Deprecated
public void setUserManager(com.atlassian.user.UserManager unused)

Deprecated.

since 7.7 unused

setGroupManager

public void setGroupManager(com.atlassian.user.GroupManager groupManager)