Package com.atlassian.confluence.plugins.restapi.experimental.resources

Class ExperimentalContentRestrictionsResource

  • public class ExperimentalContentRestrictionsResource
extends Object

    • Constructor Detail

      • ExperimentalContentRestrictionsResource

        public ExperimentalContentRestrictionsResource​(ContentRestrictionService service)

    • Method Detail

      • getRestrictions

        public PageResponse<ContentRestriction> getRestrictions​(ContentId contentId,
                                                        String expand,
                                                        @Context
                                                        javax.ws.rs.core.UriInfo uriInfo,
                                                        int start,
                                                        int limit)

        Returns all the restrictions which are directly specified on a piece of content identified by contentId param

        Example request URI:

        • http://example.com/confluence/rest/experimental/content/1234567/restriction?expand=
        Parameters:
        contentId - content to get restrictions for
        expand - a coma separated list of properties to expand in the response. Default is restrictions.user,restrictions.group
        uriInfo - injected by Jersey
        start - the start point of the collection to return
        limit - the limit of the number of items to return, this may be restricted by fixed system limits
        Returns:
        PageResponse with all the restrictions which are specified directly on a Content

      • updateRestrictions

        public PageResponse<ContentRestriction> updateRestrictions​(ContentId contentId,
                                                           String expand,
                                                           PageResponse<ContentRestriction> contentRestrictions)
        Sets all the restrictions specified to a piece of content identified by contentId, replacing any existing permissions. Setting per-content restrictions is currently allowed for Pages or BlogPosts only.

        Example request URI:

        • http://example.com/confluence/rest/experimental/content/1234567/restriction?expand=

        Accepts same input format as the response of GET to the same resource would return. For the sake of simplicity also allows stripping of {"results": ... }" part and inlining arrays of specific users/groups directly.

        E.g.

        Example request (simplified)

        
 [
   {
     "operation": "update",
     "restrictions":
     {
       "user": [
         {
           "type": "known",
           "username": "admin"
         }
       ]
     }
   }
 ]

        Rules of applying restrictions via this method:

        • Provided collection of ContentRestrictions is allowed to have only 1 (ONE) ContentRestriction object for each operation.
        • Provided ContentRestrictions will replace (overwrite) any pre-existing restrictions on the Content under the corresponding operations.
        • In case provided collection of ContentRestriction does not have any of the operations supported it is assumed that restrictions for such operation should not be changed at all.
        • Restrictions with the "users" and/or "groups" map entries explicitly set to be empty arrays will result in removing corresponding restrictions for the content.
        • Restrictions with the "users" and/or "groups" map entries missing will result in not changing corresponding operation's user/group restrictions for the content.
        • It is not allowed to edit the restrictions in such a way which would remove requesting user's access.
        • Only Page and BlogPost contents are supported.
        Parameters:
        contentId - content to set restrictions for
        expand - a coma separated list of properties to expand in the response. Default is restrictions.user,restrictions.group
        Returns:
        the new state of the resource. PageResponse with all the restrictions which are specified directly on a Content. Result is the same as the response of GET to the same resource would return.

      • addRestrictions

        public PageResponse<ContentRestriction> addRestrictions​(ContentId contentId,
                                                        String expand,
                                                        PageResponse<ContentRestriction> contentRestrictions)
        Adds all the restrictions specified to a piece of content identified by contentId. Does not replace/remove/alter any pre-existing ContentRestrictions. Provided ContentRestrictions will be added, i.e. "merged with" any pre-existing restrictions on the Content under the corresponding operations. Changing per-content restrictions is currently allowed for Pages or BlogPosts only.

        Example request URI:

        • http://example.com/confluence/rest/experimental/content/1234567/restriction?expand=

        Accepts same input format as the response of GET to the same resource would return. For the sake of simplicity also allows stripping of {"results": ... }" part and inlining arrays of specific users/groups directly.

        E.g.

        Example request (simplified)

        
 [
   {
     "operation": "update",
     "restrictions":
     {
       "user": [
         {
           "type": "known",
           "username": "admin"
         }
       ]
     }
   }
 ]

        Rules of applying restrictions via this method:

        • Provided collection of ContentRestrictions is allowed to have only 1 (ONE) ContentRestriction object for each operation.
        • Provided ContentRestrictions will be added, i.e. "merged with" any pre-existing restrictions on the Content under the corresponding operations.
        • In case provided collection of ContentRestriction does not have any of the operations supported no changes will happen.
        • Restrictions with the "users" and/or "groups" map entries explicitly set to be empty arrays, or null, or missing will result in not changing corresponding operation's user/group restrictions for the content.
        • It is not allowed to edit the restrictions in such a way which would remove requesting user's access.
        • Only Page and BlogPost contents are supported.
        Parameters:
        contentId - the id of the content to add restrictions to
        contentRestrictions - Collection of ContentRestrictions to add to the Content specified
        expand - the expansions to the ContentRestriction. To be expanded on response.
        Returns:
        the new state of the resource. PageResponse with all the restrictions which are specified directly on a Content. Result is the same as the response of GET to the same resource would return.

      • deleteRestrictions

        public PageResponse<ContentRestriction> deleteRestrictions​(ContentId contentId,
                                                           String expand)
        Removes all the restrictions specified directly on the content. I.e. makes READ and UPDATE operations unrestricted directly on the content.

        User performing this operation must have enough rights to edit the content specified as well as restrictions associated with it in order to proceed.

        Parameters:
        contentId - the id of the content to remove all restrictions from
        expand - the expansions to the ContentRestriction. To be expanded on response.
        Returns:
        the new state of the resource. PageResponse with all the restrictions which are specified directly on a Content. Result is the same as the response of GET to the same resource would return.

      • getIndividualUserRestrictionStatus

        public javax.ws.rs.core.Response getIndividualUserRestrictionStatus​(ContentId contentId,
                                                                    OperationKey operationKey,
                                                                    com.atlassian.sal.api.user.UserKey userKey,
                                                                    String userName)
        Answers the question "Whether user, identified by userKey is a subject of the restriction for operation operationKey directly specified on a content with ID of ccontentId"

        Content identified by the id must exist and be accessible by the user performing this operation.

        Parameters:
        contentId - the id of the content to perform the test on
        operationKey - key for the Operation for which restrictions are to be checked
        userKey - userKey identifying the user in question
        Returns:
        true if the user in question is listed as a subject in one of the ContentRestircions directly specified on the content, false otherwise

      • getIndividualGroupRestrictionStatus

        public javax.ws.rs.core.Response getIndividualGroupRestrictionStatus​(ContentId contentId,
                                                                     OperationKey operationKey,
                                                                     Group group)
        Answers the question "Whether group, identified by groupName is a subject of the restriction for operation operationKey directly specified on a content with ID of ccontentId"

        Content identified by the id must exist and be accessible by the user performing this operation.

        Parameters:
        contentId - the id of the content to perform the test on
        operationKey - key for the Operation for which restrictions are to be checked
        group - group in question identified by the groupName path parameter
        Returns:
        true if the group in question is listed as a subject in one of the ContentRestircions directly specified on the content, false otherwise

      • deleteIndividualUserRestriction

        public javax.ws.rs.core.Response deleteIndividualUserRestriction​(ContentId contentId,
                                                                 OperationKey operationKey,
                                                                 com.atlassian.sal.api.user.UserKey userKey,
                                                                 String userName)
        Deletes singular direct ContentRestriction for operationKey and user from the content identified by contentId parameter. Throws subclasses of ServiceException in case of various problems (cannot find content, restrictions to be deleted does not exist, etc...)

        Content identified by the id must exist and be accessible by the user performing this operation. User performing this operation must have all the required permissions for that Restriction to be deleted must exist

        Parameters:
        contentId - the id of the content which the restriction to be removed from
        operationKey - the operation to remove restriction for
        userKey - userKey identifying the User who's restriction is to be deleted
        userName - userName identifying the User who's restriction is to be deleted
        Returns:
        HTTP.200 if the deletion was successful

      • deleteIndividualGroupRestriction

        public javax.ws.rs.core.Response deleteIndividualGroupRestriction​(ContentId contentId,
                                                                  OperationKey operationKey,
                                                                  Group group)
        Deletes singular direct ContentRestriction for operationKey and user from the content identified by contentId parameter. Throws subclasses of ServiceException in case of various problems (cannot find content, restrictions to be deleted does not exist, etc...)

        Content identified by the id must exist and be accessible by the user performing this operation. User performing this operation must have all the required permissions for that Restriction to be deleted must exist

        Parameters:
        contentId - the id of the content which the restriction to be removed from
        operationKey - the operation to remove restriction for
        group - group (constructed from the groupName) identifying the Group who's restriction is to be deleted
        Returns:
        HTTP.200 if the deletion was successful

      • addIndividualUserRestriction

        public javax.ws.rs.core.Response addIndividualUserRestriction​(ContentId contentId,
                                                              OperationKey operationKey,
                                                              com.atlassian.sal.api.user.UserKey userKey,
                                                              String userName)
        Adds singular direct ContentRestriction for operationKey and user for the content identified by contentId parameter. Throws subclasses of ServiceException in case of various problems (cannot find content, wrong opkey, not enought permissions, etc...)

        Content identified by the id must exist and be accessible by the user performing this operation. User performing this operation must have all the required permissions for that

        Parameters:
        contentId - the id of the content which the restriction to be added to
        operationKey - the operation to add restriction for
        userKey - userKey identifying the User who's restriction is to be added
        userName - userName identifying the User who's restriction is to be added
        Returns:
        HTTP.200 if the addition was successful

      • addIndividualGroupRestriction

        public javax.ws.rs.core.Response addIndividualGroupRestriction​(ContentId contentId,
                                                               OperationKey operationKey,
                                                               Group group)
        Adds singular direct ContentRestriction for operationKey and group for the content identified by contentId parameter. Throws subclasses of ServiceException in case of various problems (cannot find content, wrong opkey, not enought permissions, etc...)

        Content identified by the id must exist and be accessible by the user performing this operation. User performing this operation must have all the required permissions for that

        Parameters:
        contentId - the id of the content which the restriction to be added to
        operationKey - the operation to add restriction for
        group - group (constructed from the groupName) identifying the Group who's restriction is to be added
        Returns:
        HTTP.200 if the addition was successful