Package com.atlassian.confluence.security

Interface PermissionManager

  • All Known Implementing Classes:
    DefaultPermissionManager
    @Transactional
public interface PermissionManager
    Generalised interface for checking whether a particular action in Confluence is allowed, without any knowledge of the specific implementation of permissions as they relate to spaces, pages and so on.

    • Field Detail

      • TARGET_APPLICATION

        static final Object TARGET_APPLICATION
        A target that encompasses most administrative functions minus the ones covered by TARGET_SYSTEM.

      • TARGET_SYSTEM

        static final Object TARGET_SYSTEM
        A target that encompasses functions that have system impact and can compromise system security.

      • TARGET_PEOPLE_DIRECTORY

        static final Object TARGET_PEOPLE_DIRECTORY
        A target the represents the People Directory function of Confluence.

    • Method Detail

      • hasPermission

        @Deprecated(forRemoval=true)
@Transactional(readOnly=true)
default boolean hasPermission​(@Nullable com.atlassian.user.User user,
                              Permission permission,
                              @Nullable Object target)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 8.8 use hasPermission(ConfluenceUser, Permission, Object)
        Determine whether a user has a particular permission against a given target.
        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        permission - the permission to check
        target - the object that the permission is being checked against. If this object is null, the method will return false
        Returns:
        true if the user has this permission, false otherwise
        Throws:
        IllegalStateException - if the permission being checked against does not apply to the target

      • hasPermission

        @Transactional(readOnly=true)
boolean hasPermission​(@Nullable ConfluenceUser user,
                      Permission permission,
                      @Nullable Object target)
        Determine whether a user has a particular permission against a given target.
        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        permission - the permission to check
        target - the object that the permission is being checked against. If this object is null, the method will return false
        Returns:
        true if the user has this permission, false otherwise
        Throws:
        IllegalStateException - if the permission being checked against does not apply to the target
        Since:
        8.8

      • hasPermission

        @Deprecated(forRemoval=true)
@Transactional(readOnly=true)
default boolean hasPermission​(com.atlassian.user.User user,
                              Permission permission,
                              Class targetType)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 8.8 use hasPermission(ConfluenceUser, Permission, Class)
        Determine whether a user has a particular permission for all instances of the specified target type.
        Parameters:
        user - the user
        permission - the permission to check (see Permission
        targetType - the type of the target
        Returns:
        true if the user has this permission, false otherwise.

      • hasPermission

        @Transactional(readOnly=true)
boolean hasPermission​(ConfluenceUser user,
                      Permission permission,
                      Class targetType)
        Determine whether a user has a particular permission for all instances of the specified target type.
        Parameters:
        user - the user
        permission - the permission to check (see Permission
        targetType - the type of the target
        Returns:
        true if the user has this permission, false otherwise.
        Since:
        8.8

      • hasCreatePermission

        @Deprecated(forRemoval=true)
@Transactional(readOnly=true)
default boolean hasCreatePermission​(com.atlassian.user.User user,
                                    Object container,
                                    Class<?> typeToCreate)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 8.8 use hasCreatePermission(ConfluenceUser, Object, Class)
        Determine whether a user has permission to create an entity of a particular type within a given container.

        The container is the natural container of the object being created. For example, a comment is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

        This overload should not be used when creating CustomContentEntityObject instances. In that case, permission checks should use hasCreatePermission(com.atlassian.user.User, Object, Object).

        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        container - the target that the object is being created within. If this object is null, the method will return false
        typeToCreate - the type of object being created (see above)
        Returns:
        true if the user has permission, false otherwise
        Throws:
        IllegalStateException - if the permission being checked against does not apply to the target
        See Also:
        ContentEntityObject.getType()

      • hasCreatePermission

        @Transactional(readOnly=true)
boolean hasCreatePermission​(ConfluenceUser user,
                            Object container,
                            Class<?> typeToCreate)
        Determine whether a user has permission to create an entity of a particular type within a given container.

        The container is the natural container of the object being created. For example, a comment is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

        This overload should not be used when creating CustomContentEntityObject instances. In that case, permission checks should use hasCreatePermission(com.atlassian.user.User, Object, Object).

        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        container - the target that the object is being created within. If this object is null, the method will return false
        typeToCreate - the type of object being created (see above)
        Returns:
        true if the user has permission, false otherwise
        Throws:
        IllegalStateException - if the permission being checked against does not apply to the target
        Since:
        8.8
        See Also:
        ContentEntityObject.getType()

      • hasCreatePermission

        @Deprecated(forRemoval=true)
@Transactional(readOnly=true)
default boolean hasCreatePermission​(com.atlassian.user.User user,
                                    Object container,
                                    Object objectToCreate)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 8.8 use hasCreatePermission(ConfluenceUser, Object, Object)
        Determine whether a user has permission to create a particular entity within a given container.

        The container is the natural container of the object being created. For example, a comment is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

        This overload is best when creating CustomContentEntityObject instances. Other permission checks should use hasCreatePermission(com.atlassian.user.User, Object, Class).

        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        container - the target that the object is being created within. If this object is null, the method will return false
        objectToCreate - the object being created (see above)
        Returns:
        true if the user has permission, false otherwise
        Throws:
        IllegalStateException - if the permission being checked against does not apply to the target
        Since:
        5.6

      • hasCreatePermission

        @Transactional(readOnly=true)
boolean hasCreatePermission​(ConfluenceUser user,
                            Object container,
                            Object objectToCreate)
        Determine whether a user has permission to create a particular entity within a given container.

        The container is the natural container of the object being created. For example, a comment is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

        This overload is best when creating CustomContentEntityObject instances. Other permission checks should use hasCreatePermission(com.atlassian.user.User, Object, Class).

        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        container - the target that the object is being created within. If this object is null, the method will return false
        objectToCreate - the object being created (see above)
        Returns:
        true if the user has permission, false otherwise
        Throws:
        IllegalStateException - if the permission being checked against does not apply to the target
        Since:
        8.8

      • getPermittedEntities

        @Deprecated(forRemoval=true)
@Transactional(readOnly=true)
default <X> List<X> getPermittedEntities​(com.atlassian.user.User user,
                                         Permission permission,
                                         List<? extends X> objects)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 8.8 use getPermittedEntities(ConfluenceUser, Permission, List)
        Filter a list based on which entities in the list have a particular permission.
        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        permission - the permission to check against the objects
        objects - the objects to check
        Returns:
        a new list of those members of the objects list that satisfy the given permission for the user

      • getPermittedEntities

        @Transactional(readOnly=true)
<X> List<X> getPermittedEntities​(ConfluenceUser user,
                                 Permission permission,
                                 List<? extends X> objects)
        Filter a list based on which entities in the list have a particular permission.
        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        permission - the permission to check against the objects
        objects - the objects to check
        Returns:
        a new list of those members of the objects list that satisfy the given permission for the user
        Since:
        8.8

      • getPermittedEntities

        @Deprecated(forRemoval=true)
@Transactional(readOnly=true)
default <X> List<X> getPermittedEntities​(com.atlassian.user.User user,
                                         Permission permission,
                                         Iterator<? extends X> objects,
                                         int maxResults)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 8.8 use getPermittedEntities(ConfluenceUser, Permission, Iterator, int)
        Filter an iterator based on which entities in the list have a particular permission.
        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        permission - the permission to check against the objects
        objects - the objects to check
        maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
        Returns:
        a new list of those members of the objects list that satisfy the given permission for the user

      • getPermittedEntities

        @Transactional(readOnly=true)
<X> List<X> getPermittedEntities​(ConfluenceUser user,
                                 Permission permission,
                                 Iterator<? extends X> objects,
                                 int maxResults)
        Filter an iterator based on which entities in the list have a particular permission.
        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        permission - the permission to check against the objects
        objects - the objects to check
        maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
        Returns:
        a new list of those members of the objects list that satisfy the given permission for the user
        Since:
        8.8

      • getPermittedEntities

        @Deprecated(forRemoval=true)
@Transactional(readOnly=true)
default <X> List<X> getPermittedEntities​(com.atlassian.user.User user,
                                         Permission permission,
                                         Iterator<X> objects,
                                         int maxResults,
                                         Collection<? extends PermissionManager.Criterion> otherCriteria)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 8.8 getPermittedEntities(ConfluenceUser, Permission, Iterator, int, Collection)
        Filter an iterator based on which entities in the list have a particular permission. You may also supply additional criteria through which to filter the iterator.
        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        permission - the permission to check against the objects
        objects - the objects to check
        maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
        otherCriteria - a collection of PermissionManager.Criterion objects through which the permitted entities must also be filtered
        Returns:
        a new list of those members of the objects list that satisfy the given permission for the user

      • getPermittedEntities

        @Transactional(readOnly=true)
<X> List<X> getPermittedEntities​(ConfluenceUser user,
                                 Permission permission,
                                 Iterator<X> objects,
                                 int maxResults,
                                 Collection<? extends PermissionManager.Criterion> otherCriteria)
        Filter an iterator based on which entities in the list have a particular permission. You may also supply additional criteria through which to filter the iterator.
        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        permission - the permission to check against the objects
        objects - the objects to check
        maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
        otherCriteria - a collection of PermissionManager.Criterion objects through which the permitted entities must also be filtered
        Returns:
        a new list of those members of the objects list that satisfy the given permission for the user
        Since:
        8.8

      • getPermittedEntitiesNoExemptions

        @Deprecated(forRemoval=true)
@Transactional(readOnly=true)
default <X> List<X> getPermittedEntitiesNoExemptions​(com.atlassian.user.User user,
                                                     Permission permission,
                                                     List<? extends X> objects)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 8.8 use getPermittedEntitiesNoExemptions(ConfluenceUser, Permission, List)
        Filter a list based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, List) does.
        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        permission - the permission to check against the objects
        objects - the objects to check
        Returns:
        a new list of those members of the objects list that satisfy the given permission for the user
        Since:
        5.5

      • getPermittedEntitiesNoExemptions

        @Transactional(readOnly=true)
<X> List<X> getPermittedEntitiesNoExemptions​(ConfluenceUser user,
                                             Permission permission,
                                             List<? extends X> objects)
        Filter a list based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, List) does.
        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        permission - the permission to check against the objects
        objects - the objects to check
        Returns:
        a new list of those members of the objects list that satisfy the given permission for the user
        Since:
        8.8

      • getPermittedEntitiesNoExemptions

        @Deprecated(forRemoval=true)
@Transactional(readOnly=true)
default <X> List<X> getPermittedEntitiesNoExemptions​(com.atlassian.user.User user,
                                                     Permission permission,
                                                     Iterator<? extends X> objects,
                                                     int maxResults)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 8.8 use getPermittedEntitiesNoExemptions(ConfluenceUser, Permission, Iterator, int)
        Filter an iterator based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, Iterator, int) does.
        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        permission - the permission to check against the objects
        objects - the objects to check
        maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
        Returns:
        a new list of those members of the objects list that satisfy the given permission for the user
        Since:
        5.5

      • getPermittedEntitiesNoExemptions

        @Transactional(readOnly=true)
<X> List<X> getPermittedEntitiesNoExemptions​(ConfluenceUser user,
                                             Permission permission,
                                             Iterator<? extends X> objects,
                                             int maxResults)
        Filter an iterator based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, Iterator, int) does.
        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        permission - the permission to check against the objects
        objects - the objects to check
        maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
        Returns:
        a new list of those members of the objects list that satisfy the given permission for the user
        Since:
        8.8

      • getPermittedEntitiesNoExemptions

        @Deprecated(forRemoval=true)
@Transactional(readOnly=true)
default <X> List<X> getPermittedEntitiesNoExemptions​(com.atlassian.user.User user,
                                                     Permission permission,
                                                     Iterator<X> objects,
                                                     int maxResults,
                                                     Collection<? extends PermissionManager.Criterion> otherCriteria)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 8.8 use getPermittedEntitiesNoExemptions(ConfluenceUser, Permission, Iterator, int, Collection)
        Filter an iterator based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, Iterator, int, Collection) does. You may also supply additional criteria through which to filter the iterator.
        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        permission - the permission to check against the objects
        objects - the objects to check
        maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
        otherCriteria - a collection of PermissionManager.Criterion objects through which the permitted entities must also be filtered
        Returns:
        a new list of those members of the objects list that satisfy the given permission for the user
        Since:
        5.5

      • getPermittedEntitiesNoExemptions

        @Transactional(readOnly=true)
<X> List<X> getPermittedEntitiesNoExemptions​(ConfluenceUser user,
                                             Permission permission,
                                             Iterator<X> objects,
                                             int maxResults,
                                             Collection<? extends PermissionManager.Criterion> otherCriteria)
        Filter an iterator based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, Iterator, int, Collection) does. You may also supply additional criteria through which to filter the iterator.
        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        permission - the permission to check against the objects
        objects - the objects to check
        maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
        otherCriteria - a collection of PermissionManager.Criterion objects through which the permitted entities must also be filtered
        Returns:
        a new list of those members of the objects list that satisfy the given permission for the user
        Since:
        8.8

      • isConfluenceAdministrator

        @Deprecated(forRemoval=true)
@Transactional(readOnly=true)
default boolean isConfluenceAdministrator​(com.atlassian.user.User user)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 8.8 use isConfluenceAdministrator(ConfluenceUser)
        Determine if the user is a Confluence administrator. Calling this method is identical to calling hasPermission(user, Permission.ADMINISTER, PermissionManager.TARGET_APPLICATION).
        Parameters:
        user - the user to check permissions against
        Returns:
        true if the user is a Confluence administrator, false otherwise

      • isConfluenceAdministrator

        @Transactional(readOnly=true)
boolean isConfluenceAdministrator​(ConfluenceUser user)
        Determine if the user is a Confluence administrator. Calling this method is identical to calling hasPermission(user, Permission.ADMINISTER, PermissionManager.TARGET_APPLICATION).
        Parameters:
        user - the user to check permissions against
        Returns:
        true if the user is a Confluence administrator, false otherwise
        Since:
        8.8

      • isSystemAdministrator

        @Deprecated(forRemoval=true)
@Transactional(readOnly=true)
default boolean isSystemAdministrator​(@Nullable com.atlassian.user.User user)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 8.8 use isSystemAdministrator(ConfluenceUser)
        Determine if the user is a system administrator. Calling this method is identical to calling hasPermission(user, Permission.ADMINISTER, PermissionManager.TARGET_SYSTEM).
        Parameters:
        user - the user to check permissions against
        Returns:
        true if the user is a system administrator, false otherwise
        Since:
        5.5

      • isSystemAdministrator

        @Transactional(readOnly=true)
boolean isSystemAdministrator​(@Nullable ConfluenceUser user)
        Determine if the user is a system administrator. Calling this method is identical to calling hasPermission(user, Permission.ADMINISTER, PermissionManager.TARGET_SYSTEM).
        Parameters:
        user - the user to check permissions against
        Returns:
        true if the user is a system administrator, false otherwise
        Since:
        8.8

      • hasMovePermission

        @Deprecated(forRemoval=true)
@Transactional(readOnly=true)
default boolean hasMovePermission​(com.atlassian.user.User user,
                                  Object source,
                                  Object target,
                                  String movePoint)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 8.8 use hasMovePermission(ConfluenceUser, Object, Object, String)
        Determine whether a user has permission to move a particular entity to a given target.

        The target is the natural container of the object being moved to. For example, a pages is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        source - the object and all it descendants is being moved. If this object is null, the method will return false
        target - where is the source being moved to (see above)
        movePoint - indicate where source node and target node relative (i.a before, after, append)
        Returns:
        true if the user has permission, false otherwise
        Throws:
        IllegalStateException - if the permission being checked against does not apply to the target
        Since:
        5.10

      • hasMovePermission

        @Transactional(readOnly=true)
boolean hasMovePermission​(ConfluenceUser user,
                          Object source,
                          Object target,
                          String movePoint)
        Determine whether a user has permission to move a particular entity to a given target.

        The target is the natural container of the object being moved to. For example, a pages is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        source - the object and all it descendants is being moved. If this object is null, the method will return false
        target - where is the source being moved to (see above)
        movePoint - indicate where source node and target node relative (i.a before, after, append)
        Returns:
        true if the user has permission, false otherwise
        Throws:
        IllegalStateException - if the permission being checked against does not apply to the target
        Since:
        8.8

      • hasRemoveHierarchyPermission

        @Deprecated(forRemoval=true)
@Transactional(readOnly=true)
default boolean hasRemoveHierarchyPermission​(com.atlassian.user.User user,
                                             Object target)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 8.8 use hasRemoveHierarchyPermission(ConfluenceUser, Object)
        Determine whether a user has permission to remove a particular entity and all it children.

        The target is the natural container of the object being removed. For example, a page and all its descendants in a page, which is contained within a space.

        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        target - where is the object and all its descendant are being removed
        Returns:
        true if the user has permission, false otherwise
        Throws:
        IllegalStateException - if the permission being checked against does not apply to the target
        Since:
        5.10

      • hasRemoveHierarchyPermission

        @Transactional(readOnly=true)
boolean hasRemoveHierarchyPermission​(ConfluenceUser user,
                                     Object target)
        Determine whether a user has permission to remove a particular entity and all it children.

        The target is the natural container of the object being removed. For example, a page and all its descendants in a page, which is contained within a space.

        Parameters:
        user - the user seeking permission, or null if the anonymous user is being checked against
        target - where is the object and all its descendant are being removed
        Returns:
        true if the user has permission, false otherwise
        Throws:
        IllegalStateException - if the permission being checked against does not apply to the target
        Since:
        8.8