Package com.atlassian.confluence.security

Interface PermissionManager

All Known Implementing Classes:
DefaultPermissionManager
@Transactional public interface PermissionManager
Generalised interface for checking whether a particular action in Confluence is allowed, without any knowledge of the specific implementation of permissions as they relate to spaces, pages and so on.

  • Field Details

    • TARGET_APPLICATION

      static final Object TARGET_APPLICATION
      A target that encompasses most administrative functions minus the ones covered by TARGET_SYSTEM.

    • TARGET_SYSTEM

      static final Object TARGET_SYSTEM
      A target that encompasses functions that have system impact and can compromise system security.

    • TARGET_PEOPLE_DIRECTORY

      static final Object TARGET_PEOPLE_DIRECTORY
      A target the represents the People Directory function of Confluence.

  • Method Details

    • hasPermission

      @Deprecated @Transactional(readOnly=true) default boolean hasPermission(@Nullable com.atlassian.user.User user, Permission permission, @Nullable Object target)
      Deprecated.
      since 8.8 use hasPermission(ConfluenceUser, Permission, Object)
      Determine whether a user has a particular permission against a given target.
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check
      target - the object that the permission is being checked against. If this object is null, the method will return false
      Returns:
      true if the user has this permission, false otherwise
      Throws:
      IllegalStateException - if the permission being checked against does not apply to the target

    • hasPermission

      @Transactional(readOnly=true) boolean hasPermission(@Nullable ConfluenceUser user, Permission permission, @Nullable Object target)
      Determine whether a user has a particular permission against a given target.
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check
      target - the object that the permission is being checked against. If this object is null, the method will return false
      Returns:
      true if the user has this permission, false otherwise
      Throws:
      IllegalStateException - if the permission being checked against does not apply to the target
      Since:
      8.8

    • hasPermission

      @Deprecated @Transactional(readOnly=true) default boolean hasPermission(com.atlassian.user.User user, Permission permission, Class targetType)
      Deprecated.
      since 8.8 use hasPermission(ConfluenceUser, Permission, Class)
      Determine whether a user has a particular permission for all instances of the specified target type.
      Parameters:
      user - the user
      permission - the permission to check (see Permission
      targetType - the type of the target
      Returns:
      true if the user has this permission, false otherwise.

    • hasPermission

      @Transactional(readOnly=true) boolean hasPermission(ConfluenceUser user, Permission permission, Class targetType)
      Determine whether a user has a particular permission for all instances of the specified target type.
      Parameters:
      user - the user
      permission - the permission to check (see Permission
      targetType - the type of the target
      Returns:
      true if the user has this permission, false otherwise.
      Since:
      8.8

    • hasPermissionNoExemptions

      @Deprecated @Transactional(readOnly=true) default boolean hasPermissionNoExemptions(com.atlassian.user.User user, Permission permission, Object target)
      Deprecated.
      since 8.8 use hasPermissionNoExemptions(ConfluenceUser, Permission, Object)
      Returns true if the user has the specified permission on the target object. This method does not allow exemptions for super-users like hasPermission(User, Permission, Object) does.

      For parameter and return value information, see hasPermission(User, Permission, Object).

    • hasPermissionNoExemptions

      @Transactional(readOnly=true) boolean hasPermissionNoExemptions(ConfluenceUser user, Permission permission, Object target)
      Returns true if the user has the specified permission on the target object. This method does not allow exemptions for super-users like hasPermission(User, Permission, Object) does.

      For parameter and return value information, see hasPermission(User, Permission, Object).

      Since:
      8.8

    • hasCreatePermission

      @Deprecated @Transactional(readOnly=true) default boolean hasCreatePermission(com.atlassian.user.User user, Object container, Class<?> typeToCreate)
      Deprecated.
      since 8.8 use hasCreatePermission(ConfluenceUser, Object, Class)
      Determine whether a user has permission to create an entity of a particular type within a given container.

      The container is the natural container of the object being created. For example, a comment is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

      This overload should not be used when creating CustomContentEntityObject instances. In that case, permission checks should use hasCreatePermission(com.atlassian.user.User, Object, Object).

      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      container - the target that the object is being created within. If this object is null, the method will return false
      typeToCreate - the type of object being created (see above)
      Returns:
      true if the user has permission, false otherwise
      Throws:
      IllegalStateException - if the permission being checked against does not apply to the target
      See Also:

    • hasCreatePermission

      @Transactional(readOnly=true) boolean hasCreatePermission(ConfluenceUser user, Object container, Class<?> typeToCreate)
      Determine whether a user has permission to create an entity of a particular type within a given container.

      The container is the natural container of the object being created. For example, a comment is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

      This overload should not be used when creating CustomContentEntityObject instances. In that case, permission checks should use hasCreatePermission(com.atlassian.user.User, Object, Object).

      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      container - the target that the object is being created within. If this object is null, the method will return false
      typeToCreate - the type of object being created (see above)
      Returns:
      true if the user has permission, false otherwise
      Throws:
      IllegalStateException - if the permission being checked against does not apply to the target
      Since:
      8.8
      See Also:

    • hasCreatePermission

      @Deprecated @Transactional(readOnly=true) default boolean hasCreatePermission(com.atlassian.user.User user, Object container, Object objectToCreate)
      Deprecated.
      since 8.8 use hasCreatePermission(ConfluenceUser, Object, Object)
      Determine whether a user has permission to create a particular entity within a given container.

      The container is the natural container of the object being created. For example, a comment is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

      This overload is best when creating CustomContentEntityObject instances. Other permission checks should use hasCreatePermission(com.atlassian.user.User, Object, Class).

      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      container - the target that the object is being created within. If this object is null, the method will return false
      objectToCreate - the object being created (see above)
      Returns:
      true if the user has permission, false otherwise
      Throws:
      IllegalStateException - if the permission being checked against does not apply to the target
      Since:
      5.6

    • hasCreatePermission

      @Transactional(readOnly=true) boolean hasCreatePermission(ConfluenceUser user, Object container, Object objectToCreate)
      Determine whether a user has permission to create a particular entity within a given container.

      The container is the natural container of the object being created. For example, a comment is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

      This overload is best when creating CustomContentEntityObject instances. Other permission checks should use hasCreatePermission(com.atlassian.user.User, Object, Class).

      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      container - the target that the object is being created within. If this object is null, the method will return false
      objectToCreate - the object being created (see above)
      Returns:
      true if the user has permission, false otherwise
      Throws:
      IllegalStateException - if the permission being checked against does not apply to the target
      Since:
      8.8

    • getPermittedEntities

      @Deprecated @Transactional(readOnly=true) default <X> List<X> getPermittedEntities(com.atlassian.user.User user, Permission permission, List<? extends X> objects)
      Deprecated.
      since 8.8 use getPermittedEntities(ConfluenceUser, Permission, List)
      Filter a list based on which entities in the list have a particular permission.
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • getPermittedEntities

      @Transactional(readOnly=true) <X> List<X> getPermittedEntities(ConfluenceUser user, Permission permission, List<? extends X> objects)
      Filter a list based on which entities in the list have a particular permission.
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user
      Since:
      8.8

    • getPermittedEntities

      @Deprecated @Transactional(readOnly=true) default <X> List<X> getPermittedEntities(com.atlassian.user.User user, Permission permission, Iterator<? extends X> objects, int maxResults)
      Deprecated.
      since 8.8 use getPermittedEntities(ConfluenceUser, Permission, Iterator, int)
      Filter an iterator based on which entities in the list have a particular permission.
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • getPermittedEntities

      @Transactional(readOnly=true) <X> List<X> getPermittedEntities(ConfluenceUser user, Permission permission, Iterator<? extends X> objects, int maxResults)
      Filter an iterator based on which entities in the list have a particular permission.
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user
      Since:
      8.8

    • getPermittedEntities

      @Deprecated @Transactional(readOnly=true) default <X> List<X> getPermittedEntities(com.atlassian.user.User user, Permission permission, Iterator<X> objects, int maxResults, Collection<? extends PermissionManager.Criterion> otherCriteria)
      Deprecated.
      since 8.8 getPermittedEntities(ConfluenceUser, Permission, Iterator, int, Collection)
      Filter an iterator based on which entities in the list have a particular permission. You may also supply additional criteria through which to filter the iterator.
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      otherCriteria - a collection of PermissionManager.Criterion objects through which the permitted entities must also be filtered
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user

    • getPermittedEntities

      @Transactional(readOnly=true) <X> List<X> getPermittedEntities(ConfluenceUser user, Permission permission, Iterator<X> objects, int maxResults, Collection<? extends PermissionManager.Criterion> otherCriteria)
      Filter an iterator based on which entities in the list have a particular permission. You may also supply additional criteria through which to filter the iterator.
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      otherCriteria - a collection of PermissionManager.Criterion objects through which the permitted entities must also be filtered
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user
      Since:
      8.8

    • getPermittedEntitiesNoExemptions

      @Deprecated @Transactional(readOnly=true) default <X> List<X> getPermittedEntitiesNoExemptions(com.atlassian.user.User user, Permission permission, List<? extends X> objects)
      Deprecated.
      since 8.8 use getPermittedEntitiesNoExemptions(ConfluenceUser, Permission, List)
      Filter a list based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, List) does.
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user
      Since:
      5.5

    • getPermittedEntitiesNoExemptions

      @Transactional(readOnly=true) <X> List<X> getPermittedEntitiesNoExemptions(ConfluenceUser user, Permission permission, List<? extends X> objects)
      Filter a list based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, List) does.
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user
      Since:
      8.8

    • getPermittedEntitiesNoExemptions

      @Deprecated @Transactional(readOnly=true) default <X> List<X> getPermittedEntitiesNoExemptions(com.atlassian.user.User user, Permission permission, Iterator<? extends X> objects, int maxResults)
      Deprecated.
      since 8.8 use getPermittedEntitiesNoExemptions(ConfluenceUser, Permission, Iterator, int)
      Filter an iterator based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, Iterator, int) does.
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user
      Since:
      5.5

    • getPermittedEntitiesNoExemptions

      @Transactional(readOnly=true) <X> List<X> getPermittedEntitiesNoExemptions(ConfluenceUser user, Permission permission, Iterator<? extends X> objects, int maxResults)
      Filter an iterator based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, Iterator, int) does.
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user
      Since:
      8.8

    • getPermittedEntitiesNoExemptions

      @Deprecated @Transactional(readOnly=true) default <X> List<X> getPermittedEntitiesNoExemptions(com.atlassian.user.User user, Permission permission, Iterator<X> objects, int maxResults, Collection<? extends PermissionManager.Criterion> otherCriteria)
      Deprecated.
      since 8.8 use getPermittedEntitiesNoExemptions(ConfluenceUser, Permission, Iterator, int, Collection)
      Filter an iterator based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, Iterator, int, Collection) does. You may also supply additional criteria through which to filter the iterator.
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      otherCriteria - a collection of PermissionManager.Criterion objects through which the permitted entities must also be filtered
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user
      Since:
      5.5

    • getPermittedEntitiesNoExemptions

      @Transactional(readOnly=true) <X> List<X> getPermittedEntitiesNoExemptions(ConfluenceUser user, Permission permission, Iterator<X> objects, int maxResults, Collection<? extends PermissionManager.Criterion> otherCriteria)
      Filter an iterator based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, Iterator, int, Collection) does. You may also supply additional criteria through which to filter the iterator.
      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      permission - the permission to check against the objects
      objects - the objects to check
      maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
      otherCriteria - a collection of PermissionManager.Criterion objects through which the permitted entities must also be filtered
      Returns:
      a new list of those members of the objects list that satisfy the given permission for the user
      Since:
      8.8

    • isConfluenceAdministrator

      @Deprecated @Transactional(readOnly=true) default boolean isConfluenceAdministrator(com.atlassian.user.User user)
      Deprecated.
      since 8.8 use isConfluenceAdministrator(ConfluenceUser)
      Determine if the user is a Confluence administrator. Calling this method is identical to calling hasPermission(user, Permission.ADMINISTER, PermissionManager.TARGET_APPLICATION).
      Parameters:
      user - the user to check permissions against
      Returns:
      true if the user is a Confluence administrator, false otherwise

    • isConfluenceAdministrator

      @Transactional(readOnly=true) boolean isConfluenceAdministrator(ConfluenceUser user)
      Determine if the user is a Confluence administrator. Calling this method is identical to calling hasPermission(user, Permission.ADMINISTER, PermissionManager.TARGET_APPLICATION).
      Parameters:
      user - the user to check permissions against
      Returns:
      true if the user is a Confluence administrator, false otherwise
      Since:
      8.8

    • isSystemAdministrator

      @Deprecated @Transactional(readOnly=true) default boolean isSystemAdministrator(@Nullable com.atlassian.user.User user)
      Deprecated.
      since 8.8 use isSystemAdministrator(ConfluenceUser)
      Determine if the user is a system administrator. Calling this method is identical to calling hasPermission(user, Permission.ADMINISTER, PermissionManager.TARGET_SYSTEM).
      Parameters:
      user - the user to check permissions against
      Returns:
      true if the user is a system administrator, false otherwise
      Since:
      5.5

    • isSystemAdministrator

      @Transactional(readOnly=true) boolean isSystemAdministrator(@Nullable ConfluenceUser user)
      Determine if the user is a system administrator. Calling this method is identical to calling hasPermission(user, Permission.ADMINISTER, PermissionManager.TARGET_SYSTEM).
      Parameters:
      user - the user to check permissions against
      Returns:
      true if the user is a system administrator, false otherwise
      Since:
      8.8

    • withExemption

      void withExemption(Runnable runnable)
      Execute the given task with permission exemption.

      Calls to:

      within the executed task will all return true. This will also affect permission checks in SpacePermissionManager and ConfluenceAccessManager, unless "noExemptions" variants are called.

      Use with care.

      Parameters:
      runnable - task to execute with permission exemption

    • hasMovePermission

      @Deprecated @Transactional(readOnly=true) default boolean hasMovePermission(com.atlassian.user.User user, Object source, Object target, String movePoint)
      Deprecated.
      since 8.8 use hasMovePermission(ConfluenceUser, Object, Object, String)
      Determine whether a user has permission to move a particular entity to a given target.

      The target is the natural container of the object being moved to. For example, a pages is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      source - the object and all it descendants is being moved. If this object is null, the method will return false
      target - where is the source being moved to (see above)
      movePoint - indicate where source node and target node relative (i.a before, after, append)
      Returns:
      true if the user has permission, false otherwise
      Throws:
      IllegalStateException - if the permission being checked against does not apply to the target
      Since:
      5.10

    • hasMovePermission

      @Transactional(readOnly=true) boolean hasMovePermission(ConfluenceUser user, Object source, Object target, String movePoint)
      Determine whether a user has permission to move a particular entity to a given target.

      The target is the natural container of the object being moved to. For example, a pages is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      source - the object and all it descendants is being moved. If this object is null, the method will return false
      target - where is the source being moved to (see above)
      movePoint - indicate where source node and target node relative (i.a before, after, append)
      Returns:
      true if the user has permission, false otherwise
      Throws:
      IllegalStateException - if the permission being checked against does not apply to the target
      Since:
      8.8

    • hasRemoveHierarchyPermission

      @Deprecated @Transactional(readOnly=true) default boolean hasRemoveHierarchyPermission(com.atlassian.user.User user, Object target)
      Deprecated.
      since 8.8 use hasRemoveHierarchyPermission(ConfluenceUser, Object)
      Determine whether a user has permission to remove a particular entity and all it children.

      The target is the natural container of the object being removed. For example, a page and all its descendants in a page, which is contained within a space.

      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      target - where is the object and all its descendant are being removed
      Returns:
      true if the user has permission, false otherwise
      Throws:
      IllegalStateException - if the permission being checked against does not apply to the target
      Since:
      5.10

    • hasRemoveHierarchyPermission

      @Transactional(readOnly=true) boolean hasRemoveHierarchyPermission(ConfluenceUser user, Object target)
      Determine whether a user has permission to remove a particular entity and all it children.

      The target is the natural container of the object being removed. For example, a page and all its descendants in a page, which is contained within a space.

      Parameters:
      user - the user seeking permission, or null if the anonymous user is being checked against
      target - where is the object and all its descendant are being removed
      Returns:
      true if the user has permission, false otherwise
      Throws:
      IllegalStateException - if the permission being checked against does not apply to the target
      Since:
      8.8