WorkflowBasedPermissionManager

extends DefaultPermissionManager

java.lang.Object
↳	com.atlassian.jira.security.AbstractPermissionManager
	↳	com.atlassian.jira.security.DefaultPermissionManager
		↳	com.atlassian.jira.security.WorkflowBasedPermissionManager

Known Direct Subclasses

ThreadLocalCachingPermissionManager

Class Overview

Permission manager which allows workflow permissions to be further restricted for each workflow step, in the workflow XML descriptor. For instance, if the workflow contains a step:

    <step id="1" name="Open">
    <meta name="jira.status.id">1</meta>
    <meta name="jira.permission.comment.group">${pkey}-bizusers</meta>
    <meta name="jira.permission.comment.user">qa</meta>
    <meta name="jira.permission.edit.group.1">jira-developers</meta>
    <meta name="jira.permission.edit.group.2">jira-editors</meta>
    <meta name="jira.permission.edit.projectrole">10001</meta>

then only members of the project's bizusers group and user 'qa' will be able to comment on open issues, and only members of 'jira-developers' and 'jira-editors' groups or members of the project role with id '10001' will be able to edit issues. Assuming, of course, these users already have the relevant permission in the permission scheme.

Meta attributes can also modify subtasks' permissions. For example if the 'Bug' workflow's Open step has:

             <meta name="jira.permission.subtasks.edit.group">jira-qa</meta>

Then subtasks of Bugs will only be editable by 'jira-qa' members, when their parent is in the Open state.

The format is 'jira.permission.[subtasks.]{permission}.{type}[.suffix]', where:

{permission} is a short name specified in Permissions
{type} is a type (group, user, assignee, reporter, lead, userCF, projectrole) of permission granted, or denied to deny the permission.
subtasks., if specified, indicates that the permission applies to the subtasks of issues in this step.
Important:Workflow permissions can only restrict permissions set in the permission scheme, not grant permissions.
See Also
- WorkflowBasedPermissionSchemeManager

Summary

Public Constructors
	WorkflowBasedPermissionManager(WorkflowPermissionFactory workflowPermissionFactory, PermissionContextFactory permissionContextFactory)

Public Methods
boolean	hasPermission(int permissionId, GenericValue entity, User user, boolean issueCreation) Does the same as `hasPermission(int, org.ofbiz.core.entity.GenericValue, User)` except the entity is a project GenericValue.

[Expand]

Inherited Methods

From class com.atlassian.jira.security.AbstractPermissionManager

void	addPermission(int permissionsId, GenericValue scheme, String parameter, String securityType) Adds a permission to the system
Collection<Group>	getAllGroups(int permissionId, Project project) Retrieve all groups that are used in the permission globally and in the project.
PermissionSchemeManager	getPermissionSchemeManager()
ProjectManager	getProjectManager()
Collection<Project>	getProjectObjects(int permissionId, User user) Retrieve a list of project objects this user has the permission for
Collection<Project>	getProjects(int permissionId, User user, ProjectCategory projectCategory) Returns the list of projects associated with the specified category, that this user has the permissions for.
Collection<GenericValue>	getProjects(int permissionId, User user, GenericValue category) Retrieve a list of projects associated with the specified category, that this user has the permissions for
Collection<Project>	getProjects(int permissionId, ApplicationUser user, ProjectCategory projectCategory) Returns the list of projects associated with the specified category, that this user has the permissions for.
Collection<Project>	getProjects(int permissionId, ApplicationUser user) Retrieve a list of project objects this user has the permission for
Collection<GenericValue>	getProjects(int permissionId, User user) Retrieve a list of projects this user has the permission for
boolean	hasPermission(int permissionsId, ApplicationUser user) Checks to see if this user has the specified permission.
boolean	hasPermission(int permissionsId, Project project, User user) Checks whether the specified user has a specified permission within the context of a specified project.
boolean	hasPermission(int permissionsId, GenericValue entity, User user, boolean issueCreation) Does the same as `hasPermission(int, org.ofbiz.core.entity.GenericValue, User)` except the entity is a project GenericValue.
boolean	hasPermission(int permissionsId, Project project, User user, boolean issueCreation) Checks whether the specified user has a specified permission within the context of a specified project.
boolean	hasPermission(int permissionsId, Project project, ApplicationUser user, boolean issueCreation) Checks whether the specified user has a specified permission within the context of a specified project.
boolean	hasPermission(int permissionsId, User user) Checks to see if this user has the specified permission It will check only global permissions as there are no other permissions to check
boolean	hasPermission(int permissionsId, Issue issue, User user) Checks to see if this user has permission to see the specified issue.
boolean	hasPermission(int permissionsId, GenericValue projectOrIssue, User user) Checks to see if this has permission to see the specified entity Check Permissions scheme(s) if the entity is project Check Permissions scheme(s) and issue level security scheme(s) if the entity is an issue
boolean	hasPermission(int permissionsId, Project project, ApplicationUser user) Checks whether the specified user has a specified permission within the context of a specified project.
boolean	hasPermission(int permissionsId, Issue issue, ApplicationUser user) Checks to see if this user has permission to see the specified issue.
boolean	hasProjectPermission(Long permissionTypeLong, GenericValue entity, User user, boolean issueCreation) Return true if the supplied user has the specified permission in the context of the supplied entity
boolean	hasProjects(int permissionId, User user) Can this user see at least one project with this permission
boolean	hasProjects(int permissionId, ApplicationUser user) Can this user see at least one project with this permission
boolean	isGlobalPermission(int permissionId)
void	removeGroupPermissions(String group) Remove all permissions that have used this group
void	removeUserPermissions(String username) Remove all permissions that have used this username
void	removeUserPermissions(ApplicationUser user) Remove all permissions that have been assigned to this user

From class java.lang.Object

From interface com.atlassian.jira.security.PermissionManager

Public Constructors

public WorkflowBasedPermissionManager (WorkflowPermissionFactory workflowPermissionFactory, PermissionContextFactory permissionContextFactory)

Public Methods

public boolean hasPermission (int permissionId, GenericValue entity, User user, boolean issueCreation)

Does the same as hasPermission(int, org.ofbiz.core.entity.GenericValue, User) except the entity is a project GenericValue.

Parameters

permissionId	Not a global permission
entity	Not null.
user	User object, possibly null if JIRA is accessed anonymously
issueCreation	Whether this permission is being checked during issue creation

Returns

True if there are sufficient rights to access the entity supplied

Interfaces

Classes

Enums