public class

DefaultGlobalPermissionManager

extends Object
implements GroupConfigurable GlobalPermissionManager
java.lang.Object
   ↳ com.atlassian.jira.security.DefaultGlobalPermissionManager

Summary

Public Constructors
DefaultGlobalPermissionManager(CrowdService crowdService, OfBizDelegator ofBizDelegator, EventPublisher eventPublisher, GlobalPermissionTypesManager globalPermissionTypesManager, CacheManager cacheManager, ApplicationRoleManager applicationRoleManager, GroupManager groupManager, RecoveryMode recoveryMode, FeatureManager featureManager)
Public Methods
boolean addPermission(int permissionId, String group)
Adds a global permission
boolean addPermission(GlobalPermissionType globalPermissionType, String group)
Grants a user group a global permission.
void clearCache()
Collection<GlobalPermissionType> getAllGlobalPermissions()
Option<GlobalPermissionType> getGlobalPermission(String permissionKey)
Returns a global permission matching the specified key.
Option<GlobalPermissionType> getGlobalPermission(int permissionId)
Option<GlobalPermissionType> getGlobalPermission(GlobalPermissionKey permissionKey)
Returns the global permission details for the given permission key.
@Nonnull Collection<String> getGroupNames(int permissionId)
Retrieve all the group names with this permission.
Collection<String> getGroupNames(GlobalPermissionType globalPermissionType)
Retrieve all the group names with this permission.
@Nonnull Collection<String> getGroupNamesWithPermission(GlobalPermissionKey permissionKey)
Retrieve all the group names with this permission.
Collection<Group> getGroupsWithPermission(GlobalPermissionType globalPermissionType)
Retrieve all the groups with this permission.
@Nonnull Collection<Group> getGroupsWithPermission(GlobalPermissionKey permissionKey)
Retrieve all the groups with the given permission.
Collection<Group> getGroupsWithPermission(int permissionId)
Retrieve all the groups with this permission.
Collection<GlobalPermissionEntry> getPermissions(GlobalPermissionType globalPermissionType)
Retrieve a list of user groups which have been granted a specified permission.
Collection<JiraPermission> getPermissions(int permissionType)
Retrieve a list of user groups which have been granted a specified permission.
@Nonnull Collection<GlobalPermissionEntry> getPermissions(GlobalPermissionKey globalPermissionKey)
Retrieve a list of user groups which have been granted the specified permission.
boolean hasPermission(GlobalPermissionType globalPermissionType, ApplicationUser user)
Left in here temporarily in case it is being used by SD 2.0
boolean hasPermission(int permissionId)
Check if a global anonymous permission exists
boolean hasPermission(int permissionId, ApplicationUser user)
Check if a global permission for one of the users groups exists.
boolean hasPermission(GlobalPermissionKey globalPermissionKey, ApplicationUser user)
Check if the given user has the given Global Permission.
boolean hasPermission(GlobalPermissionType globalPermissionType)
Left in here temporarily in case it is being used by SD 2.0
boolean isGlobalPermission(int permissionId)
boolean isGroupUsed(Group group)
Determine whether configuration exists for the specified Group.
boolean isPermissionManagedByJira(GlobalPermissionKey permissionKey)
Checks if jira should be responsible for managing a permission.
@EventListener void onClearCache(ClearCacheEvent event)
boolean removePermission(GlobalPermissionType globalPermissionType, String group)
Revokes a global permission for a user group
boolean removePermission(int permissionId, String group)
Revokes a global permission for a user group
boolean removePermissions(String group)
Revoke all global permissions for a user group.
Protected Methods
boolean hasPermission(GlobalPermissionEntry permissionEntry)
[Expand]
Inherited Methods
From class java.lang.Object
From interface com.atlassian.jira.config.group.GroupConfigurable
From interface com.atlassian.jira.security.GlobalPermissionManager

Public Constructors

public DefaultGlobalPermissionManager (CrowdService crowdService, OfBizDelegator ofBizDelegator, EventPublisher eventPublisher, GlobalPermissionTypesManager globalPermissionTypesManager, CacheManager cacheManager, ApplicationRoleManager applicationRoleManager, GroupManager groupManager, RecoveryMode recoveryMode, FeatureManager featureManager)

Public Methods

public boolean addPermission (int permissionId, String group)

Adds a global permission

Parameters
permissionId must be a global permission type
group can be null if it is anyone permission
Returns
  • True if the permission was added

public boolean addPermission (GlobalPermissionType globalPermissionType, String group)

Grants a user group a global permission.

Parameters
globalPermissionType global permission, must not be null.
group the name of the group. Null means "anyone" group. The JIRA use, admin and sysadmin permission cannot be granted to "anyone".
Returns
  • true if permission was added.

public void clearCache ()

public Collection<GlobalPermissionType> getAllGlobalPermissions ()

public Option<GlobalPermissionType> getGlobalPermission (String permissionKey)

Returns a global permission matching the specified key.

Parameters
permissionKey the key of the permission declared by global permission module.
Returns
  • a global permission for the given permission key.

public Option<GlobalPermissionType> getGlobalPermission (int permissionId)

public Option<GlobalPermissionType> getGlobalPermission (GlobalPermissionKey permissionKey)

Returns the global permission details for the given permission key.

Parameters
permissionKey the global permission key
Returns
  • the global permission details for the given permission key.

@Nonnull public Collection<String> getGroupNames (int permissionId)

Retrieve all the group names with this permission. Only group names directly associated with the permission will be returned.

Parameters
permissionId must be a global permission
Returns
  • a Collection of String, group names, will never be null.

public Collection<String> getGroupNames (GlobalPermissionType globalPermissionType)

Retrieve all the group names with this permission. Only group names directly associated with the permission will be returned.

Parameters
globalPermissionType global permission, must not be null.
Returns
  • a Collection of String, group names, will never be null.

@Nonnull public Collection<String> getGroupNamesWithPermission (GlobalPermissionKey permissionKey)

Retrieve all the group names with this permission. Only group names directly associated with the permission will be returned.

Parameters
permissionKey global permission, must not be null.
Returns
  • a Collection of String, group names, will never be null.

public Collection<Group> getGroupsWithPermission (GlobalPermissionType globalPermissionType)

Retrieve all the groups with this permission. Only groups directly associated with the permission will be returned.

Parameters
globalPermissionType global permission, must not be null.
Returns
  • a Collection of Group's, will never be null.

@Nonnull public Collection<Group> getGroupsWithPermission (GlobalPermissionKey permissionKey)

Retrieve all the groups with the given permission.

Only groups directly associated with the permission will be returned.

Parameters
permissionKey global permission, must not be null.
Returns
  • a Collection of Group's, will never be null.

public Collection<Group> getGroupsWithPermission (int permissionId)

Retrieve all the groups with this permission. Only groups directly associated with the permission will be returned.

Parameters
permissionId must be a global permission
Returns
  • a Collection of Group's, will never be null.

public Collection<GlobalPermissionEntry> getPermissions (GlobalPermissionType globalPermissionType)

Retrieve a list of user groups which have been granted a specified permission. The returned JiraPermission contains a reference to the user group.

getScheme() is always NULL, because Global permission are not configured using schemes. getType() will always return "group", because global permissions can only be granted to groups.

Parameters
globalPermissionType global permission, must not be null.
Returns

public Collection<JiraPermission> getPermissions (int permissionType)

Retrieve a list of user groups which have been granted a specified permission. The returned JiraPermission contains a reference to the user group.

getScheme() is always NULL, because Global permission are not configured using schemes. getType() will always return "group", because global permissions can only be granted to groups.

Parameters
permissionType The key of pluggable global permission. Must be a global permission.
Returns

@Nonnull public Collection<GlobalPermissionEntry> getPermissions (GlobalPermissionKey globalPermissionKey)

Retrieve a list of user groups which have been granted the specified permission.

The returned GlobalPermissionEntry contains a reference to the user group.

Parameters
globalPermissionKey global permission, must not be null.
Returns

public boolean hasPermission (GlobalPermissionType globalPermissionType, ApplicationUser user)

Left in here temporarily in case it is being used by SD 2.0

public boolean hasPermission (int permissionId)

Check if a global anonymous permission exists

Parameters
permissionId must be global permission
Returns
  • true the anonymous user has the permission of given type, false otherwise

public boolean hasPermission (int permissionId, ApplicationUser user)

Check if a global permission for one of the users groups exists.

If the permission type is ADMINISTER and the lookup is false then the same query will be executed for the SYSTEM_ADMIN permission type, since it is implied that having a SYSTEM_ADMIN permission grants ADMINISTER rights.

Note: Use hasPermission(int) method is you do not have the user object, i.e. user is anonymous.

If you are using this method directly, consider using hasPermission(int, ApplicationUser) instead as it handles logged in and anonymous users as well.

Parameters
permissionId must be a global permission
user must not be null
Returns
  • true if the given user has the permission of given type, otherwise false

public boolean hasPermission (GlobalPermissionKey globalPermissionKey, ApplicationUser user)

Check if the given user has the given Global Permission.

If the permission type is ADMINISTER and the lookup is false then the same query will be executed for the SYSTEM_ADMIN permission type, since it is implied that having a SYSTEM_ADMIN permission grants ADMINISTER rights.

Parameters
globalPermissionKey global permission, must not be null.
user The user - can be null indicating "anonymous"
Returns
  • true if the given user has the permission of given type, otherwise false.

public boolean hasPermission (GlobalPermissionType globalPermissionType)

Left in here temporarily in case it is being used by SD 2.0

public boolean isGlobalPermission (int permissionId)

public boolean isGroupUsed (Group group)

Determine whether configuration exists for the specified Group.

Parameters
group that may or may not exist.
Returns
  • true if the group is used in the components configuration.

public boolean isPermissionManagedByJira (GlobalPermissionKey permissionKey)

Checks if jira should be responsible for managing a permission. I.e. in on demand mode USE permission might be managed by User Manager, therefore admin should not be able to add it via jira.

Parameters
permissionKey global permission
Returns
  • true if permission is managed by jira, false otherwise.

@EventListener public void onClearCache (ClearCacheEvent event)

public boolean removePermission (GlobalPermissionType globalPermissionType, String group)

Revokes a global permission for a user group

Parameters
globalPermissionType global permission, must not be null.
group the group name. NULL means the anyone group.
Returns
  • true if the permission was revoked, false if not (e.g. the group does not have this permission)

public boolean removePermission (int permissionId, String group)

Revokes a global permission for a user group

Parameters
permissionId the global permission.
group the group name. NULL means the anyone group.
Returns
  • true if the permission was revoked, false if not (e.g. the group does not have this permission)

public boolean removePermissions (String group)

Revoke all global permissions for a user group.

Parameters
group cannot NOT be null and the group must exist.
Returns
  • true, if this group does not have any global permissions

Protected Methods

protected boolean hasPermission (GlobalPermissionEntry permissionEntry)