Summary: Methods | [Expand All]
public interface

GlobalPermissionManager

com.atlassian.jira.security.GlobalPermissionManager
Known Indirect Subclasses

Class Overview

Use this manager to add/remove or check global permissions.

The system global permissions are:

Use getAllGlobalPermissions() in order to get the collection of all global permissions, which includes plugin global permissions.

For project specific permissions use PermissionManager.

Summary

Public Methods
@Deprecated boolean addPermission(int permissionType, String group)
This method is deprecated. Use addPermission(com.atlassian.jira.permission.GlobalPermissionType, String) instead.
@ExperimentalApi boolean addPermission(GlobalPermissionType globalPermissionType, String group)
Grants a user group a global permission.
@Internal void clearCache()
@ExperimentalApi Collection<GlobalPermissionType> getAllGlobalPermissions()
@ExperimentalApi Option<GlobalPermissionType> getGlobalPermission(String permissionKey)
Returns a global permission matching the specified key.
@Internal Option<GlobalPermissionType> getGlobalPermission(int permissionId)
This method is deprecated. use getGlobalPermission(GlobalPermissionKey) to get global permission by key. Eventually, we want to stop referring to Global Permission's by ID.
@ExperimentalApi Option<GlobalPermissionType> getGlobalPermission(GlobalPermissionKey permissionKey)
Returns the global permission details for the given permission key.
@Nonnull Collection<String> getGroupNames(int permissionId)
This method is deprecated. Use getGroupNamesWithPermission(com.atlassian.jira.permission.GlobalPermissionKey)
@Internal Collection<String> getGroupNames(GlobalPermissionType globalPermissionType)
This method is deprecated. Use getGroupNamesWithPermission(com.atlassian.jira.permission.GlobalPermissionKey) instead. Since v6.2.5.
@ExperimentalApi @Nonnull Collection<String> getGroupNamesWithPermission(GlobalPermissionKey permissionKey)
Retrieve all the group names with this permission.
@Internal Collection<Group> getGroupsWithPermission(GlobalPermissionType globalPermissionType)
This method is deprecated. Use getGroupsWithPermission(com.atlassian.jira.permission.GlobalPermissionKey) instead. Since v6.2.5.
@ExperimentalApi @Nonnull Collection<Group> getGroupsWithPermission(GlobalPermissionKey permissionKey)
Retrieve all the groups with the given permission.
Collection<Group> getGroupsWithPermission(int permissionId)
This method is deprecated. Use getGroupsWithPermission(com.atlassian.jira.permission.GlobalPermissionKey)
@Internal Collection<GlobalPermissionEntry> getPermissions(GlobalPermissionType globalPermissionType)
This method is deprecated. Use getPermissions(com.atlassian.jira.permission.GlobalPermissionKey) instead. Since v6.2.5.
Collection<JiraPermission> getPermissions(int permissionType)
This method is deprecated. Use getPermissions(com.atlassian.jira.permission.GlobalPermissionKey) instead.
@ExperimentalApi @Nonnull Collection<GlobalPermissionEntry> getPermissions(GlobalPermissionKey globalPermissionKey)
Retrieve a list of user groups which have been granted the specified permission.
@Internal boolean hasPermission(GlobalPermissionType globalPermissionType, ApplicationUser user)
This method is deprecated. Use hasPermission(com.atlassian.jira.permission.GlobalPermissionKey, com.atlassian.jira.user.ApplicationUser) instead. Since v6.2.5.
boolean hasPermission(int permissionType)
This method is deprecated. Use hasPermission(com.atlassian.jira.permission.GlobalPermissionKey, com.atlassian.jira.user.ApplicationUser) instead.
boolean hasPermission(int permissionType, ApplicationUser user)
This method is deprecated. Use hasPermission(com.atlassian.jira.permission.GlobalPermissionKey, com.atlassian.jira.user.ApplicationUser) instead.
@ExperimentalApi boolean hasPermission(GlobalPermissionKey globalPermissionKey, ApplicationUser user)
Check if the given user has the given Global Permission.
@Internal boolean hasPermission(GlobalPermissionType globalPermissionType)
This method is deprecated. Use hasPermission(com.atlassian.jira.permission.GlobalPermissionKey, com.atlassian.jira.user.ApplicationUser) instead. Since v6.2.5.
@ExperimentalApi boolean isGlobalPermission(int permissionId)
This method is deprecated. Use GlobalPermissionKey instead of int. Since v6.2.5
@Internal boolean isPermissionManagedByJira(GlobalPermissionKey permissionKey)
Checks if jira should be responsible for managing a permission.
@ExperimentalApi boolean removePermission(GlobalPermissionType globalPermissionType, String group)
Revokes a global permission for a user group
boolean removePermission(int permissionType, String group)
This method is deprecated. Use removePermission(com.atlassian.jira.permission.GlobalPermissionType, String) instead.
boolean removePermissions(String group)
Revoke all global permissions for a user group.

Public Methods

@Deprecated public boolean addPermission (int permissionType, String group)

This method is deprecated.
Use addPermission(com.atlassian.jira.permission.GlobalPermissionType, String) instead.

Grants a user group a global permission.

Parameters
permissionType the global permission id.
group the name of the group. Null means "anyone" group. The JIRA use, admin and sysadmin permission cannot be granted to anyone.
Returns
  • true if the permission was added.

@ExperimentalApi public boolean addPermission (GlobalPermissionType globalPermissionType, String group)

@ExperimentalApi

This method is considered usable by external developers but its contracts have not stabilized.

Experimental APIs may be changed at any time before being marked @Internal or @PublicApi.

Grants a user group a global permission.

Parameters
globalPermissionType global permission, must not be null.
group the name of the group. Null means "anyone" group. The JIRA use, admin and sysadmin permission cannot be granted to "anyone".
Returns
  • true if permission was added.

@Internal public void clearCache ()

@Internal

This method is an internal implementation detail and will change without notice.

Clients that depend on @Internal classes and interfaces can not expect to be compatible with any version other than the version they were compiled against (even minor version and milestone releases may break binary compatibility with respect to @Internal elements).

@ExperimentalApi public Collection<GlobalPermissionType> getAllGlobalPermissions ()

@ExperimentalApi

This method is considered usable by external developers but its contracts have not stabilized.

Experimental APIs may be changed at any time before being marked @Internal or @PublicApi.

Returns
  • the collection with all global permissions. This includes all the systems global permissions and all the plugin global permissions.

@ExperimentalApi public Option<GlobalPermissionType> getGlobalPermission (String permissionKey)

@ExperimentalApi

This method is considered usable by external developers but its contracts have not stabilized.

Experimental APIs may be changed at any time before being marked @Internal or @PublicApi.

Returns a global permission matching the specified key.

Parameters
permissionKey the key of the permission declared by global permission module.
Returns
  • a global permission for the given permission key.

@Internal public Option<GlobalPermissionType> getGlobalPermission (int permissionId)

@Internal

This method is an internal implementation detail and will change without notice.

Clients that depend on @Internal classes and interfaces can not expect to be compatible with any version other than the version they were compiled against (even minor version and milestone releases may break binary compatibility with respect to @Internal elements).

This method is deprecated.
use getGlobalPermission(GlobalPermissionKey) to get global permission by key. Eventually, we want to stop referring to Global Permission's by ID.

Parameters
permissionId id of the permission.
Returns
  • a global permission (system and pluggable) for the given permission id.

@ExperimentalApi public Option<GlobalPermissionType> getGlobalPermission (GlobalPermissionKey permissionKey)

@ExperimentalApi

This method is considered usable by external developers but its contracts have not stabilized.

Experimental APIs may be changed at any time before being marked @Internal or @PublicApi.

Returns the global permission details for the given permission key.

Parameters
permissionKey the global permission key
Returns
  • the global permission details for the given permission key.

@Nonnull public Collection<String> getGroupNames (int permissionId)

This method is deprecated.
Use getGroupNamesWithPermission(com.atlassian.jira.permission.GlobalPermissionKey)

Retrieve all the group names with this permission. Only group names directly associated with the permission will be returned.

Parameters
permissionId must be a global permission
Returns
  • a Collection of String, group names, will never be null.

@Internal public Collection<String> getGroupNames (GlobalPermissionType globalPermissionType)

@Internal

This method is an internal implementation detail and will change without notice.

Clients that depend on @Internal classes and interfaces can not expect to be compatible with any version other than the version they were compiled against (even minor version and milestone releases may break binary compatibility with respect to @Internal elements).

This method is deprecated.
Use getGroupNamesWithPermission(com.atlassian.jira.permission.GlobalPermissionKey) instead. Since v6.2.5.

Retrieve all the group names with this permission. Only group names directly associated with the permission will be returned.

Parameters
globalPermissionType global permission, must not be null.
Returns
  • a Collection of String, group names, will never be null.

@ExperimentalApi @Nonnull public Collection<String> getGroupNamesWithPermission (GlobalPermissionKey permissionKey)

@ExperimentalApi

This method is considered usable by external developers but its contracts have not stabilized.

Experimental APIs may be changed at any time before being marked @Internal or @PublicApi.

Retrieve all the group names with this permission. Only group names directly associated with the permission will be returned.

Parameters
permissionKey global permission, must not be null.
Returns
  • a Collection of String, group names, will never be null.

@Internal public Collection<Group> getGroupsWithPermission (GlobalPermissionType globalPermissionType)

@Internal

This method is an internal implementation detail and will change without notice.

Clients that depend on @Internal classes and interfaces can not expect to be compatible with any version other than the version they were compiled against (even minor version and milestone releases may break binary compatibility with respect to @Internal elements).

This method is deprecated.
Use getGroupsWithPermission(com.atlassian.jira.permission.GlobalPermissionKey) instead. Since v6.2.5.

Retrieve all the groups with this permission. Only groups directly associated with the permission will be returned.

Parameters
globalPermissionType global permission, must not be null.
Returns
  • a Collection of Group's, will never be null.

@ExperimentalApi @Nonnull public Collection<Group> getGroupsWithPermission (GlobalPermissionKey permissionKey)

@ExperimentalApi

This method is considered usable by external developers but its contracts have not stabilized.

Experimental APIs may be changed at any time before being marked @Internal or @PublicApi.

Retrieve all the groups with the given permission.

Only groups directly associated with the permission will be returned.

Parameters
permissionKey global permission, must not be null.
Returns
  • a Collection of Group's, will never be null.

public Collection<Group> getGroupsWithPermission (int permissionId)

This method is deprecated.
Use getGroupsWithPermission(com.atlassian.jira.permission.GlobalPermissionKey)

Retrieve all the groups with this permission. Only groups directly associated with the permission will be returned.

Parameters
permissionId must be a global permission
Returns
  • a Collection of Group's, will never be null.

@Internal public Collection<GlobalPermissionEntry> getPermissions (GlobalPermissionType globalPermissionType)

@Internal

This method is an internal implementation detail and will change without notice.

Clients that depend on @Internal classes and interfaces can not expect to be compatible with any version other than the version they were compiled against (even minor version and milestone releases may break binary compatibility with respect to @Internal elements).

This method is deprecated.
Use getPermissions(com.atlassian.jira.permission.GlobalPermissionKey) instead. Since v6.2.5.

Retrieve a list of user groups which have been granted a specified permission. The returned JiraPermission contains a reference to the user group.

getScheme() is always NULL, because Global permission are not configured using schemes. getType() will always return "group", because global permissions can only be granted to groups.

Parameters
globalPermissionType global permission, must not be null.
Returns

public Collection<JiraPermission> getPermissions (int permissionType)

This method is deprecated.
Use getPermissions(com.atlassian.jira.permission.GlobalPermissionKey) instead.

Retrieve a list of user groups which have been granted a specified permission. The returned JiraPermission contains a reference to the user group.

getScheme() is always NULL, because Global permission are not configured using schemes. getType() will always return "group", because global permissions can only be granted to groups.

Parameters
permissionType The key of pluggable global permission. Must be a global permission.
Returns

@ExperimentalApi @Nonnull public Collection<GlobalPermissionEntry> getPermissions (GlobalPermissionKey globalPermissionKey)

@ExperimentalApi

This method is considered usable by external developers but its contracts have not stabilized.

Experimental APIs may be changed at any time before being marked @Internal or @PublicApi.

Retrieve a list of user groups which have been granted the specified permission.

The returned GlobalPermissionEntry contains a reference to the user group.

Parameters
globalPermissionKey global permission, must not be null.
Returns

@Internal public boolean hasPermission (GlobalPermissionType globalPermissionType, ApplicationUser user)

@Internal

This method is an internal implementation detail and will change without notice.

Clients that depend on @Internal classes and interfaces can not expect to be compatible with any version other than the version they were compiled against (even minor version and milestone releases may break binary compatibility with respect to @Internal elements).

This method is deprecated.
Use hasPermission(com.atlassian.jira.permission.GlobalPermissionKey, com.atlassian.jira.user.ApplicationUser) instead. Since v6.2.5.

Left in here temporarily in case it is being used by SD 2.0

public boolean hasPermission (int permissionType)

This method is deprecated.
Use hasPermission(com.atlassian.jira.permission.GlobalPermissionKey, com.atlassian.jira.user.ApplicationUser) instead.

Check if a global permission is granted for an anonymous user.

If the permission is ADMINISTER and the lookup is false then the same query will be executed for the SYSTEM_ADMIN permission type, since it is implied that having a SYSTEM_ADMIN permission grants ADMINISTER rights.

Note: Use hasPermission(int, ApplicationUser) method is you have the user object, i.e. user is not anonymous.

If you are using this method directly, consider using hasPermission(int, ApplicationUser) instead as it handles logged in and anonymous users as well.

Parameters
permissionType must be global permission
Returns
  • true the anonymous user has the permission of given type, false otherwise
See Also

public boolean hasPermission (int permissionType, ApplicationUser user)

This method is deprecated.
Use hasPermission(com.atlassian.jira.permission.GlobalPermissionKey, com.atlassian.jira.user.ApplicationUser) instead.

Check if a global permission for one of the users groups exists.

If the permission type is ADMINISTER and the lookup is false then the same query will be executed for the SYSTEM_ADMIN permission type, since it is implied that having a SYSTEM_ADMIN permission grants ADMINISTER rights.

Note: Use hasPermission(int) method is you do not have the user object, i.e. user is anonymous.

If you are using this method directly, consider using hasPermission(int, ApplicationUser) instead as it handles logged in and anonymous users as well.

Parameters
permissionType must be a global permission
user must not be null
Returns
  • true if the given user has the permission of given type, otherwise false
See Also

@ExperimentalApi public boolean hasPermission (GlobalPermissionKey globalPermissionKey, ApplicationUser user)

@ExperimentalApi

This method is considered usable by external developers but its contracts have not stabilized.

Experimental APIs may be changed at any time before being marked @Internal or @PublicApi.

Check if the given user has the given Global Permission.

If the permission type is ADMINISTER and the lookup is false then the same query will be executed for the SYSTEM_ADMIN permission type, since it is implied that having a SYSTEM_ADMIN permission grants ADMINISTER rights.

Parameters
globalPermissionKey global permission, must not be null.
user The user - can be null indicating "anonymous"
Returns
  • true if the given user has the permission of given type, otherwise false.

@Internal public boolean hasPermission (GlobalPermissionType globalPermissionType)

@Internal

This method is an internal implementation detail and will change without notice.

Clients that depend on @Internal classes and interfaces can not expect to be compatible with any version other than the version they were compiled against (even minor version and milestone releases may break binary compatibility with respect to @Internal elements).

This method is deprecated.
Use hasPermission(com.atlassian.jira.permission.GlobalPermissionKey, com.atlassian.jira.user.ApplicationUser) instead. Since v6.2.5.

Left in here temporarily in case it is being used by SD 2.0

@ExperimentalApi public boolean isGlobalPermission (int permissionId)

@ExperimentalApi

This method is considered usable by external developers but its contracts have not stabilized.

Experimental APIs may be changed at any time before being marked @Internal or @PublicApi.

This method is deprecated.
Use GlobalPermissionKey instead of int. Since v6.2.5

Parameters
permissionId id of the permission to check.
Returns
  • true if provided id is the id of a global permission.

@Internal public boolean isPermissionManagedByJira (GlobalPermissionKey permissionKey)

@Internal

This method is an internal implementation detail and will change without notice.

Clients that depend on @Internal classes and interfaces can not expect to be compatible with any version other than the version they were compiled against (even minor version and milestone releases may break binary compatibility with respect to @Internal elements).

Checks if jira should be responsible for managing a permission. I.e. in on demand mode USE permission might be managed by User Manager, therefore admin should not be able to add it via jira.

Parameters
permissionKey global permission
Returns
  • true if permission is managed by jira, false otherwise.

@ExperimentalApi public boolean removePermission (GlobalPermissionType globalPermissionType, String group)

@ExperimentalApi

This method is considered usable by external developers but its contracts have not stabilized.

Experimental APIs may be changed at any time before being marked @Internal or @PublicApi.

Revokes a global permission for a user group

Parameters
globalPermissionType global permission, must not be null.
group the group name. NULL means the anyone group.
Returns
  • true if the permission was revoked, false if not (e.g. the group does not have this permission)

public boolean removePermission (int permissionType, String group)

This method is deprecated.
Use removePermission(com.atlassian.jira.permission.GlobalPermissionType, String) instead.

Revokes a global permission for a user group

Parameters
permissionType the global permission.
group the group name. NULL means the anyone group.
Returns
  • true if the permission was revoked, false if not (e.g. the group does not have this permission)

public boolean removePermissions (String group)

Revoke all global permissions for a user group.

Parameters
group cannot NOT be null and the group must exist.
Returns
  • true, if this group does not have any global permissions