Package com.atlassian.bamboo.security

Interface BambooPermissionManager

All Known Implementing Classes:
BambooPermissionManagerImpl
public interface BambooPermissionManager

  • Field Details

    • SYSTEM_AUTHORITY

      static final org.acegisecurity.adapters.PrincipalAcegiUserToken SYSTEM_AUTHORITY

  • Method Details

    • hasPermission

      boolean hasPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull Object object, @Nullable @Nullable org.acegisecurity.Authentication authentication)
      Checks whether a permission is granted to access object with given authentication.
      Parameters:
      permission - the permission to check for
      object - the domain object on which the permission check will be made
      authentication - the authentication/principal whose secure identities will be checked for the permission
      Returns:

    • hasPermission

      Predicate<Object> hasPermission(@NotNull @NotNull BambooPermission permission, @Nullable @Nullable org.acegisecurity.Authentication authentication)
      Predicate for {link #hasPermission(permission, object, authentication)}
      Parameters:
      permission - the permission to check for
      authentication - the authentication/principal whose secure identities will be checked for the permission
      Returns:

    • hasPermission

      boolean hasPermission(@NotNull @NotNull String username, @NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull Object object)

    • hasPermissionForAuthority

      boolean hasPermissionForAuthority(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull Object object, @NotNull @NotNull org.acegisecurity.GrantedAuthority authority)
      Checks whether a permission is granted to access object with given authority.
      Parameters:
      permission - the permission to check for
      object - the domain object on which the permission check will be made
      authority - the authority whose secure identities will be checked for the permission
      Returns:

    • hasPlanPermission

      boolean hasPlanPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull PlanKey planKey)
      Verify plan access
      Parameters:
      permission - permission to check
      planKey - key of the plan
      Returns:
      true iff permission is granted

    • hasPlanPermission

      boolean hasPlanPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull ImmutablePlan plan)
      Verify plan access
      Parameters:
      permission - permission to check
      plan - plan
      Returns:
      true iff permission is granted

    • hasProjectPermission

      boolean hasProjectPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull String projectKey)
      Checks if currently logged in user has a permission for a project identified by projectKey.
      Parameters:
      permission - permission to check
      projectKey - key of the project to check
      Returns:
      true if project with the given key exists and current user has the permission to it

    • hasProjectPermission

      boolean hasProjectPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull Project project)
      Checks if currently logged in user has a permission for a project.
      Parameters:
      permission - permission to check
      project - project to check
      Returns:
      true if current user has the permission to the project

    • canCreatePlanInProject

      boolean canCreatePlanInProject(@NotNull @NotNull String projectKey)
      Checks if currently logged in user can create plans in a project identified by projectKey.
      Parameters:
      projectKey - key of the project to check
      Returns:
      true if project with the given key exists and current user can create plans in it

    • canCreatePlanInProject

      boolean canCreatePlanInProject(@NotNull @NotNull Project project)
      Checks if currently logged in user can create plans in a project.
      Parameters:
      project - project to check
      Returns:
      true if current user can create plans in the project

    • canCreateProject

      boolean canCreateProject()
      Checks if currently logged in user can create new projects.
      Returns:
      true if current user can create projects

    • canCreatePlan

      boolean canCreatePlan()
      Checks if currently logged in user can create new plans.

      This method might be expensive to compute as it may need to check permissions on all projects for this Bamboo instance.

      Returns:
      true if current user can create plans

    • canCreateDeploymentProject

      boolean canCreateDeploymentProject()

    • hasGlobalPermission

      boolean hasGlobalPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission)

    • hasProjectEditPermission

      @Deprecated boolean hasProjectEditPermission(@Nullable @Nullable Project project)
      Deprecated.
      since 6.2 project EDIT (BambooPermission.WRITE) permission replaced with ADMIN (BambooPermission.ADMINISTRATION). Use hasPermission(Permission, Object, Authentication) for permission checking.

    • isEnableSignup

      boolean isEnableSignup()

    • getPermissionsForPlan

      Collection<org.acegisecurity.acls.Permission> getPermissionsForPlan(@NotNull @NotNull PlanKey planKey)

    • getAdminGroups

      Collection<String> getAdminGroups()
      Get a list of all the groups that have global administration permission
      Returns:
      A list of all the groups that have global administration permission

    • getRestrictedAdminGroups

      @NotNull @NotNull Collection<String> getRestrictedAdminGroups()
      Get a list of all the groups that have global restricted administration permission
      Returns:
      A list of all the groups that have global restricted administration permission

    • getUsePermissionGroups

      @NotNull @NotNull Collection<String> getUsePermissionGroups()
      Get a list of all the groups that have global read or create plan permission
      Returns:
      A list of all the groups that have global read or create plan permission

    • getAdminUsers

      @NotNull @NotNull Collection<String> getAdminUsers()
      Get a list of all the users that have global administration permission
      Returns:
      A list of all the users that have global administration permission

    • getRestrictedAdminUsers

      @NotNull @NotNull Collection<String> getRestrictedAdminUsers()
      Get a list of all the users that have global restricted administration permission
      Returns:
      A list of all the users that have global restricted administration permission

    • getUsePermissionUsers

      @NotNull @NotNull Collection<String> getUsePermissionUsers()
      Get a list of all the users that have global read or create plan permission
      Returns:
      A list of all the users that have global read or create plan permission

    • getDefaultUsersGroup

      @NotNull @NotNull String getDefaultUsersGroup()
      Returns:
      the name of the default group that users will be added to when they are created

    • isAdmin

      boolean isAdmin(String username)
      Returns true if the user is an admin, false if not
      Parameters:
      username - the user
      Returns:
      true if the user is an admin, false if not

    • isSystemAdmin

      boolean isSystemAdmin(String username)
      Returns true if the user is a sysadmin, false if not
      Parameters:
      username - the user
      Returns:
      true if the user is a sysadmin, false if not

    • isAllowedToSetGlobalPermission

      boolean isAllowedToSetGlobalPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission)
      Returns true if user is allowed to set specific global permission
      Parameters:
      permission - permission to check
      Returns:

    • canManageElasticBamboo

      boolean canManageElasticBamboo()
      Returns true if the current user has credentials to manage Elastic Bamboo.

      Note that this permission is only required for Elastic Bamboo configuration (including operations like viewing EC2 instances, their statuses, logs etc.). Normal usage of Bamboo with EC2 configured (e.g. running builds on elastic agents) does not require such credentials.

      Returns:
      true, if current user has permission to configure Elastic Bamboo

    • canManageEphemeralAgents

      boolean canManageEphemeralAgents()
      Returns true if the current user has credentials to manage Ephemeral Agents.

      Note that this permission is only required for Ephemeral Agents configuration (including operations like viewing templates). Normal usage of Bamboo with Ephemeral Agents configured (e.g. running builds) does not require such credentials.

      Returns:
      true, if current user has permission to configure Ephemeral Agents
      Since:
      9.3

    • canManageAgents

      boolean canManageAgents()
      Returns true if the current user has credentials to manage Bamboo Agents.
      Returns:
      true if the current user has permission to manage agents, false otherwise

    • getAcl

      org.acegisecurity.acls.Acl getAcl(@NotNull @NotNull Object object)

    • canRunCustomBuild

      boolean canRunCustomBuild(@NotNull @NotNull PlanKey planKey)
      Parameters:
      planKey - key of the plan in question
      Returns:
      true if the current user is allowed to run custom build of specified plan