Package com.atlassian.bamboo.security

Class PermissionsServiceUtils

java.lang.Object
com.atlassian.bamboo.security.PermissionsServiceUtils
public class PermissionsServiceUtils extends Object
Permission Service utility class with helper methods for permission services. Example: AbstractProjectPermissionsService DefaultPlanPermissionsService

  • Field Details

    • PERMISSIONS_ORDERING

      public static final com.google.common.collect.Ordering<BambooPermission> PERMISSIONS_ORDERING
      Globally-consistent ordering of Bamboo permissions. Permissions are sorted by their importance. Least granting permissions come first.

      Note: some permissions appearing later on the list are not necessarily expected to be granting permissions which appear earlier. For example, BambooPermission.CLONE does not grant BambooPermission.BUILD, yet to maintain a consistent order one had to be placed after another.

  • Constructor Details

    • PermissionsServiceUtils

      public PermissionsServiceUtils()

  • Method Details

    • validateUser

      public static com.atlassian.user.User validateUser(String username, BambooUserManager bambooUserManager)

    • validateGroup

      public static com.atlassian.user.Group validateGroup(String groupName, BambooUserManager bambooUserManager)

    • assertCanManagePermissionsForDeploymentProject

      public static void assertCanManagePermissionsForDeploymentProject(DeploymentProject deploymentProject, BambooPermissionManager bambooPermissionManager) throws org.acegisecurity.AccessDeniedException
      Throws:
      org.acegisecurity.AccessDeniedException

    • assertCanManagePermissionsForEnvironment

      public static void assertCanManagePermissionsForEnvironment(Environment environment, BambooPermissionManager bambooPermissionManager) throws org.acegisecurity.AccessDeniedException
      Throws:
      org.acegisecurity.AccessDeniedException

    • assertCanManagePermissionsForRepository

      public static void assertCanManagePermissionsForRepository(RepositoryDataEntity repository, BambooPermissionManager bambooPermissionManager) throws org.acegisecurity.AccessDeniedException
      Throws:
      org.acegisecurity.AccessDeniedException

    • validatePermissions

      public static void validatePermissions(List<BambooPermission> permissions, Collection<BambooPermission> supportedPermissions, String entityName) throws IllegalArgumentException
      Throws:
      IllegalArgumentException

    • extractDependencies

      @NotNull public static @NotNull Set<BambooPermission> extractDependencies(ImmutableMultimap<BambooPermission,BambooPermission> permissionDependencies, Collection<BambooPermission> supportedPermissions, BambooPermission permission)
      Obtain a collection of Bamboo permissions dependent on the passed permission. A dependent permission is expected to always be granted whenever the parent permission is granted too.

      The result is an effective collection of dependencies, meaning there's no need to recursively traverse the dependency graph.

      Parameters:
      permissionDependencies - permission dependency graph in the format of a Multimap
      supportedPermissions - a collection of supported permissions to filter out the result
      permission - permission for which to obtain the dependencies
      Returns:
      a collection of dependencies of the given permission

    • validateDependenciesAfterGranting

      public static void validateDependenciesAfterGranting(@NotNull @NotNull Collection<BambooPermission> permissions, @NotNull @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier) throws IllegalArgumentException
      Validates permission dependencies after granting new permissions.
      Parameters:
      permissions - a collection of permissions to validate
      permissionDependenciesSupplier - function to obtain dependencies for a permission
      Throws:
      IllegalArgumentException - on validation error

    • validateDependenciesAfterGranting

      public static <E extends Exception> void validateDependenciesAfterGranting(@NotNull @NotNull Collection<BambooPermission> permissions, @NotNull @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier, @NotNull @NotNull Function<BambooPermission,String> permissionNameFunction, @NotNull @NotNull Function<String,E> exceptionConstructorFunction) throws E
      Validates permission dependencies after granting new permissions.
      Parameters:
      permissions - a collection of permissions to validate
      permissionDependenciesSupplier - function to obtain dependencies for a permission
      permissionNameFunction - function to extract display name of a permission
      exceptionConstructorFunction - function to create exception in case of validation error
      Throws:
      E - on validation error

    • validateDependenciesAfterRevoking

      public static void validateDependenciesAfterRevoking(@NotNull @NotNull Collection<BambooPermission> permissions, @NotNull @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier)
      Validates permission dependencies after revoking permissions.
      Parameters:
      permissions - a collection of permissions to validate
      permissionDependenciesSupplier - function to obtain dependencies for a permission
      Throws:
      IllegalArgumentException - on validation error

    • validateDependenciesAfterRevoking

      public static <E extends Exception> void validateDependenciesAfterRevoking(@NotNull @NotNull Collection<BambooPermission> permissions, @NotNull @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier, @NotNull @NotNull Function<BambooPermission,String> permissionNameFunction, @NotNull @NotNull Function<String,E> exceptionConstructorFunction) throws E
      Validates permission dependencies after revoking permissions.
      Parameters:
      permissions - a collection of permissions to validate
      permissionDependenciesSupplier - function to obtain dependencies for a permission
      permissionNameFunction - function to extract display name of a permission
      exceptionConstructorFunction - function to create exception in case of validation error
      Throws:
      E - on validation error

    • findMissingDependencies

      @NotNull public static @NotNull ImmutableMultimap<BambooPermission,BambooPermission> findMissingDependencies(@NotNull @NotNull Collection<BambooPermission> permissions, @NotNull @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier)
      Validates permission dependencies. Returns info about all missing dependencies found.

      Example: provided that permission 'A' depends on 'B', and 'B' depends on 'C', then:

    • permissions ['A'] will yield an error: 'A' is missing 'B' and 'C',
    • permissions ['A', 'B'] will yield an error: 'A' is missing 'C', 'B' is missing 'C',
    • permissions ['A', 'C'] will yield an error: 'A' is missing 'B',
    • permissions ['A', 'B', 'C'] are valid,
    • permissions ['B'] will yield an error: 'B' is missing 'C',
    • permissions ['B', 'C'] are valid,
    • and permissions ['C'] are valid.
      • Parameters:
      permissions - a collection of permissions to validate
      permissionDependenciesSupplier - function to obtain dependencies for a permission
      Returns:
      a multimap of missing permission dependencies, empty if no dependency errors were found. Each key in the multimap has a collection of permissions assigned to it, which were expected as dependencies.

    • getPermissionsAndDependencies

      @NotNull public static @NotNull Collection<BambooPermission> getPermissionsAndDependencies(@NotNull @NotNull Collection<BambooPermission> permissions, @NotNull @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier)
      Return a collection of permissions with all missing dependencies added.
      Parameters:
      permissions - a collection of permissions
      permissionDependenciesSupplier - function to obtain dependencies for a permission
      Returns:
      a collection of effective permissions, with all permission dependencies added