Package com.atlassian.bamboo.security

Class BambooPermissionManagerImpl

java.lang.Object
com.atlassian.bamboo.security.BambooPermissionManagerImpl
All Implemented Interfaces:
BambooPermissionManager
public class BambooPermissionManagerImpl extends Object implements BambooPermissionManager

  • Field Details

    • aclService

      protected org.acegisecurity.acls.MutableAclService aclService

  • Constructor Details

    • BambooPermissionManagerImpl

      public BambooPermissionManagerImpl()

  • Method Details

    • hasPermission

      public boolean hasPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull Object object, @Nullable @Nullable org.acegisecurity.Authentication authentication)
      Description copied from interface: BambooPermissionManager
      Checks whether a permission is granted to access object with given authentication.
      Specified by:
      hasPermission in interface BambooPermissionManager
      Parameters:
      permission - the permission to check for
      object - the domain object on which the permission check will be made
      authentication - the authentication/principal whose secure identities will be checked for the permission
      Returns:

    • checkPermissionForObjectIdentity

      protected boolean checkPermissionForObjectIdentity(@NotNull @NotNull org.acegisecurity.acls.objectidentity.ObjectIdentity identity, @NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull org.acegisecurity.Authentication authentication)

    • isPermissionSuppressedByTokenAuthorisation

      protected boolean isPermissionSuppressedByTokenAuthorisation(@NotNull @NotNull org.acegisecurity.acls.Permission permission)

    • hasPermission

      public com.google.common.base.Predicate<Object> hasPermission(@NotNull @NotNull BambooPermission permission, @Nullable @Nullable org.acegisecurity.Authentication authentication)
      Description copied from interface: BambooPermissionManager
      Predicate for {link #hasPermission(permission, object, authentication)}
      Specified by:
      hasPermission in interface BambooPermissionManager
      Parameters:
      permission - the permission to check for
      authentication - the authentication/principal whose secure identities will be checked for the permission
      Returns:

    • hasPermissionForAuthority

      public boolean hasPermissionForAuthority(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull Object object, @NotNull @NotNull org.acegisecurity.GrantedAuthority authority)
      Description copied from interface: BambooPermissionManager
      Checks whether a permission is granted to access object with given authority.
      Specified by:
      hasPermissionForAuthority in interface BambooPermissionManager
      Parameters:
      permission - the permission to check for
      object - the domain object on which the permission check will be made
      authority - the authority whose secure identities will be checked for the permission
      Returns:

    • getAcl

      public org.acegisecurity.acls.Acl getAcl(@NotNull @NotNull Object object)
      Specified by:
      getAcl in interface BambooPermissionManager

    • readAclById

      protected org.acegisecurity.acls.Acl readAclById(org.acegisecurity.acls.objectidentity.ObjectIdentity identity)

    • hasPermission

      public boolean hasPermission(@NotNull @NotNull String username, @NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull Object object)
      Specified by:
      hasPermission in interface BambooPermissionManager

    • hasPlanPermission

      public boolean hasPlanPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull PlanKey planKey)
      Description copied from interface: BambooPermissionManager
      Verify plan access
      Specified by:
      hasPlanPermission in interface BambooPermissionManager
      Parameters:
      permission - permission to check
      planKey - key of the plan
      Returns:
      true iff permission is granted

    • hasPlanPermission

      public boolean hasPlanPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull ImmutablePlan plan)
      Description copied from interface: BambooPermissionManager
      Verify plan access
      Specified by:
      hasPlanPermission in interface BambooPermissionManager
      Parameters:
      permission - permission to check
      plan - plan
      Returns:
      true iff permission is granted

    • hasProjectPermission

      public boolean hasProjectPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull String projectKey)
      Description copied from interface: BambooPermissionManager
      Checks if currently logged in user has a permission for a project identified by projectKey.
      Specified by:
      hasProjectPermission in interface BambooPermissionManager
      Parameters:
      permission - permission to check
      projectKey - key of the project to check
      Returns:
      true if project with the given key exists and current user has the permission to it

    • hasProjectPermission

      public boolean hasProjectPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull Project project)
      Description copied from interface: BambooPermissionManager
      Checks if currently logged in user has a permission for a project.
      Specified by:
      hasProjectPermission in interface BambooPermissionManager
      Parameters:
      permission - permission to check
      project - project to check
      Returns:
      true if current user has the permission to the project

    • canCreatePlanInProject

      public boolean canCreatePlanInProject(@NotNull @NotNull String projectKey)
      Description copied from interface: BambooPermissionManager
      Checks if currently logged in user can create plans in a project identified by projectKey.
      Specified by:
      canCreatePlanInProject in interface BambooPermissionManager
      Parameters:
      projectKey - key of the project to check
      Returns:
      true if project with the given key exists and current user can create plans in it

    • canCreatePlanInProject

      public boolean canCreatePlanInProject(@NotNull @NotNull Project project)
      Description copied from interface: BambooPermissionManager
      Checks if currently logged in user can create plans in a project.
      Specified by:
      canCreatePlanInProject in interface BambooPermissionManager
      Parameters:
      project - project to check
      Returns:
      true if current user can create plans in the project

    • canCreateProject

      public boolean canCreateProject()
      Description copied from interface: BambooPermissionManager
      Checks if currently logged in user can create new projects.
      Specified by:
      canCreateProject in interface BambooPermissionManager
      Returns:
      true if current user can create projects

    • canCreatePlan

      public boolean canCreatePlan()
      Description copied from interface: BambooPermissionManager
      Checks if currently logged in user can create new plans.

      This method might be expensive to compute as it may need to check permissions on all projects for this Bamboo instance.

      Specified by:
      canCreatePlan in interface BambooPermissionManager
      Returns:
      true if current user can create plans

    • canCreateDeploymentProject

      public boolean canCreateDeploymentProject()
      Specified by:
      canCreateDeploymentProject in interface BambooPermissionManager

    • hasGlobalPermission

      public boolean hasGlobalPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission)
      Specified by:
      hasGlobalPermission in interface BambooPermissionManager

    • getPermissionsForPlan

      public Collection<org.acegisecurity.acls.Permission> getPermissionsForPlan(@NotNull @NotNull PlanKey planKey)
      Specified by:
      getPermissionsForPlan in interface BambooPermissionManager

    • isEnableSignup

      public boolean isEnableSignup()
      Specified by:
      isEnableSignup in interface BambooPermissionManager

    • getAdminGroups

      @NotNull public @NotNull Collection<String> getAdminGroups()
      Description copied from interface: BambooPermissionManager
      Get a list of all the groups that have global administration permission
      Specified by:
      getAdminGroups in interface BambooPermissionManager
      Returns:
      A list of all the groups that have global administration permission

    • getRestrictedAdminGroups

      @NotNull public @NotNull Collection<String> getRestrictedAdminGroups()
      Description copied from interface: BambooPermissionManager
      Get a list of all the groups that have global restricted administration permission
      Specified by:
      getRestrictedAdminGroups in interface BambooPermissionManager
      Returns:
      A list of all the groups that have global restricted administration permission

    • getUsePermissionGroups

      @NotNull public @NotNull Collection<String> getUsePermissionGroups()
      Description copied from interface: BambooPermissionManager
      Get a list of all the groups that have global read or create plan permission
      Specified by:
      getUsePermissionGroups in interface BambooPermissionManager
      Returns:
      A list of all the groups that have global read or create plan permission

    • getDefaultUsersGroup

      @NotNull public @NotNull String getDefaultUsersGroup()
      Specified by:
      getDefaultUsersGroup in interface BambooPermissionManager
      Returns:
      the name of the default group that users will be added to when they are created

    • getGroupsWithPermission

      @NotNull public @NotNull Collection<String> getGroupsWithPermission(BambooPermission permission)

    • getAdminUsers

      @NotNull public @NotNull Collection<String> getAdminUsers()
      Description copied from interface: BambooPermissionManager
      Get a list of all the users that have global administration permission
      Specified by:
      getAdminUsers in interface BambooPermissionManager
      Returns:
      A list of all the users that have global administration permission

    • getRestrictedAdminUsers

      @NotNull public @NotNull Collection<String> getRestrictedAdminUsers()
      Description copied from interface: BambooPermissionManager
      Get a list of all the users that have global restricted administration permission
      Specified by:
      getRestrictedAdminUsers in interface BambooPermissionManager
      Returns:
      A list of all the users that have global restricted administration permission

    • getUsePermissionUsers

      @NotNull public @NotNull Collection<String> getUsePermissionUsers()
      Description copied from interface: BambooPermissionManager
      Get a list of all the users that have global read or create plan permission
      Specified by:
      getUsePermissionUsers in interface BambooPermissionManager
      Returns:
      A list of all the users that have global read or create plan permission

    • getUsersWithPermission

      @NotNull public @NotNull Collection<String> getUsersWithPermission(BambooPermission permission)

    • isAdmin

      public boolean isAdmin(String username)
      Description copied from interface: BambooPermissionManager
      Returns true if the user is an admin, false if not
      Specified by:
      isAdmin in interface BambooPermissionManager
      Parameters:
      username - the user
      Returns:
      true if the user is an admin, false if not

    • isSystemAdmin

      public boolean isSystemAdmin(String username)
      Description copied from interface: BambooPermissionManager
      Returns true if the user is a sysadmin, false if not
      Specified by:
      isSystemAdmin in interface BambooPermissionManager
      Parameters:
      username - the user
      Returns:
      true if the user is a sysadmin, false if not

    • isAllowedToSetGlobalPermission

      public boolean isAllowedToSetGlobalPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission)
      Description copied from interface: BambooPermissionManager
      Returns true if user is allowed to set specific global permission
      Specified by:
      isAllowedToSetGlobalPermission in interface BambooPermissionManager
      Parameters:
      permission - permission to check
      Returns:

    • canManageElasticBamboo

      public boolean canManageElasticBamboo()
      Description copied from interface: BambooPermissionManager
      Returns true if the current user has credentials to manage Elastic Bamboo.

      Note that this permission is only required for Elastic Bamboo configuration (including operations like viewing EC2 instances, their statuses, logs etc.). Normal usage of Bamboo with EC2 configured (e.g. running builds on elastic agents) does not require such credentials.

      Specified by:
      canManageElasticBamboo in interface BambooPermissionManager
      Returns:
      true, if current user has permission to configure Elastic Bamboo

    • canManageEphemeralAgents

      public boolean canManageEphemeralAgents()
      Description copied from interface: BambooPermissionManager
      Returns true if the current user has credentials to manage Ephemeral Agents.

      Note that this permission is only required for Ephemeral Agents configuration (including operations like viewing templates). Normal usage of Bamboo with Ephemeral Agents configured (e.g. running builds) does not require such credentials.

      Specified by:
      canManageEphemeralAgents in interface BambooPermissionManager
      Returns:
      true, if current user has permission to configure Ephemeral Agents

    • canManageAgents

      public boolean canManageAgents()
      Description copied from interface: BambooPermissionManager
      Returns true if the current user has credentials to manage Bamboo Agents.
      Specified by:
      canManageAgents in interface BambooPermissionManager
      Returns:
      true if the current user has permission to manage agents, false otherwise

    • canRunCustomBuild

      public boolean canRunCustomBuild(@NotNull @NotNull PlanKey planKey)
      Specified by:
      canRunCustomBuild in interface BambooPermissionManager
      Parameters:
      planKey - key of the plan in question
      Returns:
      true if the current user is allowed to run custom build of specified plan

    • hasPermission

      protected boolean hasPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull HibernateObjectIdentityImpl objectIdentity, @NotNull @NotNull org.acegisecurity.Authentication authentication)

    • hasPermission

      protected boolean hasPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, @NotNull @NotNull org.acegisecurity.Authentication authentication)

    • createObjectIdentity

      protected org.acegisecurity.acls.objectidentity.ObjectIdentity createObjectIdentity(@NotNull @NotNull Object object)

    • setAdministrationConfigurationAccessor

      public void setAdministrationConfigurationAccessor(AdministrationConfigurationAccessor administrationConfigurationAccessor)

    • setAclService

      public void setAclService(org.acegisecurity.acls.MutableAclService aclService)

    • setSidRetrievalStrategy

      public void setSidRetrievalStrategy(org.acegisecurity.acls.sid.SidRetrievalStrategy sidRetrievalStrategy)

    • setCachedPlanManager

      public void setCachedPlanManager(CachedPlanManager cachedPlanManager)

    • setProjectManager

      public void setProjectManager(ProjectManager projectManager)

    • setOverrideAuthorities

      public void setOverrideAuthorities(org.acegisecurity.GrantedAuthority[] overrideAuthorities)

    • setObjectIdentityRetrievalStrategy

      public void setObjectIdentityRetrievalStrategy(org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy)

    • setScopesRequestCacheDelegate

      public void setScopesRequestCacheDelegate(ScopesRequestCacheDelegate scopesRequestCacheDelegate)