com.atlassian.bamboo.security

Interface BambooPermissionManager

All Known Implementing Classes:

BambooPermissionManagerImpl

public interface BambooPermissionManager

Field Summary

Fields

Modifier and Type	Field and Description
static org.acegisecurity.adapters.PrincipalAcegiUserToken	SYSTEM_AUTHORITY

Method Summary

Modifier and Type	Method and Description
boolean	canCreateDeploymentProject()
boolean	canCreatePlan() Checks if currently logged in user can create new plans.
boolean	canCreatePlanInProject(Project project) Checks if currently logged in user can create plans in a project.
boolean	canCreatePlanInProject(String projectKey) Checks if currently logged in user can create plans in a project identified by projectKey.
boolean	canCreateProject() Checks if currently logged in user can create new projects.
boolean	canManageAgents() Returns true if the current user has credentials to manage Bamboo Agents.
boolean	canManageElasticBamboo() Returns true if the current user has credentials to manage Elastic Bamboo.
boolean	canRunCustomBuild(PlanKey planKey)
org.acegisecurity.acls.Acl	getAcl(Object object)
Collection<String>	getAdminGroups() Get a list of all the groups that have global administration permission
Collection<String>	getAdminUsers() Get a list of all the users that have global administration permission
String	getDefaultUsersGroup()
Collection<org.acegisecurity.acls.Permission>	getPermissionsForPlan(PlanKey planKey)
Collection<String>	getRestrictedAdminGroups() Get a list of all the groups that have global restricted administration permission
Collection<String>	getRestrictedAdminUsers() Get a list of all the users that have global restricted administration permission
Collection<String>	getUsePermissionGroups() Get a list of all the groups that have global read or create plan permission
Collection<String>	getUsePermissionUsers() Get a list of all the users that have global read or create plan permission
boolean	hasGlobalPermission(org.acegisecurity.acls.Permission permission)
com.google.common.base.Predicate<Object>	hasPermission(BambooPermission permission, org.acegisecurity.Authentication authentication) Predicate for {link #hasPermission(permission, object, authentication)}
boolean	hasPermission(org.acegisecurity.acls.Permission permission, Object object, org.acegisecurity.Authentication authentication) Checks whether a permission is granted to access object with given authentication.
boolean	hasPermission(String username, org.acegisecurity.acls.Permission permission, Object object)
boolean	hasPermissionForAuthority(org.acegisecurity.acls.Permission permission, Object object, org.acegisecurity.GrantedAuthority authority) Checks whether a permission is granted to access object with given authority.
boolean	hasPlanPermission(org.acegisecurity.acls.Permission permission, ImmutablePlan plan) Verify plan access
boolean	hasPlanPermission(org.acegisecurity.acls.Permission permission, PlanKey planKey) Verify plan access
boolean	hasProjectEditPermission(Project project) Deprecated. since 6.2 project EDIT (BambooPermission.WRITE) permission replaced with ADMIN (BambooPermission.ADMINISTRATION). Use hasPermission(Permission, Object, Authentication) for permission checking.
boolean	hasProjectPermission(org.acegisecurity.acls.Permission permission, Project project) Checks if currently logged in user has a permission for a project.
boolean	hasProjectPermission(org.acegisecurity.acls.Permission permission, String projectKey) Checks if currently logged in user has a permission for a project identified by projectKey.
boolean	isAdmin(String username) Returns true if the user is an admin, false if not
boolean	isAllowedToSetGlobalPermission(org.acegisecurity.acls.Permission permission) Returns true if user is allowed to set specific global permission
boolean	isEnableSignup()
boolean	isSystemAdmin(String username) Returns true if the user is a sysadmin, false if not

Field Detail

SYSTEM_AUTHORITY

static final org.acegisecurity.adapters.PrincipalAcegiUserToken SYSTEM_AUTHORITY

Method Detail

hasPermission

boolean hasPermission(@NotNull
                      org.acegisecurity.acls.Permission permission,
                      @NotNull
                      Object object,
                      @Nullable
                      org.acegisecurity.Authentication authentication)

Checks whether a permission is granted to access object with given authentication.

Parameters:

permission - the permission to check for

object - the domain object on which the permission check will be made

authentication - the authentication/principal whose secure identities will be checked for the permission

Returns:

hasPermission

com.google.common.base.Predicate<Object> hasPermission(@NotNull
                                                       BambooPermission permission,
                                                       @Nullable
                                                       org.acegisecurity.Authentication authentication)

Predicate for {link #hasPermission(permission, object, authentication)}

Parameters:

permission - the permission to check for

authentication - the authentication/principal whose secure identities will be checked for the permission

Returns:

hasPermission

boolean hasPermission(@NotNull
                      String username,
                      @NotNull
                      org.acegisecurity.acls.Permission permission,
                      @NotNull
                      Object object)

hasPermissionForAuthority

boolean hasPermissionForAuthority(@NotNull
                                  org.acegisecurity.acls.Permission permission,
                                  @NotNull
                                  Object object,
                                  @NotNull
                                  org.acegisecurity.GrantedAuthority authority)

Checks whether a permission is granted to access object with given authority.

Parameters:

permission - the permission to check for

object - the domain object on which the permission check will be made

authority - the authority whose secure identities will be checked for the permission

Returns:

hasPlanPermission

boolean hasPlanPermission(@NotNull
                          org.acegisecurity.acls.Permission permission,
                          @NotNull
                          PlanKey planKey)

Verify plan access

Parameters:

permission - permission to check

planKey - key of the plan

Returns:

true iff permission is granted

hasPlanPermission

boolean hasPlanPermission(@NotNull
                          org.acegisecurity.acls.Permission permission,
                          @NotNull
                          ImmutablePlan plan)

Verify plan access

Parameters:

permission - permission to check

plan - plan

Returns:

true iff permission is granted

hasProjectPermission

boolean hasProjectPermission(@NotNull
                             org.acegisecurity.acls.Permission permission,
                             @NotNull
                             String projectKey)

Checks if currently logged in user has a permission for a project identified by projectKey.

Parameters:

permission - permission to check

projectKey - key of the project to check

Returns:

true if project with the given key exists and current user has the permission to it

hasProjectPermission

boolean hasProjectPermission(@NotNull
                             org.acegisecurity.acls.Permission permission,
                             @NotNull
                             Project project)

Checks if currently logged in user has a permission for a project.

Parameters:

permission - permission to check

project - project to check

Returns:

true if current user has the permission to the project

canCreatePlanInProject

boolean canCreatePlanInProject(@NotNull
                               String projectKey)

Checks if currently logged in user can create plans in a project identified by projectKey.

Parameters:

projectKey - key of the project to check

Returns:

true if project with the given key exists and current user can create plans in it

canCreatePlanInProject

boolean canCreatePlanInProject(@NotNull
                               Project project)

Checks if currently logged in user can create plans in a project.

Parameters:

project - project to check

Returns:

true if current user can create plans in the project

canCreateProject

boolean canCreateProject()

Checks if currently logged in user can create new projects.

Returns:

true if current user can create projects

canCreatePlan

boolean canCreatePlan()

Checks if currently logged in user can create new plans.

This method might be expensive to compute as it may need to check permissions on all projects for this Bamboo instance.

Returns:

true if current user can create plans

canCreateDeploymentProject

boolean canCreateDeploymentProject()

hasGlobalPermission

boolean hasGlobalPermission(@NotNull
                            org.acegisecurity.acls.Permission permission)

hasProjectEditPermission

@Deprecated
boolean hasProjectEditPermission(@Nullable
                                             Project project)

Deprecated. since 6.2 project EDIT (BambooPermission.WRITE) permission replaced with ADMIN (BambooPermission.ADMINISTRATION). Use hasPermission(Permission, Object, Authentication) for permission checking.

isEnableSignup

boolean isEnableSignup()

getPermissionsForPlan

Collection<org.acegisecurity.acls.Permission> getPermissionsForPlan(@NotNull
                                                                    PlanKey planKey)

getAdminGroups

Collection<String> getAdminGroups()

Get a list of all the groups that have global administration permission

Returns:

A list of all the groups that have global administration permission

getRestrictedAdminGroups

@NotNull
Collection<String> getRestrictedAdminGroups()

Get a list of all the groups that have global restricted administration permission

Returns:

A list of all the groups that have global restricted administration permission

getUsePermissionGroups

@NotNull
Collection<String> getUsePermissionGroups()

Get a list of all the groups that have global read or create plan permission

Returns:

A list of all the groups that have global read or create plan permission

getAdminUsers

@NotNull
Collection<String> getAdminUsers()

Get a list of all the users that have global administration permission

Returns:

A list of all the users that have global administration permission

getRestrictedAdminUsers

@NotNull
Collection<String> getRestrictedAdminUsers()

Get a list of all the users that have global restricted administration permission

Returns:

A list of all the users that have global restricted administration permission

getUsePermissionUsers

@NotNull
Collection<String> getUsePermissionUsers()

Get a list of all the users that have global read or create plan permission

Returns:

A list of all the users that have global read or create plan permission

getDefaultUsersGroup

@NotNull
String getDefaultUsersGroup()

Returns:

the name of the default group that users will be added to when they are created

isAdmin

boolean isAdmin(String username)

Returns true if the user is an admin, false if not

Parameters:

username - the user

Returns:

true if the user is an admin, false if not

isSystemAdmin

boolean isSystemAdmin(String username)

Returns true if the user is a sysadmin, false if not

Parameters:

username - the user

Returns:

true if the user is a sysadmin, false if not

isAllowedToSetGlobalPermission

boolean isAllowedToSetGlobalPermission(@NotNull
                                       org.acegisecurity.acls.Permission permission)

Returns true if user is allowed to set specific global permission

Parameters:

permission - permission to check

Returns:

canManageElasticBamboo

boolean canManageElasticBamboo()

Returns true if the current user has credentials to manage Elastic Bamboo.

Note that this permission is only required for Elastic Bamboo configuration (including operations like viewing EC2 instances, their statuses, logs etc.). Normal usage of Bamboo with EC2 configured (e.g. running builds on elastic agents) does not require such credentials.

Returns:

true, if current user has permission to configure Elastic Bamboo

canManageAgents

boolean canManageAgents()

Returns true if the current user has credentials to manage Bamboo Agents.

Returns:

true if the current user has permission to manage agents, false otherwise

getAcl

org.acegisecurity.acls.Acl getAcl(@NotNull
                                  Object object)

canRunCustomBuild

boolean canRunCustomBuild(@NotNull
                          PlanKey planKey)

Parameters:

planKey - key of the plan in question

Returns:

true if the current user is allowed to run custom build of specified plan