BambooAclUpdateHelper (Atlassian Bamboo 8.0.4 API)

java.lang.Object
- com.atlassian.bamboo.security.acegi.acls.BambooAclUpdateHelper

```
public class BambooAclUpdateHelper
extends Object
```
A helper class used in Acl update and creation operations
It converts between Acl and AccessControlEntry objects and a "permissionKey" which is a String representation of a Acl and AccessControlEntry combination.
The "permissionKeys" are in the format: bambooPermission_TYPE_PRINCIPAL_PERMISSION
The permission configuration UI understands this format.

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`BAMBOO_PERMISSION_FORM_GROUP_PREFIX`
`static String`	`BAMBOO_PERMISSION_PREFIX`
`static com.google.common.base.Joiner`	`PERMISSION_KEY_JOINER`

Constructor Summary

Constructors
Constructor and Description

BambooAclUpdateHelper()

Constructors
Constructor and Description
`BambooAclUpdateHelper()`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`void`	`addPermissionsToAclForCurrentUser(org.acegisecurity.acls.MutableAcl acl, List<BambooPermission> permissions)` Adds the given `permissions` for the currently logged in user to the `acl` entry.
`void`	`addReadPermissionForAnonymousAndLoggedinUsers(org.acegisecurity.acls.MutableAcl acl)` Grant READ permission for Anonymous and Logged-in users.
`List<String>`	`addViewPermissionsForEditPermissions(List<String> permissionKeys)` For each of the WRITE permission keys in the list make sure there's corresponding READ permission.
`void`	`buildPermissionAndUserGroupListsFromAcl(List<String> grantedPermissions, List<String> grantedUsers, List<String> grantedGroups, List<String> nonProcessedGrantedPermissions, org.acegisecurity.acls.Acl acl, boolean showAdminPermissions, BambooPermissionManager bambooPermissionManager)` Helper conversion method for the permission configuration pages.
`void`	`buildUserGroupListsFromPermissions(List<String> grantedPermissions, List<String> grantedUsers, List<String> grantedGroups)` Given a list of granted permissions (permissionKey `String`s), it will populate the grantedUsers list with unique usernames of those users which have permissions.
`org.acegisecurity.acls.MutableAcl`	`clonePermissions(com.atlassian.user.User user, Class<? extends BambooIdProvider> permissionObject, long id, org.acegisecurity.acls.Acl parentAcl)`
`org.acegisecurity.acls.MutableAcl`	`copyProjectPermissionsToEnvironment(com.atlassian.user.User user, Class<? extends BambooIdProvider> permissionObject, long id, org.acegisecurity.acls.Acl parentAcl)`
`static String`	`createGroupPermissionKey(String sid, String permissionName)` Create permission key for a group permission
`org.acegisecurity.acls.MutableAcl`	`createNewDefaultAcl(com.atlassian.user.User user, Class<? extends Plan> planType, boolean accessForAllUsers)` Creates a default Acl for a specific plan types which has: - All permissions for the creator (user argument) of the plan - READ permission for all logged in users - READ permission for all anonymous users
`org.acegisecurity.acls.MutableAcl`	`createNewObjectAcl(com.atlassian.user.User user, Class<? extends BambooIdProvider> permissionObject, long id, boolean accessForAllUsers)` Creates a default Acl for a object which has: - EDIT permission for the creator (user argument) of the deployment project - READ permission for all logged in users - READ permission for all anonymous users
`static String`	`createPermissionKey(org.acegisecurity.acls.sid.Sid sid, String permissionName)` Create permission key for a permission
`static String`	`createPermissionKey(String sidType, String authority, String permissionName)` Create permission key for a permission
`static String`	`createRolePermissionKey(String sid, String permissionName)` Create permission key for a role permission
`static String`	`createUserPermissionKey(String sid, String permissionName)` Create permission key for a user permission
`static String`	`extractPrincipalFromSid(org.acegisecurity.acls.sid.Sid sid)` Extract a principal as a String from a `Sid`.
`static String`	`extractSidTypeFromSid(org.acegisecurity.acls.sid.Sid sid)` Extract a principal type as String from a `Sid`.
`Iterable<org.acegisecurity.acls.Permission>`	`getGroupPermissions(String groupName, org.acegisecurity.acls.Acl acl, BambooPermissionManager bambooPermissionManager, boolean showAdminPermission)` Retrieve granted global permission of the given group Name.
`org.acegisecurity.acls.Permission`	`getPermission(String permissionKey)`
`static Optional<String>`	`getPermissionKeyFromAce(org.acegisecurity.acls.AccessControlEntry ace)` Given an `AccessControlEntry` return a `String` representation.
`Map<String,List<org.acegisecurity.acls.Permission>>`	`getRolePermissions(org.acegisecurity.acls.Acl acl, BambooPermissionManager bambooPermissionManager, boolean showAdminPermission)` Retrieve global permissions of the two known roles, logged in user and anonymous user.
`org.acegisecurity.acls.sid.Sid`	`getSidFromIdAndType(String id, String type)` Attempt to extract `Sid` from a given sid id and type.
`org.acegisecurity.acls.sid.Sid`	`getSidFromPermissionKey(String permissionKey)` Get the `Sid` based on a permission key.
`Iterable<org.acegisecurity.acls.Permission>`	`getUserPermissions(String userName, org.acegisecurity.acls.Acl acl, BambooPermissionManager bambooPermissionManager, boolean showAdminPermissions)` Retrieve granted global permission of the given user.
`void`	`modifyAclAces(org.acegisecurity.acls.MutableAcl acl, List<String> newPermissionKeys)` Updates an `MutableAcl` with new `AccessControlEntry`s with permissions represented by a list of `String` permissionKeys.
`static String`	`retrievePermissionFromACE(org.acegisecurity.acls.AccessControlEntry ace)` Deprecated. since 5.11, use `getPermissionKeyFromAce(AccessControlEntry)`
`void`	`updateGroupPermissions(com.atlassian.user.Group group, List<org.acegisecurity.acls.Permission> permissions, BambooPermissionManager bambooPermissionManager, HibernateMutableAclService aclService)` Update global permissions of the given group.
`void`	`updateGroupPermissions(String groupName, List<org.acegisecurity.acls.Permission> permissions, BambooPermissionManager bambooPermissionManager, HibernateMutableAclService aclService, BambooUserManager userManager, com.atlassian.sal.api.message.I18nResolver i18nResolver)`
`void`	`updateGroupPermissions(String groupName, List<org.acegisecurity.acls.Permission> permissions, BambooPermissionManager bambooPermissionManager, HibernateMutableAclService aclService, BambooUserManager userManager, com.atlassian.struts.TextProvider textProvider)`
`void`	`updateRolePermissions(String roleName, List<org.acegisecurity.acls.Permission> permissions, BambooPermissionManager permissionManager, HibernateMutableAclService aclService, AdministrationConfigurationAccessor administrationConfigurationAccessor, AdministrationConfigurationPersister administrationConfigurationPersister)` Update permission of a given role.
`void`	`updateUserPermissions(String userName, List<org.acegisecurity.acls.Permission> permissions, BambooUserManager bambooUserManager, BambooPermissionManager bambooPermissionManager, HibernateMutableAclService aclService, com.atlassian.sal.api.message.I18nResolver i18nResolver)` Update global permissions of the given user.
`protected ErrorCollection`	`validateRolePermissionUpdateRequest(String roleName, List<org.acegisecurity.acls.Permission> permissions)`
`protected ErrorCollection`	`validateUpdateRequest(com.atlassian.user.Group group, List<org.acegisecurity.acls.Permission> permissions, BambooPermissionManager bambooPermissionManager)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

BAMBOO_PERMISSION_PREFIX

public static final String BAMBOO_PERMISSION_PREFIX

See Also:: Constant Field Values

BAMBOO_PERMISSION_FORM_GROUP_PREFIX

public static final String BAMBOO_PERMISSION_FORM_GROUP_PREFIX

See Also:: Constant Field Values

PERMISSION_KEY_JOINER

public static com.google.common.base.Joiner PERMISSION_KEY_JOINER

Constructor Detail
- BambooAclUpdateHelper
```
public BambooAclUpdateHelper()
```

Method Detail

createUserPermissionKey

public static String createUserPermissionKey(String sid,
                                             String permissionName)

Create permission key for a user permission

createGroupPermissionKey

public static String createGroupPermissionKey(String sid,
                                              String permissionName)

Create permission key for a group permission

createRolePermissionKey

public static String createRolePermissionKey(String sid,
                                             String permissionName)

Create permission key for a role permission

createPermissionKey

public static String createPermissionKey(@NotNull
                                         org.acegisecurity.acls.sid.Sid sid,
                                         @NotNull
                                         String permissionName)

Create permission key for a permission

createPermissionKey

public static String createPermissionKey(@NotNull
                                         String sidType,
                                         @NotNull
                                         String authority,
                                         @NotNull
                                         String permissionName)

Create permission key for a permission

getPermissionKeyFromAce

public static Optional<String> getPermissionKeyFromAce(@NotNull
                                                       org.acegisecurity.acls.AccessControlEntry ace)

Given an AccessControlEntry return a String representation.

buildUserGroupListsFromPermissions

public void buildUserGroupListsFromPermissions(List<String> grantedPermissions,
                                               List<String> grantedUsers,
                                               List<String> grantedGroups)

Given a list of granted permissions (permissionKey Strings), it will populate the grantedUsers list with unique usernames of those users which have permissions. Likewise, it will populate the grantedGroups list with unique group names of those groups which have permissions.

addViewPermissionsForEditPermissions

@NotNull
public List<String> addViewPermissionsForEditPermissions(@NotNull
                                                                  List<String> permissionKeys)

For each of the WRITE permission keys in the list make sure there's corresponding READ permission.

getUserPermissions

public Iterable<org.acegisecurity.acls.Permission> getUserPermissions(@NotNull
                                                                      String userName,
                                                                      @NotNull
                                                                      org.acegisecurity.acls.Acl acl,
                                                                      @NotNull
                                                                      BambooPermissionManager bambooPermissionManager,
                                                                      boolean showAdminPermissions)

Retrieve granted global permission of the given user. It calls buildPermissionAndUserGroupListsFromAcl and filter out permissions for the user name

Parameters:: userName - name of the user to be filtered; acl -; showAdminPermissions -
Returns:: A list of Permission of the given user

getGroupPermissions

public Iterable<org.acegisecurity.acls.Permission> getGroupPermissions(@NotNull
                                                                       String groupName,
                                                                       @NotNull
                                                                       org.acegisecurity.acls.Acl acl,
                                                                       @NotNull
                                                                       BambooPermissionManager bambooPermissionManager,
                                                                       boolean showAdminPermission)

Retrieve granted global permission of the given group Name. It calls buildPermissionAndUserGroupListsFromAcl and filter out permissions for the group name

Parameters:: groupName - group name to be filtered; acl -; showAdminPermission -
Returns:: A list of Permission of the given group name

getRolePermissions

public Map<String,List<org.acegisecurity.acls.Permission>> getRolePermissions(@NotNull
                                                                              org.acegisecurity.acls.Acl acl,
                                                                              @NotNull
                                                                              BambooPermissionManager bambooPermissionManager,
                                                                              boolean showAdminPermission)

Retrieve global permissions of the two known roles, logged in user and anonymous user.

Parameters:: acl -; bambooPermissionManager -; showAdminPermission -
Returns:: Map of roles and their global permissions

updateRolePermissions

public void updateRolePermissions(@Nullable
                                  String roleName,
                                  @NotNull
                                  List<org.acegisecurity.acls.Permission> permissions,
                                  @NotNull
                                  BambooPermissionManager permissionManager,
                                  @NotNull
                                  HibernateMutableAclService aclService,
                                  @NotNull
                                  AdministrationConfigurationAccessor administrationConfigurationAccessor,
                                  @NotNull
                                  AdministrationConfigurationPersister administrationConfigurationPersister)
                           throws WebValidationException

Update permission of a given role. Require current user to have System Admin or Restricted Admin permission. Otherwise UnauthorisedException will be thrown.

If updating ROLE_ANONYMOUS it will also update the anonymous access flag in the administration configuration depending on the READ permission.

Parameters:: roleName - Role name. Must be one of the know roles, ROLE_USER or ROLE_ANONYMOUS. ROLE_USER can only have ACCESS or CREATE permissions. ROLE_ANONYMOUS can only have ACCESS permission.; permissions -; permissionManager -; aclService -; administrationConfigurationAccessor -; administrationConfigurationPersister -
Throws:: WebValidationException - If the role name is invalid or the role is given extra permission than it should have.

validateRolePermissionUpdateRequest

protected ErrorCollection validateRolePermissionUpdateRequest(@NotNull
                                                              String roleName,
                                                              @NotNull
                                                              List<org.acegisecurity.acls.Permission> permissions)

updateUserPermissions

public void updateUserPermissions(@Nullable
                                  String userName,
                                  @NotNull
                                  List<org.acegisecurity.acls.Permission> permissions,
                                  @NotNull
                                  BambooUserManager bambooUserManager,
                                  @NotNull
                                  BambooPermissionManager bambooPermissionManager,
                                  @NotNull
                                  HibernateMutableAclService aclService,
                                  @NotNull
                                  com.atlassian.sal.api.message.I18nResolver i18nResolver)
                           throws WebValidationException

Update global permissions of the given user. Require current user to have System Admin or Restricted Admin permission. Otherwise UnauthorisedException will be thrown.

Parameters:: userName - name of user for which permissions should be updated; permissions - updated permissions
Throws:: WebValidationException

updateGroupPermissions

public void updateGroupPermissions(@Nullable
                                   String groupName,
                                   @NotNull
                                   List<org.acegisecurity.acls.Permission> permissions,
                                   @NotNull
                                   BambooPermissionManager bambooPermissionManager,
                                   @NotNull
                                   HibernateMutableAclService aclService,
                                   @NotNull
                                   BambooUserManager userManager,
                                   @NotNull
                                   com.atlassian.sal.api.message.I18nResolver i18nResolver)
                            throws WebValidationException

Throws:: WebValidationException

updateGroupPermissions

public void updateGroupPermissions(@Nullable
                                   String groupName,
                                   @NotNull
                                   List<org.acegisecurity.acls.Permission> permissions,
                                   @NotNull
                                   BambooPermissionManager bambooPermissionManager,
                                   @NotNull
                                   HibernateMutableAclService aclService,
                                   @NotNull
                                   BambooUserManager userManager,
                                   @NotNull
                                   com.atlassian.struts.TextProvider textProvider)
                            throws WebValidationException

Throws:: WebValidationException

updateGroupPermissions

public void updateGroupPermissions(@NotNull
                                   com.atlassian.user.Group group,
                                   @NotNull
                                   List<org.acegisecurity.acls.Permission> permissions,
                                   @NotNull
                                   BambooPermissionManager bambooPermissionManager,
                                   @NotNull
                                   HibernateMutableAclService aclService)
                            throws WebValidationException

Update global permissions of the given group. Require current user to have System Admin or Restricted Admin permission. Otherwise UnauthorisedException will be thrown.

Parameters:: group -; permissions -
Throws:: WebValidationException

retrievePermissionFromACE

@Deprecated
public static String retrievePermissionFromACE(@NotNull
                                                           org.acegisecurity.acls.AccessControlEntry ace)

Deprecated. since 5.11, use getPermissionKeyFromAce(AccessControlEntry)

validateUpdateRequest

@NotNull
protected ErrorCollection validateUpdateRequest(@Nullable
                                                         com.atlassian.user.Group group,
                                                         @NotNull
                                                         List<org.acegisecurity.acls.Permission> permissions,
                                                         @NotNull
                                                         BambooPermissionManager bambooPermissionManager)

buildPermissionAndUserGroupListsFromAcl

public void buildPermissionAndUserGroupListsFromAcl(@NotNull
                                                    List<String> grantedPermissions,
                                                    @NotNull
                                                    List<String> grantedUsers,
                                                    @NotNull
                                                    List<String> grantedGroups,
                                                    @NotNull
                                                    List<String> nonProcessedGrantedPermissions,
                                                    @NotNull
                                                    org.acegisecurity.acls.Acl acl,
                                                    boolean showAdminPermissions,
                                                    @NotNull
                                                    BambooPermissionManager bambooPermissionManager)

Helper conversion method for the permission configuration pages.

Takes in an Acl and populates three lists from this Acl: - grantedPermissions - a list of String in format: bambooPermission_TYPE_PRINCIPAL_PERMISSION - grantedUsers - a list of String usernames - who have at least one AccessControlEntry against the Acl - grantedGroups - a list of String groupnames - who have at least one AccessControlEntry against the Acl - nonProcessedGrantedPermissions - a list of permissions, that are not processed - so could not be changed here. It is introduced to avoid cleaning up permissions, that are not visible for user performing this action

Parameters:: grantedPermissions -; grantedUsers -; grantedGroups -; nonProcessedGrantedPermissions -; acl -; showAdminPermissions -; bambooPermissionManager -

modifyAclAces
```
public void modifyAclAces(org.acegisecurity.acls.MutableAcl acl,
                          List<String> newPermissionKeys)
```
Updates an MutableAcl with new AccessControlEntrys with permissions represented by a list of String permissionKeys.

Parameters:

acl -

newPermissionKeys -

addPermissionsToAclForCurrentUser

public void addPermissionsToAclForCurrentUser(@NotNull
                                              org.acegisecurity.acls.MutableAcl acl,
                                              @NotNull
                                              List<BambooPermission> permissions)

Adds the given permissions for the currently logged in user to the acl entry. This method will not persist the modifications on the MutableAcl.

Parameters:: acl - acl to update; permissions - permissions to grant

createNewDefaultAcl

@NotNull
public org.acegisecurity.acls.MutableAcl createNewDefaultAcl(@Nullable
                                                                      com.atlassian.user.User user,
                                                                      Class<? extends Plan> planType,
                                                                      boolean accessForAllUsers)

Creates a default Acl for a specific plan types which has: - All permissions for the creator (user argument) of the plan - READ permission for all logged in users - READ permission for all anonymous users

Parameters:: user - to create acl for.; planType - to create acl for.; accessForAllUsers - to create acl for anonymous and logged-in user
Returns:: MutableAcl representing a default permission set

createNewObjectAcl

@NotNull
public org.acegisecurity.acls.MutableAcl createNewObjectAcl(@Nullable
                                                                     com.atlassian.user.User user,
                                                                     Class<? extends BambooIdProvider> permissionObject,
                                                                     long id,
                                                                     boolean accessForAllUsers)

Creates a default Acl for a object which has: - EDIT permission for the creator (user argument) of the deployment project - READ permission for all logged in users - READ permission for all anonymous users

Parameters:: user - to create acl for.; permissionObject - to create acl for.
Returns:: MutableAcl representing a default permission set

copyProjectPermissionsToEnvironment

@NotNull
public org.acegisecurity.acls.MutableAcl copyProjectPermissionsToEnvironment(@Nullable
                                                                                      com.atlassian.user.User user,
                                                                                      Class<? extends BambooIdProvider> permissionObject,
                                                                                      long id,
                                                                                      org.acegisecurity.acls.Acl parentAcl)

clonePermissions

@NotNull
public org.acegisecurity.acls.MutableAcl clonePermissions(@Nullable
                                                                   com.atlassian.user.User user,
                                                                   Class<? extends BambooIdProvider> permissionObject,
                                                                   long id,
                                                                   org.acegisecurity.acls.Acl parentAcl)

extractPrincipalFromSid
```
@NotNull
public static String extractPrincipalFromSid(@NotNull
                                                      org.acegisecurity.acls.sid.Sid sid)
```
Extract a principal as a String from a Sid. Throws IllegalStateException if the sid type is unknown.

Parameters:

sid - ACEGI sid

Returns:

principal extracted from sid, e.g. GroupPrincipalSid.getPrincipal() or PrincipalSid.getPrincipal().

Throws:

IllegalStateException - when sid type is not recognized

extractSidTypeFromSid
```
public static String extractSidTypeFromSid(@NotNull
                                           org.acegisecurity.acls.sid.Sid sid)
```
Extract a principal type as String from a Sid. Throws IllegalStateException if the sid type is unknown.

Parameters:

sid - ACEGI sid

Returns:

sid type, e.g. BAMBOO_PERMISSION_FORM_GROUP or BAMBOO_PERMISSION_FORM_USER.

getSidFromPermissionKey
```
@NotNull
public org.acegisecurity.acls.sid.Sid getSidFromPermissionKey(@NotNull
                                                                       String permissionKey)
```
Get the Sid based on a permission key.

Parameters:

permissionKey - full permission key, containing sid type, principal name and permission name

Returns:

correct instance of Sid based on the passed key

Throws:

IllegalArgumentException - if the key can't be used to properly construct a Sid

addReadPermissionForAnonymousAndLoggedinUsers

public void addReadPermissionForAnonymousAndLoggedinUsers(@NotNull
                                                          org.acegisecurity.acls.MutableAcl acl)

Grant READ permission for Anonymous and Logged-in users.

getSidFromIdAndType

@NotNull
public org.acegisecurity.acls.sid.Sid getSidFromIdAndType(@NotNull
                                                                   String id,
                                                                   @NotNull
                                                                   String type)

Attempt to extract Sid from a given sid id and type.

Parameters:: id - unique id of the sid; type - type of the sid, one of the values defined in HibernateSidUserType
Throws:: IllegalArgumentException - if the sid type is not recognised

getPermission

public org.acegisecurity.acls.Permission getPermission(String permissionKey)

Class BambooAclUpdateHelper

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

BAMBOO_PERMISSION_PREFIX

BAMBOO_PERMISSION_FORM_GROUP_PREFIX

PERMISSION_KEY_JOINER

Constructor Detail

BambooAclUpdateHelper

Method Detail

createUserPermissionKey

createGroupPermissionKey

createRolePermissionKey

createPermissionKey

createPermissionKey

getPermissionKeyFromAce

buildUserGroupListsFromPermissions

addViewPermissionsForEditPermissions

getUserPermissions

getGroupPermissions

getRolePermissions

updateRolePermissions

validateRolePermissionUpdateRequest

updateUserPermissions

updateGroupPermissions

updateGroupPermissions

updateGroupPermissions

retrievePermissionFromACE

validateUpdateRequest

buildPermissionAndUserGroupListsFromAcl

modifyAclAces

addPermissionsToAclForCurrentUser

createNewDefaultAcl

createNewObjectAcl

copyProjectPermissionsToEnvironment

clonePermissions

extractPrincipalFromSid

extractSidTypeFromSid

getSidFromPermissionKey

addReadPermissionForAnonymousAndLoggedinUsers

getSidFromIdAndType

getPermission