Package com.atlassian.bamboo.security

Interface BambooPermissionManager

    • Field Detail

      • SYSTEM_AUTHORITY

        static final org.acegisecurity.adapters.PrincipalAcegiUserToken SYSTEM_AUTHORITY

    • Method Detail

      • hasPermission

        boolean hasPermission​(@NotNull
                      @NotNull org.acegisecurity.acls.Permission permission,
                      @NotNull
                      @NotNull Object object,
                      @Nullable
                      @Nullable org.acegisecurity.Authentication authentication)
        Checks whether a permission is granted to access object with given authentication.
        Parameters:
        permission - the permission to check for
        object - the domain object on which the permission check will be made
        authentication - the authentication/principal whose secure identities will be checked for the permission
        Returns:

      • hasPermission

        com.google.common.base.Predicate<Object> hasPermission​(@NotNull
                                                       @NotNull BambooPermission permission,
                                                       @Nullable
                                                       @Nullable org.acegisecurity.Authentication authentication)
        Predicate for {link #hasPermission(permission, object, authentication)}
        Parameters:
        permission - the permission to check for
        authentication - the authentication/principal whose secure identities will be checked for the permission
        Returns:

      • hasPermission

        boolean hasPermission​(@NotNull
                      @NotNull String username,
                      @NotNull
                      @NotNull org.acegisecurity.acls.Permission permission,
                      @NotNull
                      @NotNull Object object)

      • hasPermissionForAuthority

        boolean hasPermissionForAuthority​(@NotNull
                                  @NotNull org.acegisecurity.acls.Permission permission,
                                  @NotNull
                                  @NotNull Object object,
                                  @NotNull
                                  @NotNull org.acegisecurity.GrantedAuthority authority)
        Checks whether a permission is granted to access object with given authority.
        Parameters:
        permission - the permission to check for
        object - the domain object on which the permission check will be made
        authority - the authority whose secure identities will be checked for the permission
        Returns:

      • hasPlanPermission

        boolean hasPlanPermission​(@NotNull
                          @NotNull org.acegisecurity.acls.Permission permission,
                          @NotNull
                          @NotNull PlanKey planKey)
        Verify plan access
        Parameters:
        permission - permission to check
        planKey - key of the plan
        Returns:
        true iff permission is granted

      • hasPlanPermission

        boolean hasPlanPermission​(@NotNull
                          @NotNull org.acegisecurity.acls.Permission permission,
                          @NotNull
                          @NotNull ImmutablePlan plan)
        Verify plan access
        Parameters:
        permission - permission to check
        plan - plan
        Returns:
        true iff permission is granted

      • hasProjectPermission

        boolean hasProjectPermission​(@NotNull
                             @NotNull org.acegisecurity.acls.Permission permission,
                             @NotNull
                             @NotNull String projectKey)
        Checks if currently logged in user has a permission for a project identified by projectKey.
        Parameters:
        permission - permission to check
        projectKey - key of the project to check
        Returns:
        true if project with the given key exists and current user has the permission to it

      • hasProjectPermission

        boolean hasProjectPermission​(@NotNull
                             @NotNull org.acegisecurity.acls.Permission permission,
                             @NotNull
                             @NotNull Project project)
        Checks if currently logged in user has a permission for a project.
        Parameters:
        permission - permission to check
        project - project to check
        Returns:
        true if current user has the permission to the project

      • canCreatePlanInProject

        boolean canCreatePlanInProject​(@NotNull
                               @NotNull String projectKey)
        Checks if currently logged in user can create plans in a project identified by projectKey.
        Parameters:
        projectKey - key of the project to check
        Returns:
        true if project with the given key exists and current user can create plans in it

      • canCreatePlanInProject

        boolean canCreatePlanInProject​(@NotNull
                               @NotNull Project project)
        Checks if currently logged in user can create plans in a project.
        Parameters:
        project - project to check
        Returns:
        true if current user can create plans in the project

      • canCreateProject

        boolean canCreateProject()
        Checks if currently logged in user can create new projects.
        Returns:
        true if current user can create projects

      • canCreatePlan

        boolean canCreatePlan()
        Checks if currently logged in user can create new plans.

        This method might be expensive to compute as it may need to check permissions on all projects for this Bamboo instance.

        Returns:
        true if current user can create plans

      • canCreateDeploymentProject

        boolean canCreateDeploymentProject()

      • hasGlobalPermission

        boolean hasGlobalPermission​(@NotNull
                            @NotNull org.acegisecurity.acls.Permission permission)

      • isEnableSignup

        boolean isEnableSignup()

      • getPermissionsForPlan

        Collection<org.acegisecurity.acls.Permission> getPermissionsForPlan​(@NotNull
                                                                    @NotNull PlanKey planKey)

      • getAdminGroups

        Collection<String> getAdminGroups()
        Get a list of all the groups that have global administration permission
        Returns:
        A list of all the groups that have global administration permission

      • getRestrictedAdminGroups

        @NotNull
@NotNull Collection<String> getRestrictedAdminGroups()
        Get a list of all the groups that have global restricted administration permission
        Returns:
        A list of all the groups that have global restricted administration permission

      • getUsePermissionGroups

        @NotNull
@NotNull Collection<String> getUsePermissionGroups()
        Get a list of all the groups that have global read or create plan permission
        Returns:
        A list of all the groups that have global read or create plan permission

      • getAdminUsers

        @NotNull
@NotNull Collection<String> getAdminUsers()
        Get a list of all the users that have global administration permission
        Returns:
        A list of all the users that have global administration permission

      • getRestrictedAdminUsers

        @NotNull
@NotNull Collection<String> getRestrictedAdminUsers()
        Get a list of all the users that have global restricted administration permission
        Returns:
        A list of all the users that have global restricted administration permission

      • getUsePermissionUsers

        @NotNull
@NotNull Collection<String> getUsePermissionUsers()
        Get a list of all the users that have global read or create plan permission
        Returns:
        A list of all the users that have global read or create plan permission

      • getDefaultUsersGroup

        @NotNull
@NotNull String getDefaultUsersGroup()
        Returns:
        the name of the default group that users will be added to when they are created

      • isAdmin

        boolean isAdmin​(String username)
        Returns true if the user is an admin, false if not
        Parameters:
        username - the user
        Returns:
        true if the user is an admin, false if not

      • isSystemAdmin

        boolean isSystemAdmin​(String username)
        Returns true if the user is a sysadmin, false if not
        Parameters:
        username - the user
        Returns:
        true if the user is a sysadmin, false if not

      • isAllowedToSetGlobalPermission

        boolean isAllowedToSetGlobalPermission​(@NotNull
                                       @NotNull org.acegisecurity.acls.Permission permission)
        Returns true if user is allowed to set specific global permission
        Parameters:
        permission - permission to check
        Returns:

      • canManageElasticBamboo

        boolean canManageElasticBamboo()
        Returns true if the current user has credentials to manage Elastic Bamboo.

        Note that this permission is only required for Elastic Bamboo configuration (including operations like viewing EC2 instances, their statuses, logs etc.). Normal usage of Bamboo with EC2 configured (e.g. running builds on elastic agents) does not require such credentials.

        Returns:
        true, if current user has permission to configure Elastic Bamboo

      • canManageEphemeralAgents

        boolean canManageEphemeralAgents()
        Returns true if the current user has credentials to manage Ephemeral Agents.

        Note that this permission is only required for Ephemeral Agents configuration (including operations like viewing templates). Normal usage of Bamboo with Ephemeral Agents configured (e.g. running builds) does not require such credentials.

        Returns:
        true, if current user has permission to configure Ephemeral Agents
        Since:
        9.3

      • canManageAgents

        boolean canManageAgents()
        Returns true if the current user has credentials to manage Bamboo Agents.
        Returns:
        true if the current user has permission to manage agents, false otherwise

      • getAcl

        org.acegisecurity.acls.Acl getAcl​(@NotNull
                                  @NotNull Object object)

      • canRunCustomBuild

        boolean canRunCustomBuild​(@NotNull
                          @NotNull PlanKey planKey)
        Parameters:
        planKey - key of the plan in question
        Returns:
        true if the current user is allowed to run custom build of specified plan