Package com.atlassian.bamboo.security

Class BambooPermissionManagerImpl

java.lang.Object

com.atlassian.bamboo.security.BambooPermissionManagerImpl

All Implemented Interfaces:

BambooPermissionManager

public class BambooPermissionManagerImpl
extends Object
implements BambooPermissionManager

Field Summary

Fields

Modifier and Type	Field	Description
protected org.acegisecurity.acls.MutableAclService	aclService

Fields inherited from interface com.atlassian.bamboo.security.BambooPermissionManager

SYSTEM_AUTHORITY

Constructor Summary

Constructors

Constructor	Description
BambooPermissionManagerImpl()

Method Summary

Modifier and Type	Method	Description
boolean	canCreateDeploymentProject()
boolean	canCreatePlan()	Checks if currently logged in user can create new plans.
boolean	canCreatePlanInProject(@NotNull Project project)	Checks if currently logged in user can create plans in a project.
boolean	canCreatePlanInProject(@NotNull String projectKey)	Checks if currently logged in user can create plans in a project identified by projectKey.
boolean	canCreateProject()	Checks if currently logged in user can create new projects.
boolean	canManageAgents()	Returns true if the current user has credentials to manage Bamboo Agents.
boolean	canManageElasticBamboo()	Returns true if the current user has credentials to manage Elastic Bamboo.
boolean	canManageEphemeralAgents()	Returns true if the current user has credentials to manage Ephemeral Agents.
boolean	canRunCustomBuild(@NotNull PlanKey planKey)
protected boolean	checkPermissionForObjectIdentity(@NotNull org.acegisecurity.acls.objectidentity.ObjectIdentity identity, @NotNull org.acegisecurity.acls.Permission permission, @NotNull org.acegisecurity.Authentication authentication)
protected org.acegisecurity.acls.objectidentity.ObjectIdentity	createObjectIdentity(@NotNull Object object)
org.acegisecurity.acls.Acl	getAcl(@NotNull Object object)
@NotNull Collection<String>	getAdminGroups()	Get a list of all the groups that have global administration permission
@NotNull Collection<String>	getAdminUsers()	Get a list of all the users that have global administration permission
@NotNull String	getDefaultUsersGroup()
@NotNull Collection<String>	getGroupsWithPermission(BambooPermission permission)
Collection<org.acegisecurity.acls.Permission>	getPermissionsForPlan(@NotNull PlanKey planKey)
@NotNull Collection<String>	getRestrictedAdminGroups()	Get a list of all the groups that have global restricted administration permission
@NotNull Collection<String>	getRestrictedAdminUsers()	Get a list of all the users that have global restricted administration permission
@NotNull Collection<String>	getUsePermissionGroups()	Get a list of all the groups that have global read or create plan permission
@NotNull Collection<String>	getUsePermissionUsers()	Get a list of all the users that have global read or create plan permission
@NotNull Collection<String>	getUsersWithPermission(BambooPermission permission)
boolean	hasGlobalPermission(@NotNull org.acegisecurity.acls.Permission permission)
com.google.common.base.Predicate<Object>	hasPermission(@NotNull BambooPermission permission, @Nullable org.acegisecurity.Authentication authentication)	Predicate for {link #hasPermission(permission, object, authentication)}
boolean	hasPermission(@NotNull String username, @NotNull org.acegisecurity.acls.Permission permission, @NotNull Object object)
protected boolean	hasPermission(@NotNull org.acegisecurity.acls.Permission permission, @NotNull HibernateObjectIdentityImpl objectIdentity, @NotNull org.acegisecurity.Authentication authentication)
boolean	hasPermission(@NotNull org.acegisecurity.acls.Permission permission, @NotNull Object object, @Nullable org.acegisecurity.Authentication authentication)	Checks whether a permission is granted to access object with given authentication.
protected boolean	hasPermission(@NotNull org.acegisecurity.acls.Permission permission, @NotNull org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, @NotNull org.acegisecurity.Authentication authentication)
boolean	hasPermissionForAuthority(@NotNull org.acegisecurity.acls.Permission permission, @NotNull Object object, @NotNull org.acegisecurity.GrantedAuthority authority)	Checks whether a permission is granted to access object with given authority.
boolean	hasPlanPermission(@NotNull org.acegisecurity.acls.Permission permission, @NotNull ImmutablePlan plan)	Verify plan access
boolean	hasPlanPermission(@NotNull org.acegisecurity.acls.Permission permission, @NotNull PlanKey planKey)	Verify plan access
boolean	hasProjectEditPermission(@Nullable Project project)
boolean	hasProjectPermission(@NotNull org.acegisecurity.acls.Permission permission, @NotNull Project project)	Checks if currently logged in user has a permission for a project.
boolean	hasProjectPermission(@NotNull org.acegisecurity.acls.Permission permission, @NotNull String projectKey)	Checks if currently logged in user has a permission for a project identified by projectKey.
boolean	isAdmin(String username)	Returns true if the user is an admin, false if not
boolean	isAllowedToSetGlobalPermission(@NotNull org.acegisecurity.acls.Permission permission)	Returns true if user is allowed to set specific global permission
boolean	isEnableSignup()
protected boolean	isPermissionSuppressedByTokenAuthorisation(@NotNull org.acegisecurity.acls.Permission permission)
boolean	isSystemAdmin(String username)	Returns true if the user is a sysadmin, false if not
protected org.acegisecurity.acls.Acl	readAclById(org.acegisecurity.acls.objectidentity.ObjectIdentity identity)
void	setAclService(org.acegisecurity.acls.MutableAclService aclService)
void	setAdministrationConfigurationAccessor(AdministrationConfigurationAccessor administrationConfigurationAccessor)
void	setCachedPlanManager(CachedPlanManager cachedPlanManager)
void	setObjectIdentityRetrievalStrategy(org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy)
void	setOverrideAuthorities(org.acegisecurity.GrantedAuthority[] overrideAuthorities)
void	setProjectManager(ProjectManager projectManager)
void	setScopesRequestCacheDelegate(ScopesRequestCacheDelegate scopesRequestCacheDelegate)
void	setSidRetrievalStrategy(org.acegisecurity.acls.sid.SidRetrievalStrategy sidRetrievalStrategy)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

aclService

protected org.acegisecurity.acls.MutableAclService aclService

Constructor Detail

BambooPermissionManagerImpl

public BambooPermissionManagerImpl()

Method Detail

hasPermission

public boolean hasPermission(@NotNull
                             @NotNull org.acegisecurity.acls.Permission permission,
                             @NotNull
                             @NotNull Object object,
                             @Nullable
                             @Nullable org.acegisecurity.Authentication authentication)

Description copied from interface: BambooPermissionManager

Checks whether a permission is granted to access object with given authentication.

Specified by:

hasPermission in interface BambooPermissionManager

Parameters:

permission - the permission to check for

object - the domain object on which the permission check will be made

authentication - the authentication/principal whose secure identities will be checked for the permission

Returns:

checkPermissionForObjectIdentity

protected boolean checkPermissionForObjectIdentity(@NotNull
                                                   @NotNull org.acegisecurity.acls.objectidentity.ObjectIdentity identity,
                                                   @NotNull
                                                   @NotNull org.acegisecurity.acls.Permission permission,
                                                   @NotNull
                                                   @NotNull org.acegisecurity.Authentication authentication)

isPermissionSuppressedByTokenAuthorisation

protected boolean isPermissionSuppressedByTokenAuthorisation(@NotNull
                                                             @NotNull org.acegisecurity.acls.Permission permission)

hasPermission

public com.google.common.base.Predicate<Object> hasPermission(@NotNull
                                                              @NotNull BambooPermission permission,
                                                              @Nullable
                                                              @Nullable org.acegisecurity.Authentication authentication)

Description copied from interface: BambooPermissionManager

Predicate for {link #hasPermission(permission, object, authentication)}

Specified by:

hasPermission in interface BambooPermissionManager

Parameters:

permission - the permission to check for

authentication - the authentication/principal whose secure identities will be checked for the permission

Returns:

hasPermissionForAuthority

public boolean hasPermissionForAuthority(@NotNull
                                         @NotNull org.acegisecurity.acls.Permission permission,
                                         @NotNull
                                         @NotNull Object object,
                                         @NotNull
                                         @NotNull org.acegisecurity.GrantedAuthority authority)

Description copied from interface: BambooPermissionManager

Checks whether a permission is granted to access object with given authority.

Specified by:

hasPermissionForAuthority in interface BambooPermissionManager

Parameters:

permission - the permission to check for

object - the domain object on which the permission check will be made

authority - the authority whose secure identities will be checked for the permission

Returns:

getAcl

public org.acegisecurity.acls.Acl getAcl(@NotNull
                                         @NotNull Object object)

Specified by:

getAcl in interface BambooPermissionManager

readAclById

protected org.acegisecurity.acls.Acl readAclById(org.acegisecurity.acls.objectidentity.ObjectIdentity identity)

hasPermission

public boolean hasPermission(@NotNull
                             @NotNull String username,
                             @NotNull
                             @NotNull org.acegisecurity.acls.Permission permission,
                             @NotNull
                             @NotNull Object object)

Specified by:

hasPermission in interface BambooPermissionManager

hasPlanPermission

public boolean hasPlanPermission(@NotNull
                                 @NotNull org.acegisecurity.acls.Permission permission,
                                 @NotNull
                                 @NotNull PlanKey planKey)

Description copied from interface: BambooPermissionManager

Verify plan access

Specified by:

hasPlanPermission in interface BambooPermissionManager

Parameters:

permission - permission to check

planKey - key of the plan

Returns:

true iff permission is granted

hasPlanPermission

public boolean hasPlanPermission(@NotNull
                                 @NotNull org.acegisecurity.acls.Permission permission,
                                 @NotNull
                                 @NotNull ImmutablePlan plan)

Description copied from interface: BambooPermissionManager

Verify plan access

Specified by:

hasPlanPermission in interface BambooPermissionManager

Parameters:

permission - permission to check

plan - plan

Returns:

true iff permission is granted

hasProjectPermission

public boolean hasProjectPermission(@NotNull
                                    @NotNull org.acegisecurity.acls.Permission permission,
                                    @NotNull
                                    @NotNull String projectKey)

Description copied from interface: BambooPermissionManager

Checks if currently logged in user has a permission for a project identified by projectKey.

Specified by:

hasProjectPermission in interface BambooPermissionManager

Parameters:

permission - permission to check

projectKey - key of the project to check

Returns:

true if project with the given key exists and current user has the permission to it

hasProjectPermission

public boolean hasProjectPermission(@NotNull
                                    @NotNull org.acegisecurity.acls.Permission permission,
                                    @NotNull
                                    @NotNull Project project)

Description copied from interface: BambooPermissionManager

Checks if currently logged in user has a permission for a project.

Specified by:

hasProjectPermission in interface BambooPermissionManager

Parameters:

permission - permission to check

project - project to check

Returns:

true if current user has the permission to the project

canCreatePlanInProject

public boolean canCreatePlanInProject(@NotNull
                                      @NotNull String projectKey)

Description copied from interface: BambooPermissionManager

Checks if currently logged in user can create plans in a project identified by projectKey.

Specified by:

canCreatePlanInProject in interface BambooPermissionManager

Parameters:

projectKey - key of the project to check

Returns:

true if project with the given key exists and current user can create plans in it

canCreatePlanInProject

public boolean canCreatePlanInProject(@NotNull
                                      @NotNull Project project)

Description copied from interface: BambooPermissionManager

Checks if currently logged in user can create plans in a project.

Specified by:

canCreatePlanInProject in interface BambooPermissionManager

Parameters:

project - project to check

Returns:

true if current user can create plans in the project

canCreateProject

public boolean canCreateProject()

Description copied from interface: BambooPermissionManager

Checks if currently logged in user can create new projects.

Specified by:

canCreateProject in interface BambooPermissionManager

Returns:

true if current user can create projects

canCreatePlan

public boolean canCreatePlan()

Description copied from interface: BambooPermissionManager

Checks if currently logged in user can create new plans.

This method might be expensive to compute as it may need to check permissions on all projects for this Bamboo instance.

Specified by:

canCreatePlan in interface BambooPermissionManager

Returns:

true if current user can create plans

canCreateDeploymentProject

public boolean canCreateDeploymentProject()

Specified by:

canCreateDeploymentProject in interface BambooPermissionManager

hasGlobalPermission

public boolean hasGlobalPermission(@NotNull
                                   @NotNull org.acegisecurity.acls.Permission permission)

Specified by:

hasGlobalPermission in interface BambooPermissionManager

getPermissionsForPlan

public Collection<org.acegisecurity.acls.Permission> getPermissionsForPlan(@NotNull
                                                                           @NotNull PlanKey planKey)

Specified by:

getPermissionsForPlan in interface BambooPermissionManager

hasProjectEditPermission

public boolean hasProjectEditPermission(@Nullable
                                        @Nullable Project project)

Specified by:

hasProjectEditPermission in interface BambooPermissionManager

isEnableSignup

public boolean isEnableSignup()

Specified by:

isEnableSignup in interface BambooPermissionManager

getAdminGroups

@NotNull
public @NotNull Collection<String> getAdminGroups()

Description copied from interface: BambooPermissionManager

Get a list of all the groups that have global administration permission

Specified by:

getAdminGroups in interface BambooPermissionManager

Returns:

A list of all the groups that have global administration permission

getRestrictedAdminGroups

@NotNull
public @NotNull Collection<String> getRestrictedAdminGroups()

Description copied from interface: BambooPermissionManager

Get a list of all the groups that have global restricted administration permission

Specified by:

getRestrictedAdminGroups in interface BambooPermissionManager

Returns:

A list of all the groups that have global restricted administration permission

getUsePermissionGroups

@NotNull
public @NotNull Collection<String> getUsePermissionGroups()

Description copied from interface: BambooPermissionManager

Get a list of all the groups that have global read or create plan permission

Specified by:

getUsePermissionGroups in interface BambooPermissionManager

Returns:

A list of all the groups that have global read or create plan permission

getDefaultUsersGroup

@NotNull
public @NotNull String getDefaultUsersGroup()

Specified by:

getDefaultUsersGroup in interface BambooPermissionManager

Returns:

the name of the default group that users will be added to when they are created

getGroupsWithPermission

@NotNull
public @NotNull Collection<String> getGroupsWithPermission(BambooPermission permission)

getAdminUsers

@NotNull
public @NotNull Collection<String> getAdminUsers()

Description copied from interface: BambooPermissionManager

Get a list of all the users that have global administration permission

Specified by:

getAdminUsers in interface BambooPermissionManager

Returns:

A list of all the users that have global administration permission

getRestrictedAdminUsers

@NotNull
public @NotNull Collection<String> getRestrictedAdminUsers()

Description copied from interface: BambooPermissionManager

Get a list of all the users that have global restricted administration permission

Specified by:

getRestrictedAdminUsers in interface BambooPermissionManager

Returns:

A list of all the users that have global restricted administration permission

getUsePermissionUsers

@NotNull
public @NotNull Collection<String> getUsePermissionUsers()

Description copied from interface: BambooPermissionManager

Get a list of all the users that have global read or create plan permission

Specified by:

getUsePermissionUsers in interface BambooPermissionManager

Returns:

A list of all the users that have global read or create plan permission

getUsersWithPermission

@NotNull
public @NotNull Collection<String> getUsersWithPermission(BambooPermission permission)

isAdmin

public boolean isAdmin(String username)

Description copied from interface: BambooPermissionManager

Returns true if the user is an admin, false if not

Specified by:

isAdmin in interface BambooPermissionManager

Parameters:

username - the user

Returns:

true if the user is an admin, false if not

isSystemAdmin

public boolean isSystemAdmin(String username)

Description copied from interface: BambooPermissionManager

Returns true if the user is a sysadmin, false if not

Specified by:

isSystemAdmin in interface BambooPermissionManager

Parameters:

username - the user

Returns:

true if the user is a sysadmin, false if not

isAllowedToSetGlobalPermission

public boolean isAllowedToSetGlobalPermission(@NotNull
                                              @NotNull org.acegisecurity.acls.Permission permission)

Description copied from interface: BambooPermissionManager

Returns true if user is allowed to set specific global permission

Specified by:

isAllowedToSetGlobalPermission in interface BambooPermissionManager

Parameters:

permission - permission to check

Returns:

canManageElasticBamboo

public boolean canManageElasticBamboo()

Description copied from interface: BambooPermissionManager

Returns true if the current user has credentials to manage Elastic Bamboo.

Note that this permission is only required for Elastic Bamboo configuration (including operations like viewing EC2 instances, their statuses, logs etc.). Normal usage of Bamboo with EC2 configured (e.g. running builds on elastic agents) does not require such credentials.

Specified by:

canManageElasticBamboo in interface BambooPermissionManager

Returns:

true, if current user has permission to configure Elastic Bamboo

canManageEphemeralAgents

public boolean canManageEphemeralAgents()

Description copied from interface: BambooPermissionManager

Returns true if the current user has credentials to manage Ephemeral Agents.

Note that this permission is only required for Ephemeral Agents configuration (including operations like viewing templates). Normal usage of Bamboo with Ephemeral Agents configured (e.g. running builds) does not require such credentials.

Specified by:

canManageEphemeralAgents in interface BambooPermissionManager

Returns:

true, if current user has permission to configure Ephemeral Agents

canManageAgents

public boolean canManageAgents()

Description copied from interface: BambooPermissionManager

Returns true if the current user has credentials to manage Bamboo Agents.

Specified by:

canManageAgents in interface BambooPermissionManager

Returns:

true if the current user has permission to manage agents, false otherwise

canRunCustomBuild

public boolean canRunCustomBuild(@NotNull
                                 @NotNull PlanKey planKey)

Specified by:

canRunCustomBuild in interface BambooPermissionManager

Parameters:

planKey - key of the plan in question

Returns:

true if the current user is allowed to run custom build of specified plan

hasPermission

protected boolean hasPermission(@NotNull
                                @NotNull org.acegisecurity.acls.Permission permission,
                                @NotNull
                                @NotNull HibernateObjectIdentityImpl objectIdentity,
                                @NotNull
                                @NotNull org.acegisecurity.Authentication authentication)

hasPermission

protected boolean hasPermission(@NotNull
                                @NotNull org.acegisecurity.acls.Permission permission,
                                @NotNull
                                @NotNull org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity,
                                @NotNull
                                @NotNull org.acegisecurity.Authentication authentication)

createObjectIdentity

protected org.acegisecurity.acls.objectidentity.ObjectIdentity createObjectIdentity(@NotNull
                                                                                    @NotNull Object object)

setAdministrationConfigurationAccessor

public void setAdministrationConfigurationAccessor(AdministrationConfigurationAccessor administrationConfigurationAccessor)

setAclService

public void setAclService(org.acegisecurity.acls.MutableAclService aclService)

setSidRetrievalStrategy

public void setSidRetrievalStrategy(org.acegisecurity.acls.sid.SidRetrievalStrategy sidRetrievalStrategy)

setCachedPlanManager

public void setCachedPlanManager(CachedPlanManager cachedPlanManager)

setProjectManager

public void setProjectManager(ProjectManager projectManager)

setOverrideAuthorities

public void setOverrideAuthorities(org.acegisecurity.GrantedAuthority[] overrideAuthorities)

setObjectIdentityRetrievalStrategy

public void setObjectIdentityRetrievalStrategy(org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy)

setScopesRequestCacheDelegate

public void setScopesRequestCacheDelegate(ScopesRequestCacheDelegate scopesRequestCacheDelegate)