Package com.atlassian.bamboo.security
Class PermissionsServiceUtils
- java.lang.Object
-
- com.atlassian.bamboo.security.PermissionsServiceUtils
-
public class PermissionsServiceUtils extends Object
Permission Service utility class with helper methods for permission services. Example:AbstractProjectPermissionsService
DefaultPlanPermissionsService
-
-
Field Summary
Fields Modifier and Type Field Description static com.google.common.collect.Ordering<BambooPermission>
PERMISSIONS_ORDERING
Globally-consistent ordering of Bamboo permissions.
-
Constructor Summary
Constructors Constructor Description PermissionsServiceUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static void
assertCanManagePermissionsForDeploymentProject(DeploymentProject deploymentProject, BambooPermissionManager bambooPermissionManager)
static void
assertCanManagePermissionsForEnvironment(Environment environment, BambooPermissionManager bambooPermissionManager)
static void
assertCanManagePermissionsForRepository(RepositoryDataEntity repository, BambooPermissionManager bambooPermissionManager)
static @NotNull Set<BambooPermission>
extractDependencies(com.google.common.collect.Multimap<BambooPermission,BambooPermission> permissionDependencies, Collection<BambooPermission> supportedPermissions, BambooPermission permission)
Obtain a collection of Bamboo permissions dependent on the passedpermission
.static @NotNull com.google.common.collect.ImmutableMultimap<BambooPermission,BambooPermission>
findMissingDependencies(@NotNull Collection<BambooPermission> permissions, @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier)
Validates permission dependencies.static @NotNull Collection<BambooPermission>
getPermissionsAndDependencies(@NotNull Collection<BambooPermission> permissions, @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier)
Return a collection of permissions with all missing dependencies added.static void
validateDependenciesAfterGranting(@NotNull Collection<BambooPermission> permissions, @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier)
Validates permission dependencies after granting new permissions.static <E extends Exception>
voidvalidateDependenciesAfterGranting(@NotNull Collection<BambooPermission> permissions, @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier, @NotNull Function<BambooPermission,String> permissionNameFunction, @NotNull Function<String,E> exceptionConstructorFunction)
Validates permission dependencies after granting new permissions.static void
validateDependenciesAfterRevoking(@NotNull Collection<BambooPermission> permissions, @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier)
Validates permission dependencies after revoking permissions.static <E extends Exception>
voidvalidateDependenciesAfterRevoking(@NotNull Collection<BambooPermission> permissions, @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier, @NotNull Function<BambooPermission,String> permissionNameFunction, @NotNull Function<String,E> exceptionConstructorFunction)
Validates permission dependencies after revoking permissions.static com.atlassian.user.Group
validateGroup(String groupName, BambooUserManager bambooUserManager)
static void
validatePermissions(List<BambooPermission> permissions, Collection<BambooPermission> supportedPermissions, String entityName)
static com.atlassian.user.User
validateUser(String username, BambooUserManager bambooUserManager)
-
-
-
Field Detail
-
PERMISSIONS_ORDERING
public static final com.google.common.collect.Ordering<BambooPermission> PERMISSIONS_ORDERING
Globally-consistent ordering of Bamboo permissions. Permissions are sorted by their importance. Least granting permissions come first.Note: some permissions appearing later on the list are not necessarily expected to be granting permissions which appear earlier. For example,
BambooPermission.CLONE
does not grantBambooPermission.BUILD
, yet to maintain a consistent order one had to be placed after another.
-
-
Method Detail
-
validateUser
public static com.atlassian.user.User validateUser(String username, BambooUserManager bambooUserManager)
-
validateGroup
public static com.atlassian.user.Group validateGroup(String groupName, BambooUserManager bambooUserManager)
-
assertCanManagePermissionsForDeploymentProject
public static void assertCanManagePermissionsForDeploymentProject(DeploymentProject deploymentProject, BambooPermissionManager bambooPermissionManager) throws org.acegisecurity.AccessDeniedException
- Throws:
org.acegisecurity.AccessDeniedException
-
assertCanManagePermissionsForEnvironment
public static void assertCanManagePermissionsForEnvironment(Environment environment, BambooPermissionManager bambooPermissionManager) throws org.acegisecurity.AccessDeniedException
- Throws:
org.acegisecurity.AccessDeniedException
-
assertCanManagePermissionsForRepository
public static void assertCanManagePermissionsForRepository(RepositoryDataEntity repository, BambooPermissionManager bambooPermissionManager) throws org.acegisecurity.AccessDeniedException
- Throws:
org.acegisecurity.AccessDeniedException
-
validatePermissions
public static void validatePermissions(List<BambooPermission> permissions, Collection<BambooPermission> supportedPermissions, String entityName) throws IllegalArgumentException
- Throws:
IllegalArgumentException
-
extractDependencies
@NotNull public static @NotNull Set<BambooPermission> extractDependencies(com.google.common.collect.Multimap<BambooPermission,BambooPermission> permissionDependencies, Collection<BambooPermission> supportedPermissions, BambooPermission permission)
Obtain a collection of Bamboo permissions dependent on the passedpermission
. A dependent permission is expected to always be granted whenever the parent permission is granted too.The result is an effective collection of dependencies, meaning there's no need to recursively traverse the dependency graph.
- Parameters:
permissionDependencies
- permission dependency graph in the format of aMultimap
supportedPermissions
- a collection of supported permissions to filter out the resultpermission
- permission for which to obtain the dependencies- Returns:
- a collection of dependencies of the given
permission
-
validateDependenciesAfterGranting
public static void validateDependenciesAfterGranting(@NotNull @NotNull Collection<BambooPermission> permissions, @NotNull @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier) throws IllegalArgumentException
Validates permission dependencies after granting new permissions.- Parameters:
permissions
- a collection of permissions to validatepermissionDependenciesSupplier
- function to obtain dependencies for a permission- Throws:
IllegalArgumentException
- on validation error
-
validateDependenciesAfterGranting
public static <E extends Exception> void validateDependenciesAfterGranting(@NotNull @NotNull Collection<BambooPermission> permissions, @NotNull @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier, @NotNull @NotNull Function<BambooPermission,String> permissionNameFunction, @NotNull @NotNull Function<String,E> exceptionConstructorFunction) throws E extends Exception
Validates permission dependencies after granting new permissions.- Parameters:
permissions
- a collection of permissions to validatepermissionDependenciesSupplier
- function to obtain dependencies for a permissionpermissionNameFunction
- function to extract display name of a permissionexceptionConstructorFunction
- function to create exception in case of validation error- Throws:
E
- on validation errorE extends Exception
-
validateDependenciesAfterRevoking
public static void validateDependenciesAfterRevoking(@NotNull @NotNull Collection<BambooPermission> permissions, @NotNull @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier)
Validates permission dependencies after revoking permissions.- Parameters:
permissions
- a collection of permissions to validatepermissionDependenciesSupplier
- function to obtain dependencies for a permission- Throws:
IllegalArgumentException
- on validation error
-
validateDependenciesAfterRevoking
public static <E extends Exception> void validateDependenciesAfterRevoking(@NotNull @NotNull Collection<BambooPermission> permissions, @NotNull @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier, @NotNull @NotNull Function<BambooPermission,String> permissionNameFunction, @NotNull @NotNull Function<String,E> exceptionConstructorFunction) throws E extends Exception
Validates permission dependencies after revoking permissions.- Parameters:
permissions
- a collection of permissions to validatepermissionDependenciesSupplier
- function to obtain dependencies for a permissionpermissionNameFunction
- function to extract display name of a permissionexceptionConstructorFunction
- function to create exception in case of validation error- Throws:
E
- on validation errorE extends Exception
-
findMissingDependencies
@NotNull public static @NotNull com.google.common.collect.ImmutableMultimap<BambooPermission,BambooPermission> findMissingDependencies(@NotNull @NotNull Collection<BambooPermission> permissions, @NotNull @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier)
Validates permission dependencies. Returns info about all missing dependencies found.Example: provided that permission 'A' depends on 'B', and 'B' depends on 'C', then:
- permissions ['A'] will yield an error: 'A' is missing 'B' and 'C',
- permissions ['A', 'B'] will yield an error: 'A' is missing 'C', 'B' is missing 'C',
- permissions ['A', 'C'] will yield an error: 'A' is missing 'B',
- permissions ['A', 'B', 'C'] are valid,
- permissions ['B'] will yield an error: 'B' is missing 'C',
- permissions ['B', 'C'] are valid,
- and permissions ['C'] are valid.
- Parameters:
permissions
- a collection of permissions to validatepermissionDependenciesSupplier
- function to obtain dependencies for a permission- Returns:
- a multimap of missing permission dependencies, empty if no dependency errors were found. Each key in the multimap has a collection of permissions assigned to it, which were expected as dependencies.
-
getPermissionsAndDependencies
@NotNull public static @NotNull Collection<BambooPermission> getPermissionsAndDependencies(@NotNull @NotNull Collection<BambooPermission> permissions, @NotNull @NotNull Function<BambooPermission,Collection<BambooPermission>> permissionDependenciesSupplier)
Return a collection of permissions with all missing dependencies added.- Parameters:
permissions
- a collection of permissionspermissionDependenciesSupplier
- function to obtain dependencies for a permission- Returns:
- a collection of effective permissions, with all permission dependencies added
-
-