Class PermissionsServiceUtils


  • public class PermissionsServiceUtils
    extends Object
    Permission Service utility class with helper methods for permission services. Example: AbstractProjectPermissionsService DefaultPlanPermissionsService
    • Field Detail

      • PERMISSIONS_ORDERING

        public static final com.google.common.collect.Ordering<BambooPermission> PERMISSIONS_ORDERING
        Globally-consistent ordering of Bamboo permissions. Permissions are sorted by their importance. Least granting permissions come first.

        Note: some permissions appearing later on the list are not necessarily expected to be granting permissions which appear earlier. For example, BambooPermission.CLONE does not grant BambooPermission.BUILD, yet to maintain a consistent order one had to be placed after another.

    • Constructor Detail

      • PermissionsServiceUtils

        public PermissionsServiceUtils()
    • Method Detail

      • validateUser

        public static com.atlassian.user.User validateUser​(String username,
                                                           BambooUserManager bambooUserManager)
      • validateGroup

        public static com.atlassian.user.Group validateGroup​(String groupName,
                                                             BambooUserManager bambooUserManager)
      • assertCanManagePermissionsForDeploymentProject

        public static void assertCanManagePermissionsForDeploymentProject​(DeploymentProject deploymentProject,
                                                                          BambooPermissionManager bambooPermissionManager)
                                                                   throws org.acegisecurity.AccessDeniedException
        Throws:
        org.acegisecurity.AccessDeniedException
      • assertCanManagePermissionsForEnvironment

        public static void assertCanManagePermissionsForEnvironment​(Environment environment,
                                                                    BambooPermissionManager bambooPermissionManager)
                                                             throws org.acegisecurity.AccessDeniedException
        Throws:
        org.acegisecurity.AccessDeniedException
      • assertCanManagePermissionsForRepository

        public static void assertCanManagePermissionsForRepository​(RepositoryDataEntity repository,
                                                                   BambooPermissionManager bambooPermissionManager)
                                                            throws org.acegisecurity.AccessDeniedException
        Throws:
        org.acegisecurity.AccessDeniedException
      • extractDependencies

        @NotNull
        public static @NotNull Set<BambooPermission> extractDependencies​(com.google.common.collect.Multimap<BambooPermission,​BambooPermission> permissionDependencies,
                                                                         Collection<BambooPermission> supportedPermissions,
                                                                         BambooPermission permission)
        Obtain a collection of Bamboo permissions dependent on the passed permission. A dependent permission is expected to always be granted whenever the parent permission is granted too.

        The result is an effective collection of dependencies, meaning there's no need to recursively traverse the dependency graph.

        Parameters:
        permissionDependencies - permission dependency graph in the format of a Multimap
        supportedPermissions - a collection of supported permissions to filter out the result
        permission - permission for which to obtain the dependencies
        Returns:
        a collection of dependencies of the given permission
      • validateDependenciesAfterGranting

        public static <E extends Exception> void validateDependenciesAfterGranting​(@NotNull
                                                                                   @NotNull Collection<BambooPermission> permissions,
                                                                                   @NotNull
                                                                                   @NotNull Function<BambooPermission,​Collection<BambooPermission>> permissionDependenciesSupplier,
                                                                                   @NotNull
                                                                                   @NotNull Function<BambooPermission,​String> permissionNameFunction,
                                                                                   @NotNull
                                                                                   @NotNull Function<String,​E> exceptionConstructorFunction)
                                                                            throws E extends Exception
        Validates permission dependencies after granting new permissions.
        Parameters:
        permissions - a collection of permissions to validate
        permissionDependenciesSupplier - function to obtain dependencies for a permission
        permissionNameFunction - function to extract display name of a permission
        exceptionConstructorFunction - function to create exception in case of validation error
        Throws:
        E - on validation error
        E extends Exception
      • validateDependenciesAfterRevoking

        public static void validateDependenciesAfterRevoking​(@NotNull
                                                             @NotNull Collection<BambooPermission> permissions,
                                                             @NotNull
                                                             @NotNull Function<BambooPermission,​Collection<BambooPermission>> permissionDependenciesSupplier)
        Validates permission dependencies after revoking permissions.
        Parameters:
        permissions - a collection of permissions to validate
        permissionDependenciesSupplier - function to obtain dependencies for a permission
        Throws:
        IllegalArgumentException - on validation error
      • validateDependenciesAfterRevoking

        public static <E extends Exception> void validateDependenciesAfterRevoking​(@NotNull
                                                                                   @NotNull Collection<BambooPermission> permissions,
                                                                                   @NotNull
                                                                                   @NotNull Function<BambooPermission,​Collection<BambooPermission>> permissionDependenciesSupplier,
                                                                                   @NotNull
                                                                                   @NotNull Function<BambooPermission,​String> permissionNameFunction,
                                                                                   @NotNull
                                                                                   @NotNull Function<String,​E> exceptionConstructorFunction)
                                                                            throws E extends Exception
        Validates permission dependencies after revoking permissions.
        Parameters:
        permissions - a collection of permissions to validate
        permissionDependenciesSupplier - function to obtain dependencies for a permission
        permissionNameFunction - function to extract display name of a permission
        exceptionConstructorFunction - function to create exception in case of validation error
        Throws:
        E - on validation error
        E extends Exception
      • findMissingDependencies

        @NotNull
        public static @NotNull com.google.common.collect.ImmutableMultimap<BambooPermission,​BambooPermission> findMissingDependencies​(@NotNull
                                                                                                                                            @NotNull Collection<BambooPermission> permissions,
                                                                                                                                            @NotNull
                                                                                                                                            @NotNull Function<BambooPermission,​Collection<BambooPermission>> permissionDependenciesSupplier)
        Validates permission dependencies. Returns info about all missing dependencies found.

        Example: provided that permission 'A' depends on 'B', and 'B' depends on 'C', then:

      • permissions ['A'] will yield an error: 'A' is missing 'B' and 'C',
      • permissions ['A', 'B'] will yield an error: 'A' is missing 'C', 'B' is missing 'C',
      • permissions ['A', 'C'] will yield an error: 'A' is missing 'B',
      • permissions ['A', 'B', 'C'] are valid,
      • permissions ['B'] will yield an error: 'B' is missing 'C',
      • permissions ['B', 'C'] are valid,
      • and permissions ['C'] are valid.
Parameters:
permissions - a collection of permissions to validate
permissionDependenciesSupplier - function to obtain dependencies for a permission
Returns:
a multimap of missing permission dependencies, empty if no dependency errors were found. Each key in the multimap has a collection of permissions assigned to it, which were expected as dependencies.