Class BambooPermissionManagerImpl

    • Field Detail

      • aclService

        protected org.acegisecurity.acls.MutableAclService aclService
    • Constructor Detail

      • BambooPermissionManagerImpl

        public BambooPermissionManagerImpl()
    • Method Detail

      • hasPermission

        public boolean hasPermission​(@NotNull
                                     @NotNull org.acegisecurity.acls.Permission permission,
                                     @NotNull
                                     @NotNull Object object,
                                     @Nullable
                                     @Nullable org.acegisecurity.Authentication authentication)
        Description copied from interface: BambooPermissionManager
        Checks whether a permission is granted to access object with given authentication.
        Specified by:
        hasPermission in interface BambooPermissionManager
        Parameters:
        permission - the permission to check for
        object - the domain object on which the permission check will be made
        authentication - the authentication/principal whose secure identities will be checked for the permission
        Returns:
      • checkPermissionForObjectIdentity

        protected boolean checkPermissionForObjectIdentity​(@NotNull
                                                           @NotNull org.acegisecurity.acls.objectidentity.ObjectIdentity identity,
                                                           @NotNull
                                                           @NotNull org.acegisecurity.acls.Permission permission,
                                                           @NotNull
                                                           @NotNull org.acegisecurity.Authentication authentication)
      • isPermissionSuppressedByTokenAuthorisation

        protected boolean isPermissionSuppressedByTokenAuthorisation​(@NotNull
                                                                     @NotNull org.acegisecurity.acls.Permission permission)
      • hasPermission

        public com.google.common.base.Predicate<Object> hasPermission​(@NotNull
                                                                      @NotNull BambooPermission permission,
                                                                      @Nullable
                                                                      @Nullable org.acegisecurity.Authentication authentication)
        Description copied from interface: BambooPermissionManager
        Predicate for {link #hasPermission(permission, object, authentication)}
        Specified by:
        hasPermission in interface BambooPermissionManager
        Parameters:
        permission - the permission to check for
        authentication - the authentication/principal whose secure identities will be checked for the permission
        Returns:
      • hasPermissionForAuthority

        public boolean hasPermissionForAuthority​(@NotNull
                                                 @NotNull org.acegisecurity.acls.Permission permission,
                                                 @NotNull
                                                 @NotNull Object object,
                                                 @NotNull
                                                 @NotNull org.acegisecurity.GrantedAuthority authority)
        Description copied from interface: BambooPermissionManager
        Checks whether a permission is granted to access object with given authority.
        Specified by:
        hasPermissionForAuthority in interface BambooPermissionManager
        Parameters:
        permission - the permission to check for
        object - the domain object on which the permission check will be made
        authority - the authority whose secure identities will be checked for the permission
        Returns:
      • readAclById

        protected org.acegisecurity.acls.Acl readAclById​(org.acegisecurity.acls.objectidentity.ObjectIdentity identity)
      • hasPermission

        public boolean hasPermission​(@NotNull
                                     @NotNull String username,
                                     @NotNull
                                     @NotNull org.acegisecurity.acls.Permission permission,
                                     @NotNull
                                     @NotNull Object object)
        Specified by:
        hasPermission in interface BambooPermissionManager
      • hasPlanPermission

        public boolean hasPlanPermission​(@NotNull
                                         @NotNull org.acegisecurity.acls.Permission permission,
                                         @NotNull
                                         @NotNull PlanKey planKey)
        Description copied from interface: BambooPermissionManager
        Verify plan access
        Specified by:
        hasPlanPermission in interface BambooPermissionManager
        Parameters:
        permission - permission to check
        planKey - key of the plan
        Returns:
        true iff permission is granted
      • hasPlanPermission

        public boolean hasPlanPermission​(@NotNull
                                         @NotNull org.acegisecurity.acls.Permission permission,
                                         @NotNull
                                         @NotNull ImmutablePlan plan)
        Description copied from interface: BambooPermissionManager
        Verify plan access
        Specified by:
        hasPlanPermission in interface BambooPermissionManager
        Parameters:
        permission - permission to check
        plan - plan
        Returns:
        true iff permission is granted
      • hasProjectPermission

        public boolean hasProjectPermission​(@NotNull
                                            @NotNull org.acegisecurity.acls.Permission permission,
                                            @NotNull
                                            @NotNull String projectKey)
        Description copied from interface: BambooPermissionManager
        Checks if currently logged in user has a permission for a project identified by projectKey.
        Specified by:
        hasProjectPermission in interface BambooPermissionManager
        Parameters:
        permission - permission to check
        projectKey - key of the project to check
        Returns:
        true if project with the given key exists and current user has the permission to it
      • hasProjectPermission

        public boolean hasProjectPermission​(@NotNull
                                            @NotNull org.acegisecurity.acls.Permission permission,
                                            @NotNull
                                            @NotNull Project project)
        Description copied from interface: BambooPermissionManager
        Checks if currently logged in user has a permission for a project.
        Specified by:
        hasProjectPermission in interface BambooPermissionManager
        Parameters:
        permission - permission to check
        project - project to check
        Returns:
        true if current user has the permission to the project
      • canCreatePlanInProject

        public boolean canCreatePlanInProject​(@NotNull
                                              @NotNull String projectKey)
        Description copied from interface: BambooPermissionManager
        Checks if currently logged in user can create plans in a project identified by projectKey.
        Specified by:
        canCreatePlanInProject in interface BambooPermissionManager
        Parameters:
        projectKey - key of the project to check
        Returns:
        true if project with the given key exists and current user can create plans in it
      • canCreatePlanInProject

        public boolean canCreatePlanInProject​(@NotNull
                                              @NotNull Project project)
        Description copied from interface: BambooPermissionManager
        Checks if currently logged in user can create plans in a project.
        Specified by:
        canCreatePlanInProject in interface BambooPermissionManager
        Parameters:
        project - project to check
        Returns:
        true if current user can create plans in the project
      • canCreatePlan

        public boolean canCreatePlan()
        Description copied from interface: BambooPermissionManager
        Checks if currently logged in user can create new plans.

        This method might be expensive to compute as it may need to check permissions on all projects for this Bamboo instance.

        Specified by:
        canCreatePlan in interface BambooPermissionManager
        Returns:
        true if current user can create plans
      • isAdmin

        public boolean isAdmin​(String username)
        Description copied from interface: BambooPermissionManager
        Returns true if the user is an admin, false if not
        Specified by:
        isAdmin in interface BambooPermissionManager
        Parameters:
        username - the user
        Returns:
        true if the user is an admin, false if not
      • isSystemAdmin

        public boolean isSystemAdmin​(String username)
        Description copied from interface: BambooPermissionManager
        Returns true if the user is a sysadmin, false if not
        Specified by:
        isSystemAdmin in interface BambooPermissionManager
        Parameters:
        username - the user
        Returns:
        true if the user is a sysadmin, false if not
      • isAllowedToSetGlobalPermission

        public boolean isAllowedToSetGlobalPermission​(@NotNull
                                                      @NotNull org.acegisecurity.acls.Permission permission)
        Description copied from interface: BambooPermissionManager
        Returns true if user is allowed to set specific global permission
        Specified by:
        isAllowedToSetGlobalPermission in interface BambooPermissionManager
        Parameters:
        permission - permission to check
        Returns:
      • canManageElasticBamboo

        public boolean canManageElasticBamboo()
        Description copied from interface: BambooPermissionManager
        Returns true if the current user has credentials to manage Elastic Bamboo.

        Note that this permission is only required for Elastic Bamboo configuration (including operations like viewing EC2 instances, their statuses, logs etc.). Normal usage of Bamboo with EC2 configured (e.g. running builds on elastic agents) does not require such credentials.

        Specified by:
        canManageElasticBamboo in interface BambooPermissionManager
        Returns:
        true, if current user has permission to configure Elastic Bamboo
      • canManageEphemeralAgents

        public boolean canManageEphemeralAgents()
        Description copied from interface: BambooPermissionManager
        Returns true if the current user has credentials to manage Ephemeral Agents.

        Note that this permission is only required for Ephemeral Agents configuration (including operations like viewing templates). Normal usage of Bamboo with Ephemeral Agents configured (e.g. running builds) does not require such credentials.

        Specified by:
        canManageEphemeralAgents in interface BambooPermissionManager
        Returns:
        true, if current user has permission to configure Ephemeral Agents
      • canManageAgents

        public boolean canManageAgents()
        Description copied from interface: BambooPermissionManager
        Returns true if the current user has credentials to manage Bamboo Agents.
        Specified by:
        canManageAgents in interface BambooPermissionManager
        Returns:
        true if the current user has permission to manage agents, false otherwise
      • canRunCustomBuild

        public boolean canRunCustomBuild​(@NotNull
                                         @NotNull PlanKey planKey)
        Specified by:
        canRunCustomBuild in interface BambooPermissionManager
        Parameters:
        planKey - key of the plan in question
        Returns:
        true if the current user is allowed to run custom build of specified plan
      • hasPermission

        protected boolean hasPermission​(@NotNull
                                        @NotNull org.acegisecurity.acls.Permission permission,
                                        @NotNull
                                        @NotNull HibernateObjectIdentityImpl objectIdentity,
                                        @NotNull
                                        @NotNull org.acegisecurity.Authentication authentication)
      • hasPermission

        protected boolean hasPermission​(@NotNull
                                        @NotNull org.acegisecurity.acls.Permission permission,
                                        @NotNull
                                        @NotNull org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity,
                                        @NotNull
                                        @NotNull org.acegisecurity.Authentication authentication)
      • createObjectIdentity

        protected org.acegisecurity.acls.objectidentity.ObjectIdentity createObjectIdentity​(@NotNull
                                                                                            @NotNull Object object)
      • setAclService

        public void setAclService​(org.acegisecurity.acls.MutableAclService aclService)
      • setSidRetrievalStrategy

        public void setSidRetrievalStrategy​(org.acegisecurity.acls.sid.SidRetrievalStrategy sidRetrievalStrategy)
      • setCachedPlanManager

        public void setCachedPlanManager​(CachedPlanManager cachedPlanManager)
      • setProjectManager

        public void setProjectManager​(ProjectManager projectManager)
      • setOverrideAuthorities

        public void setOverrideAuthorities​(org.acegisecurity.GrantedAuthority[] overrideAuthorities)
      • setObjectIdentityRetrievalStrategy

        public void setObjectIdentityRetrievalStrategy​(org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy)
      • setScopesRequestCacheDelegate

        public void setScopesRequestCacheDelegate​(ScopesRequestCacheDelegate scopesRequestCacheDelegate)