Package com.atlassian.bamboo.security
Class BambooPermissionManagerImpl
- java.lang.Object
-
- com.atlassian.bamboo.security.BambooPermissionManagerImpl
-
- All Implemented Interfaces:
BambooPermissionManager
public class BambooPermissionManagerImpl extends Object implements BambooPermissionManager
-
-
Field Summary
Fields Modifier and Type Field Description protected org.acegisecurity.acls.MutableAclService
aclService
-
Fields inherited from interface com.atlassian.bamboo.security.BambooPermissionManager
SYSTEM_AUTHORITY
-
-
Constructor Summary
Constructors Constructor Description BambooPermissionManagerImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
canCreateDeploymentProject()
boolean
canCreatePlan()
Checks if currently logged in user can create new plans.boolean
canCreatePlanInProject(@NotNull Project project)
Checks if currently logged in user can create plans in aproject
.boolean
canCreatePlanInProject(@NotNull String projectKey)
Checks if currently logged in user can create plans in a project identified byprojectKey
.boolean
canCreateProject()
Checks if currently logged in user can create new projects.boolean
canManageAgents()
Returns true if the current user has credentials to manage Bamboo Agents.boolean
canManageElasticBamboo()
Returns true if the current user has credentials to manage Elastic Bamboo.boolean
canManageEphemeralAgents()
Returns true if the current user has credentials to manage Ephemeral Agents.boolean
canRunCustomBuild(@NotNull PlanKey planKey)
protected boolean
checkPermissionForObjectIdentity(@NotNull org.acegisecurity.acls.objectidentity.ObjectIdentity identity, @NotNull org.acegisecurity.acls.Permission permission, @NotNull org.acegisecurity.Authentication authentication)
protected org.acegisecurity.acls.objectidentity.ObjectIdentity
createObjectIdentity(@NotNull Object object)
org.acegisecurity.acls.Acl
getAcl(@NotNull Object object)
@NotNull Collection<String>
getAdminGroups()
Get a list of all the groups that have global administration permission@NotNull Collection<String>
getAdminUsers()
Get a list of all the users that have global administration permission@NotNull String
getDefaultUsersGroup()
@NotNull Collection<String>
getGroupsWithPermission(BambooPermission permission)
Collection<org.acegisecurity.acls.Permission>
getPermissionsForPlan(@NotNull PlanKey planKey)
@NotNull Collection<String>
getRestrictedAdminGroups()
Get a list of all the groups that have global restricted administration permission@NotNull Collection<String>
getRestrictedAdminUsers()
Get a list of all the users that have global restricted administration permission@NotNull Collection<String>
getUsePermissionGroups()
Get a list of all the groups that have global read or create plan permission@NotNull Collection<String>
getUsePermissionUsers()
Get a list of all the users that have global read or create plan permission@NotNull Collection<String>
getUsersWithPermission(BambooPermission permission)
boolean
hasGlobalPermission(@NotNull org.acegisecurity.acls.Permission permission)
com.google.common.base.Predicate<Object>
hasPermission(@NotNull BambooPermission permission, @Nullable org.acegisecurity.Authentication authentication)
Predicate for {link #hasPermission(permission, object, authentication)}boolean
hasPermission(@NotNull String username, @NotNull org.acegisecurity.acls.Permission permission, @NotNull Object object)
protected boolean
hasPermission(@NotNull org.acegisecurity.acls.Permission permission, @NotNull HibernateObjectIdentityImpl objectIdentity, @NotNull org.acegisecurity.Authentication authentication)
boolean
hasPermission(@NotNull org.acegisecurity.acls.Permission permission, @NotNull Object object, @Nullable org.acegisecurity.Authentication authentication)
Checks whether a permission is granted to access object with given authentication.protected boolean
hasPermission(@NotNull org.acegisecurity.acls.Permission permission, @NotNull org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, @NotNull org.acegisecurity.Authentication authentication)
boolean
hasPermissionForAuthority(@NotNull org.acegisecurity.acls.Permission permission, @NotNull Object object, @NotNull org.acegisecurity.GrantedAuthority authority)
Checks whether a permission is granted to access object with given authority.boolean
hasPlanPermission(@NotNull org.acegisecurity.acls.Permission permission, @NotNull ImmutablePlan plan)
Verify plan accessboolean
hasPlanPermission(@NotNull org.acegisecurity.acls.Permission permission, @NotNull PlanKey planKey)
Verify plan accessboolean
hasProjectEditPermission(@Nullable Project project)
boolean
hasProjectPermission(@NotNull org.acegisecurity.acls.Permission permission, @NotNull Project project)
Checks if currently logged in user has apermission
for aproject
.boolean
hasProjectPermission(@NotNull org.acegisecurity.acls.Permission permission, @NotNull String projectKey)
Checks if currently logged in user has apermission
for a project identified byprojectKey
.boolean
isAdmin(String username)
Returns true if the user is an admin, false if notboolean
isAllowedToSetGlobalPermission(@NotNull org.acegisecurity.acls.Permission permission)
Returns true if user is allowed to set specific global permissionboolean
isEnableSignup()
protected boolean
isPermissionSuppressedByTokenAuthorisation(@NotNull org.acegisecurity.acls.Permission permission)
boolean
isSystemAdmin(String username)
Returns true if the user is a sysadmin, false if notprotected org.acegisecurity.acls.Acl
readAclById(org.acegisecurity.acls.objectidentity.ObjectIdentity identity)
void
setAclService(org.acegisecurity.acls.MutableAclService aclService)
void
setAdministrationConfigurationAccessor(AdministrationConfigurationAccessor administrationConfigurationAccessor)
void
setCachedPlanManager(CachedPlanManager cachedPlanManager)
void
setObjectIdentityRetrievalStrategy(org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy)
void
setOverrideAuthorities(org.acegisecurity.GrantedAuthority[] overrideAuthorities)
void
setProjectManager(ProjectManager projectManager)
void
setScopesRequestCacheDelegate(ScopesRequestCacheDelegate scopesRequestCacheDelegate)
void
setSidRetrievalStrategy(org.acegisecurity.acls.sid.SidRetrievalStrategy sidRetrievalStrategy)
-
-
-
Method Detail
-
hasPermission
public boolean hasPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull Object object, @Nullable @Nullable org.acegisecurity.Authentication authentication)
Description copied from interface:BambooPermissionManager
Checks whether a permission is granted to access object with given authentication.- Specified by:
hasPermission
in interfaceBambooPermissionManager
- Parameters:
permission
- the permission to check forobject
- the domain object on which the permission check will be madeauthentication
- the authentication/principal whose secure identities will be checked for the permission- Returns:
-
checkPermissionForObjectIdentity
protected boolean checkPermissionForObjectIdentity(@NotNull @NotNull org.acegisecurity.acls.objectidentity.ObjectIdentity identity, @NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull org.acegisecurity.Authentication authentication)
-
isPermissionSuppressedByTokenAuthorisation
protected boolean isPermissionSuppressedByTokenAuthorisation(@NotNull @NotNull org.acegisecurity.acls.Permission permission)
-
hasPermission
public com.google.common.base.Predicate<Object> hasPermission(@NotNull @NotNull BambooPermission permission, @Nullable @Nullable org.acegisecurity.Authentication authentication)
Description copied from interface:BambooPermissionManager
Predicate for {link #hasPermission(permission, object, authentication)}- Specified by:
hasPermission
in interfaceBambooPermissionManager
- Parameters:
permission
- the permission to check forauthentication
- the authentication/principal whose secure identities will be checked for the permission- Returns:
-
hasPermissionForAuthority
public boolean hasPermissionForAuthority(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull Object object, @NotNull @NotNull org.acegisecurity.GrantedAuthority authority)
Description copied from interface:BambooPermissionManager
Checks whether a permission is granted to access object with given authority.- Specified by:
hasPermissionForAuthority
in interfaceBambooPermissionManager
- Parameters:
permission
- the permission to check forobject
- the domain object on which the permission check will be madeauthority
- the authority whose secure identities will be checked for the permission- Returns:
-
getAcl
public org.acegisecurity.acls.Acl getAcl(@NotNull @NotNull Object object)
- Specified by:
getAcl
in interfaceBambooPermissionManager
-
readAclById
protected org.acegisecurity.acls.Acl readAclById(org.acegisecurity.acls.objectidentity.ObjectIdentity identity)
-
hasPermission
public boolean hasPermission(@NotNull @NotNull String username, @NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull Object object)
- Specified by:
hasPermission
in interfaceBambooPermissionManager
-
hasPlanPermission
public boolean hasPlanPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull PlanKey planKey)
Description copied from interface:BambooPermissionManager
Verify plan access- Specified by:
hasPlanPermission
in interfaceBambooPermissionManager
- Parameters:
permission
- permission to checkplanKey
- key of the plan- Returns:
- true iff permission is granted
-
hasPlanPermission
public boolean hasPlanPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull ImmutablePlan plan)
Description copied from interface:BambooPermissionManager
Verify plan access- Specified by:
hasPlanPermission
in interfaceBambooPermissionManager
- Parameters:
permission
- permission to checkplan
- plan- Returns:
- true iff permission is granted
-
hasProjectPermission
public boolean hasProjectPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull String projectKey)
Description copied from interface:BambooPermissionManager
Checks if currently logged in user has apermission
for a project identified byprojectKey
.- Specified by:
hasProjectPermission
in interfaceBambooPermissionManager
- Parameters:
permission
- permission to checkprojectKey
- key of the project to check- Returns:
- true if project with the given key exists and current user has the permission to it
-
hasProjectPermission
public boolean hasProjectPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull Project project)
Description copied from interface:BambooPermissionManager
Checks if currently logged in user has apermission
for aproject
.- Specified by:
hasProjectPermission
in interfaceBambooPermissionManager
- Parameters:
permission
- permission to checkproject
- project to check- Returns:
- true if current user has the permission to the project
-
canCreatePlanInProject
public boolean canCreatePlanInProject(@NotNull @NotNull String projectKey)
Description copied from interface:BambooPermissionManager
Checks if currently logged in user can create plans in a project identified byprojectKey
.- Specified by:
canCreatePlanInProject
in interfaceBambooPermissionManager
- Parameters:
projectKey
- key of the project to check- Returns:
- true if project with the given key exists and current user can create plans in it
-
canCreatePlanInProject
public boolean canCreatePlanInProject(@NotNull @NotNull Project project)
Description copied from interface:BambooPermissionManager
Checks if currently logged in user can create plans in aproject
.- Specified by:
canCreatePlanInProject
in interfaceBambooPermissionManager
- Parameters:
project
- project to check- Returns:
- true if current user can create plans in the project
-
canCreateProject
public boolean canCreateProject()
Description copied from interface:BambooPermissionManager
Checks if currently logged in user can create new projects.- Specified by:
canCreateProject
in interfaceBambooPermissionManager
- Returns:
- true if current user can create projects
-
canCreatePlan
public boolean canCreatePlan()
Description copied from interface:BambooPermissionManager
Checks if currently logged in user can create new plans.This method might be expensive to compute as it may need to check permissions on all projects for this Bamboo instance.
- Specified by:
canCreatePlan
in interfaceBambooPermissionManager
- Returns:
- true if current user can create plans
-
canCreateDeploymentProject
public boolean canCreateDeploymentProject()
- Specified by:
canCreateDeploymentProject
in interfaceBambooPermissionManager
-
hasGlobalPermission
public boolean hasGlobalPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission)
- Specified by:
hasGlobalPermission
in interfaceBambooPermissionManager
-
getPermissionsForPlan
public Collection<org.acegisecurity.acls.Permission> getPermissionsForPlan(@NotNull @NotNull PlanKey planKey)
- Specified by:
getPermissionsForPlan
in interfaceBambooPermissionManager
-
hasProjectEditPermission
public boolean hasProjectEditPermission(@Nullable @Nullable Project project)
- Specified by:
hasProjectEditPermission
in interfaceBambooPermissionManager
-
isEnableSignup
public boolean isEnableSignup()
- Specified by:
isEnableSignup
in interfaceBambooPermissionManager
-
getAdminGroups
@NotNull public @NotNull Collection<String> getAdminGroups()
Description copied from interface:BambooPermissionManager
Get a list of all the groups that have global administration permission- Specified by:
getAdminGroups
in interfaceBambooPermissionManager
- Returns:
- A list of all the groups that have global administration permission
-
getRestrictedAdminGroups
@NotNull public @NotNull Collection<String> getRestrictedAdminGroups()
Description copied from interface:BambooPermissionManager
Get a list of all the groups that have global restricted administration permission- Specified by:
getRestrictedAdminGroups
in interfaceBambooPermissionManager
- Returns:
- A list of all the groups that have global restricted administration permission
-
getUsePermissionGroups
@NotNull public @NotNull Collection<String> getUsePermissionGroups()
Description copied from interface:BambooPermissionManager
Get a list of all the groups that have global read or create plan permission- Specified by:
getUsePermissionGroups
in interfaceBambooPermissionManager
- Returns:
- A list of all the groups that have global read or create plan permission
-
getDefaultUsersGroup
@NotNull public @NotNull String getDefaultUsersGroup()
- Specified by:
getDefaultUsersGroup
in interfaceBambooPermissionManager
- Returns:
- the name of the default group that users will be added to when they are created
-
getGroupsWithPermission
@NotNull public @NotNull Collection<String> getGroupsWithPermission(BambooPermission permission)
-
getAdminUsers
@NotNull public @NotNull Collection<String> getAdminUsers()
Description copied from interface:BambooPermissionManager
Get a list of all the users that have global administration permission- Specified by:
getAdminUsers
in interfaceBambooPermissionManager
- Returns:
- A list of all the users that have global administration permission
-
getRestrictedAdminUsers
@NotNull public @NotNull Collection<String> getRestrictedAdminUsers()
Description copied from interface:BambooPermissionManager
Get a list of all the users that have global restricted administration permission- Specified by:
getRestrictedAdminUsers
in interfaceBambooPermissionManager
- Returns:
- A list of all the users that have global restricted administration permission
-
getUsePermissionUsers
@NotNull public @NotNull Collection<String> getUsePermissionUsers()
Description copied from interface:BambooPermissionManager
Get a list of all the users that have global read or create plan permission- Specified by:
getUsePermissionUsers
in interfaceBambooPermissionManager
- Returns:
- A list of all the users that have global read or create plan permission
-
getUsersWithPermission
@NotNull public @NotNull Collection<String> getUsersWithPermission(BambooPermission permission)
-
isAdmin
public boolean isAdmin(String username)
Description copied from interface:BambooPermissionManager
Returns true if the user is an admin, false if not- Specified by:
isAdmin
in interfaceBambooPermissionManager
- Parameters:
username
- the user- Returns:
- true if the user is an admin, false if not
-
isSystemAdmin
public boolean isSystemAdmin(String username)
Description copied from interface:BambooPermissionManager
Returns true if the user is a sysadmin, false if not- Specified by:
isSystemAdmin
in interfaceBambooPermissionManager
- Parameters:
username
- the user- Returns:
- true if the user is a sysadmin, false if not
-
isAllowedToSetGlobalPermission
public boolean isAllowedToSetGlobalPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission)
Description copied from interface:BambooPermissionManager
Returns true if user is allowed to set specific global permission- Specified by:
isAllowedToSetGlobalPermission
in interfaceBambooPermissionManager
- Parameters:
permission
- permission to check- Returns:
-
canManageElasticBamboo
public boolean canManageElasticBamboo()
Description copied from interface:BambooPermissionManager
Returns true if the current user has credentials to manage Elastic Bamboo. Note that this permission is only required for Elastic Bamboo configuration (including operations like viewing EC2 instances, their statuses, logs etc.). Normal usage of Bamboo with EC2 configured (e.g. running builds on elastic agents) does not require such credentials.- Specified by:
canManageElasticBamboo
in interfaceBambooPermissionManager
- Returns:
- true, if current user has permission to configure Elastic Bamboo
-
canManageEphemeralAgents
public boolean canManageEphemeralAgents()
Description copied from interface:BambooPermissionManager
Returns true if the current user has credentials to manage Ephemeral Agents. Note that this permission is only required for Ephemeral Agents configuration (including operations like viewing templates). Normal usage of Bamboo with Ephemeral Agents configured (e.g. running builds) does not require such credentials.- Specified by:
canManageEphemeralAgents
in interfaceBambooPermissionManager
- Returns:
- true, if current user has permission to configure Ephemeral Agents
-
canManageAgents
public boolean canManageAgents()
Description copied from interface:BambooPermissionManager
Returns true if the current user has credentials to manage Bamboo Agents.- Specified by:
canManageAgents
in interfaceBambooPermissionManager
- Returns:
- true if the current user has permission to manage agents, false otherwise
-
canRunCustomBuild
public boolean canRunCustomBuild(@NotNull @NotNull PlanKey planKey)
- Specified by:
canRunCustomBuild
in interfaceBambooPermissionManager
- Parameters:
planKey
- key of the plan in question- Returns:
- true if the current user is allowed to run custom build of specified plan
-
hasPermission
protected boolean hasPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull HibernateObjectIdentityImpl objectIdentity, @NotNull @NotNull org.acegisecurity.Authentication authentication)
-
hasPermission
protected boolean hasPermission(@NotNull @NotNull org.acegisecurity.acls.Permission permission, @NotNull @NotNull org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, @NotNull @NotNull org.acegisecurity.Authentication authentication)
-
createObjectIdentity
protected org.acegisecurity.acls.objectidentity.ObjectIdentity createObjectIdentity(@NotNull @NotNull Object object)
-
setAdministrationConfigurationAccessor
public void setAdministrationConfigurationAccessor(AdministrationConfigurationAccessor administrationConfigurationAccessor)
-
setAclService
public void setAclService(org.acegisecurity.acls.MutableAclService aclService)
-
setSidRetrievalStrategy
public void setSidRetrievalStrategy(org.acegisecurity.acls.sid.SidRetrievalStrategy sidRetrievalStrategy)
-
setCachedPlanManager
public void setCachedPlanManager(CachedPlanManager cachedPlanManager)
-
setProjectManager
public void setProjectManager(ProjectManager projectManager)
-
setOverrideAuthorities
public void setOverrideAuthorities(org.acegisecurity.GrantedAuthority[] overrideAuthorities)
-
setObjectIdentityRetrievalStrategy
public void setObjectIdentityRetrievalStrategy(org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy)
-
setScopesRequestCacheDelegate
public void setScopesRequestCacheDelegate(ScopesRequestCacheDelegate scopesRequestCacheDelegate)
-
-