com.atlassian.confluence.security
Interface PermissionManager

All Known Implementing Classes:
DefaultPermissionManager

public interface PermissionManager

Generalised interface for checking whether a particular action in Confluence is allowed, without any knowledge of the specific implementation of permissions as they relate to spaces, pages and so on.


Nested Class Summary
static interface PermissionManager.Criterion
          A criterion for whether an entity should be permitted or not
 
Field Summary
static Object TARGET_APPLICATION
          A target that encompasses most administrative functions minus the ones covered by TARGET_SYSTEM.
static Object TARGET_PEOPLE_DIRECTORY
          A target the represents the People Directory function of Confluence.
static Object TARGET_SYSTEM
          A target that encompasses functions that have system impact and can compromise system security.
 
Method Summary
<X> List<X>
getPermittedEntities(com.atlassian.user.User user, Permission permission, Iterator<? extends X> objects, int maxResults)
          Filter an iterator based on which entities in the list have a particular permission.
<X> List<X>
getPermittedEntities(com.atlassian.user.User user, Permission permission, Iterator<X> objects, int maxResults, Collection<? extends PermissionManager.Criterion> otherCriteria)
          Filter an iterator based on which entities in the list have a particular permission.
<X> List<X>
getPermittedEntities(com.atlassian.user.User user, Permission permission, List<? extends X> objects)
          Filter a list based on which entities in the list have a particular permission.
<X> List<X>
getPermittedEntitiesNoExemptions(com.atlassian.user.User user, Permission permission, Iterator<? extends X> objects, int maxResults)
          Filter an iterator based on which entities in the list have a particular permission.
<X> List<X>
getPermittedEntitiesNoExemptions(com.atlassian.user.User user, Permission permission, Iterator<X> objects, int maxResults, Collection<? extends PermissionManager.Criterion> otherCriteria)
          Filter an iterator based on which entities in the list have a particular permission.
<X> List<X>
getPermittedEntitiesNoExemptions(com.atlassian.user.User user, Permission permission, List<? extends X> objects)
          Filter a list based on which entities in the list have a particular permission.
 boolean hasCreatePermission(com.atlassian.user.User user, Object container, Class<?> typeToCreate)
          Determine whether a user has permission to create an entity of a particular type within a given container.
 boolean hasCreatePermission(com.atlassian.user.User user, Object container, Object objectToCreate)
          Determine whether a user has permission to create a particular entity within a given container.
 boolean hasPermission(com.atlassian.user.User user, Permission permission, Class targetType)
          Determine whether a user has a particular permission for all instances of the specified target type.
 boolean hasPermission(com.atlassian.user.User user, Permission permission, Object target)
          Determine whether a user has a particular permission against a given target.
 boolean hasPermissionNoExemptions(com.atlassian.user.User user, Permission permission, Object target)
          Returns true if the user has the specified permission on the target object.
 boolean isConfluenceAdministrator(com.atlassian.user.User user)
          Determine if the user is a Confluence administrator.
 boolean isSystemAdministrator(com.atlassian.user.User user)
          Determine if the user is a system administrator.
 void withExemption(Runnable runnable)
          Execute the given task with permission exemption.
 

Field Detail

TARGET_APPLICATION

static final Object TARGET_APPLICATION
A target that encompasses most administrative functions minus the ones covered by TARGET_SYSTEM.


TARGET_SYSTEM

static final Object TARGET_SYSTEM
A target that encompasses functions that have system impact and can compromise system security.


TARGET_PEOPLE_DIRECTORY

static final Object TARGET_PEOPLE_DIRECTORY
A target the represents the People Directory function of Confluence.

Method Detail

hasPermission

boolean hasPermission(com.atlassian.user.User user,
                      Permission permission,
                      Object target)
Determine whether a user has a particular permission against a given target.

Parameters:
user - the user seeking permission, or null if the anonymous user is being checked against
permission - the permission to check
target - the object that the permission is being checked against. If this object is null, the method will return false
Returns:
true if the user has this permission, false otherwise
Throws:
IllegalStateException - if the permission being checked against does not apply to the target

hasPermission

boolean hasPermission(com.atlassian.user.User user,
                      Permission permission,
                      Class targetType)
Determine whether a user has a particular permission for all instances of the specified target type.

Parameters:
user - the user
permission - the permission to check (see Permission
targetType - the type of the target
Returns:
true if the user has this permission, false otherwise.

hasPermissionNoExemptions

boolean hasPermissionNoExemptions(com.atlassian.user.User user,
                                  Permission permission,
                                  Object target)
Returns true if the user has the specified permission on the target object. This method does not allow exemptions for super-users like hasPermission(User, Permission, Object) does.

For parameter and return value information, see hasPermission(User, Permission, Object).


hasCreatePermission

boolean hasCreatePermission(com.atlassian.user.User user,
                            Object container,
                            Class<?> typeToCreate)
Determine whether a user has permission to create an entity of a particular type within a given container.

The container is the natural container of the object being created. For example, a comment is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

This overload should not be used when creating CustomContentEntityObject instances. In that case, permission checks should use hasCreatePermission(com.atlassian.user.User, Object, Object).

Parameters:
user - the user seeking permission, or null if the anonymous user is being checked against
container - the target that the object is being created within. If this object is null, the method will return false
typeToCreate - the type of object being created (see above)
Returns:
true if the user has permission, false otherwise
Throws:
IllegalStateException - if the permission being checked against does not apply to the target
See Also:
ContentEntityObject.getType()

hasCreatePermission

boolean hasCreatePermission(com.atlassian.user.User user,
                            Object container,
                            Object objectToCreate)
Determine whether a user has permission to create a particular entity within a given container.

The container is the natural container of the object being created. For example, a comment is contained in a page, which is contained within a space. A space is contained within TARGET_APPLICATION.

This overload is best when creating CustomContentEntityObject instances. Other permission checks should use hasCreatePermission(com.atlassian.user.User, Object, Class).

Parameters:
user - the user seeking permission, or null if the anonymous user is being checked against
container - the target that the object is being created within. If this object is null, the method will return false
objectToCreate - the object being created (see above)
Returns:
true if the user has permission, false otherwise
Throws:
IllegalStateException - if the permission being checked against does not apply to the target
Since:
5.6

getPermittedEntities

<X> List<X> getPermittedEntities(com.atlassian.user.User user,
                                 Permission permission,
                                 List<? extends X> objects)
Filter a list based on which entities in the list have a particular permission.

Parameters:
user - the user seeking permission, or null if the anonymous user is being checked against
permission - the permission to check against the objects
objects - the objects to check
Returns:
a new list of those members of the objects list that satisfy the given permission for the user

getPermittedEntities

<X> List<X> getPermittedEntities(com.atlassian.user.User user,
                                 Permission permission,
                                 Iterator<? extends X> objects,
                                 int maxResults)
Filter an iterator based on which entities in the list have a particular permission.

Parameters:
user - the user seeking permission, or null if the anonymous user is being checked against
permission - the permission to check against the objects
objects - the objects to check
maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
Returns:
a new list of those members of the objects list that satisfy the given permission for the user

getPermittedEntities

<X> List<X> getPermittedEntities(com.atlassian.user.User user,
                                 Permission permission,
                                 Iterator<X> objects,
                                 int maxResults,
                                 Collection<? extends PermissionManager.Criterion> otherCriteria)
Filter an iterator based on which entities in the list have a particular permission. You may also supply additional criteria through which to filter the iterator.

Parameters:
user - the user seeking permission, or null if the anonymous user is being checked against
permission - the permission to check against the objects
objects - the objects to check
maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
otherCriteria - a collection of PermissionManager.Criterion objects through which the permitted entities must also be filtered
Returns:
a new list of those members of the objects list that satisfy the given permission for the user

getPermittedEntitiesNoExemptions

<X> List<X> getPermittedEntitiesNoExemptions(com.atlassian.user.User user,
                                             Permission permission,
                                             List<? extends X> objects)
Filter a list based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, List) does.

Parameters:
user - the user seeking permission, or null if the anonymous user is being checked against
permission - the permission to check against the objects
objects - the objects to check
Returns:
a new list of those members of the objects list that satisfy the given permission for the user
Since:
5.5

getPermittedEntitiesNoExemptions

<X> List<X> getPermittedEntitiesNoExemptions(com.atlassian.user.User user,
                                             Permission permission,
                                             Iterator<? extends X> objects,
                                             int maxResults)
Filter an iterator based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, Iterator, int) does.

Parameters:
user - the user seeking permission, or null if the anonymous user is being checked against
permission - the permission to check against the objects
objects - the objects to check
maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
Returns:
a new list of those members of the objects list that satisfy the given permission for the user
Since:
5.5

getPermittedEntitiesNoExemptions

<X> List<X> getPermittedEntitiesNoExemptions(com.atlassian.user.User user,
                                             Permission permission,
                                             Iterator<X> objects,
                                             int maxResults,
                                             Collection<? extends PermissionManager.Criterion> otherCriteria)
Filter an iterator based on which entities in the list have a particular permission. This method does not allow exemptions for super-users like getPermittedEntities(User, Permission, Iterator, int, Collection) does. You may also supply additional criteria through which to filter the iterator.

Parameters:
user - the user seeking permission, or null if the anonymous user is being checked against
permission - the permission to check against the objects
objects - the objects to check
maxResults - the maximum number of permitted entities to retrieve from the iterator (un-permitted entities are not counted)
otherCriteria - a collection of PermissionManager.Criterion objects through which the permitted entities must also be filtered
Returns:
a new list of those members of the objects list that satisfy the given permission for the user
Since:
5.5

isConfluenceAdministrator

boolean isConfluenceAdministrator(com.atlassian.user.User user)
Determine if the user is a Confluence administrator. Calling this method is identical to calling hasPermission(user, Permission.ADMINISTER, PermissionManager.TARGET_APPLICATION).

Parameters:
user - the user to check permissions against
Returns:
true if the user is a Confluence administrator, false otherwise

isSystemAdministrator

boolean isSystemAdministrator(com.atlassian.user.User user)
Determine if the user is a system administrator. Calling this method is identical to calling hasPermission(user, Permission.ADMINISTER, PermissionManager.TARGET_SYSTEM).

Parameters:
user - the user to check permissions against
Returns:
true if the user is a system administrator, false otherwise
Since:
5.5

withExemption

void withExemption(Runnable runnable)
Execute the given task with permission exemption.

Calls to hasPermission(com.atlassian.user.User, Permission, Object) and hasCreatePermission(com.atlassian.user.User, Object, Class) within the executed task will return true. Other permission checks are not affected.

Use with care.

Parameters:
runnable - task to execute with permission exemption


Copyright © 2003–2015 Atlassian. All rights reserved.