Class UserPermissionAdminServiceImpl
java.lang.Object
com.atlassian.crowd.manager.permission.UserPermissionAdminServiceImpl
- All Implemented Interfaces:
UserPermissionAdminService
@Transactional
public class UserPermissionAdminServiceImpl
extends Object
implements UserPermissionAdminService
All methods on this class require at least ADMIN permissions. This is handled by
AdminRequiredInterceptor via
applicationContext-CrowdServer.xml. For this reason we are not doing any permission checks inside this method,
except for ensuring that ADMINs cannot revoke or downgrade the permissions of SYSADMINs.-
Constructor Summary
ConstructorsConstructorDescriptionUserPermissionAdminServiceImpl(InternalUserPermissionDAO permissionDAO, UserPermissionService permissionService, AuthenticatedUserProvider userProvider, DirectoryManager directoryManager, InternalApplicationHelper applicationHelper) -
Method Summary
Modifier and TypeMethodDescriptionfindGroups(int start, int limit) List all groups that the Crowd console application can see.findGroupsByPrefix(String prefix, int start, int limit) List all groups that the Crowd console application can see, filtered by prefix.findGroupsWithPermission(int start, int limit) Find all groups with an explicit permission Note: there are no authentication checks in this methodfindGroupsWithPermissionByPrefix(String prefix, int start, int limit) Find all groups with an explicit permission Note: there are no authentication checks in this methodvoidRemove all permissions from the given group.voidsetPermissionForGroups(List<? extends DirectoryGroup> directoryGroups, UserPermission permission) Set the granted permissions for each directoryGroup to permission.
-
Constructor Details
-
UserPermissionAdminServiceImpl
public UserPermissionAdminServiceImpl(InternalUserPermissionDAO permissionDAO, UserPermissionService permissionService, AuthenticatedUserProvider userProvider, DirectoryManager directoryManager, InternalApplicationHelper applicationHelper)
-
-
Method Details
-
findGroups
Description copied from interface:UserPermissionAdminServiceList all groups that the Crowd console application can see. Groups will be sorted by (directory name, group name) in dictionary order.- Specified by:
findGroupsin interfaceUserPermissionAdminService- Parameters:
start- index to start page atlimit- max number of results to return or 0 for no limit
-
findGroupsByPrefix
Description copied from interface:UserPermissionAdminServiceList all groups that the Crowd console application can see, filtered by prefix. Groups will be sorted by (directory name, group name) in dictionary order.- Specified by:
findGroupsByPrefixin interfaceUserPermissionAdminService- Parameters:
start- index to start page atlimit- max number of results to return or 0 for no limit
-
revokePermissionsForGroup
public void revokePermissionsForGroup(DirectoryGroup group) throws DirectoryNotFoundException, OperationFailedException, ApplicationNotFoundException, UserPermissionDowngradeException Description copied from interface:UserPermissionAdminServiceRemove all permissions from the given group.- Specified by:
revokePermissionsForGroupin interfaceUserPermissionAdminService- Parameters:
group- group to remove permissions from- Throws:
UserPermissionDowngradeException- if the user can not remove a permission because doing so would downgrade their own permissionsDirectoryNotFoundExceptionOperationFailedExceptionApplicationNotFoundException
-
setPermissionForGroups
public void setPermissionForGroups(List<? extends DirectoryGroup> directoryGroups, UserPermission permission) throws DirectoryNotFoundException, OperationFailedException, ApplicationNotFoundException, UserPermissionException, UserPermissionDowngradeException Description copied from interface:UserPermissionAdminServiceSet the granted permissions for each directoryGroup to permission. All other permissions will be revoked. Groups must be in directories that are mapped to the "crowd" application- Specified by:
setPermissionForGroupsin interfaceUserPermissionAdminService- Parameters:
directoryGroups- list of groups to set permissions onpermission- permission to set to- Throws:
UserPermissionDowngradeException- if the user can not remove a permission because doing so would downgrade their own permissionsDirectoryNotFoundExceptionOperationFailedExceptionApplicationNotFoundExceptionUserPermissionException
-
findGroupsWithPermission
public Page<PermittedGroup> findGroupsWithPermission(int start, int limit) throws UserPermissionException Description copied from interface:UserPermissionAdminServiceFind all groups with an explicit permission Note: there are no authentication checks in this method- Specified by:
findGroupsWithPermissionin interfaceUserPermissionAdminService- Parameters:
start- index to start page atlimit- max number of results to return or 0 for no limit- Returns:
- the highest permission for each group with an explicit permission. If a group has ADMIN and SYS_ADMIN, only return SYS_ADMIN
- Throws:
UserPermissionException
-
findGroupsWithPermissionByPrefix
public Page<PermittedGroup> findGroupsWithPermissionByPrefix(@Nonnull String prefix, int start, int limit) throws UserPermissionException Description copied from interface:UserPermissionAdminServiceFind all groups with an explicit permission Note: there are no authentication checks in this method- Specified by:
findGroupsWithPermissionByPrefixin interfaceUserPermissionAdminService- Parameters:
prefix- filter group names by name prefixstart- index to start page atlimit- max number of results to return or 0 for no limit- Returns:
- the highest permission for each group with an explicit permission. If a group has ADMIN and SYS_ADMIN, only return SYS_ADMIN
- Throws:
UserPermissionException
-