Package com.atlassian.jira.util
Class GlobalPermissionGroupAssociationUtil
java.lang.Object
com.atlassian.jira.util.GlobalPermissionGroupAssociationUtil
This is a utility class to find out information about
Permissions.ADMINISTER
and
Permissions.SYSTEM_ADMIN
global permission information. You can use this class to find out
if you are removing all the groups that grant a provided user the permission. You can also use
this to find out the groups that the provided user is a member of and which is associated with
the global permission.- Since:
- 3.12
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final org.apache.commons.collections.Transformer
Transforms aGroup
to its name as a String. -
Constructor Summary
ConstructorsConstructorDescriptionGlobalPermissionGroupAssociationUtil
(GlobalPermissionManager globalPermissionManager, GroupManager groupManager) -
Method Summary
Modifier and TypeMethodDescriptionReturns All the groupNames that have global "Administration" permission that this user is a member of.getGroupNamesModifiableByCurrentUser
(ApplicationUser currentUser, Collection<String> groupNames) Determines which groups will be visible to the current user.List<com.atlassian.crowd.embedded.api.Group>
getGroupsModifiableByCurrentUser
(ApplicationUser currentUser, List<com.atlassian.crowd.embedded.api.Group> groups) Determines which groups will be visible to the current user.List<com.atlassian.crowd.embedded.api.Group>
getNonAdminGroups
(List<com.atlassian.crowd.embedded.api.Group> groups) Get all groups which have neitherPermissions.SYSTEM_ADMIN
orPermissions.ADMINISTER
Returns All the groupNames that have global "System Administration" permission that this user is a member of.boolean
isRemovingAllMyAdminGroups
(Collection<String> groupsToLeave, ApplicationUser user) Return true if the user is trying to remove all the groups that grant them the administration permission.boolean
isRemovingAllMySysAdminGroups
(Collection<String> groupsToLeave, ApplicationUser user) Return true if the user is trying to remove all the groups that grant them the system administration permission.boolean
isUserAbleToDeleteGroup
(ApplicationUser user, String groupName) Determines, based on the users permissions, if the group can be deleted.
-
Field Details
-
GROUP_TO_GROUPNAME
public static final org.apache.commons.collections.Transformer GROUP_TO_GROUPNAMETransforms aGroup
to its name as a String.
-
-
Constructor Details
-
GlobalPermissionGroupAssociationUtil
public GlobalPermissionGroupAssociationUtil(GlobalPermissionManager globalPermissionManager, GroupManager groupManager)
-
-
Method Details
-
isRemovingAllMySysAdminGroups
public boolean isRemovingAllMySysAdminGroups(Collection<String> groupsToLeave, ApplicationUser user) Return true if the user is trying to remove all the groups that grant them the system administration permission.- Parameters:
groupsToLeave
- a Collection ofString
, group names, that the user is trying to unassociate/remove.user
- performing this operation.- Returns:
- true if removing all groups that grant the privlage, false otherwise.
-
getSysAdminMemberGroups
Returns All the groupNames that have global "System Administration" permission that this user is a member of.- Parameters:
user
- the user performing this operation.- Returns:
- a Collection of
String
group names that the global System Admin permission is associated with and which the user is in.
-
isRemovingAllMyAdminGroups
Return true if the user is trying to remove all the groups that grant them the administration permission.- Parameters:
groupsToLeave
- a Collection ofString
, group names, that the user is trying to unassociate/remove.user
- performing this operation.- Returns:
- true if removing all groups that grant the privlage, false otherwise.
-
getAdminMemberGroups
Returns All the groupNames that have global "Administration" permission that this user is a member of.- Parameters:
user
- performing this operation.- Returns:
- a Collection of
String
group names that the global Admin permission is associated with and which the user is in.
-
isUserAbleToDeleteGroup
Determines, based on the users permissions, if the group can be deleted.- Parameters:
user
- performing this operation.groupName
- the group to delete- Returns:
- true if the user is has the
Permissions.SYSTEM_ADMIN
permission or if the group is not associated with thePermissions.SYSTEM_ADMIN
permission.
-
getGroupNamesModifiableByCurrentUser
public List<String> getGroupNamesModifiableByCurrentUser(ApplicationUser currentUser, Collection<String> groupNames) Determines which groups will be visible to the current user. If the user is aPermissions.SYSTEM_ADMIN
then they can see all the groups, otherwise they will not be able to see the group names associated with thePermissions.SYSTEM_ADMIN
permission.- Parameters:
currentUser
- performing the operationgroupNames
- the full set of possible group names the user might see- Returns:
- the groupNames list if they user has
Permissions.SYSTEM_ADMIN
rights, otherwise a collection that does not contain the SYS_ADMIN group names.
-
getGroupsModifiableByCurrentUser
public List<com.atlassian.crowd.embedded.api.Group> getGroupsModifiableByCurrentUser(ApplicationUser currentUser, List<com.atlassian.crowd.embedded.api.Group> groups) Determines which groups will be visible to the current user. If the user is aPermissions.SYSTEM_ADMIN
then they can see all the groups, otherwise they will not be able to see the groups associated with thePermissions.SYSTEM_ADMIN
permission.- Parameters:
currentUser
- performing the operationgroups
- the full set of possible groups the user might see- Returns:
- the
groups
list if they user hasPermissions.SYSTEM_ADMIN
rights, otherwise a collection that does not contain the SYS_ADMIN groups.
-
getNonAdminGroups
public List<com.atlassian.crowd.embedded.api.Group> getNonAdminGroups(List<com.atlassian.crowd.embedded.api.Group> groups) Get all groups which have neitherPermissions.SYSTEM_ADMIN
orPermissions.ADMINISTER
- Parameters:
groups
- the full set of possible groups the user might see- Returns:
- the
groups
list if they user hasPermissions.SYSTEM_ADMIN
rights, otherwise a collection that does not contain the SYS_ADMIN groups.
-