Class GlobalPermissionGroupAssociationUtil

java.lang.Object
com.atlassian.jira.util.GlobalPermissionGroupAssociationUtil

public class GlobalPermissionGroupAssociationUtil extends Object
This is a utility class to find out information about Permissions.ADMINISTER and Permissions.SYSTEM_ADMIN global permission information. You can use this class to find out if you are removing all the groups that grant a provided user the permission. You can also use this to find out the groups that the provided user is a member of and which is associated with the global permission.
Since:
3.12
  • Field Details

    • GROUP_TO_GROUPNAME

      public static final org.apache.commons.collections.Transformer GROUP_TO_GROUPNAME
      Transforms a Group to its name as a String.
  • Constructor Details

  • Method Details

    • isRemovingAllMySysAdminGroups

      public boolean isRemovingAllMySysAdminGroups(Collection<String> groupsToLeave, ApplicationUser user)
      Return true if the user is trying to remove all the groups that grant them the system administration permission.
      Parameters:
      groupsToLeave - a Collection of String, group names, that the user is trying to unassociate/remove.
      user - performing this operation.
      Returns:
      true if removing all groups that grant the privlage, false otherwise.
    • getSysAdminMemberGroups

      public Collection<String> getSysAdminMemberGroups(ApplicationUser user)
      Returns All the groupNames that have global "System Administration" permission that this user is a member of.
      Parameters:
      user - the user performing this operation.
      Returns:
      a Collection of String group names that the global System Admin permission is associated with and which the user is in.
    • isRemovingAllMyAdminGroups

      public boolean isRemovingAllMyAdminGroups(Collection<String> groupsToLeave, ApplicationUser user)
      Return true if the user is trying to remove all the groups that grant them the administration permission.
      Parameters:
      groupsToLeave - a Collection of String, group names, that the user is trying to unassociate/remove.
      user - performing this operation.
      Returns:
      true if removing all groups that grant the privlage, false otherwise.
    • getAdminMemberGroups

      public Collection<String> getAdminMemberGroups(ApplicationUser user)
      Returns All the groupNames that have global "Administration" permission that this user is a member of.
      Parameters:
      user - performing this operation.
      Returns:
      a Collection of String group names that the global Admin permission is associated with and which the user is in.
    • isUserAbleToDeleteGroup

      public boolean isUserAbleToDeleteGroup(ApplicationUser user, String groupName)
      Determines, based on the users permissions, if the group can be deleted.
      Parameters:
      user - performing this operation.
      groupName - the group to delete
      Returns:
      true if the user is has the Permissions.SYSTEM_ADMIN permission or if the group is not associated with the Permissions.SYSTEM_ADMIN permission.
    • getGroupNamesModifiableByCurrentUser

      public List<String> getGroupNamesModifiableByCurrentUser(ApplicationUser currentUser, Collection<String> groupNames)
      Determines which groups will be visible to the current user. If the user is a Permissions.SYSTEM_ADMIN then they can see all the groups, otherwise they will not be able to see the group names associated with the Permissions.SYSTEM_ADMIN permission.
      Parameters:
      currentUser - performing the operation
      groupNames - the full set of possible group names the user might see
      Returns:
      the groupNames list if they user has Permissions.SYSTEM_ADMIN rights, otherwise a collection that does not contain the SYS_ADMIN group names.
    • getGroupsModifiableByCurrentUser

      public List<com.atlassian.crowd.embedded.api.Group> getGroupsModifiableByCurrentUser(ApplicationUser currentUser, List<com.atlassian.crowd.embedded.api.Group> groups)
      Determines which groups will be visible to the current user. If the user is a Permissions.SYSTEM_ADMIN then they can see all the groups, otherwise they will not be able to see the groups associated with the Permissions.SYSTEM_ADMIN permission.
      Parameters:
      currentUser - performing the operation
      groups - the full set of possible groups the user might see
      Returns:
      the groups list if they user has Permissions.SYSTEM_ADMIN rights, otherwise a collection that does not contain the SYS_ADMIN groups.
    • getNonAdminGroups

      public List<com.atlassian.crowd.embedded.api.Group> getNonAdminGroups(List<com.atlassian.crowd.embedded.api.Group> groups)
      Get all groups which have neither Permissions.SYSTEM_ADMIN or Permissions.ADMINISTER
      Parameters:
      groups - the full set of possible groups the user might see
      Returns:
      the groups list if they user has Permissions.SYSTEM_ADMIN rights, otherwise a collection that does not contain the SYS_ADMIN groups.