Package com.atlassian.jira.security

Class DefaultPermissionManager

java.lang.Object
com.atlassian.jira.security.DefaultPermissionManager
All Implemented Interfaces:
PermissionManager
Direct Known Subclasses:
MockPermissionManager, WorkflowBasedPermissionManager
public class DefaultPermissionManager extends Object implements PermissionManager
An abstract PermissionManager that implements a lot of the common functionality to all PermissionManagers.

  • Constructor Details

  • Method Details

    • getAllProjectPermissions

      public Collection<ProjectPermission> getAllProjectPermissions()
      Specified by:
      getAllProjectPermissions in interface PermissionManager
      Returns:
      all project permissions.

    • getProjectPermissions

      public Collection<ProjectPermission> getProjectPermissions(@Nonnull ProjectPermissionCategory category)
      Specified by:
      getProjectPermissions in interface PermissionManager
      Parameters:
      category - project permission category.
      Returns:
      all project permissions of the specified category.

    • getProjectPermission

      public io.atlassian.fugue.Option<ProjectPermission> getProjectPermission(@Nonnull ProjectPermissionKey permissionKey)
      Description copied from interface: PermissionManager
      Returns a project permission matching the specified key.
      Specified by:
      getProjectPermission in interface PermissionManager
      Parameters:
      permissionKey - A project permission key.
      Returns:
      a project permission for the given permission key. Option.none() if there is no permission with this key.

    • hasPermission

      public boolean hasPermission(int permissionsId, ApplicationUser user)
      Description copied from interface: PermissionManager
      Checks to see if this user has the specified permission. It will check only global permissions as there are no other permissions to check.
      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      permissionsId - permission id
      user - user, can be null - anonymous user
      Returns:
      true if user is granted given permission, false otherwise
      See Also:

    • hasPermission

      public boolean hasPermission(@Nonnull ProjectPermissionKey permissionKey, @Nonnull Issue issue, @Nullable ApplicationUser user)
      Description copied from interface: PermissionManager
      Checks to see if this user has permission to see the specified issue.

      Note that if the issue's generic value is null, it is assumed that the issue is currently being created, and so the permission check call is deferred to the issue's project object, with the issueCreation flag set to true. See JRA-14788 for more info.

      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      permissionKey - Not a global permission key
      issue - The Issue (cannot be null)
      user - User object, possibly null if JIRA is accessed anonymously
      Returns:
      True if there are sufficient rights to access the entity supplied

    • hasPermission

      public boolean hasPermission(@Nonnull ProjectPermissionKey permissionKey, @Nonnull Issue issue, @Nullable ApplicationUser user, @Nullable com.opensymphony.workflow.loader.ActionDescriptor actionDescriptor)
      Description copied from interface: PermissionManager
      Checks to see if this user has the given permission to the specified issue after the given workflow transition takes effect.
      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      permissionKey - The project permission key.
      issue - The Issue (cannot be null)
      user - User object, possibly null if JIRA is accessed anonymously
      actionDescriptor - Represents the current workflow transition
      Returns:
      True if there are sufficient rights to access the entity supplied

    • hasPermission

      public boolean hasPermission(@Nonnull ProjectPermissionKey permissionKey, @Nonnull Issue issue, @Nullable ApplicationUser user, @Nonnull Status status)
      Description copied from interface: PermissionManager
      Checks to see if this user has the given permission to the specified issue if the issue was in the given status.

      This method is useful during a workflow transition to check what the permissions will be in the new status, or (after the status is updated in the Issue object) to check what the permission would have been in the old status.

      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      permissionKey - The project permission key.
      issue - The Issue (cannot be null)
      user - User object, possibly null if JIRA is accessed anonymously
      status - Represents the state we are checking permissions against
      Returns:
      True if there are sufficient rights to access the entity supplied

    • hasPermission

      public boolean hasPermission(int permissionsId, Issue issue, ApplicationUser user)
      Description copied from interface: PermissionManager
      Checks to see if this user has permission to see the specified issue.

      Note that if the issue's generic value is null, it is assumed that the issue is currently being created, and so the permission check call is deferred to the issue's project object, with the issueCreation flag set to true. See JRA-14788 for more info.

      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      permissionsId - Not a global permission
      issue - The Issue (cannot be null)
      user - User object, possibly null if JIRA is accessed anonymously
      Returns:
      True if there are sufficient rights to access the entity supplied

    • hasPermission

      public boolean hasPermission(@Nonnull ProjectPermissionKey permissionKey, @Nonnull Project project, @Nullable ApplicationUser user)
      Description copied from interface: PermissionManager
      Checks whether the specified user has a specified permission within the context of a specified project.
      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      permissionKey - A non-global permission, i.e. a permission that is granted via a project context
      project - The project that is the context of the permission check.
      user - The person to perform the permission check for
      Returns:
      true if the user has the specified permission in the context of the supplied project
      See Also:

    • hasPermission

      public boolean hasPermission(int permissionsId, Project project, ApplicationUser user)
      Description copied from interface: PermissionManager
      Checks whether the specified user has a specified permission within the context of a specified project.
      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      permissionsId - A non-global permission, i.e. a permission that is granted via a project context
      project - The project that is the context of the permission check.
      user - The person to perform the permission check for
      Returns:
      true if the user has the specified permission in the context of the supplied project

    • hasProjectWidePermission

      @Nonnull public ProjectWidePermission hasProjectWidePermission(@Nonnull ProjectPermissionKey permissionKey, @Nonnull Project project, @Nullable ApplicationUser user)
      Description copied from interface: PermissionManager
      Checks whether a user has a particular permission in the given project.

      This method returns a tri-state enum in order to convey information about permissions that are granted on a per-issue basis.

      • ALL_ISSUES : this user has the given permission for all issues in this project
      • NO_ISSUES : this user definitely does not have the given permission for any issues in this project
      • ISSUE_SPECIFIC : the user may have this permission on some issues, but not others
      Note that even if this method returns ISSUE_SPECIFIC, it may be that there are no issues for which the user has the permission granted.

      Specified by:
      hasProjectWidePermission in interface PermissionManager
      Parameters:
      permissionKey - A project permission
      project - The project that is the context of the permission check.
      user - The person to perform the permission check for (null means anonymous)
      Returns:
      ALL_ISSUES, NO_ISSUES, or ISSUE_SPECIFIC
      See Also:

    • hasPermission

      public boolean hasPermission(int permissionsId, Project project, ApplicationUser user, boolean issueCreation)
      Description copied from interface: PermissionManager
      Checks whether the specified user has a specified permission within the context of a specified project.
      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      permissionsId - A non-global permission, i.e. a permission that is granted via a project context
      project - The project that is the context of the permission check.
      user - The person to perform the permission check for
      issueCreation - Whether this permission is being checked during issue creation
      Returns:
      true if the user has the specified permission in the context of the supplied project

    • hasPermission

      public boolean hasPermission(@Nonnull ProjectPermissionKey permissionKey, @Nonnull Project project, @Nullable ApplicationUser user, boolean issueCreation)
      Description copied from interface: PermissionManager
      Checks whether the specified user has a specified permission within the context of a specified project.
      Specified by:
      hasPermission in interface PermissionManager
      Parameters:
      permissionKey - A non-global permission, i.e. a permission that is granted via a project context
      project - The project that is the context of the permission check.
      user - The person to perform the permission check for
      issueCreation - Whether this permission is being checked during issue creation
      Returns:
      true if the user has the specified permission in the context of the supplied project

    • serviceAccountCanAccessProject

      public static boolean serviceAccountCanAccessProject(ProjectPermissionKey permissionKey, Project project, ServiceAccountApplicationUser user)

    • serviceAccountCanAccessProject

      public static boolean serviceAccountCanAccessProject(ProjectPermissionKey permissionKey, Issue issue, ServiceAccountApplicationUser user)

    • removeGroupPermissions

      public void removeGroupPermissions(String group) throws RemoveException
      Remove all permissions that have used this group
      Specified by:
      removeGroupPermissions in interface PermissionManager
      Parameters:
      group - The name of the group that needs to be removed, must NOT be null and must be a real group
      Throws:
      RemoveException - if permission removal fails

    • removeUserPermissions

      public void removeUserPermissions(ApplicationUser user) throws RemoveException
      Description copied from interface: PermissionManager
      Remove all permissions that have been assigned to this user
      Specified by:
      removeUserPermissions in interface PermissionManager
      Parameters:
      user - the user whose permissions are to be removed
      Throws:
      RemoveException

    • hasProjects

      public boolean hasProjects(int permissionId, ApplicationUser user)
      Description copied from interface: PermissionManager
      Can this user see at least one project with this permission
      Specified by:
      hasProjects in interface PermissionManager
      Parameters:
      permissionId - must NOT be a global permission
      user - user being checked
      Returns:
      true the given user can see at least one project with the given permission, false otherwise

    • hasProjects

      public boolean hasProjects(@Nonnull ProjectPermissionKey permissionKey, @Nullable ApplicationUser user)
      Description copied from interface: PermissionManager
      Can this user see at least one project with this permission
      Specified by:
      hasProjects in interface PermissionManager
      Parameters:
      permissionKey - must NOT be a global permission
      user - user being checked
      Returns:
      true the given user can see at least one project with the given permission, false otherwise

    • getProjects

      public Collection<Project> getProjects(@Nonnull ProjectPermissionKey permissionKey, ApplicationUser user)
      Description copied from interface: PermissionManager
      Retrieve a list of project objects this user has the permission for
      Specified by:
      getProjects in interface PermissionManager
      Parameters:
      permissionKey - must NOT be a global permission
      user - user
      Returns:
      a collection of Project objects

    • getProjectObjects

      protected Collection<Project> getProjectObjects(ProjectPermissionKey permissionKey, ApplicationUser user)

    • getProjects

      public Collection<Project> getProjects(int permissionId, ApplicationUser user, ProjectCategory projectCategory)

    • getProjects

      public Collection<Project> getProjects(@Nonnull ProjectPermissionKey permissionKey, @Nullable ApplicationUser user, @Nullable ProjectCategory projectCategory)
      Description copied from interface: PermissionManager
      Returns the list of projects associated with the specified category, that this user has the permissions for.
      Specified by:
      getProjects in interface PermissionManager
      Parameters:
      permissionKey - permission key
      user - user
      projectCategory - the ProjectCategory - null means find projects with no category.
      Returns:
      the list of projects associated with the specified category, that this user has the permissions for.

    • getArchivedProjects

      public Collection<Project> getArchivedProjects(@Nonnull ProjectPermissionKey permissionKey, ApplicationUser user)
      Description copied from interface: PermissionManager
      Retrieve a list of archived project objects this user has the permission for
      Specified by:
      getArchivedProjects in interface PermissionManager
      Parameters:
      permissionKey - must NOT be a global permission
      user - user
      Returns:
      a collection of Project objects

    • getArchivedProjectObjects

      protected Collection<Project> getArchivedProjectObjects(ProjectPermissionKey permissionKey, ApplicationUser user)

    • flushCache

      public void flushCache()
      Description copied from interface: PermissionManager
      Flushes any cached project permissions for all users.
      Specified by:
      flushCache in interface PermissionManager

    • isGlobalPermission

      protected boolean isGlobalPermission(int permissionId)

    • getAllGroups

      public Collection<com.atlassian.crowd.embedded.api.Group> getAllGroups(int permissionId, Project project)
      Description copied from interface: PermissionManager
      Retrieve all groups that are used in the permission globally and in the project.
      Specified by:
      getAllGroups in interface PermissionManager
      Parameters:
      permissionId - permission id
      project - project from which to retrieve groups
      Returns:
      a collection of Groups