com.atlassian.jira.util
Class GlobalPermissionGroupAssociationUtil

java.lang.Object
  extended by com.atlassian.jira.util.GlobalPermissionGroupAssociationUtil

public class GlobalPermissionGroupAssociationUtil
extends Object

This is a utility class to find out information about Permissions.ADMINISTER and Permissions.SYSTEM_ADMIN global permission information. You can use this class to find out if you are removing all the groups that grant a provided user the permission. You can also use this to find out the groups that the provided user is a member of and which is associated with the global permission.

Since:
3.12

Field Summary
static org.apache.commons.collections.Transformer GROUP_TO_GROUPNAME
          Transforms a Group to its name as a String.
 
Constructor Summary
GlobalPermissionGroupAssociationUtil(GlobalPermissionManager globalPermissionManager, GroupManager groupManager)
           
 
Method Summary
 Collection<String> getAdminMemberGroups(ApplicationUser user)
          Returns All the groupNames that have global "Administration" permission that this user is a member of.
 List<String> getGroupNamesModifiableByCurrentUser(com.atlassian.crowd.embedded.api.User currentUser, Collection<String> groupNames)
          Determines which groups will be visible to the current user.
 List<com.atlassian.crowd.embedded.api.Group> getGroupsModifiableByCurrentUser(com.atlassian.crowd.embedded.api.User currentUser, List<com.atlassian.crowd.embedded.api.Group> groups)
          Determines which groups will be visible to the current user.
 List<com.atlassian.crowd.embedded.api.Group> getNonAdminGroups(List<com.atlassian.crowd.embedded.api.Group> groups)
          Get all groups which have neither Permissions.SYSTEM_ADMIN or Permissions.ADMINISTER
 Collection<String> getSysAdminMemberGroups(ApplicationUser user)
          Returns All the groupNames that have global "System Administration" permission that this user is a member of.
 boolean isRemovingAllMyAdminGroups(Collection<String> groupsToLeave, ApplicationUser user)
          Return true if the user is trying to remove all the groups that grant them the administration permission.
 boolean isRemovingAllMySysAdminGroups(Collection<String> groupsToLeave, ApplicationUser user)
          Return true if the user is trying to remove all the groups that grant them the system administration permission.
 boolean isUserAbleToDeleteGroup(com.atlassian.crowd.embedded.api.User user, String groupName)
          Determines, based on the users permissions, if the group can be deleted.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

GROUP_TO_GROUPNAME

public static final org.apache.commons.collections.Transformer GROUP_TO_GROUPNAME
Transforms a Group to its name as a String.

Constructor Detail

GlobalPermissionGroupAssociationUtil

public GlobalPermissionGroupAssociationUtil(GlobalPermissionManager globalPermissionManager,
                                            GroupManager groupManager)
Method Detail

isRemovingAllMySysAdminGroups

public boolean isRemovingAllMySysAdminGroups(Collection<String> groupsToLeave,
                                             ApplicationUser user)
Return true if the user is trying to remove all the groups that grant them the system administration permission.

Parameters:
groupsToLeave - a Collection of String, group names, that the user is trying to unassociate/remove.
user - performing this operation.
Returns:
true if removing all groups that grant the privlage, false otherwise.

getSysAdminMemberGroups

public Collection<String> getSysAdminMemberGroups(ApplicationUser user)
Returns All the groupNames that have global "System Administration" permission that this user is a member of.

Parameters:
user - the user performing this operation.
Returns:
a Collection of String group names that the global System Admin permission is associated with and which the user is in.

isRemovingAllMyAdminGroups

public boolean isRemovingAllMyAdminGroups(Collection<String> groupsToLeave,
                                          ApplicationUser user)
Return true if the user is trying to remove all the groups that grant them the administration permission.

Parameters:
groupsToLeave - a Collection of String, group names, that the user is trying to unassociate/remove.
user - performing this operation.
Returns:
true if removing all groups that grant the privlage, false otherwise.

getAdminMemberGroups

public Collection<String> getAdminMemberGroups(ApplicationUser user)
Returns All the groupNames that have global "Administration" permission that this user is a member of.

Parameters:
user - performing this operation.
Returns:
a Collection of String group names that the global Admin permission is associated with and which the user is in.

isUserAbleToDeleteGroup

public boolean isUserAbleToDeleteGroup(com.atlassian.crowd.embedded.api.User user,
                                       String groupName)
Determines, based on the users permissions, if the group can be deleted.

Parameters:
user - performing this operation.
groupName - the group to delete
Returns:
true if the user is has the Permissions.SYSTEM_ADMIN permission or if the group is not associated with the Permissions.SYSTEM_ADMIN permission.

getGroupNamesModifiableByCurrentUser

public List<String> getGroupNamesModifiableByCurrentUser(com.atlassian.crowd.embedded.api.User currentUser,
                                                         Collection<String> groupNames)
Determines which groups will be visible to the current user. If the user is a Permissions.SYSTEM_ADMIN then they can see all the groups, otherwise they will not be able to see the group names associated with the Permissions.SYSTEM_ADMIN permission.

Parameters:
currentUser - performing the operation
groupNames - the full set of possible group names the user might see
Returns:
the groupNames list if they user has Permissions.SYSTEM_ADMIN rights, otherwise a collection that does not contain the SYS_ADMIN group names.

getGroupsModifiableByCurrentUser

public List<com.atlassian.crowd.embedded.api.Group> getGroupsModifiableByCurrentUser(com.atlassian.crowd.embedded.api.User currentUser,
                                                                                     List<com.atlassian.crowd.embedded.api.Group> groups)
Determines which groups will be visible to the current user. If the user is a Permissions.SYSTEM_ADMIN then they can see all the groups, otherwise they will not be able to see the groups associated with the Permissions.SYSTEM_ADMIN permission.

Parameters:
currentUser - performing the operation
groups - the full set of possible groups the user might see
Returns:
the groups list if they user has Permissions.SYSTEM_ADMIN rights, otherwise a collection that does not contain the SYS_ADMIN groups.

getNonAdminGroups

public List<com.atlassian.crowd.embedded.api.Group> getNonAdminGroups(List<com.atlassian.crowd.embedded.api.Group> groups)
Get all groups which have neither Permissions.SYSTEM_ADMIN or Permissions.ADMINISTER

Parameters:
groups - the full set of possible groups the user might see
Returns:
the groups list if they user has Permissions.SYSTEM_ADMIN rights, otherwise a collection that does not contain the SYS_ADMIN groups.


Copyright © 2002-2014 Atlassian. All Rights Reserved.