com.atlassian.jira.security

Class SubvertedPermissionManager

java.lang.Object

com.atlassian.jira.security.SubvertedPermissionManager

All Implemented Interfaces:

PermissionManager

public class SubvertedPermissionManager
extends Object
implements PermissionManager

The purpose of this class is to provide a temporary access-all-areas pass and is a (partial) implementation of PermissionManager (subverting the stored permissions). Operations that attempt to specify a change to stored permissions like adding or removing permissions and the getAllGroups() method throw an UnsupportedOperationException.

Constructor Summary

Constructors

Constructor and Description
SubvertedPermissionManager()

Method Summary

Modifier and Type	Method and Description
void	flushCache() Flushes any cached project permissions for all users.
Collection<com.atlassian.crowd.embedded.api.Group>	getAllGroups(int permType, Project project) Not implemented.
Collection<ProjectPermission>	getAllProjectPermissions()
Collection<Project>	getArchivedProjects(ProjectPermissionKey permissionKey, ApplicationUser user) Retrieve a list of archived project objects this user has the permission for
com.atlassian.fugue.Option<ProjectPermission>	getProjectPermission(ProjectPermissionKey permissionKey) Returns a project permission matching the specified key.
Collection<ProjectPermission>	getProjectPermissions(ProjectPermissionCategory category)
Collection<Project>	getProjects(int permissionId, ApplicationUser user) Retrieve a list of project objects this user has the permission for
Collection<Project>	getProjects(int permissionId, ApplicationUser user, ProjectCategory projectCategory) Returns the list of projects associated with the specified category, that this user has the permissions for.
Collection<Project>	getProjects(ProjectPermissionKey permissionKey, ApplicationUser user) Retrieve a list of project objects this user has the permission for
Collection<Project>	getProjects(ProjectPermissionKey permissionKey, ApplicationUser user, ProjectCategory projectCategory) Returns the list of projects associated with the specified category, that this user has the permissions for.
boolean	hasPermission(int permissionsId, ApplicationUser user) Checks to see if this user has the specified permission.
boolean	hasPermission(int permissionsId, Issue issue, ApplicationUser user) Checks to see if this user has permission to see the specified issue.
boolean	hasPermission(int permissionsId, Project project, ApplicationUser user) Checks whether the specified user has a specified permission within the context of a specified project.
boolean	hasPermission(int permissionsId, Project project, ApplicationUser user, boolean issueCreation) Always return true.
boolean	hasPermission(ProjectPermissionKey permissionKey, Issue issue, ApplicationUser user) Checks to see if this user has permission to see the specified issue.
boolean	hasPermission(ProjectPermissionKey permissionKey, Issue issue, ApplicationUser user, com.opensymphony.workflow.loader.ActionDescriptor actionDescriptor) Checks to see if this user has the given permission to the specified issue after the given workflow transition takes effect.
boolean	hasPermission(ProjectPermissionKey permissionKey, Issue issue, ApplicationUser user, Status status) Checks to see if this user has the given permission to the specified issue if the issue was in the given status.
boolean	hasPermission(ProjectPermissionKey permissionKey, Project project, ApplicationUser user) Checks whether the specified user has a specified permission within the context of a specified project.
boolean	hasPermission(ProjectPermissionKey permissionKey, Project project, ApplicationUser user, boolean issueCreation) Checks whether the specified user has a specified permission within the context of a specified project.
boolean	hasProjects(int permissionId, ApplicationUser user) Can this user see at least one project with this permission
boolean	hasProjects(ProjectPermissionKey permissionKey, ApplicationUser user) Can this user see at least one project with this permission
ProjectWidePermission	hasProjectWidePermission(ProjectPermissionKey permissionKey, Project project, ApplicationUser user) Checks whether a user has a particular permission in the given project.
void	removeGroupPermissions(String group) Not implemented.
void	removeUserPermissions(ApplicationUser user) Not implemented.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.atlassian.jira.security.PermissionManager

hasPublicAccess

Constructor Detail

SubvertedPermissionManager

public SubvertedPermissionManager()

Method Detail

getAllProjectPermissions

public Collection<ProjectPermission> getAllProjectPermissions()

Specified by:

getAllProjectPermissions in interface PermissionManager

Returns:

all project permissions.

getProjectPermissions

public Collection<ProjectPermission> getProjectPermissions(@Nonnull
                                                           ProjectPermissionCategory category)

Specified by:

getProjectPermissions in interface PermissionManager

Parameters:

category - project permission category.

Returns:

all project permissions of the specified category.

getProjectPermission

public com.atlassian.fugue.Option<ProjectPermission> getProjectPermission(@Nonnull
                                                                          ProjectPermissionKey permissionKey)

Description copied from interface: PermissionManager

Returns a project permission matching the specified key.

Specified by:

getProjectPermission in interface PermissionManager

Parameters:

permissionKey - A project permission key.

Returns:

a project permission for the given permission key. Option.none() if there is no permission with this key.

getProjects

public Collection<Project> getProjects(int permissionId,
                                       ApplicationUser user)

Description copied from interface: PermissionManager

Retrieve a list of project objects this user has the permission for

Specified by:

getProjects in interface PermissionManager

Parameters:

permissionId - must NOT be a global permission

user - user

Returns:

a collection of Project objects

getProjects

public Collection<Project> getProjects(@Nonnull
                                       ProjectPermissionKey permissionKey,
                                       ApplicationUser user)

Description copied from interface: PermissionManager

Retrieve a list of project objects this user has the permission for

Specified by:

getProjects in interface PermissionManager

Parameters:

permissionKey - must NOT be a global permission

user - user

Returns:

a collection of Project objects

getProjects

public Collection<Project> getProjects(int permissionId,
                                       ApplicationUser user,
                                       ProjectCategory projectCategory)

Description copied from interface: PermissionManager

Returns the list of projects associated with the specified category, that this user has the permissions for.

Specified by:

getProjects in interface PermissionManager

Parameters:

permissionId - permission id

user - user

projectCategory - the ProjectCategory

Returns:

the list of projects associated with the specified category, that this user has the permissions for.

getProjects

public Collection<Project> getProjects(@Nonnull
                                       ProjectPermissionKey permissionKey,
                                       @Nullable
                                       ApplicationUser user,
                                       @Nullable
                                       ProjectCategory projectCategory)

Description copied from interface: PermissionManager

Returns the list of projects associated with the specified category, that this user has the permissions for.

Specified by:

getProjects in interface PermissionManager

Parameters:

permissionKey - permission key

user - user

projectCategory - the ProjectCategory - null means find projects with no category.

Returns:

the list of projects associated with the specified category, that this user has the permissions for.

getArchivedProjects

public Collection<Project> getArchivedProjects(@Nonnull
                                               ProjectPermissionKey permissionKey,
                                               ApplicationUser user)

Description copied from interface: PermissionManager

Retrieve a list of archived project objects this user has the permission for

Specified by:

getArchivedProjects in interface PermissionManager

Parameters:

permissionKey - must NOT be a global permission

user - user

Returns:

a collection of Project objects

flushCache

public void flushCache()

Description copied from interface: PermissionManager

Flushes any cached project permissions for all users.

Specified by:

flushCache in interface PermissionManager

hasProjects

public boolean hasProjects(int permissionId,
                           ApplicationUser user)

Description copied from interface: PermissionManager

Can this user see at least one project with this permission

Specified by:

hasProjects in interface PermissionManager

Parameters:

permissionId - must NOT be a global permission

user - user being checked

Returns:

true the given user can see at least one project with the given permission, false otherwise

hasProjects

public boolean hasProjects(@Nonnull
                           ProjectPermissionKey permissionKey,
                           ApplicationUser user)

Description copied from interface: PermissionManager

Can this user see at least one project with this permission

Specified by:

hasProjects in interface PermissionManager

Parameters:

permissionKey - must NOT be a global permission

user - user being checked

Returns:

true the given user can see at least one project with the given permission, false otherwise

removeGroupPermissions

public void removeGroupPermissions(String group)

Not implemented.

Specified by:

removeGroupPermissions in interface PermissionManager

Parameters:

group - The name of the group that needs to be removed, must NOT be null and must be a real group

removeUserPermissions

public void removeUserPermissions(ApplicationUser user)
                           throws RemoveException

Not implemented.

Specified by:

removeUserPermissions in interface PermissionManager

Parameters:

user - the user whose permissions are to be removed

Throws:

RemoveException

getAllGroups

public Collection<com.atlassian.crowd.embedded.api.Group> getAllGroups(int permType,
                                                                       Project project)

Not implemented.

Specified by:

getAllGroups in interface PermissionManager

Parameters:

permType - permission id

project - project from which to retrieve groups

Returns:

a collection of Groups

hasPermission

public boolean hasPermission(int permissionsId,
                             ApplicationUser user)

Description copied from interface: PermissionManager

Checks to see if this user has the specified permission. It will check only global permissions as there are no other permissions to check.

Specified by:

hasPermission in interface PermissionManager

Parameters:

permissionsId - permission id

user - user, can be null - anonymous user

Returns:

true if user is granted given permission, false otherwise

See Also:

GlobalPermissionManager.hasPermission(int, ApplicationUser)

hasPermission

public boolean hasPermission(int permissionsId,
                             Issue issue,
                             ApplicationUser user)

Description copied from interface: PermissionManager

Checks to see if this user has permission to see the specified issue.

Note that if the issue's generic value is null, it is assumed that the issue is currently being created, and so the permission check call is deferred to the issue's project object, with the issueCreation flag set to true. See JRA-14788 for more info.

Specified by:

hasPermission in interface PermissionManager

Parameters:

permissionsId - Not a global permission

issue - The Issue (cannot be null)

user - User object, possibly null if JIRA is accessed anonymously

Returns:

True if there are sufficient rights to access the entity supplied

hasPermission

public boolean hasPermission(@Nonnull
                             ProjectPermissionKey permissionKey,
                             @Nonnull
                             Issue issue,
                             ApplicationUser user)

Description copied from interface: PermissionManager

Checks to see if this user has permission to see the specified issue.

Note that if the issue's generic value is null, it is assumed that the issue is currently being created, and so the permission check call is deferred to the issue's project object, with the issueCreation flag set to true. See JRA-14788 for more info.

Specified by:

hasPermission in interface PermissionManager

Parameters:

permissionKey - Not a global permission key

issue - The Issue (cannot be null)

user - User object, possibly null if JIRA is accessed anonymously

Returns:

True if there are sufficient rights to access the entity supplied

hasPermission

public boolean hasPermission(@Nonnull
                             ProjectPermissionKey permissionKey,
                             @Nonnull
                             Issue issue,
                             @Nullable
                             ApplicationUser user,
                             @Nullable
                             com.opensymphony.workflow.loader.ActionDescriptor actionDescriptor)

Description copied from interface: PermissionManager

Checks to see if this user has the given permission to the specified issue after the given workflow transition takes effect.

Specified by:

hasPermission in interface PermissionManager

Parameters:

permissionKey - The project permission key.

issue - The Issue (cannot be null)

user - User object, possibly null if JIRA is accessed anonymously

actionDescriptor - Represents the current workflow transition

Returns:

True if there are sufficient rights to access the entity supplied

hasPermission

public boolean hasPermission(@Nonnull
                             ProjectPermissionKey permissionKey,
                             @Nonnull
                             Issue issue,
                             @Nullable
                             ApplicationUser user,
                             @Nonnull
                             Status status)

Description copied from interface: PermissionManager

Checks to see if this user has the given permission to the specified issue if the issue was in the given status.

This method is useful during a workflow transition to check what the permissions will be in the new status, or (after the status is updated in the Issue object) to check what the permission would have been in the old status.

Specified by:

hasPermission in interface PermissionManager

Parameters:

permissionKey - The project permission key.

issue - The Issue (cannot be null)

user - User object, possibly null if JIRA is accessed anonymously

status - Represents the state we are checking permissions against

Returns:

True if there are sufficient rights to access the entity supplied

hasPermission

public boolean hasPermission(int permissionsId,
                             Project project,
                             ApplicationUser user)

Description copied from interface: PermissionManager

Checks whether the specified user has a specified permission within the context of a specified project.

Specified by:

hasPermission in interface PermissionManager

Parameters:

permissionsId - A non-global permission, i.e. a permission that is granted via a project context

project - The project that is the context of the permission check.

user - The person to perform the permission check for

Returns:

true if the user has the specified permission in the context of the supplied project

hasPermission

public boolean hasPermission(@Nonnull
                             ProjectPermissionKey permissionKey,
                             @Nonnull
                             Project project,
                             @Nullable
                             ApplicationUser user)

Description copied from interface: PermissionManager

Checks whether the specified user has a specified permission within the context of a specified project.

Specified by:

hasPermission in interface PermissionManager

Parameters:

permissionKey - A non-global permission, i.e. a permission that is granted via a project context

project - The project that is the context of the permission check.

user - The person to perform the permission check for

Returns:

true if the user has the specified permission in the context of the supplied project

See Also:

PermissionManager.hasProjectWidePermission(ProjectPermissionKey, Project, ApplicationUser)

hasProjectWidePermission

@Nonnull
public ProjectWidePermission hasProjectWidePermission(@Nonnull
                                                               ProjectPermissionKey permissionKey,
                                                               @Nonnull
                                                               Project project,
                                                               @Nullable
                                                               ApplicationUser user)

Description copied from interface: PermissionManager

Checks whether a user has a particular permission in the given project.

This method returns a tri-state enum in order to convey information about permissions that are granted on a per-issue basis.

• ALL_ISSUES : this user has the given permission for all issues in this project
• NO_ISSUES : this user definitely does not have the given permission for any issues in this project
• ISSUE_SPECIFIC : the user may have this permission on some issues, but not others

Note that even if this method returns ISSUE_SPECIFIC, it may be that there are no issues for which the user has the permission granted.

Specified by:

hasProjectWidePermission in interface PermissionManager

Parameters:

permissionKey - A project permission

project - The project that is the context of the permission check.

user - The person to perform the permission check for (null means anonymous)

Returns:

ALL_ISSUES, NO_ISSUES, or ISSUE_SPECIFIC

See Also:

PermissionManager.hasPermission(ProjectPermissionKey, Project, ApplicationUser)

hasPermission

public boolean hasPermission(int permissionsId,
                             Project project,
                             ApplicationUser user,
                             boolean issueCreation)

Always return true.

Specified by:

hasPermission in interface PermissionManager

Parameters:

permissionsId - ignored

project - ignored

user - ignored

issueCreation - ignored

Returns:

true

hasPermission

public boolean hasPermission(@Nonnull
                             ProjectPermissionKey permissionKey,
                             @Nonnull
                             Project project,
                             ApplicationUser user,
                             boolean issueCreation)

Description copied from interface: PermissionManager

Checks whether the specified user has a specified permission within the context of a specified project.

Specified by:

hasPermission in interface PermissionManager

Parameters:

permissionKey - A non-global permission, i.e. a permission that is granted via a project context

project - The project that is the context of the permission check.

user - The person to perform the permission check for

issueCreation - Whether this permission is being checked during issue creation

Returns:

true if the user has the specified permission in the context of the supplied project