com.atlassian.jira.security

Class WorkflowBasedPermissionManager

java.lang.Object

com.atlassian.jira.security.DefaultPermissionManager

com.atlassian.jira.security.WorkflowBasedPermissionManager

All Implemented Interfaces:

PermissionManager

Direct Known Subclasses:

ThreadLocalCachingPermissionManager

public class WorkflowBasedPermissionManager
extends DefaultPermissionManager

Permission manager which allows workflow permissions to be further restricted for each workflow step, in the workflow XML descriptor. For instance, if the workflow contains a step:

    <step id="1" name="Open">
    <meta name="jira.status.id">1</meta>
    <meta name="jira.permission.comment.group">acme-bizusers</meta>
    <meta name="jira.permission.comment.user">qa</meta>
    <meta name="jira.permission.edit.group.1">jira-developers</meta>
    <meta name="jira.permission.edit.group.2">jira-editors</meta>
    <meta name="jira.permission.edit.projectrole">10001</meta>
 

then only members of the acme-bizusers group and user 'qa' will be able to comment on open issues, and only members of 'jira-developers' and 'jira-editors' groups or members of the project role with id '10001' will be able to edit issues. Assuming, of course, these users already have the relevant permission in the permission scheme.

Meta attributes can also modify subtasks' permissions. For example if the 'Bug' workflow's Open step has:

             <meta name="jira.permission.subtasks.edit.group">jira-qa</meta>
 

Then subtasks of Bugs will only be editable by 'jira-qa' members, when their parent is in the Open state.

The format is 'jira.permission.[subtasks.]{permission}.{type}[.suffix]', where:

• {permission} is a short name specified in Permissions
• {type} is a type (group, user, assignee, reporter, lead, userCF, projectrole) of permission granted, or denied to deny the permission.
• subtasks., if specified, indicates that the permission applies to the subtasks of issues in this step.

  Important:Workflow permissions can only restrict permissions set in the permission scheme, not grant permissions.

See Also:

WorkflowBasedPermissionSchemeManager

Constructor Summary

Constructors

Constructor and Description
WorkflowBasedPermissionManager(WorkflowPermissionFactory workflowPermissionFactory, PermissionContextFactory permissionContextFactory, ProjectPermissionTypesManager projectPermissionTypesManager, ProjectPermissionOverrideDescriptorCache projectPermissionOverrideDescriptorCache, ScopesRequestCacheDelegate scopesRequestCacheDelegate)

Method Summary

Modifier and Type	Method and Description
boolean	hasPermission(int permissionsId, Issue issue, ApplicationUser user) Checks to see if this user has permission to see the specified issue.
boolean	hasPermission(int permissionsId, Project project, ApplicationUser user) Checks whether the specified user has a specified permission within the context of a specified project.
boolean	hasPermission(int permissionsId, Project project, ApplicationUser user, boolean issueCreation) Checks whether the specified user has a specified permission within the context of a specified project.
boolean	hasPermission(ProjectPermissionKey permissionsKey, Issue issue, ApplicationUser user) Checks to see if this user has permission to see the specified issue.
boolean	hasPermission(ProjectPermissionKey permissionKey, Issue issue, ApplicationUser user, com.opensymphony.workflow.loader.ActionDescriptor actionDescriptor) Checks to see if this user has the given permission to the specified issue after the given workflow transition takes effect.
boolean	hasPermission(ProjectPermissionKey permissionKey, Issue issue, ApplicationUser user, Status status) Checks to see if this user has the given permission to the specified issue if the issue was in the given status.
boolean	hasPermission(ProjectPermissionKey permissionsKey, Project project, ApplicationUser user) Checks whether the specified user has a specified permission within the context of a specified project.
boolean	hasPermission(ProjectPermissionKey permissionsKey, Project project, ApplicationUser user, boolean issueCreation) Checks whether the specified user has a specified permission within the context of a specified project.

Methods inherited from class com.atlassian.jira.security.DefaultPermissionManager

flushCache, getAllGroups, getAllProjectPermissions, getArchivedProjectObjects, getArchivedProjects, getProjectObjects, getProjectPermission, getProjectPermissions, getProjects, getProjects, getProjects, getProjects, hasPermission, hasProjects, hasProjects, hasProjectWidePermission, isGlobalPermission, removeGroupPermissions, removeUserPermissions

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.atlassian.jira.security.PermissionManager

hasPublicAccess

Constructor Detail

WorkflowBasedPermissionManager

public WorkflowBasedPermissionManager(WorkflowPermissionFactory workflowPermissionFactory,
                                      PermissionContextFactory permissionContextFactory,
                                      ProjectPermissionTypesManager projectPermissionTypesManager,
                                      ProjectPermissionOverrideDescriptorCache projectPermissionOverrideDescriptorCache,
                                      ScopesRequestCacheDelegate scopesRequestCacheDelegate)

Method Detail

hasPermission

public boolean hasPermission(int permissionsId,
                             Issue issue,
                             ApplicationUser user)

Description copied from interface: PermissionManager

Checks to see if this user has permission to see the specified issue.

Note that if the issue's generic value is null, it is assumed that the issue is currently being created, and so the permission check call is deferred to the issue's project object, with the issueCreation flag set to true. See JRA-14788 for more info.

Specified by:

hasPermission in interface PermissionManager

Overrides:

hasPermission in class DefaultPermissionManager

Parameters:

permissionsId - Not a global permission

issue - The Issue (cannot be null)

user - User object, possibly null if JIRA is accessed anonymously

Returns:

True if there are sufficient rights to access the entity supplied

hasPermission

public boolean hasPermission(@Nonnull
                             ProjectPermissionKey permissionsKey,
                             @Nonnull
                             Issue issue,
                             ApplicationUser user)

Description copied from interface: PermissionManager

Checks to see if this user has permission to see the specified issue.

Note that if the issue's generic value is null, it is assumed that the issue is currently being created, and so the permission check call is deferred to the issue's project object, with the issueCreation flag set to true. See JRA-14788 for more info.

Specified by:

hasPermission in interface PermissionManager

Overrides:

hasPermission in class DefaultPermissionManager

Parameters:

permissionsKey - Not a global permission key

issue - The Issue (cannot be null)

user - User object, possibly null if JIRA is accessed anonymously

Returns:

True if there are sufficient rights to access the entity supplied

hasPermission

public boolean hasPermission(@Nonnull
                             ProjectPermissionKey permissionKey,
                             @Nonnull
                             Issue issue,
                             @Nullable
                             ApplicationUser user,
                             @Nullable
                             com.opensymphony.workflow.loader.ActionDescriptor actionDescriptor)

Description copied from interface: PermissionManager

Checks to see if this user has the given permission to the specified issue after the given workflow transition takes effect.

Specified by:

hasPermission in interface PermissionManager

Overrides:

hasPermission in class DefaultPermissionManager

Parameters:

permissionKey - The project permission key.

issue - The Issue (cannot be null)

user - User object, possibly null if JIRA is accessed anonymously

actionDescriptor - Represents the current workflow transition

Returns:

True if there are sufficient rights to access the entity supplied

hasPermission

public boolean hasPermission(@Nonnull
                             ProjectPermissionKey permissionKey,
                             @Nonnull
                             Issue issue,
                             @Nullable
                             ApplicationUser user,
                             @Nonnull
                             Status status)

Description copied from interface: PermissionManager

Checks to see if this user has the given permission to the specified issue if the issue was in the given status.

This method is useful during a workflow transition to check what the permissions will be in the new status, or (after the status is updated in the Issue object) to check what the permission would have been in the old status.

Specified by:

hasPermission in interface PermissionManager

Overrides:

hasPermission in class DefaultPermissionManager

Parameters:

permissionKey - The project permission key.

issue - The Issue (cannot be null)

user - User object, possibly null if JIRA is accessed anonymously

status - Represents the state we are checking permissions against

Returns:

True if there are sufficient rights to access the entity supplied

hasPermission

public boolean hasPermission(int permissionsId,
                             Project project,
                             ApplicationUser user)

Description copied from interface: PermissionManager

Checks whether the specified user has a specified permission within the context of a specified project.

Specified by:

hasPermission in interface PermissionManager

Overrides:

hasPermission in class DefaultPermissionManager

Parameters:

permissionsId - A non-global permission, i.e. a permission that is granted via a project context

project - The project that is the context of the permission check.

user - The person to perform the permission check for

Returns:

true if the user has the specified permission in the context of the supplied project

hasPermission

public boolean hasPermission(@Nonnull
                             ProjectPermissionKey permissionsKey,
                             @Nonnull
                             Project project,
                             @Nullable
                             ApplicationUser user)

Description copied from interface: PermissionManager

Checks whether the specified user has a specified permission within the context of a specified project.

Specified by:

hasPermission in interface PermissionManager

Overrides:

hasPermission in class DefaultPermissionManager

Parameters:

permissionsKey - A non-global permission, i.e. a permission that is granted via a project context

project - The project that is the context of the permission check.

user - The person to perform the permission check for

Returns:

true if the user has the specified permission in the context of the supplied project

See Also:

PermissionManager.hasProjectWidePermission(ProjectPermissionKey, Project, ApplicationUser)

hasPermission

public boolean hasPermission(int permissionsId,
                             Project project,
                             ApplicationUser user,
                             boolean issueCreation)

Description copied from interface: PermissionManager

Checks whether the specified user has a specified permission within the context of a specified project.

Specified by:

hasPermission in interface PermissionManager

Overrides:

hasPermission in class DefaultPermissionManager

Parameters:

permissionsId - A non-global permission, i.e. a permission that is granted via a project context

project - The project that is the context of the permission check.

user - The person to perform the permission check for

issueCreation - Whether this permission is being checked during issue creation

Returns:

true if the user has the specified permission in the context of the supplied project

hasPermission

public boolean hasPermission(@Nonnull
                             ProjectPermissionKey permissionsKey,
                             @Nonnull
                             Project project,
                             ApplicationUser user,
                             boolean issueCreation)

Description copied from interface: PermissionManager

Checks whether the specified user has a specified permission within the context of a specified project.

Specified by:

hasPermission in interface PermissionManager

Overrides:

hasPermission in class DefaultPermissionManager

Parameters:

permissionsKey - A non-global permission, i.e. a permission that is granted via a project context

project - The project that is the context of the permission check.

user - The person to perform the permission check for

issueCreation - Whether this permission is being checked during issue creation

Returns:

true if the user has the specified permission in the context of the supplied project