protected final boolean canAdministerOtherUser(ApplicationUser currentUser, ApplicationUser accessedUser) { return permissionManager.hasPermission(SYSTEM_ADMIN, currentUser) || permissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, currentUser) && !permissionManager.hasPermission(SYSTEM_ADMIN, accessedUser); // regular admin cannot administer system admin }
private void addPermission(GlobalPermissionType globalPermissionType, Group group) { String groupName = (group == null ? null : group.getName()); // We need to get all the groupNames for the permission type and see if the list contains this groupName if (!globalPermissionManager.getGroupNamesWithPermission(globalPermissionType.getGlobalPermissionKey()).contains(groupName)) { globalPermissionManager.addPermission(globalPermissionType, groupName); } }
/** * Determines, based on the users permissions, if the group can be deleted. * * @param user performing this operation. * @param groupName the group to delete * @return true if the user is has the {@link Permissions#SYSTEM_ADMIN} permission or if * the group is not associated with the {@link com.atlassian.jira.security.Permissions#SYSTEM_ADMIN} permission. */ public boolean isUserAbleToDeleteGroup(ApplicationUser user, String groupName) { return globalPermissionManager.hasPermission(Permissions.SYSTEM_ADMIN, user) || !globalPermissionManager.getGroupNames(Permissions.SYSTEM_ADMIN).contains(groupName); }
/** * Determines which groups will be visible to the current user. If the user is a {@link Permissions#SYSTEM_ADMIN} * then they can see all the groups, otherwise they will not be able to see the groups associated with * the {@link Permissions#SYSTEM_ADMIN} permission. * * @param currentUser performing the operation * @param groups the full set of possible groups the user might see * @return the {@link Group groups} list if they user has {@link com.atlassian.jira.security.Permissions#SYSTEM_ADMIN} * rights, otherwise a collection that does not contain the SYS_ADMIN groups. */ public List<Group> getGroupsModifiableByCurrentUser(ApplicationUser currentUser, List<Group> groups) { final List<Group> visibleGroups = (groups != null) ? new ArrayList<Group>(groups) : new ArrayList<Group>(); if (!globalPermissionManager.hasPermission(Permissions.SYSTEM_ADMIN, currentUser)) { Collection<Group> sysAdminGroups = globalPermissionManager.getGroupsWithPermission(Permissions.SYSTEM_ADMIN); if (sysAdminGroups != null) { visibleGroups.removeAll(sysAdminGroups); } } Collections.sort(visibleGroups); return visibleGroups; }
if (globalPermissionManager.hasPermission(SYSTEM_ADMIN, getLoggedInUser())) GlobalPermissionType sysAdminPermission = globalPermissionManager.getGlobalPermission(SYSTEM_ADMIN).get(); globalPermTypes.put(SYSTEM_ADMIN.getKey(), getText(sysAdminPermission.getNameI18nKey())); globalPermissionManager.getAllGlobalPermissions().stream() .filter(gpT -> !globalPermTypes.containsKey(gpT.getKey()) && !SYSTEM_ADMIN.equals(gpT.getGlobalPermissionKey())) .forEach(gpT -> {
if (loggedInUser == null || !globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, loggedInUser)) for (GlobalPermissionType globalPermission : globalPermissionManager.getAllGlobalPermissions())
final Collection<String> groupNames = globalPermissionManager.getGroupNamesWithPermission(globalPermissionType.getGlobalPermissionKey()); if (!groupNames.contains(groupName)) && !globalPermissionManager.hasPermission(SYSTEM_ADMIN, getLoggedInUser()); if (!globalPermissionManager.hasPermission(SYSTEM_ADMIN, getLoggedInUser()))
public Collection<Message> doUpgrade() throws Exception { if (!GroupUtils.existsGroup(CONFLUENCE_ADMINISTRATORS)) { try { UserManager.getInstance().createGroup(CONFLUENCE_ADMINISTRATORS); } catch (Exception e) { log.error("Error creating confluence administrators group", e); } } if (!globalPermissionManager.getGroupNames(Permissions.SYSTEM_ADMIN).contains(CONFLUENCE_ADMINISTRATORS)) { globalPermissionManager.addPermission(Permissions.SYSTEM_ADMIN, CONFLUENCE_ADMINISTRATORS); } return null; } }
private void addPermissionToGroupIfItHasNotBeenGrantedYet(final GlobalPermissionType globalPermissionType, final Group group) { if (globalPermissionManager.getGroupsWithPermission(globalPermissionType.getGlobalPermissionKey()).contains(group)) { return; } globalPermissionManager.addPermission(globalPermissionType, toGroupName(group.getName())); } /**
@SuppressWarnings("unchecked") private Set<String> getGroupsWithUsePermission() { Set<String> groupsWithUsePermission = new HashSet<String>(); for (Integer permission : (Collection<Integer>) Permissions.getUsePermissions()) { groupsWithUsePermission.addAll(globalPermissionManager.getGroupNames(permission)); } return groupsWithUsePermission; }
public static GlobalPermissionManager withSystemGlobalPermissions() { final GlobalPermissionManager globalPermissionManager = Mockito.mock(GlobalPermissionManager.class); doAnswer(new Answer() { @Override public Object answer(final InvocationOnMock invocationOnMock) throws Throwable { int permissionId = (Integer) invocationOnMock.getArguments()[0]; return GlobalPermissionKey.GLOBAL_PERMISSION_ID_TRANSLATION.containsKey(permissionId); } }).when(globalPermissionManager).isGlobalPermission(Mockito.anyInt()); return globalPermissionManager; } }
for (GlobalPermissionType permission: globalPermissionManager.getAllGlobalPermissions())
if (!globalPermissionManager.getGroupNames(Permissions.ADMINISTER).contains(DEFAULT_GROUP_ADMINS)) globalPermissionManager.addPermission(Permissions.ADMINISTER, DEFAULT_GROUP_ADMINS);
Collection<String> getMemberGroupNames(ApplicationUser user, int permissionType) { Collection<String> permissionTypeGroups = globalPermissionManager.getGroupNames(permissionType); Collection<String> userGroups = groupManager.getGroupNamesForUser(user); if (userGroups == null) { return Collections.emptyList(); } else { return CollectionUtils.intersection(userGroups, permissionTypeGroups); } } }
/** * @deprecated This method is a shim. call {@link com.atlassian.jira.security.GlobalPermissionManager#isGlobalPermission(int)} instead. */ public static boolean isGlobalPermission(final int permType) { return ComponentAccessor.getComponent(GlobalPermissionManager.class).isGlobalPermission(permType); }
private boolean hasGroupManagementPermission(final ApplicationUser remoteUser) { return permissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, remoteUser) || permissionManager.hasPermission(GlobalPermissionKey.SYSTEM_ADMIN, remoteUser); }
/** * Determines which groups will be visible to the current user. If the user is a {@link Permissions#SYSTEM_ADMIN} * then they can see all the groups, otherwise they will not be able to see the group names associated with * the {@link Permissions#SYSTEM_ADMIN} permission. * * @param currentUser performing the operation * @param groupNames the full set of possible group names the user might see * @return the groupNames list if they user has {@link com.atlassian.jira.security.Permissions#SYSTEM_ADMIN} * rights, otherwise a collection that does not contain the SYS_ADMIN group names. */ public List<String> getGroupNamesModifiableByCurrentUser(ApplicationUser currentUser, Collection<String> groupNames ) { final List<String> visibleGroups = (groupNames != null) ? new ArrayList<String>(groupNames) : new ArrayList<String>(); if (!globalPermissionManager.hasPermission(Permissions.SYSTEM_ADMIN, currentUser)) { Collection<String> sysAdminGroupNames = globalPermissionManager.getGroupNames(Permissions.SYSTEM_ADMIN); if (sysAdminGroupNames != null) { visibleGroups.removeAll(sysAdminGroupNames); } } Collections.sort(visibleGroups); return visibleGroups; }
if (!globalPermissionManager.getGroupNames(Permissions.ADMINISTER).contains(DEFAULT_GROUP_ADMINS)) globalPermissionManager.addPermission(Permissions.ADMINISTER, DEFAULT_GROUP_ADMINS);
boolean validateGroupNamesNotAdmin(final Collection groupNames, final ErrorCollection errorCollection, final I18nHelper i18n) { final ErrorCollection myErrorCollection = new SimpleErrorCollection(); Set<String> dissallowedGroups = new HashSet<String>(); dissallowedGroups.addAll(globalPermissionManager.getGroupNames(Permissions.SYSTEM_ADMIN)); dissallowedGroups.addAll(globalPermissionManager.getGroupNames(Permissions.ADMINISTER)); // Run through all the groups to make sure they exist for (final Object groupName1 : groupNames) { final String groupName = (String) groupName1; if (dissallowedGroups.contains(groupName)) { myErrorCollection.addErrorMessage(i18n.getText("admin.editnestedgroups.error.admin.group.not.supported", groupName)); } } if (myErrorCollection.hasAnyErrors()) { errorCollection.addErrorCollection(myErrorCollection); return false; } return true; }
public boolean check(final ApplicationUser user) { return permissionManager.hasPermission(Permissions.SYSTEM_ADMIN, user); } }, validator);