private Collection<Group> getAdministrativeGroups() { final Collection<Group> groups = new ArrayList<Group>(globalPermissionManager.getGroupsWithPermission(ADMINISTER)); groups.addAll(globalPermissionManager.getGroupsWithPermission(SYSTEM_ADMIN)); return Collections.unmodifiableCollection(groups); }
/** * Adds the default global permission to all admin groups of the Application. * {@link this#configureGroupForGlobalPermissions(com.atlassian.crowd.embedded.api.Group)} */ private void configureAdminGroupsForGlobalPermissions() { globalPermissionManager.getGroupsWithPermission(GlobalPermissionKey.ADMINISTER) .forEach(adminGroup -> configureGroupForGlobalPermissions(adminGroup)); }
@Override public Collection<ApplicationUser> getJiraAdministrators() { return getAllUsersInGroups(globalPermissionManager.getGroupsWithPermission(ADMINISTER)); }
@Override public Collection<ApplicationUser> getJiraSystemAdministrators() { return getAllUsersInGroups(globalPermissionManager.getGroupsWithPermission(SYSTEM_ADMIN)); }
private boolean isGroupAdminGroup(Group group, Optional<Long> directoryId) { final Collection<Group> adminGroups = globalPermissionManager.getGroupsWithPermission(GlobalPermissionKey.ADMINISTER); final Collection<Group> sysadminGroups = globalPermissionManager.getGroupsWithPermission(GlobalPermissionKey.SYSTEM_ADMIN); final Set<Group> groups = Stream.concat(adminGroups.stream(), sysadminGroups.stream()).collect(CollectorsUtil.toImmutableSet()); return groups.stream() .map(Group::getName) .anyMatch(adminGroup -> relationshipChecker.isGroupEqualOrNested(directoryId, group.getName(), adminGroup)); }
/** * Get all groups which have neither {@link Permissions#SYSTEM_ADMIN} or {@link Permissions#ADMINISTER} * * @param groups the full set of possible groups the user might see * @return the {@link Group groups} list if they user has {@link com.atlassian.jira.security.Permissions#SYSTEM_ADMIN} * rights, otherwise a collection that does not contain the SYS_ADMIN groups. */ public List<Group> getNonAdminGroups(List<Group> groups) { final List<Group> visibleGroups = (groups != null) ? new ArrayList<Group>(groups) : new ArrayList<Group>(); final Collection<Group> sysAdminGroups = globalPermissionManager.getGroupsWithPermission(Permissions.SYSTEM_ADMIN); if (sysAdminGroups != null) { visibleGroups.removeAll(sysAdminGroups); } final Collection<Group> adminGroups = globalPermissionManager.getGroupsWithPermission(Permissions.ADMINISTER); if (sysAdminGroups != null) { visibleGroups.removeAll(adminGroups); } Collections.sort(visibleGroups); return visibleGroups; }
/** * Determines which groups will be visible to the current user. If the user is a {@link Permissions#SYSTEM_ADMIN} * then they can see all the groups, otherwise they will not be able to see the groups associated with * the {@link Permissions#SYSTEM_ADMIN} permission. * * @param currentUser performing the operation * @param groups the full set of possible groups the user might see * @return the {@link Group groups} list if they user has {@link com.atlassian.jira.security.Permissions#SYSTEM_ADMIN} * rights, otherwise a collection that does not contain the SYS_ADMIN groups. */ public List<Group> getGroupsModifiableByCurrentUser(ApplicationUser currentUser, List<Group> groups) { final List<Group> visibleGroups = (groups != null) ? new ArrayList<Group>(groups) : new ArrayList<Group>(); if (!globalPermissionManager.hasPermission(Permissions.SYSTEM_ADMIN, currentUser)) { Collection<Group> sysAdminGroups = globalPermissionManager.getGroupsWithPermission(Permissions.SYSTEM_ADMIN); if (sysAdminGroups != null) { visibleGroups.removeAll(sysAdminGroups); } } Collections.sort(visibleGroups); return visibleGroups; }
public Collection<Group> getAllGroups(int permissionId, Project project) { // get a set of the groups we're talking about final Set<Group> groups = new HashSet<Group>(); groups.addAll(ComponentAccessor.getPermissionSchemeManager().getGroups(new ProjectPermissionKey(permissionId), project)); groups.addAll(ComponentAccessor.getGlobalPermissionManager().getGroupsWithPermission(permissionId)); return groups; }
if (!applicationRoleManager.rolesEnabled()) groups = new ArrayList<>(globalPermissionManager.getGroupsWithPermission(USE)); groups.removeAll(globalPermissionManager.getGroupsWithPermission(ADMINISTER)); groups.removeAll(globalPermissionManager.getGroupsWithPermission(SYSTEM_ADMIN));
private void addPermissionToGroupIfItHasNotBeenGrantedYet(final GlobalPermissionType globalPermissionType, final Group group) { if (globalPermissionManager.getGroupsWithPermission(globalPermissionType.getGlobalPermissionKey()).contains(group)) { return; } globalPermissionManager.addPermission(globalPermissionType, toGroupName(group.getName())); } /**
final Set<Group> useGroups = new HashSet<>(globalPermissionManager.getGroupsWithPermission(USE)); useGroups.removeAll(globalPermissionManager.getGroupsWithPermission(ADMINISTER)); useGroups.removeAll(globalPermissionManager.getGroupsWithPermission(SYSTEM_ADMIN)); return ImmutableSet.copyOf(Collections.unmodifiableSet(useGroups));