Package com.atlassian.sal.api.permission

Interface PermissionEnforcer

@PublicApi public interface PermissionEnforcer
Allows clients to easily verify that the caller has sufficient permission to access the resource. PermissionEnforcer takes all permissions into account from the current security context. This includes the calling user's permissions, but also any permission escalations or restrictions that may be in effect (e.g. read-only personal access tokens).

The host application ensures that any thrown AuthorisationException is handled correctly:

Web requests

  • If the user is not authenticated, the user will be redirected to the login page
  • If the user is authenticated, but lacks the required authorisation, an appropriate error page will be displayed

REST requests

  • If the user is not authenticated, a 401 error response is returned
  • If the user is authenticated, but lacks the required authorisation, a 403 error is returned
Since:
3.2

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    enforceAdmin()
    Verifies that the current security context has sufficient authorisation to perform administration tasks.
    void
    enforceAuthenticated()
    Verifies that the current user is authenticated.
    void
    enforceSiteAccess()
    Verifies that at least ONE of the following criteria is met, otherwise an exception is thrown.
    void
    enforceSystemAdmin()
    Verifies that the current security context has sufficient authorisation to perform system administration tasks.
    boolean
    isAdmin()
    Tests whether the current security context has sufficient authorisation to perform administration tasks.
    boolean
    isAuthenticated()
     
    boolean
    isLicensed()
    Returns whether current user is authenticated and has been assigned one or more product licenses.
    boolean
    isLicensedOrLimitedUnlicensedUser()
    Returns whether current user is authenticated AND either:
    boolean
    isSystemAdmin()
    Tests whether the current security context has sufficient authorisation to perform system administration tasks.

  • Method Details

    • enforceAdmin

      void enforceAdmin() throws AuthorisationException
      Verifies that the current security context has sufficient authorisation to perform administration tasks. This can either be because the user is an administrator, or because the security context is running with temporarily elevated permissions.
      Throws:
      AuthorisationException - if the current security context lacks the required authorisation
      NotAuthenticatedException - if the current security context lacks the required authorisation and the current user is not authenticated

    • enforceAuthenticated

      void enforceAuthenticated() throws NotAuthenticatedException
      Verifies that the current user is authenticated.
      Throws:
      NotAuthenticatedException - if the user is not authenticated

    • enforceSiteAccess

      void enforceSiteAccess() throws AuthorisationException

      Verifies that at least ONE of the following criteria is met, otherwise an exception is thrown.

      Throws:
      AuthorisationException - if the user does not meet site access criteria

    • enforceSystemAdmin

      void enforceSystemAdmin() throws AuthorisationException
      Verifies that the current security context has sufficient authorisation to perform system administration tasks. This can either be because the user is a system administrator, or because the security context is running with temporarily elevated permissions.
      Throws:
      AuthorisationException - if the current security context lacks the required authorisation
      NotAuthenticatedException - if the current security context lacks the required authorisation and the current user is not authenticated

    • isAdmin

      boolean isAdmin()
      Tests whether the current security context has sufficient authorisation to perform administration tasks. This can either be because the user is an administrator, or because the security context is running with temporarily elevated permissions.
      Returns:
      true if the current security context has sufficient authorisation to perform administration tasks, otherwise false

    • isAuthenticated

      boolean isAuthenticated()
      Returns:
      true if the current user is authenticated

    • isLicensedOrLimitedUnlicensedUser

      boolean isLicensedOrLimitedUnlicensedUser()

      Returns whether current user is authenticated AND either:

      Returns:
      true or false

    • isLicensed

      boolean isLicensed()

      Returns whether current user is authenticated and has been assigned one or more product licenses.

      As Bamboo does not assign user licenses, these users are always considered to be assigned a license.

      Returns:
      true or false

    • isSystemAdmin

      boolean isSystemAdmin()
      Tests whether the current security context has sufficient authorisation to perform system administration tasks. This can either be because the user is a system administrator, or because the security context is running with temporarily elevated permissions.
      Returns:
      true if the current security context has sufficient authorisation to perform system administration tasks, otherwise false