Package com.atlassian.sal.api.user

Interface UserManager

public interface UserManager
Interface providing user based operations across various apps.
Since:
2.0

  • Method Details

    • getRemoteUsername

      @Deprecated @Nullable String getRemoteUsername()
      Deprecated.
      since 2.10, use getRemoteUser() or getRemoteUserKey() instead
      Returns the username of the currently logged in user or null if no user can be found. If possible, please use getRemoteUsername(HttpServletRequest).
      Returns:
      The user name of the logged in user or null

    • getRemoteUser

      @Nullable UserProfile getRemoteUser()
      Returns the profile of the currently logged in user or null if no user can be found.

      Getting the full UserProfile may have performance implications in some applications. Consider using getRemoteUserKey() if you don't need the full object.

      Returns:
      the UserProfile of the logged in user or null
      Since:
      2.10
      See Also:

    • getRemoteUserKey

      @Nullable UserKey getRemoteUserKey()
      Returns the key of the currently logged in user or null if no user can be found.
      Returns:
      the UserKey of the logged in user or null
      Since:
      2.10
      See Also:

    • getRemoteUsername

      @Deprecated @Nullable String getRemoteUsername(javax.servlet.http.HttpServletRequest request)
      Deprecated.
      since 2.10, use getRemoteUser(javax.servlet.http.HttpServletRequest) instead.
      Returns the username of the currently logged in user or null if no user can be found.

      * Note: Implementing applications might not actually be using the HttpServletRequest, but actually using an internal ThreadLocal authentication context.

      Parameters:
      request - The request to retrieve the username from
      Returns:
      The user name of the logged in user or null

    • getRemoteUser

      @Nullable UserProfile getRemoteUser(javax.servlet.http.HttpServletRequest request)
      Returns the UserProfile of the currently logged in user or null if no user can be found.

      Getting the full UserProfile may have performance implications in some applications. Consider using getRemoteUserKey() if you don't need the full object.

      * Note: Implementing applications might not actually be using the HttpServletRequest, but actually using an internal ThreadLocal authentication context.

      Parameters:
      request - The request to retrieve the username from
      Returns:
      The currently logged in user or null
      Since:
      2.10
      See Also:

    • getRemoteUserKey

      @Nullable UserKey getRemoteUserKey(javax.servlet.http.HttpServletRequest request)
      Returns the UserKey of the currently logged in user or null if no user can be found.

      Note: Implementing applications might not actually be using the HttpServletRequest, but actually using an internal ThreadLocal authentication context.

      Parameters:
      request - The request to retrieve the username from
      Returns:
      The key of the currently logged in user or null
      Since:
      2.10
      See Also:

    • getUserProfile

      @Nullable UserProfile getUserProfile(@Nullable String username)
      Returns a UserProfile object for the specified user or null if no user can be found
      Parameters:
      username - The username of the user whose profile is requested
      Returns:
      The user's profile or null
      Since:
      2.2.0

    • getUserProfile

      @Nullable UserProfile getUserProfile(@Nullable UserKey userKey)
      Returns a UserProfile object for the specified user or null if no user can be found
      Parameters:
      userKey - The userKey of the user whose profile is requested
      Returns:
      The user's profile or null
      Since:
      2.10

    • isUserInGroup

      @Deprecated boolean isUserInGroup(@Nullable String username, @Nullable String group)
      Deprecated.
      since 2.10, use isUserInGroup(UserKey, String) instead
      Returns whether the user is in the specify group
      Parameters:
      username - The username to check
      group - The group to check
      Returns:
      true if the user is in the specified group

    • isUserInGroup

      boolean isUserInGroup(@Nullable UserKey userKey, @Nullable String group)
      Returns whether the given user is in the given group
      Parameters:
      userKey - The user
      group - The group
      Returns:
      true if the user is in the specified group
      Since:
      2.10

    • isSystemAdmin

      @Deprecated boolean isSystemAdmin(@Nullable String username)
      Deprecated.
      since 2.10, use isSystemAdmin(UserKey) instead
      Returns true or false depending on whether a user has been granted the system administrator permission. A system administrator has full administrative permissions in the application, including permission to perform operations that may affect the underlying operating system, such as specifying filesystem paths, installing plugins, configuring mail servers and logging, performing backups and restores, etc. Only check for system administrator when performing this type of operation. Operations that do not affect the underlying system should use isAdmin(String) instead.
      Parameters:
      username - The username of the user to check
      Returns:
      true or false depending on whether a user has been granted the system admin permission.
      See Also:

    • isSystemAdmin

      boolean isSystemAdmin(@Nullable UserKey userKey)
      Returns true or false depending on whether a user has been granted the system administrator permission. A system administrator has full administrative permissions in the application, including permission to perform operations that may affect the underlying operating system, such as specifying filesystem paths, installing plugins, configuring mail servers and logging, performing backups and restores, etc. Only check for system administrator when performing this type of operation. Operations that do not affect the underlying system should use isAdmin(String) instead.
      Parameters:
      userKey - The key of the user to check
      Returns:
      true or false depending on whether a user has been granted the system admin permission.
      Since:
      2.10
      See Also:

    • isAdmin

      @Deprecated boolean isAdmin(@Nullable String username)
      Deprecated.
      since 2.10, use isAdmin(UserKey) instead
      Returns true or false depending on whether a user has been granted the administrator permission. An administrator may have restricted administrative permissions that only apply to application-level configuration that cannot affect the underlying operating system. Only check for administrator permission when performing this type of operation. Operations that can affect security, the filesystem, or allow arbitrary code execution must check isSystemAdmin(String) instead.

      Note that system administrator permission implies administrator permission. That is, any username for which userManager.isSystemAdmin(username) returns true will also return true for userManager.isAdmin(username).

      Parameters:
      username - The username of the user to check
      Returns:
      true or false depending on whether the user has been granted the admin permission
      See Also:

    • isAdmin

      boolean isAdmin(@Nullable UserKey userKey)
      Returns true or false depending on whether a user has been granted the administrator permission. An administrator may have restricted administrative permissions that only apply to application-level configuration that cannot affect the underlying operating system. Only check for administrator permission when performing this type of operation. Operations that can affect security, the filesystem, or allow arbitrary code execution must check isSystemAdmin(String) instead.

      Note that system administrator permission implies administrator permission. That is, any username for which userManager.isSystemAdmin(username) returns true will also return true for userManager.isAdmin(username).

      Parameters:
      userKey - The user of the user to check
      Returns:
      true or false depending on whether the user has been granted the admin permission
      Since:
      2.10
      See Also:

    • isLicensed

      boolean isLicensed(@Nullable UserKey userKey)

      Returns whether user has been assigned one or more product licenses.

      As Bamboo does not assign user licenses, it will return true for any existing user.

      Parameters:
      userKey - The key of the user to query
      Returns:
      true or false

    • isLimitedUnlicensedUser

      default boolean isLimitedUnlicensedUser(@Nullable UserKey userKey)

      Returns whether user is not disabled AND is unlicensed AND site has enabled limited unlicensed access (see isLimitedUnlicensedAccessEnabled())

      Parameters:
      userKey - The key of the user to query
      Returns:
      true or false

    • authenticate

      boolean authenticate(String username, String password)
      Given a username and password, this method checks whether the provided user can be authenticated
      Parameters:
      username - Username of the user
      password - Password of the user
      Returns:
      true if the user can be authenticated, false otherwise

    • resolve

      @Nullable Principal resolve(String username) throws UserResolutionException
      Returns the user that made this request or null if this application does not have such a user.
      Parameters:
      username - Username of the user a consumer is making a request on behalf of
      Returns:
      Principal corresponding to the username, null if the user does not exist
      Throws:
      UserResolutionException - thrown if there is a problem resolving the user, such as a failure when accessing an external user store

    • findGroupNamesByPrefix

      Iterable<String> findGroupNamesByPrefix(String prefix, int startIndex, int maxResults)
      Returns a list of group names.
      Parameters:
      prefix - only return groups with names matching this prefix
      startIndex - don't return the first startIndex results
      maxResults - return at most this many results
      Returns:
      an Iterable of names of groups

    • isAnonymousAccessEnabled

      boolean isAnonymousAccessEnabled()
      Returns whether the site is configured to allow access for anonymous users.
      Returns:
      true or false

    • isLimitedUnlicensedAccessEnabled

      boolean isLimitedUnlicensedAccessEnabled()

      Returns whether the site is configured to allow limited access for unlicensed users.

      At the time of introduction of this API:

      • Only Confluence and JSM are capable of enabling this option.
      • Bamboo will return true as they do not assign user licenses.
      • All other products will return false as they do not have a need to grant resource access specifically to unlicensed users.

      See isLimitedUnlicensedUser(com.atlassian.sal.api.user.UserKey) to query this in relation to a user.

      Returns:
      true or false