Interface AuthorizationContainer

All Known Subinterfaces:
AuthorizationProperty
All Known Implementing Classes:
AuthorizationMatrixNodeProperty, AuthorizationMatrixProperty, AuthorizationMatrixProperty, AzureAdAuthorizationMatrixFolderProperty, AzureAdAuthorizationMatrixNodeProperty, AzureAdAuthorizationMatrixProperty, AzureAdMatrixAuthorizationStrategy, GlobalMatrixAuthorizationStrategy

@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public interface AuthorizationContainer
  • Field Details

    • LOGGER

      static final Logger LOGGER
  • Method Details

    • add

      @Deprecated default void add(Permission permission, String sid)
      Deprecated.
      Since 3.0, use add(Permission, PermissionEntry) instead.
    • add

      default void add(Permission permission, PermissionEntry entry)
      Adds to getGrantedPermissionEntries(). Use of this method should be limited during construction, as this object itself is considered immutable once populated.
      Since:
      3.0
    • getGrantedPermissions

      @Deprecated default Map<Permission,Set<String>> getGrantedPermissions()
      Deprecated.
      Since 3.0, use {getGrantedPermissionEntries()} instead.
      Returns all the (Permission, sid) tuples where permissions are granted to either groups or users. This does NOT include permissions granted specifically to users or groups (added in 3.0).
      Returns:
      read-only. never null.
    • getGrantedPermissionEntries

      Map<Permission,Set<PermissionEntry>> getGrantedPermissionEntries()
      Returns a live modifiable map of permissions. This return value needs to be treated as unmodifiable from shortly after object construction (even though it isn't for practical reasons).
      Since:
      3.0
    • getGroups

      Set<String> getGroups()
      Internal only: Returns all recorded (possible) group sids to allow populating AuthorizationStrategy.getGroups().
      Since:
      3.0
    • recordGroup

      void recordGroup(String sid)
      Internal only: Record use of a (possible) group sid to be later returned in getGroups().
    • getDescriptor

      Descriptor getDescriptor()
    • add

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) default void add(String shortForm)
      Works like add(Permission, PermissionEntry) but takes both parameters from a single string of the form PERMISSION_ID:sid (legacy format, implicit 'EITHER' type) or type:PERMISSION_ID:sid (new since 3.0).

      The supported formats for PERMISSION_ID are:

      • Internal ID: hudson.model.Hudson.ADMINISTER
      • UI short form: Overall/Administer
      See Also:
    • parsePermission

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) static Permission parsePermission(String permission)
    • getEditingPermission

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) Permission getEditingPermission()
    • getAllSIDs

      @Deprecated default List<String> getAllSIDs()
      Deprecated.
      Since 3.0, use {getAllPermissionEntries()} instead.
      Returns SIDs configured in this matrix with 'either' (legacy pre-3.0) type, minus "anonymous". This does NOT include permissions granted specifically to users or groups (new in 3.0).
      Returns:
      Always non-null.
    • getAllPermissionEntries

      default List<PermissionEntry> getAllPermissionEntries()
    • hasPermission

      @Deprecated default boolean hasPermission(String sid, Permission p)
      Checks if the given SID has the given permission.
    • hasPermission

      default boolean hasPermission(String sid, Permission p, boolean principal)
      Checks if the given SID has the given permission.
    • hasExplicitPermission

      @Deprecated default boolean hasExplicitPermission(String sid, Permission p)
      Deprecated.
      Checks if the permission is explicitly given, instead of implied through Permission.impliedBy.
    • hasExplicitPermission

      default boolean hasExplicitPermission(PermissionEntry entry, Permission p)
      Return true if and only if the exact permission entry is explicitly granted the specified permission, ignoring compatible types (e.g. passing USER will not match an EITHER entry) and implications.
      Parameters:
      entry - the entry to check for
      p - the permission to check for
      Returns:
      true if and only if the exact entry matches
      Since:
      3.0