Sidehistorik
https://scriptrunner.adaptavist.com/latest/confluence/rest-endpoints.html#_configuration
Gettting Userinfo
This works
Kodeblok |
---|
import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate import groovy.json.JsonBuilder import groovy.transform.BaseScript import javax.ws.rs.core.MultivaluedMap import javax.ws.rs.core.Response import com.atlassian.sal.api.component.ComponentLocator import bucket.user.UserAccessor @BaseScript CustomEndpointDelegate delegate def userAccessor = ComponentLocator.getComponent(UserAccessor) user( httpMethod: "GET", groups: ["confluence-administrators"] ) { // validate we have username as a url parameter // extraPath is already available to use def extraPath = extraPath as String assert extraPath =~ "^/[a-zA-Z]+" def username = extraPath.split("/").last() def user = userAccessor.getUser(username) // user must exist in Confluence if (!user) { return Response.serverError().entity([error: "User $username does not exist"]).build() } def userResponse = [ username: user.name, fullname: user.fullName, email: user.email ] return Response.ok(new JsonBuilder(userResponse).toString()).build() } |
...
Output:
Kodeblok |
---|
jarvis:bin npn$ curl -X GET -u admin:Welcome1 http://localhost:8090/rest/scriptrunner/latest/custom/user/admin
{"username":"admin","fullname":"admin","email":"npn@netic.dk"}jarvis:bin npn$
jarvis:bin npn$ |
Including getting rights to a Page (hardcoded id)
Kodeblok |
---|
import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate import groovy.json.JsonBuilder import groovy.transform.BaseScript import javax.ws.rs.core.MultivaluedMap import javax.ws.rs.core.Response import com.atlassian.sal.api.component.ComponentLocator import bucket.user.UserAccessor import com.atlassian.confluence.pages.PageManager import com.atlassian.confluence.security.PermissionManager import com.atlassian.confluence.security.Permission @BaseScript CustomEndpointDelegate delegate def userAccessor = ComponentLocator.getComponent(UserAccessor) user( httpMethod: "GET", groups: ["confluence-administrators"] ) { // validate we have username as a url parameter // extraPath is already available to use def extraPath = extraPath as String assert extraPath =~ "^/[a-zA-Z]+" def username = extraPath.split("/").last() def user = userAccessor.getUser(username) // user must exist in Confluence if (!user) { return Response.serverError().entity([error: "User $username does not exist"]).build() } def pageManager = ComponentLocator.getComponent(PageManager) def page = pageManager.getPage(1540098) def permissionManager = ComponentLocator.getComponent(PermissionManager) // Permissions - https://developer.atlassian.com/confdev/development-resources/confluence-developer-faq/how-do-i-tell-if-a-user-has-permission-to boolean canEdit = permissionManager.hasPermission(user, Permission.EDIT, page); def userResponse = [ username: user.name, fullname: user.fullName, email: user.email, edit: canEdit ] return Response.ok(new JsonBuilder(userResponse).toString()).build() } |
Output:
Notice that bnp=false, but admin=true
Kodeblok |
---|
curl -X GET -u admin:Welcome1 http://localhost:8090/rest/scriptrunner/latest/custom/user/bnp {"username":"bnp","fullname":"Normann","email":"bnp@mos-eisley.dk","edit":false} jarvis:bin npn$ curl -X GET -u admin:Welcome1 http://localhost:8090/rest/scriptrunner/latest/custom/user/admin {"username":"admin","fullname":"admin","email":"npn@netic.dk","edit":true} jarvis:bin npn$ |
Examine if a Group has Edit Access:
Kodeblok |
---|
import bucket.user.UserAccessor import com.atlassian.sal.api.component.ComponentLocator import com.atlassian.user.GroupManager import com.atlassian.user.impl.DefaultUser import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate import groovy.json.JsonBuilder import groovy.transform.BaseScript import org.codehaus.jackson.map.ObjectMapper import javax.ws.rs.core.MultivaluedMap import javax.ws.rs.core.Response import static com.atlassian.user.security.password.Credential.unencrypted import com.atlassian.sal.api.component.ComponentLocator import bucket.user.UserAccessor import com.atlassian.confluence.pages.PageManager import com.atlassian.confluence.security.PermissionManager import com.atlassian.confluence.security.Permission import com.atlassian.confluence.security.ContentPermission import com.atlassian.confluence.core.ContentPermissionManager import com.atlassian.confluence.security.ContentPermissionSet @BaseScript CustomEndpointDelegate delegate def userAccessor = ComponentLocator.getComponent(UserAccessor) user( httpMethod: "GET", groups: ["confluence-administrators"] ) { // validate we have username as a url parameter // extraPath is already available to use def extraPath = extraPath as String assert extraPath =~ "^/[a-zA-Z]+" def groupname = extraPath.split("/").last() def group = userAccessor.getGroup(groupname) // user must exist in Confluence if (!group) { return Response.serverError().entity([error: "Group $groupname does not exist"]).build() } def pageManager = ComponentLocator.getComponent(PageManager) def page = pageManager.getPage(1540098) def permissionManager = ComponentLocator.getComponent(PermissionManager) boolean CanEdit=false def PermList = page.getContentPermissionSet(ContentPermission.EDIT_PERMISSION) // def ContentPermissionManager = ComponentLocator.getComponent(ContentPermissionManager) //List<ContentPermissionSet> cpsl = ContentPermissionManager.getContentPermissionSets(page, ContentPermission.EDIT_PERMISSION); //for(int i=0; i<PermList.size(); i++){ // System.out.println(PermList(i) + i.toString()); //} for (ContentPermission cp : page.getContentPermissionSet(ContentPermission.EDIT_PERMISSION)) { if (cp.toString().contains("groupName=" + groupname)) { System.out.println(cp) CanEdit=true } } return Response.ok(CanEdit.toString()).build() } |
Output:
Notice that bnp=false, but admin=true
Kodeblok |
---|
curl -X GET -u admin:Welcome1 http://localhost:8090/rest/scriptrunner/latest/custom/user/confluence-administrators
true
jarvis:bin npn$ |
Remove EDIT Rights for a page:
Kodeblok |
---|
import bucket.user.UserAccessor
import com.atlassian.sal.api.component.ComponentLocator
import com.atlassian.user.GroupManager
import com.atlassian.user.impl.DefaultUser
import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate
import groovy.json.JsonBuilder
import groovy.transform.BaseScript
import org.codehaus.jackson.map.ObjectMapper
import javax.ws.rs.core.MultivaluedMap
import javax.ws.rs.core.Response
import static com.atlassian.user.security.password.Credential.unencrypted
import com.atlassian.sal.api.component.ComponentLocator
import bucket.user.UserAccessor
import com.atlassian.confluence.pages.PageManager
import com.atlassian.confluence.security.PermissionManager
import com.atlassian.confluence.security.Permission
import com.atlassian.confluence.security.ContentPermission
import com.atlassian.confluence.core.ContentPermissionManager
import com.atlassian.confluence.security.ContentPermissionSet
@BaseScript CustomEndpointDelegate delegate
def userAccessor = ComponentLocator.getComponent(UserAccessor)
user(
httpMethod: "GET", groups: ["confluence-administrators"]
) {
// validate we have username as a url parameter
// extraPath is already available to use
def extraPath = extraPath as String
assert extraPath =~ "^/[a-zA-Z]+"
def groupname = extraPath.split("/").last()
String PageId="1540098"
def group = userAccessor.getGroup(groupname)
// user must exist in Confluence
if (!group) {
System.out.println("Group: " + groupname + " was not found in the System.")
return Response.serverError().entity([error: "Group $groupname does not exist"]).build()
}
def pageManager = ComponentLocator.getComponent(PageManager)
def page = pageManager.getPage(PageId.toLong())
if (!page) {
System.out.println("Page: " + PageId + " was not found in the System.")
return Response.serverError().entity([error: "Page $PageId does not exist"]).build()
}
def permissionManager = ComponentLocator.getComponent(PermissionManager)
def contentPermissionManager = ComponentLocator.getComponent(ContentPermissionManager)
boolean CanEdit=false
// cp is a ContentpermissionSet - https://docs.atlassian.com/confluence/5.8.4/com/atlassian/confluence/security/ContentPermissionSet.html (unique and also bound to a page)
for (ContentPermission cp : page.getContentPermissionSet(ContentPermission.EDIT_PERMISSION)) {
if (cp.toString().contains("groupName=" + groupname)) {
// Remove the Permission
System.out.println("Group: " + groupname + " was found having EDIT Permissions for Page Id: " + PageId + ".")
contentPermissionManager.removeContentPermission(cp);
System.out.println("Removed EDIT permissions for Group: " + groupname + "for Page Id: " + PageId + ".")
}
}
return Response.ok(CanEdit.toString()).build()
} |