Space-groups and permissions

Hi All,

I have a macro which scans the whole Confluence instance and results all the spaces/personal spaces of the instance and for each space/personal space list the groups having accessed.

This is very helpful because when creating a new user we don't have to see the space permission page for each space, but we have a separated admin page for this and we just search for the space and see the list of groups accessing to it.

Here is the code:

## Macro to list all Spaces in an installation with the Groups that have at least permission to view each Space.
## @noparams
 
<h1>Space Group Permissions</h1>
 
<p>Below listed the spaces and personal spaces alphabetically with the groups accessing on.</p>
 
#foreach ($space in $spaceManager.getAllSpaces())
  <h2>$space.getName()</h2>
  <p>The following groups can at least view the $space.getName() Space.</p>
  <ul>
  #foreach ($permission in $space.getPermissions())
    #if ($permission.isGroupPermission() && $permission.getType() == "VIEWSPACE")
      <li>$permission.getGroup()</li>
    #end
  #end
  </ul>
#end

After using this macro for 4 weeks, many of my confluence admin colleagues and space admins requested an extension: they would like to see the permission types too below each group. I mean - if you try the macro you will see - that they need to know what kind of permissions grants a particular group in a space.

Now the above code results this:

TEST Space

The following groups have access to TEST Space:

  • jira-administrators
  • TEST-dev

And my users need this extension:

TEST Space

The following groups have access to TEST Space.

  • jira-administrators

COMMENT
VIEWSPACE
REMOVEMAIL
SETPAGEPERMISSIONS

  • TEST-dev

COMMENT
VIEWSPACE

Thanks to Andrew Frayling, there is an other macro, which list the permission types of every group on a particular space. Only disadvantage of the macro that it is a "reverse": it lists every spaces/personal spaces for each group and mark the permission types where the particular group has permission in the space. In case of 30 groups and 20 spaces, the result will be 600 lines!

Here is the code:

{code}

<h1>Groups</h1>
## get all the groups
#set ( $allGroups = $userAccessor.getGroupsAsList() )
## get all the spaces
#set ( $allSpaces = $spaceManager.getAllSpaces() )
#foreach ($group in $allGroups)
<h2>$group</h2>
#foreach ($space in $allSpaces)
<h3>$space.getName()</h3>
#foreach ($permission in $space.getPermissions())
#if ($permission.isGroupPermission())
#if ($permission.getGroup() == $group)
$permission.getType()<br />
#end
#end
#end
#end
#end
{code}
I tried to paste the "$permission.getType()<br />" line in the first code above but nothing happened.

Hence most of our groups don't refer the permission (I wasn't the admin earlier:) so it's almost impossible to figure out that for example group A gives view only right in space B.

I hope that this is just putting 1-2 lines in the code above but I haven't get aquinted with velocity.

Can you please suggest?

Thanks in advance!

Rumi

5 answers

1 accepted

0 votes
Accepted answer

Hi Rumi,

Sorry for the delay in replying, nope, nothing in 4.2 that makes this any easier ;-) The following macro will only display the groups that have any permissions on a Space rather than displaying a group name with no permissions, but it uses the same "de-duping" hack as another macro I provided you with.

## Macro title: Group Permissions
## Macro has a body: Y or N (N)
## Body processing: Selected body processing option
## Output: Selected output option
##
## Developed by: Andrew Frayling
## Date created: 27/06/2012
## Installed by: &lt;your name&gt;
 
## Macro to list all Spaces in an installation with the Groups that have at least permission to view each Space.
## @noparams
 
## get all the groups
#set ( $allGroups = $userAccessor.getGroupsAsList() )
  
## get all the spaces
#set ( $allSpaces = $spaceManager.getAllSpaces() )
   
&lt;h1&gt;Space Group Permissions&lt;/h1&gt;
   
&lt;p&gt;This Confluence instllation contains the following Spaces, with the listed groups having the permissions shown on each Space.&lt;/p&gt;
   
#foreach ($space in $allSpaces)

  ## create an array to hold groups that have permissions
  ## and empty it for each space
  #set ( $groupsWithPermissions = [] )
  &lt;h2&gt;$space.getName()&lt;/h2&gt;
  
  ## initial loop through all groups to see if they have permissions on a space
  #foreach ($group in $allGroups)
    #foreach ($permission in $space.getPermissions())
      #if ($permission.isGroupPermission() &amp;&amp; $permission.getGroup() == $group)
        ## check if group has already been accounted for
        #set ( $exists = false )
        #foreach($group in $groupsWithPermissions)
          #if($group == $permission.getGroup())
            #set ( $exists = true )
            #break
          #end
        #end
        ## if it hasn't been added as a group that has permissions add it
        #if(!$exists)
          #set ( $added = $groupsWithPermissions.add($permission.getGroup()) )
        #end
      #end
    #end
  #end
  
  ## $groupsWithPermissions should now contain just the groups that have permissions
  ## loop through $groupsWithPermissions to display them
  &lt;p&gt;The following groups have the following permissions on the $space.getName() Space.&lt;/p&gt;
  #foreach ($groupWithPermission in $groupsWithPermissions)
    &lt;h3&gt;$groupWithPermission&lt;/h3&gt;
    #foreach ($permission in $space.getPermissions())
      &lt;ul&gt;
      #if ($permission.isGroupPermission() &amp;&amp; $permission.getGroup() == $groupWithPermission)
        &lt;li&gt;$permission.getType()&lt;/li&gt;
      #end
      &lt;/ul&gt;
    #end
  #end
#end

The macro creates an array ($groupsWithPermissions) to hold the groups that it finds have permission on a Space, it then loops through this array to display the permissions so has to loop through permissions twice - once to see if a group has any permissions at all and once to display the groups that do have permissions.

Andrew.

Hi Andrew,

thank you very much!

When I run the macro it resulted: Error rendering macro 'space-permissions-for-confluence-admins' : Java heap space

What is java heap space?

Hi Rumi (or is it Gary now???),

That's an out of memory error, have a look at https://confluence.atlassian.com/display/DOC/Fix+Out+of+Memory+Errors+by+Increasing+Available+Memory for details on how to increase available memory.

How many spaces and groups are there with your install? It could be that the second loop to remove the groups with no permisisons is just too much for the size of your install and you may have to make do with the version that dispays the group names - which I think worked for you?

Andrew.

Hi Andrew,

yes it's me Rumi, sorry I confused the settings.

You're right: that must be an out of memory problem. In my test environment the macro works fine (there I have 9 spaces and about 60 groups). In prod version we have 125 global spaces and 800 (!) groups.

I try to increase the memory but it will be difficult hence the system administration is in a different team.

Hi Andrew,

for first time I could help you: the parsing was unnecessary so now the code is not so memory consuming:

## Macro to list all spaces in docSpace with the groups that have at least permission to view each space.
## @noparams
 
## get all the spaces
#set ( $allSpaces = $spaceManager.getAllSpaces() )
   
&lt;h1&gt;Space Group Permissions&lt;/h1&gt;
   
&lt;p&gt;DocSpace contains the following spaces, with the listed groups having the permissions shown on each space.&lt;/p&gt;
   
#foreach ($space in $allSpaces)

  ## create an array to hold groups that have permissions
  ## and empty it for each space
  #set ( $groupsWithPermissions = [] )
  &lt;h2&gt;$space.getName()&lt;/h2&gt;
  
  #foreach ($permission in $space.getPermissions())
    #if ($permission.isGroupPermission())
      ## check if group has already been accounted for
      #set ( $exists = false )
      #foreach($group in $groupsWithPermissions)
        #if($group == $permission.getGroup())
          #set ( $exists = true )
          #break
        #end
      #end
      ## if it hasn't been added as a group that has permissions add it
      #if(!$exists)
        #set ( $added=$groupsWithPermissions.add($permission.getGroup()) )
      #end
    #end
  #end

 ## $groupsWithPermissions should now contain just the groups that have permissions
  ## loop through $groupsWithPermissions to display them
  &lt;p&gt;The following groups have the following permissions on the $space.getName() Space.&lt;/p&gt;
  #foreach ($groupWithPermission in $groupsWithPermissions)
    &lt;h3&gt;$groupWithPermission&lt;/h3&gt;
    #foreach ($permission in $space.getPermissions())
      &lt;ul&gt;
      #if ($permission.isGroupPermission() &amp;&amp; $permission.getGroup() == $groupWithPermission)
        &lt;li&gt;$permission.getType()&lt;/li&gt;
      #end
      &lt;/ul&gt;
    #end
  #end
#end

Thanks for this, I hadn't spotted that looping through all the groups was redundant.

Cheers,

Andrew.

have any idea?

Hi Rumi,

Try this one:

## Macro title: My Macro
## Macro has a body: Y or N
## Body processing: Selected body processing option
## Output: Selected output option
##
## Developed by: My Name
## Date created: dd/mm/yyyy
## Installed by: My Name

## Macro to list all Spaces in an installation with the Groups that have at least permission to view each Space.
## @noparams

## get all the groups
#set ( $allGroups = $userAccessor.getGroupsAsList() )
 
## get all the spaces
#set ( $allSpaces = $spaceManager.getAllSpaces() )
  
&lt;h1&gt;Space Group Permissions&lt;/h1&gt;
  
&lt;p&gt;Below listed the spaces and personal spaces alphabetically with the groups accessing on.&lt;/p&gt;
  
#foreach ($space in $allSpaces)
  &lt;h2&gt;$space.getName()&lt;/h2&gt;
  &lt;p&gt;The following groups have the following permissions on the $space.getName() Space.&lt;/p&gt;
  #foreach ($group in $allGroups)
    &lt;h3&gt;$group&lt;/h3&gt;
    &lt;ul&gt;
    #foreach ($permission in $space.getPermissions())
      #if ($permission.isGroupPermission() &amp;&amp; $permission.getGroup() == $group)
        &lt;li&gt;$permission.getType()&lt;/li&gt;
      #end
    #end
    &lt;/ul&gt;
  #end
  &lt;/ul&gt;
#end

It's basically the same as the 2nd macro you listed, but you reverse the foreach loops so you loop through the spaces first and then loop through all the groups for each space. It'll still output the group name if it has no permissions on a space, but there won't be any permission listed underneath it.

Andrew.

Hi Andrew,

that's correct! Thank you!

How can be hide the groups which don't grant permission on the particular space? My first guess would be a second foreach statement before displaying....I guess it would slow down the running time of the macro but it doesn't matter.

foreach groups

if group.permissionis empty than

hide

end

Or is there a property of the groups like '.hide'?

Sorry I don't know the velocity:(

Thanks again,

Rumi

Hi Andrew,

what do you think? Can it be too difficult?

have you got a private channel?

Best regards,

Rumi

Hi Rumi,

Shouldn't be difficult, I just haven't had time to look at it, but will post back here when I have. If you want to you can contact me via andrew dot frayling at gmail dot com , but I can't guarantee a response via email from me is going to be any quicker than a reply on this thread.

Cheers,

Andrew.

Hi Andrew,

just for info, that we upgraded our Confluence to 4.2 version. Maybe there is a simplier code or solution for this version and you can spare some effort.

Hi Andrew,

I just would like to ask you that have had a few time to look at it?

Best regards,

Rumi

Any idea somebody?

Hello everyone,

I'm interest in this macro but only for the current space where the macro reside.

How will you adapt this code in regard ?

Thanks for any help.

Michael

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 24, 2018 in Confluence

Atlassian Research opportunity with Confluence templates

Do you use templates with Confluence? Take part in a remote 1-hr workshop. You'll receive USD $100 for your time!   We're looking for people to participate in a   remote 1-hr workshop...

1,546 views 25 14
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you