Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,365,548
Community Members
 
Community Events
168
Community Groups

Scriptrunner Check if user group has permissions in Confluence Space

Edited

Hello, my ultimate goal for the script is to check all spaces in Confluence and see, in which space a certain user group is. And for these spaces I want to remove the user group they are in. I already know how to remove permissions for a group in a space.

But I simply cannot find any solution or similiar thread about how to search through all spaces, or even get all spaces, and then check if a group has permissions to it.

 

Anybody has tips or solutions? Thanks!

 

 

3 answers

Hi Sngy!

I've added a small script here that will iterate through each of your spaces, then through each of your space permissions and extract those that belong to a certain group

Let me know if this works for you or if you have any questions!

Kind regards, 
Lee

I'm also trying to figure this out, and better late than never. :)  There are a few ways to do it, but I can't find the ideally efficient one like in Jira.

I am putting my script on a Listener, so I want to check for an individual space, but most of my examples below have individual space or global options.

The PermissionsManager mentioned in the previous answer is only for users (not groups), and is at a high level.

SpacePermissionManager

You could use a couple of SpacePermissionManager methods to get the data.

Collection<com.atlassian.user.Group> getGroupsWithPermissions(@Nullable Space space)
Returns all groups which have permissions in a space or on a global level. If space is null, permissions on the global level will be checked.
    Pros: gets only the groups for the space (or can be for all spaces)
    Cons: gets objects not strings, my list of groups contains strings not objects, and the removal method uses strings
If there were a method like this that returned a list of group names as strings, then I'd be set.

List<SpacePermission> getAllPermissionsForGroup(String group)
    Pros: gets all permissions at once for a group, based on string name of group
    Cons: may eat up more resources getting all vs. just for the space in question, returns SpacePermission which I'd then have to get the group name from, adding another step.

Space object

If you wanted to do it just at the space level not using the above, you could use the Space object
space.getPermissions()
    Pros: gets permissions just for the space at least
    Cons: have to loop through them all to find ones with a group, then see if group is in my list. It's a list of lists, which I cannot seem to get to flatten. Also have to get group string name from permission.  This way is really inefficient given the other options available.

Removal

If you're using the Space object, you could use its removePermission method, but you'd have to provide it with a SpacePermission object, which if you use getPermissions, you'd have.
To remove across the whole instance, it'd be a lot more efficient to use the SpacePermissionManager's method:
void removeAllPermissionsForGroup(String group,SpacePermissionContext context)
Removes all permissions for the given group.

That is why I need a list of group names as strings.

Oops!  That method was deprecated and replaced by:

SpacePermissionManagerInternal.removeAllPermissionsForGroup(String, com.atlassian.confluence.internal.security.SpacePermissionContext)

Does anyone know if there's a magical method to return a list of group names as strings for groups with permissions?

Otherwise, I'll need to either convert strings to objects or vice versa to do what I'm trying to do.

Oh well, I hope this helps somebody at least (even if it's a bit late).

WW Rising Star Oct 26, 2021

I don't think that SpacePermissionManagerInternal is available to mere mortals.

This post states something about that.

I guess I'll use the method in SpaceManager until it's deleted and a bunch of people holler about what to do.

WW Rising Star Dec 06, 2021

I found out the answer to the deprecations and posted it in this post.

hi @Sngy did you check com.atlassian.confluence.security.PermissionManager and hasPermission method?

https://docs.atlassian.com/atlassian-confluence/6.1.4/com/atlassian/confluence/security/PermissionManager.html#hasPermission-com.atlassian.user.User-com.atlassian.confluence.security.Permission-java.lang.Object-

I guess that "target" parameter is your page. Unfortunatelly, I do not have chance to test it on Confluence right now :(

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events