How to check if a "group of users" has access to certain "spaces" on confluence via ReST API ?

Aniket August 28, 2017

I need to get a List of spaces which are accessible for a group of users using some existing confluence rest api.

example: Consider the groups namely, groupDev, groupTest, groupClient. consider few confluence spaces namely spaceDev, spaceTest, spaceDevTest.

So here, I'm trying to find such an REST API where I pass a "groupName/groupId", and which returns a response containing the list of spaces which that group has access to.

ex: groupDev has access to spaceDev and SpaceDevTest, groupTest has access to spaceTest & spaceDevTest while groupClient has access to none of these spaces.

PS: I'm working on a monitoring tool for JIRA/Confluence, which currently checks user level access for JIRA(projects) and Confluence(spaces)...but this is at user/individual level.
I want to generalise this approach, taking it a step further.
Where the tool will check group level access for projects/spaces instead of individual level access...hence my question.

Haven't found any confluence rest API, or any workaround for this scenario.

I've searched here for confluence rest api's
https://docs.atlassian.com/confluence/REST/latest/

1 answer

0 votes
Christo Mastoroudes [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 29, 2017

I wonder if this approach is correct. I hesitate because a user can belong to more than one group and these groups could have different permissions assigned to a specific space.

If you are just checking for permission against one group then you could get a situation where the user is denied access when they actually do have access but via a different group.

I have no idea how you are implementing your project, but it is entirely possible to build your own simple rest endpoint which can do exactly what you want, but care should be taken to check what permission the end user has as a cumulative result of all the groups the user belongs to.

Aniket September 1, 2017

Thanks for the reply Christo.

Im implementing the tool using java.
the tool constructs a cURL command which makes the API calls accordingly for Jira & confluence which consumes userId n password.

currently I'm able to check the user level access.
Now I'd like to implement stuff to make the tool check access for group level.

I used some ReST API's of Jira & Conf. to do the user level access checks.
So what im hunting was some ReST API's related to Groups of Jira & Confluence which will get me data/response for groups

Then I'll be able to check my source of truth(some local data) against the response being obtained from the jira/conf ReST API hits.

okay. If u say if thats not possible... or such API's dont exist...etc
then can you throw me a possible n more practical workaround.

Thanks.

Christo Mastoroudes [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 1, 2017

I had a quick look but could not find any rest api that might help you(they might exist).

 

The easiest would be if you have ScriptRunner for Conf. and JIRA installed, as you could define a rest endpoint with little effort:

https://scriptrunner.adaptavist.com/latest/confluence/rest-endpoints.html

 

Alternatively it is possible to create a really simple plugin that exposes a rest endpoint of your own design. There are some guides available from Atlassian that can help you create a plugin and define a rest endpoint, but if you are new to it then it can be a bit long and bothersome.

 

There might also be some other solutions, but not sure.

Aniket September 1, 2017

Yes I'm new to this and i'm working on this currently.
Being new to all this feels like looking for my needle in a haystack.

Just wanted to make sure if what i'm doing is not totally wrong.

will try your suggestion as well.

I'll post my solution/workaround as soon as I solve this. :)
Thanks for ur reply again.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events