How to check if a user can view a page via REST or Java API without storing user's credentials?

Hi everyone,

I am working on implementing a vector search service for my Confluence data center and I want to make sure it only returns results that the user is actually allowed to see, without requiring the user’s credentials or the search service to be hosted inside the data center.

After some research, I couldn’t find any clear documentation on how to check if a user can view a certain page via REST or Java API. I did find the “PermissionManager” in the Java API, but it seems to be designed only for plugins.

I appreciate any ideas or suggestions on how to tackle this issue.

Thanks in advance for your help!

You are using SearchService?

Try something like

        SearchQuery query = BooleanQuery.andQuery(
            [Your Queries]

Or maybe it is ContentPermissionsQuery.builder().user(currentUser).build()
The documentation is not clear on this. Maybe try and give feedback.

Hi amoerchen, I’m not using SearchService. I want to build my own search service. But your words got me interested. how does SearchService perform, is it just string matching? Or can it do vector search?

Ah, the searches in Confluence use the Lucene index, i.e. ContentSearch
→ so a custom plugin might be necessary to implement a custom search.

I don’t know what a “vector search” is, so can’t help you with this.

But generally, if you invoke a REST API it is using the users’ context → there are ways of calling an API on behalf of a user. But I’m not familiar with this stuff.

For me, the easiest way to look into the existing REST API is Atlassian REST API Browser | Atlassian Marketplace