How to display my addon page only if they have edit permission

I’m creating an addon that displays information associated to individual pages in Confluence. Therefore, I want to check user permission on a page before displaying. Read the documentation and it seems like Conditions are the way to go.

When I set a condition like

"modules": {
	     "generalPages": [
	        "url": "/my_page/{}",
	        "name": {
	          "value": "MyPage"
	        "key": "my-page",
	        "conditions": [{
	        	"params": {
	        		"permission": "EDIT"

I get an error from confluence that says

The add-on includes a Page module with an unsupported condition (has_page_permission).

Is it possible to have a page conditional on a content permission? If not, how should I accomplish this?

1 Like

Well the issue is that a generalPage doesn’t have a confluence page context on it since it is it’s own page…

The url gets the since the generalPage are getting converted to both a servlet and a web-item. So…

You may consider splitting this up into a webItem (which will get the link and have it only show up when the permission is properly done). And then a generalPage module which I think (don’t hold me to this - I haven’t tried it) you can then reverse engineer the path to (generalPage path:ing are usually pretty predictable).

The other option (which will probably be a lot easier) - is to switch to a full page dialog (if your app allows that).

Now I might be totally wrong with all of this but I would expect somebody like @mjensen to come along and happily say so.

1 Like

Thanks for the response. I thought about your approach. The problem is that it’s hiding the link but not really checking permissions for the page itself. As you say, it’s trivial for someone to reverse engineer the link to the actual page. Do I have that right or am I missing something?

Reading the documentation for Conditons, it looks like it was made for this exact use case. The docs use an example in JIRA that checks issue permission for accessing a general page. It seems reasonable to assume that you could do something similar in Confluence for page permissions. However, I can accept that this is a bug or oversight or something that is never going to happen.

If that is the case, I would like to know is there an accepted pattern for checking user permissions in a Connect page?