I’m creating an addon that displays information associated to individual pages in Confluence. Therefore, I want to check user permission on a page before displaying. Read the documentation and it seems like Conditions are the way to go.
Well the issue is that a generalPage doesn’t have a confluence page context on it since it is it’s own page…
The url gets the page.id since the generalPage are getting converted to both a servlet and a web-item. So…
You may consider splitting this up into a webItem (which will get the link and have it only show up when the permission is properly done). And then a generalPage module which I think (don’t hold me to this - I haven’t tried it) you can then reverse engineer the path to (generalPage path:ing are usually pretty predictable).
The other option (which will probably be a lot easier) - is to switch to a full page dialog (if your app allows that).
Now I might be totally wrong with all of this but I would expect somebody like @mjensen to come along and happily say so.
Thanks for the response. I thought about your approach. The problem is that it’s hiding the link but not really checking permissions for the page itself. As you say, it’s trivial for someone to reverse engineer the link to the actual page. Do I have that right or am I missing something?
Reading the documentation for Conditons, it looks like it was made for this exact use case. The docs use an example in JIRA that checks issue permission for accessing a general page. It seems reasonable to assume that you could do something similar in Confluence for page permissions. However, I can accept that this is a bug or oversight or something that is never going to happen.
If that is the case, I would like to know is there an accepted pattern for checking user permissions in a Connect page?