PermissionManager.hasPermission(...) throws IllegalArgumentException for non-admin user

Confluence Development Confluence Server
3

Hello @PetriJuhaniRiipinen

The article you mentioned How do I tell if a user has permission to...? is correct, however PermissionManager is traditionally used with PageManager , SpaceManager, CommentManager … and not with our Java API models and services.
We recommend to use the Java API services instead and not go through PageManager/PermissionManager , you’ll see that a lot of the methods in PageManager are deprecated anyway.

Since you are using ContentService#find from our Java API, you can omit the explicit permission check on your side , because ContentService ensures permission checks are handled by default under the hood , so if the Optional is not empty , it means that the user has VIEW permission on the content.

The reason your code works fine for admin-users, it is because they are exempt from permission checks in some cases … which means permission checks for them follows a different code path that doesn’t blow up in that exception .

So you should be able to trust ContentService#find on its own.

Now what if you want to check for EDIT permission … ?
You should use OperationService in combination with ContentService in this case
for example OperationService#getAvailableOperations will resolve all the available ops for the logged in user for a given content item.

@Path("/operation")
public class OperationResource {

    private final ContentService contentService;
    private final OperationService operationService;

    @Autowired
    public OperationResource(
            @ComponentImport final ContentService contentService,
            @ComponentImport final OperationService operationService
    ) {
        this.contentService = contentService;
        this.operationService = operationService;
    }

    @GET
    @Path("/content/{id}")
    @Produces("application/json")
    public Response contentWithId(@PathParam("id") long id) {
        List<OperationCheckResult> operationCheckResults = contentService.find(ExpansionsParser.parse("container")).withId(ContentId.of(id))
                .fetch()
                .map(content -> operationService.getAvailableOperations(Target.forModelObject(content)))
                .orElse(Collections.emptyList());
        return Response.ok(operationCheckResults).build();
    }
}

code snippet available here welcome operation resource example · viqueen/atlassian-devbox@4118e3c · GitHub

Hope this helps
Hasnae R.

4 Likes