https://scriptrunner.adaptavist.com/latest/confluence/rest-endpoints.html#_configuration
Gettting Userinfo
This works
import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate import groovy.json.JsonBuilder import groovy.transform.BaseScript import javax.ws.rs.core.MultivaluedMap import javax.ws.rs.core.Response import com.atlassian.sal.api.component.ComponentLocator import bucket.user.UserAccessor @BaseScript CustomEndpointDelegate delegate def userAccessor = ComponentLocator.getComponent(UserAccessor) user( httpMethod: "GET", groups: ["confluence-administrators"] ) { // validate we have username as a url parameter // extraPath is already available to use def extraPath = extraPath as String assert extraPath =~ "^/[a-zA-Z]+" def username = extraPath.split("/").last() def user = userAccessor.getUser(username) // user must exist in Confluence if (!user) { return Response.serverError().entity([error: "User $username does not exist"]).build() } def userResponse = [ username: user.name, fullname: user.fullName, email: user.email ] return Response.ok(new JsonBuilder(userResponse).toString()).build() }
Output:
jarvis:bin npn$ curl -X GET -u admin:Welcome1 http://localhost:8090/rest/scriptrunner/latest/custom/user/admin {"username":"admin","fullname":"admin","email":"npn@netic.dk"}jarvis:bin npn$ jarvis:bin npn$
Including getting rights to a Page (hardcoded id)
import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate import groovy.json.JsonBuilder import groovy.transform.BaseScript import javax.ws.rs.core.MultivaluedMap import javax.ws.rs.core.Response import com.atlassian.sal.api.component.ComponentLocator import bucket.user.UserAccessor import com.atlassian.confluence.pages.PageManager import com.atlassian.confluence.security.PermissionManager import com.atlassian.confluence.security.Permission @BaseScript CustomEndpointDelegate delegate def userAccessor = ComponentLocator.getComponent(UserAccessor) user( httpMethod: "GET", groups: ["confluence-administrators"] ) { // validate we have username as a url parameter // extraPath is already available to use def extraPath = extraPath as String assert extraPath =~ "^/[a-zA-Z]+" def username = extraPath.split("/").last() def user = userAccessor.getUser(username) // user must exist in Confluence if (!user) { return Response.serverError().entity([error: "User $username does not exist"]).build() } def pageManager = ComponentLocator.getComponent(PageManager) def page = pageManager.getPage(1540098) def permissionManager = ComponentLocator.getComponent(PermissionManager) // Permissions - https://developer.atlassian.com/confdev/development-resources/confluence-developer-faq/how-do-i-tell-if-a-user-has-permission-to boolean canEdit = permissionManager.hasPermission(user, Permission.EDIT, page); def userResponse = [ username: user.name, fullname: user.fullName, email: user.email, edit: canEdit ] return Response.ok(new JsonBuilder(userResponse).toString()).build() }
Output:
Notice that bnp=false, but admin=true
curl -X GET -u admin:Welcome1 http://localhost:8090/rest/scriptrunner/latest/custom/user/bnp {"username":"bnp","fullname":"Normann","email":"bnp@mos-eisley.dk","edit":false} jarvis:bin npn$ curl -X GET -u admin:Welcome1 http://localhost:8090/rest/scriptrunner/latest/custom/user/admin {"username":"admin","fullname":"admin","email":"npn@netic.dk","edit":true} jarvis:bin npn$
Examine if a Group has Edit Access:
import bucket.user.UserAccessor import com.atlassian.sal.api.component.ComponentLocator import com.atlassian.user.GroupManager import com.atlassian.user.impl.DefaultUser import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate import groovy.json.JsonBuilder import groovy.transform.BaseScript import org.codehaus.jackson.map.ObjectMapper import javax.ws.rs.core.MultivaluedMap import javax.ws.rs.core.Response import static com.atlassian.user.security.password.Credential.unencrypted import com.atlassian.sal.api.component.ComponentLocator import bucket.user.UserAccessor import com.atlassian.confluence.pages.PageManager import com.atlassian.confluence.security.PermissionManager import com.atlassian.confluence.security.Permission import com.atlassian.confluence.security.ContentPermission import com.atlassian.confluence.core.ContentPermissionManager import com.atlassian.confluence.security.ContentPermissionSet @BaseScript CustomEndpointDelegate delegate def userAccessor = ComponentLocator.getComponent(UserAccessor) user( httpMethod: "GET", groups: ["confluence-administrators"] ) { // validate we have username as a url parameter // extraPath is already available to use def extraPath = extraPath as String assert extraPath =~ "^/[a-zA-Z]+" def groupname = extraPath.split("/").last() def group = userAccessor.getGroup(groupname) // user must exist in Confluence if (!group) { return Response.serverError().entity([error: "Group $groupname does not exist"]).build() } def pageManager = ComponentLocator.getComponent(PageManager) def page = pageManager.getPage(1540098) def permissionManager = ComponentLocator.getComponent(PermissionManager) boolean CanEdit=false def PermList = page.getContentPermissionSet(ContentPermission.EDIT_PERMISSION) // def ContentPermissionManager = ComponentLocator.getComponent(ContentPermissionManager) //List<ContentPermissionSet> cpsl = ContentPermissionManager.getContentPermissionSets(page, ContentPermission.EDIT_PERMISSION); //for(int i=0; i<PermList.size(); i++){ // System.out.println(PermList(i) + i.toString()); //} for (ContentPermission cp : page.getContentPermissionSet(ContentPermission.EDIT_PERMISSION)) { if (cp.toString().contains("groupName=" + groupname)) { System.out.println(cp) CanEdit=true } } return Response.ok(CanEdit.toString()).build() }
Output:
Notice that bnp=false, but admin=true
curl -X GET -u admin:Welcome1 http://localhost:8090/rest/scriptrunner/latest/custom/user/confluence-administrators true jarvis:bin npn$
Remove EDIT Rights for a page:
import bucket.user.UserAccessor import com.atlassian.sal.api.component.ComponentLocator import com.atlassian.user.GroupManager import com.atlassian.user.impl.DefaultUser import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate import groovy.json.JsonBuilder import groovy.transform.BaseScript import org.codehaus.jackson.map.ObjectMapper import javax.ws.rs.core.MultivaluedMap import javax.ws.rs.core.Response import static com.atlassian.user.security.password.Credential.unencrypted import com.atlassian.sal.api.component.ComponentLocator import bucket.user.UserAccessor import com.atlassian.confluence.pages.PageManager import com.atlassian.confluence.security.PermissionManager import com.atlassian.confluence.security.Permission import com.atlassian.confluence.security.ContentPermission import com.atlassian.confluence.core.ContentPermissionManager import com.atlassian.confluence.security.ContentPermissionSet @BaseScript CustomEndpointDelegate delegate def userAccessor = ComponentLocator.getComponent(UserAccessor) user( httpMethod: "GET", groups: ["confluence-administrators"] ) { // validate we have username as a url parameter // extraPath is already available to use def extraPath = extraPath as String assert extraPath =~ "^/[a-zA-Z]+" def groupname = extraPath.split("/").last() String PageId="1540098" def group = userAccessor.getGroup(groupname) // user must exist in Confluence if (!group) { System.out.println("Group: " + groupname + " was not found in the System.") return Response.serverError().entity([error: "Group $groupname does not exist"]).build() } def pageManager = ComponentLocator.getComponent(PageManager) def page = pageManager.getPage(PageId.toLong()) if (!page) { System.out.println("Page: " + PageId + " was not found in the System.") return Response.serverError().entity([error: "Page $PageId does not exist"]).build() } def permissionManager = ComponentLocator.getComponent(PermissionManager) def contentPermissionManager = ComponentLocator.getComponent(ContentPermissionManager) boolean CanEdit=false // cp is a ContentpermissionSet - https://docs.atlassian.com/confluence/5.8.4/com/atlassian/confluence/security/ContentPermissionSet.html (unique and also bound to a page) for (ContentPermission cp : page.getContentPermissionSet(ContentPermission.EDIT_PERMISSION)) { if (cp.toString().contains("groupName=" + groupname)) { // Remove the Permission System.out.println("Group: " + groupname + " was found having EDIT Permissions for Page Id: " + PageId + ".") contentPermissionManager.removeContentPermission(cp); System.out.println("Removed EDIT permissions for Group: " + groupname + "for Page Id: " + PageId + ".") } } return Response.ok(CanEdit.toString()).build() }