Interpreting Permissions from Confluence REST API
I can get the Confluence REST API permission list (using PythonConfluenceAPI):
p = api.get_space_information(space_key, expand="permissions")['permissions']
I get a list of dictionaries with information about operations and subjects. But there are inconsistencies between the API information and the permissions displayed in Confluence:
- The API has operations that are not in the browser (update blogpost).
- The browser has operations that are not part of the API (export space, space admin, delete mail).
- There are entries in the API list that have no operation at all, and these entries are often duplicated, appearing multiple times.
What I really want to get is a list of space admins. I hope someone can explain these permission structures that the API provides me.
source to share
Like you, I was unable to use the RPC api, which seemed to be completely removed. There are a few things you can use if you want to grab the list of space admins.
An easy way would be to use a route /rest/api/group/confluence-administrators/member
that will return you a list of all members of the merge admins who will automatically be the space admins.
If you have few users, you can also use the Space Permissions Add-on add-on , which you can install from Control Panel. It will provide you with an api with all the permissions of a given user with the same format type returned by the old one getSpacePermissionSets
.
But it can still be a pain and not the most rewarding thing if you have many users to check them out individually. I created a Confluence add-on that would allow me to use the java api and use the getAdmins method of SpaceDirectoryEntity.
The only endpoint is pretty simple:
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/{key}")
public Response getAdmins(@PathParam("key") String key) {
Space space = spaceManager.getSpace(key);
if (space == null) {
return Response.status(Response.Status.NOT_FOUND).build();
}
List<User> admins = spaceManager.getSpaceAdmins(space);
List<Object> out = new ArrayList<Object>();
for (User admin: admins) {
Map<String, String> item = new HashMap<String, String>();
item.put("fullName", admin.getFullName());
item.put("name", admin.getName());
item.put("email", admin.getEmail());
out.add(item);
}
Gson gson = new Gson();
String json = gson.toJson(out);
return Response.ok(json).build();
}
And will give this answer if a valid space is given:
[
{
"name": "admin",
"fullName": "admin",
"email": "admin@hehe.com"
},
{
"name": "admin2",
"fullName": "admin2",
"email": "admin2@hehe.com"
}
]
It might take a little more work to clean up the add-in if you want me to open it open source, just tell me if you're interested.
source to share
Unfortunately, there is no proper documentation on the REST APIs and how you can get Space Admin permission through this. However, I believe you can use the old JSON-RPC API to get the list of space access permissions. It is available through:
http://<confluence-url>/rpc/json-rpc/confluenceservice-v2/getSpacePermissionSets
It technically returns the response like this:
[
{
"type": "SETSPACEPERMISSIONS",
"spacePermissions": [
{
"type": "SETSPACEPERMISSIONS",
"userName": null,
"groupName": "confluence-administrators"
}
]
},
{
"type": "EXPORTSPACE",
"spacePermissions": [
{
"type": "EXPORTSPACE",
"userName": null,
"groupName": null
},
{
"type": "EXPORTSPACE",
"userName": null,
"groupName": "confluence-users"
},
{
"type": "EXPORTSPACE",
"userName": null,
"groupName": "confluence-administrators"
}
]
},
{
"type": "SETPAGEPERMISSIONS",
"spacePermissions": [
{
"type": "SETPAGEPERMISSIONS",
"userName": null,
"groupName": "confluence-users"
},
{
"type": "SETPAGEPERMISSIONS",
"userName": null,
"groupName": "confluence-administrators"
}
]
},
{
"type": "REMOVEMAIL",
"spacePermissions": [
{
"type": "REMOVEMAIL",
"userName": null,
"groupName": "confluence-users"
},
{
"type": "REMOVEMAIL",
"userName": null,
"groupName": "confluence-administrators"
},
{
"type": "REMOVEMAIL",
"userName": null,
"groupName": null
}
]
},
{
"type": "REMOVEBLOG",
"spacePermissions": [
{
"type": "REMOVEBLOG",
"userName": null,
"groupName": null
},
{
"type": "REMOVEBLOG",
"userName": null,
"groupName": "confluence-users"
},
{
"type": "REMOVEBLOG",
"userName": null,
"groupName": "confluence-administrators"
}
]
},
{
"type": "EXPORTPAGE",
"spacePermissions": [
{
"type": "EXPORTPAGE",
"userName": null,
"groupName": null
},
{
"type": "EXPORTPAGE",
"userName": null,
"groupName": "confluence-administrators"
},
{
"type": "EXPORTPAGE",
"userName": null,
"groupName": "confluence-users"
}
]
},
{
"type": "REMOVEATTACHMENT",
"spacePermissions": [
{
"type": "REMOVEATTACHMENT",
"userName": null,
"groupName": null
},
{
"type": "REMOVEATTACHMENT",
"userName": null,
"groupName": "confluence-administrators"
},
{
"type": "REMOVEATTACHMENT",
"userName": null,
"groupName": "confluence-users"
}
]
},
{
"type": "CREATEATTACHMENT",
"spacePermissions": [
{
"type": "CREATEATTACHMENT",
"userName": null,
"groupName": "confluence-users"
},
{
"type": "CREATEATTACHMENT",
"userName": null,
"groupName": null
},
{
"type": "CREATEATTACHMENT",
"userName": null,
"groupName": "confluence-administrators"
}
]
},
{
"type": "VIEWSPACE",
"spacePermissions": [
{
"type": "VIEWSPACE",
"userName": null,
"groupName": "confluence-administrators"
},
{
"type": "VIEWSPACE",
"userName": null,
"groupName": null
},
{
"type": "VIEWSPACE",
"userName": null,
"groupName": "confluence-users"
}
]
},
{
"type": "EDITBLOG",
"spacePermissions": [
{
"type": "EDITBLOG",
"userName": null,
"groupName": null
},
{
"type": "EDITBLOG",
"userName": null,
"groupName": "confluence-users"
},
{
"type": "EDITBLOG",
"userName": null,
"groupName": "confluence-administrators"
}
]
},
{
"type": "REMOVEPAGE",
"spacePermissions": [
{
"type": "REMOVEPAGE",
"userName": null,
"groupName": "confluence-administrators"
},
{
"type": "REMOVEPAGE",
"userName": null,
"groupName": null
},
{
"type": "REMOVEPAGE",
"userName": null,
"groupName": "confluence-users"
}
]
},
{
"type": "REMOVECOMMENT",
"spacePermissions": [
{
"type": "REMOVECOMMENT",
"userName": null,
"groupName": null
},
{
"type": "REMOVECOMMENT",
"userName": null,
"groupName": "confluence-users"
},
{
"type": "REMOVECOMMENT",
"userName": null,
"groupName": "confluence-administrators"
}
]
},
{
"type": "EDITSPACE",
"spacePermissions": [
{
"type": "EDITSPACE",
"userName": null,
"groupName": "confluence-users"
},
{
"type": "EDITSPACE",
"userName": null,
"groupName": "confluence-administrators"
},
{
"type": "EDITSPACE",
"userName": null,
"groupName": null
}
]
},
{
"type": "COMMENT",
"spacePermissions": [
{
"type": "COMMENT",
"userName": null,
"groupName": "confluence-users"
},
{
"type": "COMMENT",
"userName": null,
"groupName": "confluence-administrators"
},
{
"type": "COMMENT",
"userName": null,
"groupName": null
}
]
}
]
If you are not limited and can run a database query, you can also use the following query:
SELECT s.SPACENAME, u.username FROM SPACES s
JOIN SPACEPERMISSIONS p ON s.SPACEID = p.SPACEID
JOIN user_mapping u ON p.PERMUSERNAME = u.user_key
WHERE p.PERMTYPE = 'SETSPACEPERMISSIONS';
The above query returns a list of space admins for all spaces in your instance.
source to share