Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-15160

Remote API Access Space Permission (PATCH)

    Details

    • Last commented by user?:
      true

      Description

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      For large confluence installation it is important to have RemoteAPI access to Confluence, but at the same time, it is not desirable to give the remote access to everyone and everywhere. For this reason a new permission that would control access to the remote API is needed.

      It is unimaginable to have Confluence admins of big instances decide who should get the remote api access and for which space. Such a decision should be delegated to the space admins, which are the content owners for the given space and can make a qualified decision about the access via the RemoteAPI for their space.

      For this reason a new space permission is needed. This space permission would be controlled as any other permission via the Space Admin -> Permissions view.

      A patch with this functionality was developed against Confluence 2.x and the patch provided is rebased for 2.10.2. Patch was written in a minimalistic way in order to introduce minimal performance penalty and make it easy to port it between different confluence versions.

      In our case we wanted to restrict access to global remote api calls only to confluence admins as well, so we created a patch for that too (attached as remote-api-admin-authorization.patch). It would be nice if this patch was rewritten so that an individual global permission to access these global methods exists too, but this isn't as important for us as having the space permission patch accepted to the confluence source base. I'm attaching both patches just to give you an idea of what we do. It's up to you if you decide to take the admin patch and rewrite it so that a global permission exists as well.

      The order in which patches should be applied to confluence source base is remote-api-admin-authorization.patch -> remote-api-authorization.patch.

        Attachments

        1. Remote Access.png
          11 kB
          Igor Minar
        2. remote-api-admin-authorization.patch
          8 kB
          Igor Minar
        3. remote-api-authorization.patch
          35 kB
          Igor Minar

          Issue Links

            Activity

              People

              • Votes:
                6 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Last commented:
                  8 years, 16 weeks, 1 day ago