Edit/view distinction in restricting access to Confluence UI

Description

Introduce a distinction between view and edit requests in the Confluence UI access filter feature (the settings under the permissions tab in the viewport configuration UI).

Confluence UI access filtering rules:

Can Access

Auto Redirect

Behavior

block access

redirect to viewport

do nothing

do nothing

… where Can Access is defined as follows:
(the more specific rule always applies; 'edit' request encompasses the 'editpage' and the 'doeditpage' actions; everything else falls under 'view')

Old Access rules:

View/Edit

User

Filter

Access

*

anonymous

*

system admin

*

Confluence admin

*

space admin

*

in exception group

*

*

*

*

(handled by Confluence)

New Access rules:

View/Edit

User

Filter

Access

view

anonymous

view

system admin

view

Confluence admin

view

space admin

view

in exception group

view

*

edit

anonymous

edit

anonymous with edit permissions

edit

with edit permissions

edit

*

*

*

(handled by Confluence)

Note that view and edit access is always denied to anonymous users when the filter is active, since doing it any other way would allow more constrained users to simply log off to remove their constraints.

The sidebar should only be visible to users who are not restricted by the Confluence UI access filter.

There should be a placeholder for the edit URL so that themes can create their own edit button for users who are restricted but should be able to edit pages.

Environment

None

Status

Assignee

Maximilian Hilbert (K15t)

Reporter

Maximilian Hilbert (K15t)

Labels

Participants

None

Deployment

None

Components

Sprint

None

Fix versions

Priority

Minor