Examples with CompositePermissionCheck org.camunda.bpm.engine.impl.db.CompositePermissionCheck used on opensource projects

Search in sources :

Example 1 with CompositePermissionCheck

use of org.camunda.bpm.engine.impl.db.CompositePermissionCheck in project camunda-bpm-platform by camunda.

the class AuthorizationCommandChecker method checkTaskAssign.

public void checkTaskAssign(TaskEntity task) {
    String taskId = task.getId();
    String executionId = task.getExecutionId();
    if (executionId != null) {
        // Permissions to task actions is based on the order in which PermissioncheckBuilder is built
        CompositePermissionCheck taskWorkPermission = new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(TASK, taskId, TASK_ASSIGN).atomicCheckForResourceId(PROCESS_DEFINITION, task.getProcessDefinition().getKey(), TASK_ASSIGN).atomicCheckForResourceId(TASK, taskId, UPDATE).atomicCheckForResourceId(PROCESS_DEFINITION, task.getProcessDefinition().getKey(), UPDATE_TASK).build();
        getAuthorizationManager().checkAuthorization(taskWorkPermission);
    } else {
        // if task does not exist in context of process
        // instance, then it is either a (a) standalone task
        // or (b) it exists in context of a case instance.
        // (a) standalone task: check following permission
        // - TASK_ASSIGN or UPDATE
        // (b) task in context of a case instance, in this
        // case it is not necessary to check any permission,
        // because such tasks can always be updated
        String caseExecutionId = task.getCaseExecutionId();
        if (caseExecutionId == null) {
            // standalone task
            CompositePermissionCheck taskWorkPermission = new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(TASK, taskId, TASK_ASSIGN).atomicCheckForResourceId(TASK, taskId, UPDATE).build();
            getAuthorizationManager().checkAuthorization(taskWorkPermission);
        }
    }
}
Also used : CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck) PermissionCheckBuilder(org.camunda.bpm.engine.impl.db.PermissionCheckBuilder)

Example 2 with CompositePermissionCheck

use of org.camunda.bpm.engine.impl.db.CompositePermissionCheck in project camunda-bpm-platform by camunda.

the class AuthorizationManager method configureQueryHistoricFinishedInstanceReport.

public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource) {
    configureQuery(query);
    CompositePermissionCheck compositePermissionCheck = new PermissionCheckBuilder().conjunctive().atomicCheck(resource, "RES.KEY_", READ).atomicCheck(resource, "RES.KEY_", READ_HISTORY).build();
    query.getAuthCheck().setPermissionChecks(compositePermissionCheck);
}
Also used : CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck) PermissionCheckBuilder(org.camunda.bpm.engine.impl.db.PermissionCheckBuilder)

Example 3 with CompositePermissionCheck

use of org.camunda.bpm.engine.impl.db.CompositePermissionCheck in project camunda-bpm-platform by camunda.

the class AuthorizationManager method configureTaskQuery.

// task query //////////////////////////////////////////////
public void configureTaskQuery(TaskQueryImpl query) {
    configureQuery(query);
    if (query.getAuthCheck().isAuthorizationCheckEnabled()) {
        // necessary authorization check when the task is part of
        // a running process instance
        CompositePermissionCheck permissionCheck = new PermissionCheckBuilder().disjunctive().atomicCheck(TASK, "RES.ID_", READ).atomicCheck(PROCESS_DEFINITION, "PROCDEF.KEY_", READ_TASK).build();
        addPermissionCheck(query.getAuthCheck(), permissionCheck);
    }
}
Also used : CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck) PermissionCheckBuilder(org.camunda.bpm.engine.impl.db.PermissionCheckBuilder)

Example 4 with CompositePermissionCheck

use of org.camunda.bpm.engine.impl.db.CompositePermissionCheck in project camunda-bpm-platform by camunda.

the class AuthorizationManager method checkAuthorization.

public void checkAuthorization(CompositePermissionCheck compositePermissionCheck) {
    if (isAuthCheckExecuted()) {
        Authentication currentAuthentication = getCurrentAuthentication();
        String userId = currentAuthentication.getUserId();
        boolean isAuthorized = isAuthorized(compositePermissionCheck);
        if (!isAuthorized) {
            List<MissingAuthorization> missingAuthorizations = new ArrayList<MissingAuthorization>();
            for (PermissionCheck check : compositePermissionCheck.getAllPermissionChecks()) {
                missingAuthorizations.add(new MissingAuthorization(check.getPermission().getName(), check.getResource().resourceName(), check.getResourceId()));
            }
            throw new AuthorizationException(userId, missingAuthorizations);
        }
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) PermissionCheck(org.camunda.bpm.engine.impl.db.PermissionCheck) CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck) AuthorizationException(org.camunda.bpm.engine.AuthorizationException) Authentication(org.camunda.bpm.engine.impl.identity.Authentication) ArrayList(java.util.ArrayList)

Example 5 with CompositePermissionCheck

use of org.camunda.bpm.engine.impl.db.CompositePermissionCheck in project camunda-bpm-platform by camunda.

the class AbstractMigrationCmd method checkAuthorizations.

protected void checkAuthorizations(CommandContext commandContext, ProcessDefinitionEntity sourceDefinition, ProcessDefinitionEntity targetDefinition, Collection<String> processInstanceIds) {
    CompositePermissionCheck migrateInstanceCheck = new PermissionCheckBuilder().conjunctive().atomicCheckForResourceId(Resources.PROCESS_DEFINITION, sourceDefinition.getKey(), Permissions.MIGRATE_INSTANCE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, targetDefinition.getKey(), Permissions.MIGRATE_INSTANCE).build();
    commandContext.getAuthorizationManager().checkAuthorization(migrateInstanceCheck);
}
Also used : CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck) PermissionCheckBuilder(org.camunda.bpm.engine.impl.db.PermissionCheckBuilder)

Aggregations

CompositePermissionCheck (org.camunda.bpm.engine.impl.db.CompositePermissionCheck)8 PermissionCheckBuilder (org.camunda.bpm.engine.impl.db.PermissionCheckBuilder)6 ArrayList (java.util.ArrayList)1 AuthorizationException (org.camunda.bpm.engine.AuthorizationException)1 MissingAuthorization (org.camunda.bpm.engine.authorization.MissingAuthorization)1 PermissionCheck (org.camunda.bpm.engine.impl.db.PermissionCheck)1 Authentication (org.camunda.bpm.engine.impl.identity.Authentication)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial