Examples with CompositePermissionCheck org.camunda.bpm.engine.impl.db.CompositePermissionCheck used on opensource projects

Example 6 with CompositePermissionCheck

use of org.camunda.bpm.engine.impl.db.CompositePermissionCheck in project camunda-bpm-platform by camunda.

the class AuthorizationCommandChecker method checkTaskWork.

@Override
public void checkTaskWork(TaskEntity task) {
    String taskId = task.getId();
    String executionId = task.getExecutionId();
    if (executionId != null) {
        // Permissions to task actions is based on the order in which PermissioncheckBuilder is built
        CompositePermissionCheck taskWorkPermission = new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(TASK, taskId, TASK_WORK).atomicCheckForResourceId(PROCESS_DEFINITION, task.getProcessDefinition().getKey(), TASK_WORK).atomicCheckForResourceId(TASK, taskId, UPDATE).atomicCheckForResourceId(PROCESS_DEFINITION, task.getProcessDefinition().getKey(), UPDATE_TASK).build();
        getAuthorizationManager().checkAuthorization(taskWorkPermission);
    } else {
        // if task does not exist in context of process
        // instance, then it is either a (a) standalone task
        // or (b) it exists in context of a case instance.
        // (a) standalone task: check following permission
        // - TASK_WORK or UPDATE
        // (b) task in context of a case instance, in this
        // case it is not necessary to check any permission,
        // because such tasks can always be updated
        String caseExecutionId = task.getCaseExecutionId();
        if (caseExecutionId == null) {
            // standalone task
            CompositePermissionCheck taskWorkPermission = new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(TASK, taskId, TASK_WORK).atomicCheckForResourceId(TASK, taskId, UPDATE).build();
            getAuthorizationManager().checkAuthorization(taskWorkPermission);
        }
    }
}

Example 7 with CompositePermissionCheck

use of org.camunda.bpm.engine.impl.db.CompositePermissionCheck in project camunda-bpm-platform by camunda.

the class AuthorizationManager method configureExternalTaskFetch.

public void configureExternalTaskFetch(ListQueryParameterObject parameter) {
    configureQuery(parameter);
    CompositePermissionCheck permissionCheck = newPermissionCheckBuilder().conjunctive().composite().disjunctive().atomicCheck(PROCESS_INSTANCE, "RES.PROC_INST_ID_", READ).atomicCheck(PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", READ_INSTANCE).done().composite().disjunctive().atomicCheck(PROCESS_INSTANCE, "RES.PROC_INST_ID_", UPDATE).atomicCheck(PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", UPDATE_INSTANCE).done().build();
    addPermissionCheck(parameter.getAuthCheck(), permissionCheck);
}

Example 8 with CompositePermissionCheck

use of org.camunda.bpm.engine.impl.db.CompositePermissionCheck in project camunda-bpm-platform by camunda.

the class AuthorizationManager method configureVariableInstanceQuery.

// variable instance query /////////////////////////////
protected void configureVariableInstanceQuery(VariableInstanceQueryImpl query) {
    configureQuery(query);
    if (query.getAuthCheck().isAuthorizationCheckEnabled()) {
        CompositePermissionCheck permissionCheck = new PermissionCheckBuilder().disjunctive().atomicCheck(PROCESS_INSTANCE, "RES.PROC_INST_ID_", READ).atomicCheck(PROCESS_DEFINITION, "PROCDEF.KEY_", READ_INSTANCE).atomicCheck(TASK, "RES.TASK_ID_", READ).build();
        addPermissionCheck(query.getAuthCheck(), permissionCheck);
    }
}