Examples with PermissionCheck org.camunda.bpm.engine.impl.db.PermissionCheck used on opensource projects

Search in sources :

Example 6 with PermissionCheck

use of org.camunda.bpm.engine.impl.db.PermissionCheck in project camunda-bpm-platform by camunda.

the class AuthorizationManager method configureActivityStatisticsQuery.

public void configureActivityStatisticsQuery(ActivityStatisticsQueryImpl query) {
    configureQuery(query);
    query.getProcessInstancePermissionChecks().clear();
    query.getJobPermissionChecks().clear();
    query.getIncidentPermissionChecks().clear();
    if (query.getAuthCheck().isAuthorizationCheckEnabled()) {
        PermissionCheck firstProcessInstancePermissionCheck = newPermissionCheck();
        firstProcessInstancePermissionCheck.setResource(PROCESS_INSTANCE);
        firstProcessInstancePermissionCheck.setPermission(READ);
        firstProcessInstancePermissionCheck.setResourceIdQueryParam("E.PROC_INST_ID_");
        PermissionCheck secondProcessInstancePermissionCheck = newPermissionCheck();
        secondProcessInstancePermissionCheck.setResource(PROCESS_DEFINITION);
        secondProcessInstancePermissionCheck.setPermission(READ_INSTANCE);
        secondProcessInstancePermissionCheck.setResourceIdQueryParam("P.KEY_");
        secondProcessInstancePermissionCheck.setAuthorizationNotFoundReturnValue(0l);
        query.addProcessInstancePermissionCheck(firstProcessInstancePermissionCheck);
        query.addProcessInstancePermissionCheck(secondProcessInstancePermissionCheck);
        if (query.isFailedJobsToInclude()) {
            PermissionCheck firstJobPermissionCheck = newPermissionCheck();
            firstJobPermissionCheck.setResource(PROCESS_INSTANCE);
            firstJobPermissionCheck.setPermission(READ);
            firstJobPermissionCheck.setResourceIdQueryParam("JOB.PROCESS_INSTANCE_ID_");
            PermissionCheck secondJobPermissionCheck = newPermissionCheck();
            secondJobPermissionCheck.setResource(PROCESS_DEFINITION);
            secondJobPermissionCheck.setPermission(READ_INSTANCE);
            secondJobPermissionCheck.setResourceIdQueryParam("JOB.PROCESS_DEF_KEY_");
            secondJobPermissionCheck.setAuthorizationNotFoundReturnValue(0l);
            query.addJobPermissionCheck(firstJobPermissionCheck);
            query.addJobPermissionCheck(secondJobPermissionCheck);
        }
        if (query.isIncidentsToInclude()) {
            PermissionCheck firstIncidentPermissionCheck = newPermissionCheck();
            firstIncidentPermissionCheck.setResource(PROCESS_INSTANCE);
            firstIncidentPermissionCheck.setPermission(READ);
            firstIncidentPermissionCheck.setResourceIdQueryParam("I.PROC_INST_ID_");
            PermissionCheck secondIncidentPermissionCheck = newPermissionCheck();
            secondIncidentPermissionCheck.setResource(PROCESS_DEFINITION);
            secondIncidentPermissionCheck.setPermission(READ_INSTANCE);
            secondIncidentPermissionCheck.setResourceIdQueryParam("PROCDEF.KEY_");
            secondIncidentPermissionCheck.setAuthorizationNotFoundReturnValue(0l);
            query.addIncidentPermissionCheck(firstIncidentPermissionCheck);
            query.addIncidentPermissionCheck(secondIncidentPermissionCheck);
        }
    }
}
Also used : PermissionCheck(org.camunda.bpm.engine.impl.db.PermissionCheck) CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck)

Example 7 with PermissionCheck

use of org.camunda.bpm.engine.impl.db.PermissionCheck in project camunda-bpm-platform by camunda.

the class AuthorizationManager method configureDeploymentStatisticsQuery.

/* STATISTICS QUERY */
public void configureDeploymentStatisticsQuery(DeploymentStatisticsQueryImpl query) {
    configureQuery(query, DEPLOYMENT, "RES.ID_");
    query.getProcessInstancePermissionChecks().clear();
    query.getJobPermissionChecks().clear();
    query.getIncidentPermissionChecks().clear();
    if (query.getAuthCheck().isAuthorizationCheckEnabled()) {
        PermissionCheck firstProcessInstancePermissionCheck = newPermissionCheck();
        firstProcessInstancePermissionCheck.setResource(PROCESS_INSTANCE);
        firstProcessInstancePermissionCheck.setPermission(READ);
        firstProcessInstancePermissionCheck.setResourceIdQueryParam("EXECUTION.PROC_INST_ID_");
        PermissionCheck secondProcessInstancePermissionCheck = newPermissionCheck();
        secondProcessInstancePermissionCheck.setResource(PROCESS_DEFINITION);
        secondProcessInstancePermissionCheck.setPermission(READ_INSTANCE);
        secondProcessInstancePermissionCheck.setResourceIdQueryParam("PROCDEF.KEY_");
        secondProcessInstancePermissionCheck.setAuthorizationNotFoundReturnValue(0l);
        query.addProcessInstancePermissionCheck(firstProcessInstancePermissionCheck);
        query.addProcessInstancePermissionCheck(secondProcessInstancePermissionCheck);
        if (query.isFailedJobsToInclude()) {
            PermissionCheck firstJobPermissionCheck = newPermissionCheck();
            firstJobPermissionCheck.setResource(PROCESS_INSTANCE);
            firstJobPermissionCheck.setPermission(READ);
            firstJobPermissionCheck.setResourceIdQueryParam("JOB.PROCESS_INSTANCE_ID_");
            PermissionCheck secondJobPermissionCheck = newPermissionCheck();
            secondJobPermissionCheck.setResource(PROCESS_DEFINITION);
            secondJobPermissionCheck.setPermission(READ_INSTANCE);
            secondJobPermissionCheck.setResourceIdQueryParam("JOB.PROCESS_DEF_KEY_");
            secondJobPermissionCheck.setAuthorizationNotFoundReturnValue(0l);
            query.addJobPermissionCheck(firstJobPermissionCheck);
            query.addJobPermissionCheck(secondJobPermissionCheck);
        }
        if (query.isIncidentsToInclude()) {
            PermissionCheck firstIncidentPermissionCheck = newPermissionCheck();
            firstIncidentPermissionCheck.setResource(PROCESS_INSTANCE);
            firstIncidentPermissionCheck.setPermission(READ);
            firstIncidentPermissionCheck.setResourceIdQueryParam("INC.PROC_INST_ID_");
            PermissionCheck secondIncidentPermissionCheck = newPermissionCheck();
            secondIncidentPermissionCheck.setResource(PROCESS_DEFINITION);
            secondIncidentPermissionCheck.setPermission(READ_INSTANCE);
            secondIncidentPermissionCheck.setResourceIdQueryParam("PROCDEF.KEY_");
            secondIncidentPermissionCheck.setAuthorizationNotFoundReturnValue(0l);
            query.addIncidentPermissionCheck(firstIncidentPermissionCheck);
            query.addIncidentPermissionCheck(secondIncidentPermissionCheck);
        }
    }
}
Also used : PermissionCheck(org.camunda.bpm.engine.impl.db.PermissionCheck) CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck)

Example 8 with PermissionCheck

use of org.camunda.bpm.engine.impl.db.PermissionCheck in project camunda-bpm-platform by camunda.

the class AuthorizationManager method checkAuthorization.

public void checkAuthorization(CompositePermissionCheck compositePermissionCheck) {
    if (isAuthCheckExecuted()) {
        Authentication currentAuthentication = getCurrentAuthentication();
        String userId = currentAuthentication.getUserId();
        boolean isAuthorized = isAuthorized(compositePermissionCheck);
        if (!isAuthorized) {
            List<MissingAuthorization> missingAuthorizations = new ArrayList<MissingAuthorization>();
            for (PermissionCheck check : compositePermissionCheck.getAllPermissionChecks()) {
                missingAuthorizations.add(new MissingAuthorization(check.getPermission().getName(), check.getResource().resourceName(), check.getResourceId()));
            }
            throw new AuthorizationException(userId, missingAuthorizations);
        }
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) PermissionCheck(org.camunda.bpm.engine.impl.db.PermissionCheck) CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck) AuthorizationException(org.camunda.bpm.engine.AuthorizationException) Authentication(org.camunda.bpm.engine.impl.identity.Authentication) ArrayList(java.util.ArrayList)

Example 9 with PermissionCheck

use of org.camunda.bpm.engine.impl.db.PermissionCheck in project camunda-bpm-platform by camunda.

the class AuthorizationCommandChecker method checkDeleteProcessInstance.

public void checkDeleteProcessInstance(ExecutionEntity execution) {
    ProcessDefinitionEntity processDefinition = (ProcessDefinitionEntity) execution.getProcessDefinition();
    // necessary permissions:
    // - DELETE on PROCESS_INSTANCE
    PermissionCheck firstCheck = new PermissionCheck();
    firstCheck.setPermission(DELETE);
    firstCheck.setResource(PROCESS_INSTANCE);
    firstCheck.setResourceId(execution.getProcessInstanceId());
    // ... OR ...
    // - DELETE_INSTANCE on PROCESS_DEFINITION
    PermissionCheck secondCheck = new PermissionCheck();
    secondCheck.setPermission(DELETE_INSTANCE);
    secondCheck.setResource(PROCESS_DEFINITION);
    secondCheck.setResourceId(processDefinition.getKey());
    secondCheck.setAuthorizationNotFoundReturnValue(0l);
    getAuthorizationManager().checkAuthorization(firstCheck, secondCheck);
}
Also used : PermissionCheck(org.camunda.bpm.engine.impl.db.PermissionCheck) CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck)

Example 10 with PermissionCheck

use of org.camunda.bpm.engine.impl.db.PermissionCheck in project camunda-bpm-platform by camunda.

the class AuthorizationCommandChecker method checkUpdateJob.

public void checkUpdateJob(JobEntity job) {
    if (job.getProcessDefinitionKey() == null) {
        // "standalone" job: nothing to do!
        return;
    }
    // necessary permissions:
    // - READ on PROCESS_INSTANCE
    PermissionCheck firstCheck = getAuthorizationManager().newPermissionCheck();
    firstCheck.setPermission(UPDATE);
    firstCheck.setResource(PROCESS_INSTANCE);
    firstCheck.setResourceId(job.getProcessInstanceId());
    // ... OR ...
    // - UPDATE_INSTANCE on PROCESS_DEFINITION
    PermissionCheck secondCheck = getAuthorizationManager().newPermissionCheck();
    secondCheck.setPermission(UPDATE_INSTANCE);
    secondCheck.setResource(PROCESS_DEFINITION);
    secondCheck.setResourceId(job.getProcessDefinitionKey());
    secondCheck.setAuthorizationNotFoundReturnValue(0l);
    getAuthorizationManager().checkAuthorization(firstCheck, secondCheck);
}
Also used : PermissionCheck(org.camunda.bpm.engine.impl.db.PermissionCheck) CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck)

Aggregations

CompositePermissionCheck (org.camunda.bpm.engine.impl.db.CompositePermissionCheck)15 PermissionCheck (org.camunda.bpm.engine.impl.db.PermissionCheck)15 ArrayList (java.util.ArrayList)3 AuthorizationException (org.camunda.bpm.engine.AuthorizationException)2 MissingAuthorization (org.camunda.bpm.engine.authorization.MissingAuthorization)2 Authentication (org.camunda.bpm.engine.impl.identity.Authentication)2 ListQueryParameterObject (org.camunda.bpm.engine.impl.db.ListQueryParameterObject)1 CommandContext (org.camunda.bpm.engine.impl.interceptor.CommandContext)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial