Example 11 with PermissionCheck
use of org.camunda.bpm.engine.impl.db.PermissionCheck in project camunda-bpm-platform by camunda.
the class AuthorizationCommandChecker method checkReadJob.
public void checkReadJob(JobEntity job) {
if (job.getProcessDefinitionKey() == null) {
// "standalone" job: nothing to do!
return;
}
// necessary permissions:
// - READ on PROCESS_INSTANCE
PermissionCheck firstCheck = getAuthorizationManager().newPermissionCheck();
firstCheck.setPermission(READ);
firstCheck.setResource(PROCESS_INSTANCE);
firstCheck.setResourceId(job.getProcessInstanceId());
// ... OR ...
// - READ_INSTANCE on PROCESS_DEFINITION
PermissionCheck secondCheck = getAuthorizationManager().newPermissionCheck();
secondCheck.setPermission(READ_INSTANCE);
secondCheck.setResource(PROCESS_DEFINITION);
secondCheck.setResourceId(job.getProcessDefinitionKey());
secondCheck.setAuthorizationNotFoundReturnValue(0l);
getAuthorizationManager().checkAuthorization(firstCheck, secondCheck);
}
Also used :
PermissionCheck(org.camunda.bpm.engine.impl.db.PermissionCheck)
CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck)
Example 12 with PermissionCheck
use of org.camunda.bpm.engine.impl.db.PermissionCheck in project camunda-bpm-platform by camunda.
the class AuthorizationCommandChecker method checkReadTask.
@Override
public void checkReadTask(TaskEntity task) {
String taskId = task.getId();
String executionId = task.getExecutionId();
if (executionId != null) {
// if task exists in context of a process instance
// then check the following permissions:
// - READ on TASK
// - READ_TASK on PROCESS_DEFINITION
ExecutionEntity execution = task.getExecution();
ProcessDefinitionEntity processDefinition = execution.getProcessDefinition();
PermissionCheck readPermissionCheck = getAuthorizationManager().newPermissionCheck();
readPermissionCheck.setPermission(READ);
readPermissionCheck.setResource(TASK);
readPermissionCheck.setResourceId(taskId);
PermissionCheck readTaskPermissionCheck = getAuthorizationManager().newPermissionCheck();
readTaskPermissionCheck.setPermission(READ_TASK);
readTaskPermissionCheck.setResource(PROCESS_DEFINITION);
readTaskPermissionCheck.setResourceId(processDefinition.getKey());
readTaskPermissionCheck.setAuthorizationNotFoundReturnValue(0l);
getAuthorizationManager().checkAuthorization(readPermissionCheck, readTaskPermissionCheck);
} else {
// if task does not exist in context of process
// instance, then it is either a (a) standalone task
// or (b) it exists in context of a case instance.
// (a) standalone task: check following permission
// - READ on TASK
// (b) task in context of a case instance, in this
// case it is not necessary to check any permission,
// because such tasks can always be read
String caseExecutionId = task.getCaseExecutionId();
if (caseExecutionId == null) {
getAuthorizationManager().checkAuthorization(READ, TASK, taskId);
}
}
}
Also used :
PermissionCheck(org.camunda.bpm.engine.impl.db.PermissionCheck)
CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck)
Example 13 with PermissionCheck
use of org.camunda.bpm.engine.impl.db.PermissionCheck in project camunda-bpm-platform by camunda.
the class AuthorizationCommandChecker method checkReadProcessInstance.
public void checkReadProcessInstance(ExecutionEntity execution) {
ProcessDefinitionEntity processDefinition = (ProcessDefinitionEntity) execution.getProcessDefinition();
// necessary permissions:
// - READ on PROCESS_INSTANCE
PermissionCheck firstCheck = new PermissionCheck();
firstCheck.setPermission(READ);
firstCheck.setResource(PROCESS_INSTANCE);
firstCheck.setResourceId(execution.getProcessInstanceId());
// ... OR ...
// - READ_INSTANCE on PROCESS_DEFINITION
PermissionCheck secondCheck = new PermissionCheck();
secondCheck.setPermission(READ_INSTANCE);
secondCheck.setResource(PROCESS_DEFINITION);
secondCheck.setResourceId(processDefinition.getKey());
secondCheck.setAuthorizationNotFoundReturnValue(0l);
getAuthorizationManager().checkAuthorization(firstCheck, secondCheck);
}
Also used :
PermissionCheck(org.camunda.bpm.engine.impl.db.PermissionCheck)
CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck)
Example 14 with PermissionCheck
use of org.camunda.bpm.engine.impl.db.PermissionCheck in project camunda-bpm-platform by camunda.
the class AuthorizationCommandChecker method checkUpdateProcessInstance.
@Override
public void checkUpdateProcessInstance(ExecutionEntity execution) {
ProcessDefinitionEntity processDefinition = (ProcessDefinitionEntity) execution.getProcessDefinition();
// necessary permissions:
// - UPDATE on PROCESS_INSTANCE
PermissionCheck firstCheck = new PermissionCheck();
firstCheck.setPermission(UPDATE);
firstCheck.setResource(PROCESS_INSTANCE);
firstCheck.setResourceId(execution.getProcessInstanceId());
// ... OR ...
// - UPDATE_INSTANCE on PROCESS_DEFINITION
PermissionCheck secondCheck = new PermissionCheck();
secondCheck.setPermission(UPDATE_INSTANCE);
secondCheck.setResource(PROCESS_DEFINITION);
secondCheck.setResourceId(processDefinition.getKey());
secondCheck.setAuthorizationNotFoundReturnValue(0l);
getAuthorizationManager().checkAuthorization(firstCheck, secondCheck);
}
Also used :
PermissionCheck(org.camunda.bpm.engine.impl.db.PermissionCheck)
CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck)
Example 15 with PermissionCheck
use of org.camunda.bpm.engine.impl.db.PermissionCheck in project camunda-bpm-platform by camunda.
the class AuthorizationManager method addPermissionCheck.
protected void addPermissionCheck(ListQueryParameterObject query, Resource resource, String queryParam, Permission permission) {
CommandContext commandContext = getCommandContext();
if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) {
PermissionCheck permCheck = newPermissionCheck();
permCheck.setResource(resource);
permCheck.setResourceIdQueryParam(queryParam);
permCheck.setPermission(permission);
query.getAuthCheck().addAtomicPermissionCheck(permCheck);
}
}
Also used :
CommandContext(org.camunda.bpm.engine.impl.interceptor.CommandContext)
PermissionCheck(org.camunda.bpm.engine.impl.db.PermissionCheck)
CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck)
Aggregations
CompositePermissionCheck (org.camunda.bpm.engine.impl.db.CompositePermissionCheck)15
PermissionCheck (org.camunda.bpm.engine.impl.db.PermissionCheck)15
ArrayList (java.util.ArrayList)3
AuthorizationException (org.camunda.bpm.engine.AuthorizationException)2
MissingAuthorization (org.camunda.bpm.engine.authorization.MissingAuthorization)2
Authentication (org.camunda.bpm.engine.impl.identity.Authentication)2
ListQueryParameterObject (org.camunda.bpm.engine.impl.db.ListQueryParameterObject)1
CommandContext (org.camunda.bpm.engine.impl.interceptor.CommandContext)1
