Search in sources :

Example 1 with PermissionCheckBuilder

use of org.camunda.bpm.engine.impl.db.PermissionCheckBuilder in project camunda-bpm-platform by camunda.

the class AuthorizationCommandChecker method checkTaskAssign.

public void checkTaskAssign(TaskEntity task) {
    String taskId = task.getId();
    String executionId = task.getExecutionId();
    if (executionId != null) {
        // Permissions to task actions is based on the order in which PermissioncheckBuilder is built
        CompositePermissionCheck taskWorkPermission = new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(TASK, taskId, TASK_ASSIGN).atomicCheckForResourceId(PROCESS_DEFINITION, task.getProcessDefinition().getKey(), TASK_ASSIGN).atomicCheckForResourceId(TASK, taskId, UPDATE).atomicCheckForResourceId(PROCESS_DEFINITION, task.getProcessDefinition().getKey(), UPDATE_TASK).build();
        getAuthorizationManager().checkAuthorization(taskWorkPermission);
    } else {
        // if task does not exist in context of process
        // instance, then it is either a (a) standalone task
        // or (b) it exists in context of a case instance.
        // (a) standalone task: check following permission
        // - TASK_ASSIGN or UPDATE
        // (b) task in context of a case instance, in this
        // case it is not necessary to check any permission,
        // because such tasks can always be updated
        String caseExecutionId = task.getCaseExecutionId();
        if (caseExecutionId == null) {
            // standalone task
            CompositePermissionCheck taskWorkPermission = new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(TASK, taskId, TASK_ASSIGN).atomicCheckForResourceId(TASK, taskId, UPDATE).build();
            getAuthorizationManager().checkAuthorization(taskWorkPermission);
        }
    }
}
Also used : CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck) PermissionCheckBuilder(org.camunda.bpm.engine.impl.db.PermissionCheckBuilder)

Example 2 with PermissionCheckBuilder

use of org.camunda.bpm.engine.impl.db.PermissionCheckBuilder in project camunda-bpm-platform by camunda.

the class AuthorizationManager method configureQueryHistoricFinishedInstanceReport.

public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource) {
    configureQuery(query);
    CompositePermissionCheck compositePermissionCheck = new PermissionCheckBuilder().conjunctive().atomicCheck(resource, "RES.KEY_", READ).atomicCheck(resource, "RES.KEY_", READ_HISTORY).build();
    query.getAuthCheck().setPermissionChecks(compositePermissionCheck);
}
Also used : CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck) PermissionCheckBuilder(org.camunda.bpm.engine.impl.db.PermissionCheckBuilder)

Example 3 with PermissionCheckBuilder

use of org.camunda.bpm.engine.impl.db.PermissionCheckBuilder in project camunda-bpm-platform by camunda.

the class AuthorizationManager method configureTaskQuery.

// task query //////////////////////////////////////////////
public void configureTaskQuery(TaskQueryImpl query) {
    configureQuery(query);
    if (query.getAuthCheck().isAuthorizationCheckEnabled()) {
        // necessary authorization check when the task is part of
        // a running process instance
        CompositePermissionCheck permissionCheck = new PermissionCheckBuilder().disjunctive().atomicCheck(TASK, "RES.ID_", READ).atomicCheck(PROCESS_DEFINITION, "PROCDEF.KEY_", READ_TASK).build();
        addPermissionCheck(query.getAuthCheck(), permissionCheck);
    }
}
Also used : CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck) PermissionCheckBuilder(org.camunda.bpm.engine.impl.db.PermissionCheckBuilder)

Example 4 with PermissionCheckBuilder

use of org.camunda.bpm.engine.impl.db.PermissionCheckBuilder in project camunda-bpm-platform by camunda.

the class AbstractMigrationCmd method checkAuthorizations.

protected void checkAuthorizations(CommandContext commandContext, ProcessDefinitionEntity sourceDefinition, ProcessDefinitionEntity targetDefinition, Collection<String> processInstanceIds) {
    CompositePermissionCheck migrateInstanceCheck = new PermissionCheckBuilder().conjunctive().atomicCheckForResourceId(Resources.PROCESS_DEFINITION, sourceDefinition.getKey(), Permissions.MIGRATE_INSTANCE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, targetDefinition.getKey(), Permissions.MIGRATE_INSTANCE).build();
    commandContext.getAuthorizationManager().checkAuthorization(migrateInstanceCheck);
}
Also used : CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck) PermissionCheckBuilder(org.camunda.bpm.engine.impl.db.PermissionCheckBuilder)

Example 5 with PermissionCheckBuilder

use of org.camunda.bpm.engine.impl.db.PermissionCheckBuilder in project camunda-bpm-platform by camunda.

the class AuthorizationCommandChecker method checkTaskWork.

@Override
public void checkTaskWork(TaskEntity task) {
    String taskId = task.getId();
    String executionId = task.getExecutionId();
    if (executionId != null) {
        // Permissions to task actions is based on the order in which PermissioncheckBuilder is built
        CompositePermissionCheck taskWorkPermission = new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(TASK, taskId, TASK_WORK).atomicCheckForResourceId(PROCESS_DEFINITION, task.getProcessDefinition().getKey(), TASK_WORK).atomicCheckForResourceId(TASK, taskId, UPDATE).atomicCheckForResourceId(PROCESS_DEFINITION, task.getProcessDefinition().getKey(), UPDATE_TASK).build();
        getAuthorizationManager().checkAuthorization(taskWorkPermission);
    } else {
        // if task does not exist in context of process
        // instance, then it is either a (a) standalone task
        // or (b) it exists in context of a case instance.
        // (a) standalone task: check following permission
        // - TASK_WORK or UPDATE
        // (b) task in context of a case instance, in this
        // case it is not necessary to check any permission,
        // because such tasks can always be updated
        String caseExecutionId = task.getCaseExecutionId();
        if (caseExecutionId == null) {
            // standalone task
            CompositePermissionCheck taskWorkPermission = new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(TASK, taskId, TASK_WORK).atomicCheckForResourceId(TASK, taskId, UPDATE).build();
            getAuthorizationManager().checkAuthorization(taskWorkPermission);
        }
    }
}
Also used : CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck) PermissionCheckBuilder(org.camunda.bpm.engine.impl.db.PermissionCheckBuilder)

Aggregations

CompositePermissionCheck (org.camunda.bpm.engine.impl.db.CompositePermissionCheck)6 PermissionCheckBuilder (org.camunda.bpm.engine.impl.db.PermissionCheckBuilder)6