use of org.camunda.bpm.engine.impl.db.PermissionCheckBuilder in project camunda-bpm-platform by camunda.
the class AuthorizationCommandChecker method checkTaskAssign.
public void checkTaskAssign(TaskEntity task) {
String taskId = task.getId();
String executionId = task.getExecutionId();
if (executionId != null) {
// Permissions to task actions is based on the order in which PermissioncheckBuilder is built
CompositePermissionCheck taskWorkPermission = new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(TASK, taskId, TASK_ASSIGN).atomicCheckForResourceId(PROCESS_DEFINITION, task.getProcessDefinition().getKey(), TASK_ASSIGN).atomicCheckForResourceId(TASK, taskId, UPDATE).atomicCheckForResourceId(PROCESS_DEFINITION, task.getProcessDefinition().getKey(), UPDATE_TASK).build();
getAuthorizationManager().checkAuthorization(taskWorkPermission);
} else {
// if task does not exist in context of process
// instance, then it is either a (a) standalone task
// or (b) it exists in context of a case instance.
// (a) standalone task: check following permission
// - TASK_ASSIGN or UPDATE
// (b) task in context of a case instance, in this
// case it is not necessary to check any permission,
// because such tasks can always be updated
String caseExecutionId = task.getCaseExecutionId();
if (caseExecutionId == null) {
// standalone task
CompositePermissionCheck taskWorkPermission = new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(TASK, taskId, TASK_ASSIGN).atomicCheckForResourceId(TASK, taskId, UPDATE).build();
getAuthorizationManager().checkAuthorization(taskWorkPermission);
}
}
}
use of org.camunda.bpm.engine.impl.db.PermissionCheckBuilder in project camunda-bpm-platform by camunda.
the class AuthorizationManager method configureQueryHistoricFinishedInstanceReport.
public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource) {
configureQuery(query);
CompositePermissionCheck compositePermissionCheck = new PermissionCheckBuilder().conjunctive().atomicCheck(resource, "RES.KEY_", READ).atomicCheck(resource, "RES.KEY_", READ_HISTORY).build();
query.getAuthCheck().setPermissionChecks(compositePermissionCheck);
}
use of org.camunda.bpm.engine.impl.db.PermissionCheckBuilder in project camunda-bpm-platform by camunda.
the class AuthorizationManager method configureTaskQuery.
// task query //////////////////////////////////////////////
public void configureTaskQuery(TaskQueryImpl query) {
configureQuery(query);
if (query.getAuthCheck().isAuthorizationCheckEnabled()) {
// necessary authorization check when the task is part of
// a running process instance
CompositePermissionCheck permissionCheck = new PermissionCheckBuilder().disjunctive().atomicCheck(TASK, "RES.ID_", READ).atomicCheck(PROCESS_DEFINITION, "PROCDEF.KEY_", READ_TASK).build();
addPermissionCheck(query.getAuthCheck(), permissionCheck);
}
}
use of org.camunda.bpm.engine.impl.db.PermissionCheckBuilder in project camunda-bpm-platform by camunda.
the class AbstractMigrationCmd method checkAuthorizations.
protected void checkAuthorizations(CommandContext commandContext, ProcessDefinitionEntity sourceDefinition, ProcessDefinitionEntity targetDefinition, Collection<String> processInstanceIds) {
CompositePermissionCheck migrateInstanceCheck = new PermissionCheckBuilder().conjunctive().atomicCheckForResourceId(Resources.PROCESS_DEFINITION, sourceDefinition.getKey(), Permissions.MIGRATE_INSTANCE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, targetDefinition.getKey(), Permissions.MIGRATE_INSTANCE).build();
commandContext.getAuthorizationManager().checkAuthorization(migrateInstanceCheck);
}
use of org.camunda.bpm.engine.impl.db.PermissionCheckBuilder in project camunda-bpm-platform by camunda.
the class AuthorizationCommandChecker method checkTaskWork.
@Override
public void checkTaskWork(TaskEntity task) {
String taskId = task.getId();
String executionId = task.getExecutionId();
if (executionId != null) {
// Permissions to task actions is based on the order in which PermissioncheckBuilder is built
CompositePermissionCheck taskWorkPermission = new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(TASK, taskId, TASK_WORK).atomicCheckForResourceId(PROCESS_DEFINITION, task.getProcessDefinition().getKey(), TASK_WORK).atomicCheckForResourceId(TASK, taskId, UPDATE).atomicCheckForResourceId(PROCESS_DEFINITION, task.getProcessDefinition().getKey(), UPDATE_TASK).build();
getAuthorizationManager().checkAuthorization(taskWorkPermission);
} else {
// if task does not exist in context of process
// instance, then it is either a (a) standalone task
// or (b) it exists in context of a case instance.
// (a) standalone task: check following permission
// - TASK_WORK or UPDATE
// (b) task in context of a case instance, in this
// case it is not necessary to check any permission,
// because such tasks can always be updated
String caseExecutionId = task.getCaseExecutionId();
if (caseExecutionId == null) {
// standalone task
CompositePermissionCheck taskWorkPermission = new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(TASK, taskId, TASK_WORK).atomicCheckForResourceId(TASK, taskId, UPDATE).build();
getAuthorizationManager().checkAuthorization(taskWorkPermission);
}
}
}
Aggregations