Examples with AuthorizationCheckResultDto - org.camunda.bpm.engine.rest.dto.authorization.AuthorizationCheckResultDto

Example 1 with AuthorizationCheckResultDto

use of org.camunda.bpm.engine.rest.dto.authorization.AuthorizationCheckResultDto in project camunda-bpm-platform by camunda.

the class AuthorizationRestServiceImpl method isUserAuthorized.

public AuthorizationCheckResultDto isUserAuthorized(String permissionName, String resourceName, Integer resourceType, String resourceId) {
    // validate request:
    if (permissionName == null) {
        throw new InvalidRequestException(Status.BAD_REQUEST, "Query parameter 'permissionName' cannot be null");
    } else if (resourceName == null) {
        throw new InvalidRequestException(Status.BAD_REQUEST, "Query parameter 'resourceName' cannot be null");
    } else if (resourceType == null) {
        throw new InvalidRequestException(Status.BAD_REQUEST, "Query parameter 'resourceType' cannot be null");
    }
    final Authentication currentAuthentication = processEngine.getIdentityService().getCurrentAuthentication();
    if (currentAuthentication == null) {
        throw new InvalidRequestException(Status.UNAUTHORIZED, "You must be authenticated in order to use this resource.");
    }
    final AuthorizationService authorizationService = processEngine.getAuthorizationService();
    // create new authorization dto implementing both Permission and Resource
    AuthorizationUtil authorizationUtil = new AuthorizationUtil(resourceName, resourceType, permissionName);
    boolean isUserAuthorized = false;
    if (resourceId == null || Authorization.ANY.equals(resourceId)) {
        isUserAuthorized = authorizationService.isUserAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), authorizationUtil, authorizationUtil);
    } else {
        isUserAuthorized = authorizationService.isUserAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), authorizationUtil, authorizationUtil, resourceId);
    }
    return new AuthorizationCheckResultDto(isUserAuthorized, authorizationUtil, resourceId);
}

Also used : AuthorizationCheckResultDto(org.camunda.bpm.engine.rest.dto.authorization.AuthorizationCheckResultDto) AuthorizationUtil(org.camunda.bpm.engine.rest.util.AuthorizationUtil) AuthorizationService(org.camunda.bpm.engine.AuthorizationService) Authentication(org.camunda.bpm.engine.impl.identity.Authentication) InvalidRequestException(org.camunda.bpm.engine.rest.exception.InvalidRequestException)

Aggregations

AuthorizationService (org.camunda.bpm.engine.AuthorizationService)1 Authentication (org.camunda.bpm.engine.impl.identity.Authentication)1 AuthorizationCheckResultDto (org.camunda.bpm.engine.rest.dto.authorization.AuthorizationCheckResultDto)1 InvalidRequestException (org.camunda.bpm.engine.rest.exception.InvalidRequestException)1 AuthorizationUtil (org.camunda.bpm.engine.rest.util.AuthorizationUtil)1