Search in sources :

Example 6 with AuthorizationUtil

use of org.camunda.bpm.engine.rest.util.AuthorizationUtil in project camunda-bpm-platform by camunda.

the class AuthorizationRestServiceImpl method isUserAuthorized.

public AuthorizationCheckResultDto isUserAuthorized(String permissionName, String resourceName, Integer resourceType, String resourceId) {
    // validate request:
    if (permissionName == null) {
        throw new InvalidRequestException(Status.BAD_REQUEST, "Query parameter 'permissionName' cannot be null");
    } else if (resourceName == null) {
        throw new InvalidRequestException(Status.BAD_REQUEST, "Query parameter 'resourceName' cannot be null");
    } else if (resourceType == null) {
        throw new InvalidRequestException(Status.BAD_REQUEST, "Query parameter 'resourceType' cannot be null");
    }
    final Authentication currentAuthentication = processEngine.getIdentityService().getCurrentAuthentication();
    if (currentAuthentication == null) {
        throw new InvalidRequestException(Status.UNAUTHORIZED, "You must be authenticated in order to use this resource.");
    }
    final AuthorizationService authorizationService = processEngine.getAuthorizationService();
    // create new authorization dto implementing both Permission and Resource
    AuthorizationUtil authorizationUtil = new AuthorizationUtil(resourceName, resourceType, permissionName);
    boolean isUserAuthorized = false;
    if (resourceId == null || Authorization.ANY.equals(resourceId)) {
        isUserAuthorized = authorizationService.isUserAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), authorizationUtil, authorizationUtil);
    } else {
        isUserAuthorized = authorizationService.isUserAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), authorizationUtil, authorizationUtil, resourceId);
    }
    return new AuthorizationCheckResultDto(isUserAuthorized, authorizationUtil, resourceId);
}
Also used : AuthorizationCheckResultDto(org.camunda.bpm.engine.rest.dto.authorization.AuthorizationCheckResultDto) AuthorizationUtil(org.camunda.bpm.engine.rest.util.AuthorizationUtil) AuthorizationService(org.camunda.bpm.engine.AuthorizationService) Authentication(org.camunda.bpm.engine.impl.identity.Authentication) InvalidRequestException(org.camunda.bpm.engine.rest.exception.InvalidRequestException)

Aggregations

AuthorizationUtil (org.camunda.bpm.engine.rest.util.AuthorizationUtil)6 ArrayList (java.util.ArrayList)5 Authentication (org.camunda.bpm.engine.impl.identity.Authentication)5 Test (org.junit.Test)5 Matchers.anyString (org.mockito.Matchers.anyString)5 List (java.util.List)1 AuthorizationService (org.camunda.bpm.engine.AuthorizationService)1 Permission (org.camunda.bpm.engine.authorization.Permission)1 Resource (org.camunda.bpm.engine.authorization.Resource)1 AuthorizationCheckResultDto (org.camunda.bpm.engine.rest.dto.authorization.AuthorizationCheckResultDto)1 InvalidRequestException (org.camunda.bpm.engine.rest.exception.InvalidRequestException)1