public PermissionCheckBuilder done() { parent.compositeChecks.add(this.build()); return parent; }
public PermissionCheckBuilder done() { parent.compositeChecks.add(this.build()); return parent; }
@Override public void checkCreateBatch(Permission permission) { CompositePermissionCheck createBatchPermission = new PermissionCheckBuilder() .disjunctive() .atomicCheckForResourceId(BATCH, null, permission) .atomicCheckForResourceId(BATCH, null, CREATE) .build(); getAuthorizationManager().checkAuthorization(createBatchPermission); }
@Override public void checkCreateBatch(Permission permission) { CompositePermissionCheck createBatchPermission = new PermissionCheckBuilder() .disjunctive() .atomicCheckForResourceId(BATCH, null, permission) .atomicCheckForResourceId(BATCH, null, CREATE) .build(); getAuthorizationManager().checkAuthorization(createBatchPermission); }
public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource) { configureQuery(query); CompositePermissionCheck compositePermissionCheck = new PermissionCheckBuilder() .conjunctive() .atomicCheck(resource, "RES.KEY_", READ) .atomicCheck(resource, "RES.KEY_", READ_HISTORY) .build(); query.getAuthCheck().setPermissionChecks(compositePermissionCheck); }
public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource) { configureQuery(query); CompositePermissionCheck compositePermissionCheck = new PermissionCheckBuilder() .conjunctive() .atomicCheck(resource, "RES.KEY_", READ) .atomicCheck(resource, "RES.KEY_", READ_HISTORY) .build(); query.getAuthCheck().setPermissionChecks(compositePermissionCheck); }
protected void checkAuthorizations(CommandContext commandContext, ProcessDefinitionEntity sourceDefinition, ProcessDefinitionEntity targetDefinition, Collection<String> processInstanceIds) { CompositePermissionCheck migrateInstanceCheck = new PermissionCheckBuilder() .conjunctive() .atomicCheckForResourceId(Resources.PROCESS_DEFINITION, sourceDefinition.getKey(), Permissions.MIGRATE_INSTANCE) .atomicCheckForResourceId(Resources.PROCESS_DEFINITION, targetDefinition.getKey(), Permissions.MIGRATE_INSTANCE) .build(); commandContext.getAuthorizationManager().checkAuthorization(migrateInstanceCheck); }
protected void checkAuthorizations(CommandContext commandContext, ProcessDefinitionEntity sourceDefinition, ProcessDefinitionEntity targetDefinition, Collection<String> processInstanceIds) { CompositePermissionCheck migrateInstanceCheck = new PermissionCheckBuilder() .conjunctive() .atomicCheckForResourceId(Resources.PROCESS_DEFINITION, sourceDefinition.getKey(), Permissions.MIGRATE_INSTANCE) .atomicCheckForResourceId(Resources.PROCESS_DEFINITION, targetDefinition.getKey(), Permissions.MIGRATE_INSTANCE) .build(); commandContext.getAuthorizationManager().checkAuthorization(migrateInstanceCheck); }
public void configureTaskQuery(TaskQueryImpl query) { configureQuery(query); if(query.getAuthCheck().isAuthorizationCheckEnabled()) { // necessary authorization check when the task is part of // a running process instance CompositePermissionCheck permissionCheck = new PermissionCheckBuilder() .disjunctive() .atomicCheck(TASK, "RES.ID_", READ) .atomicCheck(PROCESS_DEFINITION, "PROCDEF.KEY_", READ_TASK) .build(); addPermissionCheck(query.getAuthCheck(), permissionCheck); } }
public void configureTaskQuery(TaskQueryImpl query) { configureQuery(query); if(query.getAuthCheck().isAuthorizationCheckEnabled()) { // necessary authorization check when the task is part of // a running process instance CompositePermissionCheck permissionCheck = new PermissionCheckBuilder() .disjunctive() .atomicCheck(TASK, "RES.ID_", READ) .atomicCheck(PROCESS_DEFINITION, "PROCDEF.KEY_", READ_TASK) .build(); addPermissionCheck(query.getAuthCheck(), permissionCheck); } }
protected void configureVariableInstanceQuery(VariableInstanceQueryImpl query) { configureQuery(query); if(query.getAuthCheck().isAuthorizationCheckEnabled()) { CompositePermissionCheck permissionCheck = new PermissionCheckBuilder() .disjunctive() .atomicCheck(PROCESS_INSTANCE, "RES.PROC_INST_ID_", READ) .atomicCheck(PROCESS_DEFINITION, "PROCDEF.KEY_", READ_INSTANCE) .atomicCheck(TASK, "RES.TASK_ID_", READ) .build(); addPermissionCheck(query.getAuthCheck(), permissionCheck); } }
protected void configureVariableInstanceQuery(VariableInstanceQueryImpl query) { configureQuery(query); if(query.getAuthCheck().isAuthorizationCheckEnabled()) { CompositePermissionCheck permissionCheck = new PermissionCheckBuilder() .disjunctive() .atomicCheck(PROCESS_INSTANCE, "RES.PROC_INST_ID_", READ) .atomicCheck(PROCESS_DEFINITION, "PROCDEF.KEY_", READ_INSTANCE) .atomicCheck(TASK, "RES.TASK_ID_", READ) .build(); addPermissionCheck(query.getAuthCheck(), permissionCheck); } }
@Override public void checkUpdateRetriesProcessInstanceByProcessDefinitionId(String processDefinitionId) { if (getAuthorizationManager().isAuthorizationEnabled()) { ProcessDefinitionEntity processDefinition = findLatestProcessDefinitionById(processDefinitionId); if (processDefinition != null) { CompositePermissionCheck retryJobPermission = new PermissionCheckBuilder() .disjunctive() .atomicCheckForResourceId(PROCESS_INSTANCE, ANY, ProcessInstancePermissions.RETRY_JOB) .atomicCheckForResourceId(PROCESS_DEFINITION, processDefinitionId, ProcessDefinitionPermissions.RETRY_JOB) .atomicCheckForResourceId(PROCESS_INSTANCE, ANY, UPDATE) .atomicCheckForResourceId(PROCESS_DEFINITION, processDefinitionId, UPDATE_INSTANCE) .build(); getAuthorizationManager().checkAuthorization(retryJobPermission); } } }
@Override public void checkUpdateRetriesProcessInstanceByProcessDefinitionId(String processDefinitionId) { if (getAuthorizationManager().isAuthorizationEnabled()) { ProcessDefinitionEntity processDefinition = findLatestProcessDefinitionById(processDefinitionId); if (processDefinition != null) { CompositePermissionCheck retryJobPermission = new PermissionCheckBuilder() .disjunctive() .atomicCheckForResourceId(PROCESS_INSTANCE, ANY, ProcessInstancePermissions.RETRY_JOB) .atomicCheckForResourceId(PROCESS_DEFINITION, processDefinitionId, ProcessDefinitionPermissions.RETRY_JOB) .atomicCheckForResourceId(PROCESS_INSTANCE, ANY, UPDATE) .atomicCheckForResourceId(PROCESS_DEFINITION, processDefinitionId, UPDATE_INSTANCE) .build(); getAuthorizationManager().checkAuthorization(retryJobPermission); } } }
@Override public void checkUpdateRetriesJob(JobEntity job) { if (job.getProcessDefinitionKey() == null) { // "standalone" job: nothing to do! return; } CompositePermissionCheck retryJobPermission = new PermissionCheckBuilder() .disjunctive() .atomicCheckForResourceId(PROCESS_INSTANCE, job.getProcessInstanceId(), ProcessInstancePermissions.RETRY_JOB) .atomicCheckForResourceId(PROCESS_DEFINITION, job.getProcessDefinitionKey(), ProcessDefinitionPermissions.RETRY_JOB) .atomicCheckForResourceId(PROCESS_INSTANCE, job.getProcessInstanceId(), UPDATE) .atomicCheckForResourceId(PROCESS_DEFINITION, job.getProcessDefinitionKey(), UPDATE_INSTANCE) .build(); getAuthorizationManager().checkAuthorization(retryJobPermission); }
@Override public void checkUpdateRetriesJob(JobEntity job) { if (job.getProcessDefinitionKey() == null) { // "standalone" job: nothing to do! return; } CompositePermissionCheck retryJobPermission = new PermissionCheckBuilder() .disjunctive() .atomicCheckForResourceId(PROCESS_INSTANCE, job.getProcessInstanceId(), ProcessInstancePermissions.RETRY_JOB) .atomicCheckForResourceId(PROCESS_DEFINITION, job.getProcessDefinitionKey(), ProcessDefinitionPermissions.RETRY_JOB) .atomicCheckForResourceId(PROCESS_INSTANCE, job.getProcessInstanceId(), UPDATE) .atomicCheckForResourceId(PROCESS_DEFINITION, job.getProcessDefinitionKey(), UPDATE_INSTANCE) .build(); getAuthorizationManager().checkAuthorization(retryJobPermission); }
public void configureProcessDefinitionQuery(ProcessDefinitionQueryImpl query) { configureQuery(query, PROCESS_DEFINITION, "RES.KEY_"); if (query.isStartablePermissionCheck()) { AuthorizationCheck authorizationCheck = query.getAuthCheck(); if (!authorizationCheck.isRevokeAuthorizationCheckEnabled()) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setResource(PROCESS_DEFINITION); permCheck.setResourceIdQueryParam("RES.KEY_"); permCheck.setPermission(Permissions.CREATE_INSTANCE); query.addProcessDefinitionCreatePermissionCheck(permCheck); } else { CompositePermissionCheck permissionCheck = new PermissionCheckBuilder() .conjunctive() .atomicCheck(PROCESS_DEFINITION, "RES.KEY_", READ) .atomicCheck(PROCESS_DEFINITION, "RES.KEY_", Permissions.CREATE_INSTANCE) .build(); addPermissionCheck(authorizationCheck, permissionCheck); } } }
public void configureExternalTaskFetch(ListQueryParameterObject parameter) { configureQuery(parameter); CompositePermissionCheck permissionCheck = newPermissionCheckBuilder() .conjunctive() .composite() .disjunctive() .atomicCheck(PROCESS_INSTANCE, "RES.PROC_INST_ID_", READ) .atomicCheck(PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", READ_INSTANCE) .done() .composite() .disjunctive() .atomicCheck(PROCESS_INSTANCE, "RES.PROC_INST_ID_", UPDATE) .atomicCheck(PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", UPDATE_INSTANCE) .done() .build(); addPermissionCheck(parameter.getAuthCheck(), permissionCheck); }
public void configureExternalTaskFetch(ListQueryParameterObject parameter) { configureQuery(parameter); CompositePermissionCheck permissionCheck = newPermissionCheckBuilder() .conjunctive() .composite() .disjunctive() .atomicCheck(PROCESS_INSTANCE, "RES.PROC_INST_ID_", READ) .atomicCheck(PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", READ_INSTANCE) .done() .composite() .disjunctive() .atomicCheck(PROCESS_INSTANCE, "RES.PROC_INST_ID_", UPDATE) .atomicCheck(PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", UPDATE_INSTANCE) .done() .build(); addPermissionCheck(parameter.getAuthCheck(), permissionCheck); }
public void configureProcessDefinitionQuery(ProcessDefinitionQueryImpl query) { configureQuery(query, PROCESS_DEFINITION, "RES.KEY_"); if (query.isStartablePermissionCheck()) { AuthorizationCheck authorizationCheck = query.getAuthCheck(); if (!authorizationCheck.isRevokeAuthorizationCheckEnabled()) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setResource(PROCESS_DEFINITION); permCheck.setResourceIdQueryParam("RES.KEY_"); permCheck.setPermission(Permissions.CREATE_INSTANCE); query.addProcessDefinitionCreatePermissionCheck(permCheck); } else { CompositePermissionCheck permissionCheck = new PermissionCheckBuilder() .conjunctive() .atomicCheck(PROCESS_DEFINITION, "RES.KEY_", READ) .atomicCheck(PROCESS_DEFINITION, "RES.KEY_", Permissions.CREATE_INSTANCE) .build(); addPermissionCheck(authorizationCheck, permissionCheck); } } }