public boolean isAuthorized(String userId, List<String> groupIds, Permission permission, Resource resource, String resourceId) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setPermission(permission); permCheck.setResource(resource); permCheck.setResourceId(resourceId); ArrayList<PermissionCheck> permissionChecks = new ArrayList<PermissionCheck>(); permissionChecks.add(permCheck); return isAuthorized(userId, groupIds, permissionChecks); }
public boolean isAuthorized(String userId, List<String> groupIds, Permission permission, Resource resource, String resourceId) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setPermission(permission); permCheck.setResource(resource); permCheck.setResourceId(resourceId); ArrayList<PermissionCheck> permissionChecks = new ArrayList<PermissionCheck>(); permissionChecks.add(permCheck); return isAuthorized(userId, groupIds, permissionChecks); }
protected void addPermissionCheck(ListQueryParameterObject query, Resource resource, String queryParam, Permission permission) { CommandContext commandContext = getCommandContext(); if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setResource(resource); permCheck.setResourceIdQueryParam(queryParam); permCheck.setPermission(permission); query.getAuthCheck().addAtomicPermissionCheck(permCheck); } }
PermissionCheck firstProcessInstancePermissionCheck = newPermissionCheck(); firstProcessInstancePermissionCheck.setResource(PROCESS_INSTANCE); firstProcessInstancePermissionCheck.setPermission(READ); firstProcessInstancePermissionCheck.setResourceIdQueryParam("EXECUTION.PROC_INST_ID_"); PermissionCheck secondProcessInstancePermissionCheck = newPermissionCheck(); secondProcessInstancePermissionCheck.setResource(PROCESS_DEFINITION); secondProcessInstancePermissionCheck.setPermission(READ_INSTANCE); PermissionCheck firstJobPermissionCheck = newPermissionCheck(); firstJobPermissionCheck.setResource(PROCESS_INSTANCE); firstJobPermissionCheck.setPermission(READ); firstJobPermissionCheck.setResourceIdQueryParam("JOB.PROCESS_INSTANCE_ID_"); PermissionCheck secondJobPermissionCheck = newPermissionCheck(); secondJobPermissionCheck.setResource(PROCESS_DEFINITION); secondJobPermissionCheck.setPermission(READ_INSTANCE); PermissionCheck firstIncidentPermissionCheck = newPermissionCheck(); firstIncidentPermissionCheck.setResource(PROCESS_INSTANCE); firstIncidentPermissionCheck.setPermission(READ); firstIncidentPermissionCheck.setResourceIdQueryParam("INC.PROC_INST_ID_"); PermissionCheck secondIncidentPermissionCheck = newPermissionCheck(); secondIncidentPermissionCheck.setResource(PROCESS_DEFINITION); secondIncidentPermissionCheck.setPermission(READ_INSTANCE);
PermissionCheck firstProcessInstancePermissionCheck = newPermissionCheck(); firstProcessInstancePermissionCheck.setResource(PROCESS_INSTANCE); firstProcessInstancePermissionCheck.setPermission(READ); firstProcessInstancePermissionCheck.setResourceIdQueryParam("E.PROC_INST_ID_"); PermissionCheck secondProcessInstancePermissionCheck = newPermissionCheck(); secondProcessInstancePermissionCheck.setResource(PROCESS_DEFINITION); secondProcessInstancePermissionCheck.setPermission(READ_INSTANCE); PermissionCheck firstJobPermissionCheck = newPermissionCheck(); firstJobPermissionCheck.setResource(PROCESS_INSTANCE); firstJobPermissionCheck.setPermission(READ); firstJobPermissionCheck.setResourceIdQueryParam("JOB.PROCESS_INSTANCE_ID_"); PermissionCheck secondJobPermissionCheck = newPermissionCheck(); secondJobPermissionCheck.setResource(PROCESS_DEFINITION); secondJobPermissionCheck.setPermission(READ_INSTANCE); PermissionCheck firstIncidentPermissionCheck = newPermissionCheck(); firstIncidentPermissionCheck.setResource(PROCESS_INSTANCE); firstIncidentPermissionCheck.setPermission(READ); firstIncidentPermissionCheck.setResourceIdQueryParam("I.PROC_INST_ID_"); PermissionCheck secondIncidentPermissionCheck = newPermissionCheck(); secondIncidentPermissionCheck.setResource(PROCESS_DEFINITION); secondIncidentPermissionCheck.setPermission(READ_INSTANCE);
PermissionCheck firstProcessInstancePermissionCheck = newPermissionCheck(); firstProcessInstancePermissionCheck.setResource(PROCESS_INSTANCE); firstProcessInstancePermissionCheck.setPermission(READ); firstProcessInstancePermissionCheck.setResourceIdQueryParam("EXECUTION.PROC_INST_ID_"); PermissionCheck secondProcessInstancePermissionCheck = newPermissionCheck(); secondProcessInstancePermissionCheck.setResource(PROCESS_DEFINITION); secondProcessInstancePermissionCheck.setPermission(READ_INSTANCE); PermissionCheck firstJobPermissionCheck = newPermissionCheck(); firstJobPermissionCheck.setResource(PROCESS_INSTANCE); firstJobPermissionCheck.setPermission(READ); firstJobPermissionCheck.setResourceIdQueryParam("JOB.PROCESS_INSTANCE_ID_"); PermissionCheck secondJobPermissionCheck = newPermissionCheck(); secondJobPermissionCheck.setResource(PROCESS_DEFINITION); secondJobPermissionCheck.setPermission(READ_INSTANCE); PermissionCheck firstIncidentPermissionCheck = newPermissionCheck(); firstIncidentPermissionCheck.setResource(PROCESS_INSTANCE); firstIncidentPermissionCheck.setPermission(READ); firstIncidentPermissionCheck.setResourceIdQueryParam("INC.PROC_INST_ID_"); PermissionCheck secondIncidentPermissionCheck = newPermissionCheck(); secondIncidentPermissionCheck.setResource(PROCESS_DEFINITION); secondIncidentPermissionCheck.setPermission(READ_INSTANCE);
PermissionCheck firstProcessInstancePermissionCheck = newPermissionCheck(); firstProcessInstancePermissionCheck.setResource(PROCESS_INSTANCE); firstProcessInstancePermissionCheck.setPermission(READ); firstProcessInstancePermissionCheck.setResourceIdQueryParam("E.PROC_INST_ID_"); PermissionCheck secondProcessInstancePermissionCheck = newPermissionCheck(); secondProcessInstancePermissionCheck.setResource(PROCESS_DEFINITION); secondProcessInstancePermissionCheck.setPermission(READ_INSTANCE); PermissionCheck firstJobPermissionCheck = newPermissionCheck(); firstJobPermissionCheck.setResource(PROCESS_INSTANCE); firstJobPermissionCheck.setPermission(READ); firstJobPermissionCheck.setResourceIdQueryParam("JOB.PROCESS_INSTANCE_ID_"); PermissionCheck secondJobPermissionCheck = newPermissionCheck(); secondJobPermissionCheck.setResource(PROCESS_DEFINITION); secondJobPermissionCheck.setPermission(READ_INSTANCE); PermissionCheck firstIncidentPermissionCheck = newPermissionCheck(); firstIncidentPermissionCheck.setResource(PROCESS_INSTANCE); firstIncidentPermissionCheck.setPermission(READ); firstIncidentPermissionCheck.setResourceIdQueryParam("I.PROC_INST_ID_"); PermissionCheck secondIncidentPermissionCheck = newPermissionCheck(); secondIncidentPermissionCheck.setResource(PROCESS_DEFINITION); secondIncidentPermissionCheck.setPermission(READ_INSTANCE);
public void checkUpdateJob(JobEntity job) { if (job.getProcessDefinitionKey() == null) { // "standalone" job: nothing to do! return; } // necessary permissions: // - UPDATE on PROCESS_INSTANCE PermissionCheck firstCheck = getAuthorizationManager().newPermissionCheck(); firstCheck.setPermission(UPDATE); firstCheck.setResource(PROCESS_INSTANCE); firstCheck.setResourceId(job.getProcessInstanceId()); // ... OR ... // - UPDATE_INSTANCE on PROCESS_DEFINITION PermissionCheck secondCheck = getAuthorizationManager().newPermissionCheck(); secondCheck.setPermission(UPDATE_INSTANCE); secondCheck.setResource(PROCESS_DEFINITION); secondCheck.setResourceId(job.getProcessDefinitionKey()); secondCheck.setAuthorizationNotFoundReturnValue(0l); getAuthorizationManager().checkAuthorization(firstCheck, secondCheck); }
public void checkReadJob(JobEntity job) { if (job.getProcessDefinitionKey() == null) { // "standalone" job: nothing to do! return; } // necessary permissions: // - READ on PROCESS_INSTANCE PermissionCheck firstCheck = getAuthorizationManager().newPermissionCheck(); firstCheck.setPermission(READ); firstCheck.setResource(PROCESS_INSTANCE); firstCheck.setResourceId(job.getProcessInstanceId()); // ... OR ... // - READ_INSTANCE on PROCESS_DEFINITION PermissionCheck secondCheck = getAuthorizationManager().newPermissionCheck(); secondCheck.setPermission(READ_INSTANCE); secondCheck.setResource(PROCESS_DEFINITION); secondCheck.setResourceId(job.getProcessDefinitionKey()); secondCheck.setAuthorizationNotFoundReturnValue(0l); getAuthorizationManager().checkAuthorization(firstCheck, secondCheck); }
public void checkUpdateJob(JobEntity job) { if (job.getProcessDefinitionKey() == null) { // "standalone" job: nothing to do! return; } // necessary permissions: // - UPDATE on PROCESS_INSTANCE PermissionCheck firstCheck = getAuthorizationManager().newPermissionCheck(); firstCheck.setPermission(UPDATE); firstCheck.setResource(PROCESS_INSTANCE); firstCheck.setResourceId(job.getProcessInstanceId()); // ... OR ... // - UPDATE_INSTANCE on PROCESS_DEFINITION PermissionCheck secondCheck = getAuthorizationManager().newPermissionCheck(); secondCheck.setPermission(UPDATE_INSTANCE); secondCheck.setResource(PROCESS_DEFINITION); secondCheck.setResourceId(job.getProcessDefinitionKey()); secondCheck.setAuthorizationNotFoundReturnValue(0l); getAuthorizationManager().checkAuthorization(firstCheck, secondCheck); }
public void checkReadJob(JobEntity job) { if (job.getProcessDefinitionKey() == null) { // "standalone" job: nothing to do! return; } // necessary permissions: // - READ on PROCESS_INSTANCE PermissionCheck firstCheck = getAuthorizationManager().newPermissionCheck(); firstCheck.setPermission(READ); firstCheck.setResource(PROCESS_INSTANCE); firstCheck.setResourceId(job.getProcessInstanceId()); // ... OR ... // - READ_INSTANCE on PROCESS_DEFINITION PermissionCheck secondCheck = getAuthorizationManager().newPermissionCheck(); secondCheck.setPermission(READ_INSTANCE); secondCheck.setResource(PROCESS_DEFINITION); secondCheck.setResourceId(job.getProcessDefinitionKey()); secondCheck.setAuthorizationNotFoundReturnValue(0l); getAuthorizationManager().checkAuthorization(firstCheck, secondCheck); }
protected void addPermissionCheck(ListQueryParameterObject query, Resource resource, String queryParam, Permission permission) { CommandContext commandContext = getCommandContext(); if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setResource(resource); permCheck.setResourceIdQueryParam(queryParam); permCheck.setPermission(permission); query.getAuthCheck().addAtomicPermissionCheck(permCheck); } }
ProcessDefinitionEntity processDefinition = execution.getProcessDefinition(); PermissionCheck readPermissionCheck = getAuthorizationManager().newPermissionCheck(); readPermissionCheck.setPermission(READ); readPermissionCheck.setResource(TASK); readPermissionCheck.setResourceId(taskId); PermissionCheck readTaskPermissionCheck = getAuthorizationManager().newPermissionCheck(); readTaskPermissionCheck.setPermission(READ_TASK); readTaskPermissionCheck.setResource(PROCESS_DEFINITION);
ProcessDefinitionEntity processDefinition = execution.getProcessDefinition(); PermissionCheck readPermissionCheck = getAuthorizationManager().newPermissionCheck(); readPermissionCheck.setPermission(READ); readPermissionCheck.setResource(TASK); readPermissionCheck.setResourceId(taskId); PermissionCheck readTaskPermissionCheck = getAuthorizationManager().newPermissionCheck(); readTaskPermissionCheck.setPermission(READ_TASK); readTaskPermissionCheck.setResource(PROCESS_DEFINITION);
public void configureProcessDefinitionQuery(ProcessDefinitionQueryImpl query) { configureQuery(query, PROCESS_DEFINITION, "RES.KEY_"); if (query.isStartablePermissionCheck()) { AuthorizationCheck authorizationCheck = query.getAuthCheck(); if (!authorizationCheck.isRevokeAuthorizationCheckEnabled()) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setResource(PROCESS_DEFINITION); permCheck.setResourceIdQueryParam("RES.KEY_"); permCheck.setPermission(Permissions.CREATE_INSTANCE); query.addProcessDefinitionCreatePermissionCheck(permCheck); } else { CompositePermissionCheck permissionCheck = new PermissionCheckBuilder() .conjunctive() .atomicCheck(PROCESS_DEFINITION, "RES.KEY_", READ) .atomicCheck(PROCESS_DEFINITION, "RES.KEY_", Permissions.CREATE_INSTANCE) .build(); addPermissionCheck(authorizationCheck, permissionCheck); } } }
public void configureProcessDefinitionQuery(ProcessDefinitionQueryImpl query) { configureQuery(query, PROCESS_DEFINITION, "RES.KEY_"); if (query.isStartablePermissionCheck()) { AuthorizationCheck authorizationCheck = query.getAuthCheck(); if (!authorizationCheck.isRevokeAuthorizationCheckEnabled()) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setResource(PROCESS_DEFINITION); permCheck.setResourceIdQueryParam("RES.KEY_"); permCheck.setPermission(Permissions.CREATE_INSTANCE); query.addProcessDefinitionCreatePermissionCheck(permCheck); } else { CompositePermissionCheck permissionCheck = new PermissionCheckBuilder() .conjunctive() .atomicCheck(PROCESS_DEFINITION, "RES.KEY_", READ) .atomicCheck(PROCESS_DEFINITION, "RES.KEY_", Permissions.CREATE_INSTANCE) .build(); addPermissionCheck(authorizationCheck, permissionCheck); } } }
public boolean isAuthorized(String userId, List<String> groupIds, Permission permission, Resource resource, String resourceId) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setPermission(permission); permCheck.setResource(resource); permCheck.setResourceId(resourceId); ArrayList<PermissionCheck> permissionChecks = new ArrayList<PermissionCheck>(); permissionChecks.add(permCheck); return isAuthorized(userId, groupIds, permissionChecks); }
protected void addPermissionCheck(ListQueryParameterObject query, Resource resource, String queryParam, Permission permission) { CommandContext commandContext = getCommandContext(); if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setResource(resource); permCheck.setResourceIdQueryParam(queryParam); permCheck.setPermission(permission); query.getAuthCheck().addAtomicPermissionCheck(permCheck); } }
public void checkReadJob(JobEntity job) { if (job.getProcessDefinitionKey() == null) { // "standalone" job: nothing to do! return; } // necessary permissions: // - READ on PROCESS_INSTANCE PermissionCheck firstCheck = getAuthorizationManager().newPermissionCheck(); firstCheck.setPermission(READ); firstCheck.setResource(PROCESS_INSTANCE); firstCheck.setResourceId(job.getProcessInstanceId()); // ... OR ... // - READ_INSTANCE on PROCESS_DEFINITION PermissionCheck secondCheck = getAuthorizationManager().newPermissionCheck(); secondCheck.setPermission(READ_INSTANCE); secondCheck.setResource(PROCESS_DEFINITION); secondCheck.setResourceId(job.getProcessDefinitionKey()); secondCheck.setAuthorizationNotFoundReturnValue(0l); getAuthorizationManager().checkAuthorization(firstCheck, secondCheck); }
public void configureProcessDefinitionQuery(ProcessDefinitionQueryImpl query) { configureQuery(query, PROCESS_DEFINITION, "RES.KEY_"); if (query.isStartablePermissionCheck()) { AuthorizationCheck authorizationCheck = query.getAuthCheck(); if (!authorizationCheck.isRevokeAuthorizationCheckEnabled()) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setResource(PROCESS_DEFINITION); permCheck.setResourceIdQueryParam("RES.KEY_"); permCheck.setPermission(Permissions.CREATE_INSTANCE); query.addProcessDefinitionCreatePermissionCheck(permCheck); } else { CompositePermissionCheck permissionCheck = new PermissionCheckBuilder() .conjunctive() .atomicCheck(PROCESS_DEFINITION, "RES.KEY_", READ) .atomicCheck(PROCESS_DEFINITION, "RES.KEY_", Permissions.CREATE_INSTANCE) .build(); addPermissionCheck(authorizationCheck, permissionCheck); } } }