public class AuthorizationManager extends AbstractManager
Modifier and Type | Field and Description |
---|---|
protected Set<String> |
availableAuthorizedGroupIds
Group ids for which authorizations exist in the database.
|
protected static List<String> |
EMPTY_LIST |
protected Boolean |
isRevokeAuthCheckUsed |
protected static EnginePersistenceLogger |
LOG |
Constructor and Description |
---|
AuthorizationManager() |
close, deleteAuthorizations, deleteAuthorizationsForGroup, deleteAuthorizationsForUser, deleteDefaultAuthorizations, flush, getAttachmentManager, getAuthorizationManager, getBatchManager, getByteArrayManager, getCaseDefinitionManager, getCaseExecutionManager, getCaseInstanceManager, getCommandContext, getCurrentAuthentication, getDbEntityManager, getDbSqlSession, getDecisionDefinitionManager, getDecisionRequirementsDefinitionManager, getDeploymentManager, getEventSubscriptionManager, getHistoricActivityInstanceManager, getHistoricBatchManager, getHistoricCaseActivityInstanceManager, getHistoricCaseInstanceManager, getHistoricDecisionInstanceManager, getHistoricDetailManager, getHistoricExternalTaskLogManager, getHistoricIdentityLinkManager, getHistoricIncidentManager, getHistoricJobLogManager, getHistoricProcessInstanceManager, getHistoricReportManager, getHistoricTaskInstanceManager, getHistoricVariableInstanceManager, getIdentityInfoManager, getIdentityLinkManager, getJobDefinitionManager, getJobManager, getProcessDefinitionManager, getProcessInstanceManager, getResourceAuthorizationProvider, getResourceManager, getSession, getTaskManager, getTaskReportManager, getTenantManager, getUserOperationLogManager, getVariableInstanceManager, isAuthorizationEnabled, saveDefaultAuthorizations
protected static final EnginePersistenceLogger LOG
protected Set<String> availableAuthorizedGroupIds
filterAuthenticatedGroupIds(List)
method. (Manager
instances are command scoped).
It is used to only check authorizations for groups for which authorizations exist. In other words,
if for a given group no authorization exists in the DB, then auth checks are not performed for this group.protected Boolean isRevokeAuthCheckUsed
public PermissionCheckBuilder newPermissionCheckBuilder()
public Authorization createNewAuthorization(int type)
public void insert(DbEntity authorization)
insert
in class AbstractManager
public List<Authorization> selectAuthorizationByQueryCriteria(AuthorizationQueryImpl authorizationQuery)
public Long selectAuthorizationCountByQueryCriteria(AuthorizationQueryImpl authorizationQuery)
public AuthorizationEntity findAuthorizationByUserIdAndResourceId(int type, String userId, Resource resource, String resourceId)
public AuthorizationEntity findAuthorizationByGroupIdAndResourceId(int type, String groupId, Resource resource, String resourceId)
public AuthorizationEntity findAuthorization(int type, String userId, String groupId, Resource resource, String resourceId)
public void update(AuthorizationEntity authorization)
public void delete(DbEntity authorization)
delete
in class AbstractManager
public void checkAuthorization(CompositePermissionCheck compositePermissionCheck)
public void checkAuthorization(Permission permission, Resource resource)
public void checkAuthorization(Permission permission, Resource resource, String resourceId)
checkAuthorization
in class AbstractManager
public boolean isAuthorized(Permission permission, Resource resource, String resourceId)
public boolean isAuthorized(String userId, List<String> groupIds, Permission permission, Resource resource, String resourceId)
public boolean isAuthorized(String userId, List<String> groupIds, PermissionCheck permissionCheck)
protected boolean isRevokeAuthCheckEnabled(String userId, List<String> groupIds)
protected CompositePermissionCheck createCompositePermissionCheck(PermissionCheck permissionCheck)
public boolean isAuthorized(String userId, List<String> groupIds, CompositePermissionCheck compositePermissionCheck)
public boolean isAuthorized(CompositePermissionCheck compositePermissionCheck)
protected boolean isResourceValidForPermission(PermissionCheck permissionCheck)
public void validateResourceCompatibility(AuthorizationEntity authorization)
public void configureQuery(ListQueryParameterObject query)
public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource)
public void enableQueryAuthCheck(AuthorizationCheck authCheck)
public void configureQuery(AbstractQuery query, Resource resource)
configureQuery
in class AbstractManager
public void configureQuery(AbstractQuery query, Resource resource, String queryParam)
public void configureQuery(AbstractQuery query, Resource resource, String queryParam, Permission permission)
public boolean isPermissionDisabled(Permission permission)
protected void addPermissionCheck(AuthorizationCheck authCheck, CompositePermissionCheck compositeCheck)
public void deleteAuthorizationsByResourceIds(Resources resource, List<String> resourceIds)
public void deleteAuthorizationsByResourceId(Resource resource, String resourceId)
public void deleteAuthorizationsByResourceIdAndUserId(Resource resource, String resourceId, String userId)
public void deleteAuthorizationsByResourceIdAndGroupId(Resource resource, String resourceId, String groupId)
public void checkCamundaAdmin()
Groups.CAMUNDA_ADMIN
. The check is ignored if the authorization is
disabled or no authentication exists.AuthorizationException
public boolean isCamundaAdmin(Authentication authentication)
authentication
- authentication to check, cannot be null
true
if the given authentication contains the group
Groups.CAMUNDA_ADMIN
or the userpublic void configureDeploymentQuery(DeploymentQueryImpl query)
public void configureProcessDefinitionQuery(ProcessDefinitionQueryImpl query)
public void configureExecutionQuery(AbstractQuery query)
public void configureTaskQuery(TaskQueryImpl query)
public void configureEventSubscriptionQuery(EventSubscriptionQueryImpl query)
public void configureConditionalEventSubscriptionQuery(ListQueryParameterObject query)
public void configureIncidentQuery(IncidentQueryImpl query)
protected void configureVariableInstanceQuery(VariableInstanceQueryImpl query)
public void configureJobDefinitionQuery(JobDefinitionQueryImpl query)
public void configureJobQuery(JobQueryImpl query)
public void configureHistoricProcessInstanceQuery(HistoricProcessInstanceQueryImpl query)
public void configureHistoricActivityInstanceQuery(HistoricActivityInstanceQueryImpl query)
public void configureHistoricTaskInstanceQuery(HistoricTaskInstanceQueryImpl query)
public void configureHistoricVariableInstanceQuery(HistoricVariableInstanceQueryImpl query)
public void configureHistoricDetailQuery(HistoricDetailQueryImpl query)
protected void configureHistoricVariableAndDetailQuery(AbstractQuery query)
public void configureHistoricJobLogQuery(HistoricJobLogQueryImpl query)
public void configureHistoricIncidentQuery(HistoricIncidentQueryImpl query)
public void configureHistoricIdentityLinkQuery(HistoricIdentityLinkLogQueryImpl query)
public void configureHistoricDecisionInstanceQuery(HistoricDecisionInstanceQueryImpl query)
public void configureHistoricExternalTaskLogQuery(HistoricExternalTaskLogQueryImpl query)
public void configureUserOperationLogQuery(UserOperationLogQueryImpl query)
public void configureHistoricBatchQuery(HistoricBatchQueryImpl query)
public void configureDeploymentStatisticsQuery(DeploymentStatisticsQueryImpl query)
public void configureProcessDefinitionStatisticsQuery(ProcessDefinitionStatisticsQueryImpl query)
public void configureActivityStatisticsQuery(ActivityStatisticsQueryImpl query)
public void configureExternalTaskQuery(ExternalTaskQueryImpl query)
public void configureExternalTaskFetch(ListQueryParameterObject parameter)
public void configureDecisionDefinitionQuery(DecisionDefinitionQueryImpl query)
public void configureDecisionRequirementsDefinitionQuery(DecisionRequirementsDefinitionQueryImpl query)
public void configureBatchQuery(BatchQueryImpl query)
public void configureBatchStatisticsQuery(BatchStatisticsQueryImpl query)
public List<String> filterAuthenticatedGroupIds(List<String> authenticatedGroupIds)
protected boolean isAuthCheckExecuted()
public boolean isEnsureSpecificVariablePermission()
protected boolean isHistoricInstancePermissionsEnabled()
public void addRemovalTimeToAuthorizationsByRootProcessInstanceId(String rootProcessInstanceId, Date removalTime)
public void addRemovalTimeToAuthorizationsByProcessInstanceId(String processInstanceId, Date removalTime)
public DbOperation deleteAuthorizationsByRemovalTime(Date removalTime, int minuteFrom, int minuteTo, int batchSize)
Copyright © 2021. All rights reserved.