public class DefaultAuthorizationProvider extends Object implements ResourceAuthorizationProvider
Provides the default authorizations for Camunda Platform.
Constructor and Description |
---|
DefaultAuthorizationProvider() |
Modifier and Type | Method and Description |
---|---|
protected void |
addPermissions(AuthorizationEntity authorization,
Permission... permissions) |
protected boolean |
areIdsEqual(String firstId,
String secondId) |
protected AuthorizationEntity |
createAuthorization(String userId,
String groupId,
Resource resource,
String resourceId,
Permission... permissions) |
protected AuthorizationEntity |
createGrantAuthorization(String userId,
String groupId,
Resource resource,
String resourceId,
Permission... permissions) |
protected AuthorizationEntity |
createOrUpdateAuthorization(Task task,
String userId,
String groupId,
Resource resource,
boolean isHistoric,
Permission... permissions) |
protected AuthorizationEntity[] |
createOrUpdateAuthorizations(Task task,
String groupId,
String userId)
(1) Fetch existing runtime & history authorizations
(2) Update authorizations:
(2a) fetched authorization == null
-> create a new runtime authorization (with READ, (UPDATE/TASK_WORK) permission,
and READ_VARIABLE if enabled)
-> create a new history authorization (with READ on HISTORIC_TASK)
(2b) fetched authorization != null
-> Add READ, (UPDATE/TASK_WORK) permission, and READ_VARIABLE if enabled
UPDATE or TASK_WORK permission is configurable in camunda.cfg.xml and by default,
UPDATE permission is provided
-> Add READ on HISTORIC_TASK
|
protected AuthorizationEntity[] |
createOrUpdateAuthorizationsByGroupId(Task task,
String groupId) |
protected AuthorizationEntity[] |
createOrUpdateAuthorizationsByUserId(Task task,
String userId) |
AuthorizationEntity[] |
deleteTaskGroupIdentityLink(Task task,
String groupId,
String type)
Invoked whenever a group identity link of a task has been deleted.
|
AuthorizationEntity[] |
deleteTaskUserIdentityLink(Task task,
String userId,
String type)
Invoked whenever a user identity link of a task has been deleted.
|
protected HistoryEvent |
findHistoricProcessInstance(String rootProcessInstanceId) |
protected AuthorizationManager |
getAuthorizationManager() |
protected Permission |
getDefaultUserPermissionForTask() |
protected AuthorizationEntity |
getGrantAuthorization(String taskId,
String userId,
String groupId,
Resource resource) |
protected AuthorizationEntity |
getGrantAuthorizationByGroupId(String groupId,
Resource resource,
String resourceId) |
protected AuthorizationEntity |
getGrantAuthorizationByUserId(String userId,
Resource resource,
String resourceId) |
protected Permission[] |
getHistoricPermissions(boolean enforceSpecificVariablePermission) |
protected String |
getHistoryRemovalTimeStrategy() |
protected String |
getRootProcessInstanceId(Task task) |
protected Permission[] |
getRuntimePermissions(boolean enforceSpecificVariablePermission) |
AuthorizationEntity[] |
groupMembershipCreated(String groupId,
String userId)
Invoked whenever a user is added to a group
|
protected boolean |
hasEntitySameAuthorizationRights(AuthorizationEntity authEntity,
String userId,
String groupId,
Resource resource,
String resourceId) |
protected boolean |
isEnforceSpecificVariablePermission() |
protected boolean |
isHistoricInstancePermissionsEnabled() |
protected boolean |
isHistoryRemovalTimeStrategyStart() |
AuthorizationEntity[] |
newDecisionDefinition(DecisionDefinition decisionDefinition)
Invoked whenever a new decision definition is created.
|
AuthorizationEntity[] |
newDecisionRequirementsDefinition(DecisionRequirementsDefinition decisionRequirementsDefinition)
Invoked whenever a new decision requirements definition is created.
|
AuthorizationEntity[] |
newDeployment(Deployment deployment)
Invoked whenever a new deployment is created
|
AuthorizationEntity[] |
newFilter(Filter filter)
Invoked whenever a new filter is created
|
AuthorizationEntity[] |
newGroup(Group group)
Invoked whenever a new group is created
|
AuthorizationEntity[] |
newProcessDefinition(ProcessDefinition processDefinition)
Invoked whenever a new process definition is created
|
AuthorizationEntity[] |
newProcessInstance(ProcessInstance processInstance)
Invoked whenever a new process instance is started
|
AuthorizationEntity[] |
newTask(Task task)
Invoked whenever a new task is created
|
AuthorizationEntity[] |
newTaskAssignee(Task task,
String oldAssignee,
String newAssignee)
Invoked whenever an user has been assigned to a task.
|
AuthorizationEntity[] |
newTaskGroupIdentityLink(Task task,
String groupId,
String type)
Invoked whenever a new group identity link has been added to a task.
|
AuthorizationEntity[] |
newTaskOwner(Task task,
String oldOwner,
String newOwner)
Invoked whenever an user has been set as the owner of a task.
|
AuthorizationEntity[] |
newTaskUserIdentityLink(Task task,
String userId,
String type)
Invoked whenever a new user identity link has been added to a task.
|
AuthorizationEntity[] |
newTenant(Tenant tenant)
Invoked whenever a new tenant is created
|
AuthorizationEntity[] |
newUser(User user)
Invoked whenever a new user is created
|
protected void |
provideRemovalTime(AuthorizationEntity authorization,
Task task) |
AuthorizationEntity[] |
tenantMembershipCreated(Tenant tenant,
Group group)
Invoked whenever a group is added to a tenant.
|
AuthorizationEntity[] |
tenantMembershipCreated(Tenant tenant,
User user)
Invoked whenever an user is added to a tenant.
|
protected void |
updateAuthorizationBasedOnCacheEntries(AuthorizationEntity authorization,
String userId,
String groupId,
Resource resource,
String resourceId)
Searches through the cache, if there is already an authorization with same rights.
|
public AuthorizationEntity[] newUser(User user)
ResourceAuthorizationProvider
Invoked whenever a new user is created
newUser
in interface ResourceAuthorizationProvider
user
- a newly created userpublic AuthorizationEntity[] newGroup(Group group)
ResourceAuthorizationProvider
Invoked whenever a new group is created
newGroup
in interface ResourceAuthorizationProvider
group
- a newly created Group
Group
is created.public AuthorizationEntity[] newTenant(Tenant tenant)
ResourceAuthorizationProvider
Invoked whenever a new tenant is created
newTenant
in interface ResourceAuthorizationProvider
tenant
- a newly created Tenant
Tenant
is created.public AuthorizationEntity[] groupMembershipCreated(String groupId, String userId)
ResourceAuthorizationProvider
Invoked whenever a user is added to a group
groupMembershipCreated
in interface ResourceAuthorizationProvider
groupId
- the id of the group to which the user is addeduserId
- the id of the user who is added to a group a newly created
User
User
is created.public AuthorizationEntity[] tenantMembershipCreated(Tenant tenant, User user)
ResourceAuthorizationProvider
Invoked whenever an user is added to a tenant.
tenantMembershipCreated
in interface ResourceAuthorizationProvider
tenant
- the id of the tenantpublic AuthorizationEntity[] tenantMembershipCreated(Tenant tenant, Group group)
ResourceAuthorizationProvider
Invoked whenever a group is added to a tenant.
tenantMembershipCreated
in interface ResourceAuthorizationProvider
tenant
- the id of the tenantpublic AuthorizationEntity[] newFilter(Filter filter)
ResourceAuthorizationProvider
Invoked whenever a new filter is created
newFilter
in interface ResourceAuthorizationProvider
filter
- the newly created filterFilter
is created.public AuthorizationEntity[] newDeployment(Deployment deployment)
ResourceAuthorizationProvider
Invoked whenever a new deployment is created
newDeployment
in interface ResourceAuthorizationProvider
deployment
- the newly created deploymentDeployment
is created.public AuthorizationEntity[] newProcessDefinition(ProcessDefinition processDefinition)
ResourceAuthorizationProvider
Invoked whenever a new process definition is created
newProcessDefinition
in interface ResourceAuthorizationProvider
processDefinition
- the newly created process definitionProcessDefinition
is created.public AuthorizationEntity[] newProcessInstance(ProcessInstance processInstance)
ResourceAuthorizationProvider
Invoked whenever a new process instance is started
newProcessInstance
in interface ResourceAuthorizationProvider
processInstance
- the newly started process instanceProcessInstance
is started.public AuthorizationEntity[] newTask(Task task)
ResourceAuthorizationProvider
Invoked whenever a new task is created
newTask
in interface ResourceAuthorizationProvider
task
- the newly created taskTask
is created.public AuthorizationEntity[] newTaskAssignee(Task task, String oldAssignee, String newAssignee)
ResourceAuthorizationProvider
Invoked whenever an user has been assigned to a task.
newTaskAssignee
in interface ResourceAuthorizationProvider
task
- the task on which the assignee has been changedoldAssignee
- the old assignee of the tasknewAssignee
- the new assignee of the taskpublic AuthorizationEntity[] newTaskOwner(Task task, String oldOwner, String newOwner)
ResourceAuthorizationProvider
Invoked whenever an user has been set as the owner of a task.
newTaskOwner
in interface ResourceAuthorizationProvider
task
- the task on which the owner has been changedoldOwner
- the old owner of the tasknewOwner
- the new owner of the taskpublic AuthorizationEntity[] newTaskUserIdentityLink(Task task, String userId, String type)
ResourceAuthorizationProvider
Invoked whenever a new user identity link has been added to a task.
newTaskUserIdentityLink
in interface ResourceAuthorizationProvider
task
- the task on which a new identity link has been addeduserId
- the user for which the identity link has been createdtype
- the type of the identity link (e.g. IdentityLinkType.CANDIDATE
)public AuthorizationEntity[] newTaskGroupIdentityLink(Task task, String groupId, String type)
ResourceAuthorizationProvider
Invoked whenever a new group identity link has been added to a task.
newTaskGroupIdentityLink
in interface ResourceAuthorizationProvider
task
- the task on which a new identity link has been addedgroupId
- the group for which the identity link has been createdtype
- the type of the identity link (e.g. IdentityLinkType.CANDIDATE
)public AuthorizationEntity[] deleteTaskUserIdentityLink(Task task, String userId, String type)
ResourceAuthorizationProvider
Invoked whenever a user identity link of a task has been deleted.
deleteTaskUserIdentityLink
in interface ResourceAuthorizationProvider
task
- the task on which the identity link has been deleteduserId
- the user for which the identity link has been deletedtype
- the type of the identity link (e.g. IdentityLinkType.CANDIDATE
)public AuthorizationEntity[] deleteTaskGroupIdentityLink(Task task, String groupId, String type)
ResourceAuthorizationProvider
Invoked whenever a group identity link of a task has been deleted.
deleteTaskGroupIdentityLink
in interface ResourceAuthorizationProvider
task
- the task on which the identity link has been deletedgroupId
- the group for which the identity link has been deletedtype
- the type of the identity link (e.g. IdentityLinkType.CANDIDATE
)public AuthorizationEntity[] newDecisionDefinition(DecisionDefinition decisionDefinition)
ResourceAuthorizationProvider
Invoked whenever a new decision definition is created.
newDecisionDefinition
in interface ResourceAuthorizationProvider
decisionDefinition
- the newly created decision definitionDecisionDefinition
is created.public AuthorizationEntity[] newDecisionRequirementsDefinition(DecisionRequirementsDefinition decisionRequirementsDefinition)
ResourceAuthorizationProvider
Invoked whenever a new decision requirements definition is created.
newDecisionRequirementsDefinition
in interface ResourceAuthorizationProvider
decisionRequirementsDefinition
- the newly created decision requirements definitionDecisionRequirementsDefinition
is created.protected AuthorizationEntity[] createOrUpdateAuthorizationsByGroupId(Task task, String groupId)
protected AuthorizationEntity[] createOrUpdateAuthorizationsByUserId(Task task, String userId)
protected AuthorizationEntity[] createOrUpdateAuthorizations(Task task, String groupId, String userId)
protected AuthorizationEntity createOrUpdateAuthorization(Task task, String userId, String groupId, Resource resource, boolean isHistoric, Permission... permissions)
protected void provideRemovalTime(AuthorizationEntity authorization, Task task)
protected boolean isHistoryRemovalTimeStrategyStart()
protected String getHistoryRemovalTimeStrategy()
protected HistoryEvent findHistoricProcessInstance(String rootProcessInstanceId)
protected Permission[] getHistoricPermissions(boolean enforceSpecificVariablePermission)
protected Permission[] getRuntimePermissions(boolean enforceSpecificVariablePermission)
protected boolean isHistoricInstancePermissionsEnabled()
protected AuthorizationManager getAuthorizationManager()
protected AuthorizationEntity getGrantAuthorization(String taskId, String userId, String groupId, Resource resource)
protected AuthorizationEntity getGrantAuthorizationByUserId(String userId, Resource resource, String resourceId)
protected AuthorizationEntity getGrantAuthorizationByGroupId(String groupId, Resource resource, String resourceId)
protected AuthorizationEntity createAuthorization(String userId, String groupId, Resource resource, String resourceId, Permission... permissions)
protected void addPermissions(AuthorizationEntity authorization, Permission... permissions)
protected AuthorizationEntity createGrantAuthorization(String userId, String groupId, Resource resource, String resourceId, Permission... permissions)
protected Permission getDefaultUserPermissionForTask()
protected boolean isEnforceSpecificVariablePermission()
protected void updateAuthorizationBasedOnCacheEntries(AuthorizationEntity authorization, String userId, String groupId, Resource resource, String resourceId)
protected boolean hasEntitySameAuthorizationRights(AuthorizationEntity authEntity, String userId, String groupId, Resource resource, String resourceId)
Copyright © 2022. All rights reserved.