Class DefaultAuthorizationProvider

    • Constructor Detail

      • DefaultAuthorizationProvider

        public DefaultAuthorizationProvider()
    • Method Detail

      • groupMembershipCreated

        public AuthorizationEntity[] groupMembershipCreated​(java.lang.String groupId,
                                                            java.lang.String userId)
        Description copied from interface: ResourceAuthorizationProvider

        Invoked whenever a user is added to a group

        Specified by:
        groupMembershipCreated in interface ResourceAuthorizationProvider
        Parameters:
        groupId - the id of the group to which the user is added
        userId - the id of the user who is added to a group a newly created User
        Returns:
        a list of authorizations to be automatically added when a new User is created.
      • newTaskAssignee

        public AuthorizationEntity[] newTaskAssignee​(Task task,
                                                     java.lang.String oldAssignee,
                                                     java.lang.String newAssignee)
        Description copied from interface: ResourceAuthorizationProvider

        Invoked whenever an user has been assigned to a task.

        Specified by:
        newTaskAssignee in interface ResourceAuthorizationProvider
        Parameters:
        task - the task on which the assignee has been changed
        oldAssignee - the old assignee of the task
        newAssignee - the new assignee of the task
        Returns:
        a list of authorizations to be automatically added when an assignee of a task changes.
      • newTaskOwner

        public AuthorizationEntity[] newTaskOwner​(Task task,
                                                  java.lang.String oldOwner,
                                                  java.lang.String newOwner)
        Description copied from interface: ResourceAuthorizationProvider

        Invoked whenever an user has been set as the owner of a task.

        Specified by:
        newTaskOwner in interface ResourceAuthorizationProvider
        Parameters:
        task - the task on which the owner has been changed
        oldOwner - the old owner of the task
        newOwner - the new owner of the task
        Returns:
        a list of authorizations to be automatically added when the owner of a task changes.
      • newTaskUserIdentityLink

        public AuthorizationEntity[] newTaskUserIdentityLink​(Task task,
                                                             java.lang.String userId,
                                                             java.lang.String type)
        Description copied from interface: ResourceAuthorizationProvider

        Invoked whenever a new user identity link has been added to a task.

        Specified by:
        newTaskUserIdentityLink in interface ResourceAuthorizationProvider
        Parameters:
        task - the task on which a new identity link has been added
        userId - the user for which the identity link has been created
        type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)
        Returns:
        a list of authorizations to be automatically added when a new user identity link has been added.
      • newTaskGroupIdentityLink

        public AuthorizationEntity[] newTaskGroupIdentityLink​(Task task,
                                                              java.lang.String groupId,
                                                              java.lang.String type)
        Description copied from interface: ResourceAuthorizationProvider

        Invoked whenever a new group identity link has been added to a task.

        Specified by:
        newTaskGroupIdentityLink in interface ResourceAuthorizationProvider
        Parameters:
        task - the task on which a new identity link has been added
        groupId - the group for which the identity link has been created
        type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)
        Returns:
        a list of authorizations to be automatically added when a new group identity link has been added.
      • deleteTaskUserIdentityLink

        public AuthorizationEntity[] deleteTaskUserIdentityLink​(Task task,
                                                                java.lang.String userId,
                                                                java.lang.String type)
        Description copied from interface: ResourceAuthorizationProvider

        Invoked whenever a user identity link of a task has been deleted.

        Specified by:
        deleteTaskUserIdentityLink in interface ResourceAuthorizationProvider
        Parameters:
        task - the task on which the identity link has been deleted
        userId - the user for which the identity link has been deleted
        type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)
        Returns:
        a list of authorizations to be automatically deleted when a user identity link has been deleted.
      • deleteTaskGroupIdentityLink

        public AuthorizationEntity[] deleteTaskGroupIdentityLink​(Task task,
                                                                 java.lang.String groupId,
                                                                 java.lang.String type)
        Description copied from interface: ResourceAuthorizationProvider

        Invoked whenever a group identity link of a task has been deleted.

        Specified by:
        deleteTaskGroupIdentityLink in interface ResourceAuthorizationProvider
        Parameters:
        task - the task on which the identity link has been deleted
        groupId - the group for which the identity link has been deleted
        type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)
        Returns:
        a list of authorizations to be automatically deleted when a group identity link has been deleted.
      • createOrUpdateAuthorizationsByGroupId

        protected AuthorizationEntity[] createOrUpdateAuthorizationsByGroupId​(Task task,
                                                                              java.lang.String groupId)
      • createOrUpdateAuthorizationsByUserId

        protected AuthorizationEntity[] createOrUpdateAuthorizationsByUserId​(Task task,
                                                                             java.lang.String userId)
      • createOrUpdateAuthorizations

        protected AuthorizationEntity[] createOrUpdateAuthorizations​(Task task,
                                                                     java.lang.String groupId,
                                                                     java.lang.String userId)
        (1) Fetch existing runtime & history authorizations (2) Update authorizations: (2a) fetched authorization == null -> create a new runtime authorization (with READ, (UPDATE/TASK_WORK) permission, and READ_VARIABLE if enabled) -> create a new history authorization (with READ on HISTORIC_TASK) (2b) fetched authorization != null -> Add READ, (UPDATE/TASK_WORK) permission, and READ_VARIABLE if enabled UPDATE or TASK_WORK permission is configurable in camunda.cfg.xml and by default, UPDATE permission is provided -> Add READ on HISTORIC_TASK
      • createOrUpdateAuthorization

        protected AuthorizationEntity createOrUpdateAuthorization​(Task task,
                                                                  java.lang.String userId,
                                                                  java.lang.String groupId,
                                                                  Resource resource,
                                                                  boolean isHistoric,
                                                                  Permission... permissions)
      • getRootProcessInstanceId

        protected java.lang.String getRootProcessInstanceId​(Task task)
      • isHistoryRemovalTimeStrategyStart

        protected boolean isHistoryRemovalTimeStrategyStart()
      • getHistoryRemovalTimeStrategy

        protected java.lang.String getHistoryRemovalTimeStrategy()
      • findHistoricProcessInstance

        protected HistoryEvent findHistoricProcessInstance​(java.lang.String rootProcessInstanceId)
      • getHistoricPermissions

        protected Permission[] getHistoricPermissions​(boolean enforceSpecificVariablePermission)
      • getRuntimePermissions

        protected Permission[] getRuntimePermissions​(boolean enforceSpecificVariablePermission)
      • isHistoricInstancePermissionsEnabled

        protected boolean isHistoricInstancePermissionsEnabled()
      • getGrantAuthorization

        protected AuthorizationEntity getGrantAuthorization​(java.lang.String taskId,
                                                            java.lang.String userId,
                                                            java.lang.String groupId,
                                                            Resource resource)
      • getGrantAuthorizationByUserId

        protected AuthorizationEntity getGrantAuthorizationByUserId​(java.lang.String userId,
                                                                    Resource resource,
                                                                    java.lang.String resourceId)
      • getGrantAuthorizationByGroupId

        protected AuthorizationEntity getGrantAuthorizationByGroupId​(java.lang.String groupId,
                                                                     Resource resource,
                                                                     java.lang.String resourceId)
      • createAuthorization

        protected AuthorizationEntity createAuthorization​(java.lang.String userId,
                                                          java.lang.String groupId,
                                                          Resource resource,
                                                          java.lang.String resourceId,
                                                          Permission... permissions)
      • createGrantAuthorization

        protected AuthorizationEntity createGrantAuthorization​(java.lang.String userId,
                                                               java.lang.String groupId,
                                                               Resource resource,
                                                               java.lang.String resourceId,
                                                               Permission... permissions)
      • getDefaultUserPermissionForTask

        protected Permission getDefaultUserPermissionForTask()
      • isEnforceSpecificVariablePermission

        protected boolean isEnforceSpecificVariablePermission()
      • updateAuthorizationBasedOnCacheEntries

        protected void updateAuthorizationBasedOnCacheEntries​(AuthorizationEntity authorization,
                                                              java.lang.String userId,
                                                              java.lang.String groupId,
                                                              Resource resource,
                                                              java.lang.String resourceId)
        Searches through the cache, if there is already an authorization with same rights. If that's the case update the given authorization with the permissions and remove the old one from the cache.
      • hasEntitySameAuthorizationRights

        protected boolean hasEntitySameAuthorizationRights​(AuthorizationEntity authEntity,
                                                           java.lang.String userId,
                                                           java.lang.String groupId,
                                                           Resource resource,
                                                           java.lang.String resourceId)
      • areIdsEqual

        protected boolean areIdsEqual​(java.lang.String firstId,
                                      java.lang.String secondId)