Package org.camunda.bpm.engine.impl.cfg.auth

Interface ResourceAuthorizationProvider

  • All Known Implementing Classes:
    DefaultAuthorizationProvider
    public interface ResourceAuthorizationProvider

    Manages (create/update/delete) default authorization when an entity is changed

    Implementations should throw an exception when a specific resource's id is *, as * represents access to all resources/by all users.

    Author:
    Daniel Meyer

    • Method Detail

      • newUser

        AuthorizationEntity[] newUser​(User user)

        Invoked whenever a new user is created

        Parameters:
        user - a newly created user
        Returns:
        a list of authorizations to be automatically added when a new user is created.

      • newGroup

        AuthorizationEntity[] newGroup​(Group group)

        Invoked whenever a new group is created

        Parameters:
        group - a newly created Group
        Returns:
        a list of authorizations to be automatically added when a new Group is created.

      • newTenant

        AuthorizationEntity[] newTenant​(Tenant tenant)

        Invoked whenever a new tenant is created

        Parameters:
        tenant - a newly created Tenant
        Returns:
        a list of authorizations to be automatically added when a new Tenant is created.

      • groupMembershipCreated

        AuthorizationEntity[] groupMembershipCreated​(String groupId,
                                             String userId)

        Invoked whenever a user is added to a group

        Parameters:
        userId - the id of the user who is added to a group a newly created User
        groupId - the id of the group to which the user is added
        Returns:
        a list of authorizations to be automatically added when a new User is created.

      • tenantMembershipCreated

        AuthorizationEntity[] tenantMembershipCreated​(Tenant tenant,
                                              User user)

        Invoked whenever an user is added to a tenant.

        Parameters:
        tenant - the id of the tenant
        userId - the id of the user
        Returns:
        a list of authorizations to be automatically added when a new membership is created.

      • tenantMembershipCreated

        AuthorizationEntity[] tenantMembershipCreated​(Tenant tenant,
                                              Group group)

        Invoked whenever a group is added to a tenant.

        Parameters:
        tenant - the id of the tenant
        groupId - the id of the group
        Returns:
        a list of authorizations to be automatically added when a new membership is created.

      • newFilter

        AuthorizationEntity[] newFilter​(Filter filter)

        Invoked whenever a new filter is created

        Parameters:
        filter - the newly created filter
        Returns:
        a list of authorizations to be automatically added when a new Filter is created.

      • newDeployment

        AuthorizationEntity[] newDeployment​(Deployment deployment)

        Invoked whenever a new deployment is created

        Parameters:
        deployment - the newly created deployment
        Returns:
        a list of authorizations to be automatically added when a new Deployment is created.

      • newProcessDefinition

        AuthorizationEntity[] newProcessDefinition​(ProcessDefinition processDefinition)

        Invoked whenever a new process definition is created

        Parameters:
        processDefinition - the newly created process definition
        Returns:
        a list of authorizations to be automatically added when a new ProcessDefinition is created.

      • newProcessInstance

        AuthorizationEntity[] newProcessInstance​(ProcessInstance processInstance)

        Invoked whenever a new process instance is started

        Parameters:
        processInstance - the newly started process instance
        Returns:
        a list of authorizations to be automatically added when a new ProcessInstance is started.

      • newTask

        AuthorizationEntity[] newTask​(Task task)

        Invoked whenever a new task is created

        Parameters:
        task - the newly created task
        Returns:
        a list of authorizations to be automatically added when a new Task is created.

      • newTaskAssignee

        AuthorizationEntity[] newTaskAssignee​(Task task,
                                      String oldAssignee,
                                      String newAssignee)

        Invoked whenever an user has been assigned to a task.

        Parameters:
        task - the task on which the assignee has been changed
        oldAssignee - the old assignee of the task
        newAssignee - the new assignee of the task
        Returns:
        a list of authorizations to be automatically added when an assignee of a task changes.

      • newTaskOwner

        AuthorizationEntity[] newTaskOwner​(Task task,
                                   String oldOwner,
                                   String newOwner)

        Invoked whenever an user has been set as the owner of a task.

        Parameters:
        task - the task on which the owner has been changed
        oldOwner - the old owner of the task
        newOwner - the new owner of the task
        Returns:
        a list of authorizations to be automatically added when the owner of a task changes.

      • newTaskUserIdentityLink

        AuthorizationEntity[] newTaskUserIdentityLink​(Task task,
                                              String userId,
                                              String type)

        Invoked whenever a new user identity link has been added to a task.

        Parameters:
        task - the task on which a new identity link has been added
        userId - the user for which the identity link has been created
        type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)
        Returns:
        a list of authorizations to be automatically added when a new user identity link has been added.

      • newTaskGroupIdentityLink

        AuthorizationEntity[] newTaskGroupIdentityLink​(Task task,
                                               String groupId,
                                               String type)

        Invoked whenever a new group identity link has been added to a task.

        Parameters:
        task - the task on which a new identity link has been added
        groupId - the group for which the identity link has been created
        type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)
        Returns:
        a list of authorizations to be automatically added when a new group identity link has been added.

      • deleteTaskUserIdentityLink

        AuthorizationEntity[] deleteTaskUserIdentityLink​(Task task,
                                                 String userId,
                                                 String type)

        Invoked whenever a user identity link of a task has been deleted.

        Parameters:
        task - the task on which the identity link has been deleted
        userId - the user for which the identity link has been deleted
        type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)
        Returns:
        a list of authorizations to be automatically deleted when a user identity link has been deleted.

      • deleteTaskGroupIdentityLink

        AuthorizationEntity[] deleteTaskGroupIdentityLink​(Task task,
                                                  String groupId,
                                                  String type)

        Invoked whenever a group identity link of a task has been deleted.

        Parameters:
        task - the task on which the identity link has been deleted
        groupId - the group for which the identity link has been deleted
        type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)
        Returns:
        a list of authorizations to be automatically deleted when a group identity link has been deleted.

      • newDecisionDefinition

        AuthorizationEntity[] newDecisionDefinition​(DecisionDefinition decisionDefinition)

        Invoked whenever a new decision definition is created.

        Parameters:
        decisionDefinition - the newly created decision definition
        Returns:
        a list of authorizations to be automatically added when a new DecisionDefinition is created.

      • newDecisionRequirementsDefinition

        AuthorizationEntity[] newDecisionRequirementsDefinition​(DecisionRequirementsDefinition decisionRequirementsDefinition)

        Invoked whenever a new decision requirements definition is created.

        Parameters:
        decisionRequirementsDefinition - the newly created decision requirements definition
        Returns:
        a list of authorizations to be automatically added when a new DecisionRequirementsDefinition is created.