Class AuthorizationManager
java.lang.Object
org.camunda.bpm.engine.impl.persistence.AbstractManager
org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager
- All Implemented Interfaces:
Session
- Author:
- Daniel Meyer
-
Field Summary
FieldsModifier and TypeFieldDescriptionGroup ids for which authorizations exist in the database.protected Booleanprotected static final EnginePersistenceLogger -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidaddPermissionCheck(AuthorizationCheck authCheck, CompositePermissionCheck compositeCheck) addRemovalTimeToAuthorizationsByProcessInstanceId(String processInstanceId, Date removalTime, Integer batchSize) addRemovalTimeToAuthorizationsByRootProcessInstanceId(String rootProcessInstanceId, Date removalTime, Integer batchSize) voidcheckAuthorization(Permission permission, Resource resource) voidcheckAuthorization(Permission permission, Resource resource, String resourceId) voidcheckAuthorization(CompositePermissionCheck compositePermissionCheck) voidChecks if the current authentication contains the groupGroups.CAMUNDA_ADMIN.voidcheckCamundaAdminOrPermission(Consumer<CommandChecker> permissionCheck) voidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidprotected voidvoidvoidvoidvoidconfigureJobQuery(JobQueryImpl query) voidvoidvoidconfigureQuery(AbstractQuery query, Resource resource) voidconfigureQuery(AbstractQuery query, Resource resource, String queryParam) voidconfigureQuery(AbstractQuery query, Resource resource, String queryParam, Permission permission) voidvoidconfigureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource) voidconfigureTaskQuery(TaskQueryImpl query) voidprotected voidprotected CompositePermissionCheckcreateCompositePermissionCheck(PermissionCheck permissionCheck) createNewAuthorization(int type) voiddeleteAuthorizationsByRemovalTime(Date removalTime, int minuteFrom, int minuteTo, int batchSize) voiddeleteAuthorizationsByResourceId(Resource resource, String resourceId) voiddeleteAuthorizationsByResourceIdAndGroupId(Resource resource, String resourceId, String groupId) voiddeleteAuthorizationsByResourceIdAndUserId(Resource resource, String resourceId, String userId) voiddeleteAuthorizationsByResourceIds(Resources resource, List<String> resourceIds) voidenableQueryAuthCheck(AuthorizationCheck authCheck) filterAuthenticatedGroupIds(List<String> authenticatedGroupIds) findAuthorization(int type, String userId, String groupId, Resource resource, String resourceId) findAuthorizationByGroupIdAndResourceId(int type, String groupId, Resource resource, String resourceId) findAuthorizationByUserIdAndResourceId(int type, String userId, Resource resource, String resourceId) voidprotected booleanbooleanisAuthorized(String userId, List<String> groupIds, Permission permission, Resource resource, String resourceId) booleanisAuthorized(String userId, List<String> groupIds, CompositePermissionCheck compositePermissionCheck) booleanisAuthorized(String userId, List<String> groupIds, PermissionCheck permissionCheck) booleanisAuthorized(Permission permission, Resource resource, String resourceId) booleanisAuthorized(CompositePermissionCheck compositePermissionCheck) booleanisCamundaAdmin(Authentication authentication) booleanprotected booleanbooleanisPermissionDisabled(Permission permission) protected booleanisResourceValidForPermission(PermissionCheck permissionCheck) protected booleanisRevokeAuthCheckEnabled(String userId, List<String> groupIds) selectAuthorizationByQueryCriteria(AuthorizationQueryImpl authorizationQuery) selectAuthorizationCountByQueryCriteria(AuthorizationQueryImpl authorizationQuery) voidupdate(AuthorizationEntity authorization) voidvalidateResourceCompatibility(AuthorizationEntity authorization) Methods inherited from class org.camunda.bpm.engine.impl.persistence.AbstractManager
close, deleteAuthorizations, deleteAuthorizationsForGroup, deleteAuthorizationsForUser, deleteDefaultAuthorizations, flush, getAttachmentManager, getAuthorizationManager, getBatchManager, getByteArrayManager, getCamundaFormDefinitionManager, getCaseDefinitionManager, getCaseExecutionManager, getCaseInstanceManager, getCommandContext, getCurrentAuthentication, getDbEntityManager, getDbSqlSession, getDecisionDefinitionManager, getDecisionRequirementsDefinitionManager, getDeploymentManager, getEventSubscriptionManager, getHistoricActivityInstanceManager, getHistoricBatchManager, getHistoricCaseActivityInstanceManager, getHistoricCaseInstanceManager, getHistoricDecisionInstanceManager, getHistoricDetailManager, getHistoricExternalTaskLogManager, getHistoricIdentityLinkManager, getHistoricIncidentManager, getHistoricJobLogManager, getHistoricProcessInstanceManager, getHistoricReportManager, getHistoricTaskInstanceManager, getHistoricVariableInstanceManager, getIdentityInfoManager, getIdentityLinkManager, getJobDefinitionManager, getJobManager, getProcessDefinitionManager, getProcessInstanceManager, getResourceAuthorizationProvider, getResourceManager, getSession, getTaskManager, getTaskReportManager, getTenantManager, getUserOperationLogManager, getVariableInstanceManager, isAuthorizationEnabled, saveDefaultAuthorizations
-
Field Details
-
LOG
-
EMPTY_LIST
-
availableAuthorizedGroupIds
Group ids for which authorizations exist in the database. This is initialized once per command by thefilterAuthenticatedGroupIds(List)method. (Manager instances are command scoped). It is used to only check authorizations for groups for which authorizations exist. In other words, if for a given group no authorization exists in the DB, then auth checks are not performed for this group. -
isRevokeAuthCheckUsed
-
-
Constructor Details
-
AuthorizationManager
public AuthorizationManager()
-
-
Method Details
-
newPermissionCheckBuilder
-
createNewAuthorization
-
insert
- Overrides:
insertin classAbstractManager
-
selectAuthorizationByQueryCriteria
public List<Authorization> selectAuthorizationByQueryCriteria(AuthorizationQueryImpl authorizationQuery) -
selectAuthorizationCountByQueryCriteria
-
findAuthorizationByUserIdAndResourceId
public AuthorizationEntity findAuthorizationByUserIdAndResourceId(int type, String userId, Resource resource, String resourceId) -
findAuthorizationByGroupIdAndResourceId
public AuthorizationEntity findAuthorizationByGroupIdAndResourceId(int type, String groupId, Resource resource, String resourceId) -
findAuthorization
public AuthorizationEntity findAuthorization(int type, String userId, String groupId, Resource resource, String resourceId) -
update
-
delete
- Overrides:
deletein classAbstractManager
-
checkAuthorization
-
checkAuthorization
-
checkAuthorization
- Overrides:
checkAuthorizationin classAbstractManager
-
isAuthorized
-
isAuthorized
-
isAuthorized
-
isRevokeAuthCheckEnabled
-
createCompositePermissionCheck
-
isAuthorized
public boolean isAuthorized(String userId, List<String> groupIds, CompositePermissionCheck compositePermissionCheck) -
isAuthorized
-
isResourceValidForPermission
-
validateResourceCompatibility
-
configureQuery
-
configureQueryHistoricFinishedInstanceReport
public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource) -
enableQueryAuthCheck
-
configureQuery
- Overrides:
configureQueryin classAbstractManager
-
configureQuery
-
configureQuery
public void configureQuery(AbstractQuery query, Resource resource, String queryParam, Permission permission) -
isPermissionDisabled
-
addPermissionCheck
protected void addPermissionCheck(AuthorizationCheck authCheck, CompositePermissionCheck compositeCheck) -
deleteAuthorizationsByResourceIds
-
deleteAuthorizationsByResourceId
-
deleteAuthorizationsByResourceIdAndUserId
-
deleteAuthorizationsByResourceIdAndGroupId
-
checkCamundaAdmin
public void checkCamundaAdmin()Checks if the current authentication contains the groupGroups.CAMUNDA_ADMIN. The check is ignored if the authorization is disabled or no authentication exists.- Throws:
AuthorizationException
-
checkCamundaAdminOrPermission
-
isCamundaAdmin
- Parameters:
authentication- authentication to check, cannot benull- Returns:
trueif the given authentication contains the groupGroups.CAMUNDA_ADMINor the user
-
configureDeploymentQuery
-
configureProcessDefinitionQuery
-
configureExecutionQuery
-
configureTaskQuery
-
configureEventSubscriptionQuery
-
configureConditionalEventSubscriptionQuery
-
configureIncidentQuery
-
configureVariableInstanceQuery
-
configureJobDefinitionQuery
-
configureJobQuery
-
configureHistoricProcessInstanceQuery
-
configureHistoricActivityInstanceQuery
-
configureHistoricTaskInstanceQuery
-
configureHistoricVariableInstanceQuery
-
configureHistoricDetailQuery
-
configureHistoricVariableAndDetailQuery
-
configureHistoricJobLogQuery
-
configureHistoricIncidentQuery
-
configureHistoricIdentityLinkQuery
-
configureHistoricDecisionInstanceQuery
-
configureHistoricExternalTaskLogQuery
-
configureUserOperationLogQuery
-
configureHistoricBatchQuery
-
configureDeploymentStatisticsQuery
-
configureProcessDefinitionStatisticsQuery
-
configureActivityStatisticsQuery
-
configureExternalTaskQuery
-
configureExternalTaskFetch
-
configureDecisionDefinitionQuery
-
configureDecisionRequirementsDefinitionQuery
public void configureDecisionRequirementsDefinitionQuery(DecisionRequirementsDefinitionQueryImpl query) -
configureBatchQuery
-
configureBatchStatisticsQuery
-
filterAuthenticatedGroupIds
-
getAllGroups
-
isAuthCheckExecuted
protected boolean isAuthCheckExecuted() -
isEnsureSpecificVariablePermission
public boolean isEnsureSpecificVariablePermission() -
isHistoricInstancePermissionsEnabled
protected boolean isHistoricInstancePermissionsEnabled() -
addRemovalTimeToAuthorizationsByRootProcessInstanceId
public DbOperation addRemovalTimeToAuthorizationsByRootProcessInstanceId(String rootProcessInstanceId, Date removalTime, Integer batchSize) -
addRemovalTimeToAuthorizationsByProcessInstanceId
public DbOperation addRemovalTimeToAuthorizationsByProcessInstanceId(String processInstanceId, Date removalTime, Integer batchSize) -
deleteAuthorizationsByRemovalTime
public DbOperation deleteAuthorizationsByRemovalTime(Date removalTime, int minuteFrom, int minuteTo, int batchSize)
-