Class AuthorizationManager
java.lang.Object
org.camunda.bpm.engine.impl.persistence.AbstractManager
org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager
- All Implemented Interfaces:
Session
- Author:
- Daniel Meyer
-
Field Summary
Modifier and TypeFieldDescriptionGroup ids for which authorizations exist in the database.protected Boolean
protected static final EnginePersistenceLogger
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected void
addPermissionCheck
(AuthorizationCheck authCheck, CompositePermissionCheck compositeCheck) addRemovalTimeToAuthorizationsByProcessInstanceId
(String processInstanceId, Date removalTime, Integer batchSize) addRemovalTimeToAuthorizationsByRootProcessInstanceId
(String rootProcessInstanceId, Date removalTime, Integer batchSize) void
checkAuthorization
(Permission permission, Resource resource) void
checkAuthorization
(Permission permission, Resource resource, String resourceId) void
checkAuthorization
(CompositePermissionCheck compositePermissionCheck) void
Checks if the current authentication contains the groupGroups.CAMUNDA_ADMIN
.void
checkCamundaAdminOrPermission
(Consumer<CommandChecker> permissionCheck) void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
protected void
void
void
void
void
configureJobQuery
(JobQueryImpl query) void
void
void
configureQuery
(AbstractQuery query, Resource resource) void
configureQuery
(AbstractQuery query, Resource resource, String queryParam) void
configureQuery
(AbstractQuery query, Resource resource, String queryParam, Permission permission) void
void
configureQueryHistoricFinishedInstanceReport
(ListQueryParameterObject query, Resource resource) void
configureTaskQuery
(TaskQueryImpl query) void
protected void
protected CompositePermissionCheck
createCompositePermissionCheck
(PermissionCheck permissionCheck) createNewAuthorization
(int type) void
deleteAuthorizationsByRemovalTime
(Date removalTime, int minuteFrom, int minuteTo, int batchSize) void
deleteAuthorizationsByResourceId
(Resource resource, String resourceId) void
deleteAuthorizationsByResourceIdAndGroupId
(Resource resource, String resourceId, String groupId) void
deleteAuthorizationsByResourceIdAndUserId
(Resource resource, String resourceId, String userId) void
deleteAuthorizationsByResourceIds
(Resources resource, List<String> resourceIds) void
enableQueryAuthCheck
(AuthorizationCheck authCheck) filterAuthenticatedGroupIds
(List<String> authenticatedGroupIds) findAuthorization
(int type, String userId, String groupId, Resource resource, String resourceId) findAuthorizationByGroupIdAndResourceId
(int type, String groupId, Resource resource, String resourceId) findAuthorizationByUserIdAndResourceId
(int type, String userId, Resource resource, String resourceId) void
protected boolean
boolean
isAuthorized
(String userId, List<String> groupIds, Permission permission, Resource resource, String resourceId) boolean
isAuthorized
(String userId, List<String> groupIds, CompositePermissionCheck compositePermissionCheck) boolean
isAuthorized
(String userId, List<String> groupIds, PermissionCheck permissionCheck) boolean
isAuthorized
(Permission permission, Resource resource, String resourceId) boolean
isAuthorized
(CompositePermissionCheck compositePermissionCheck) boolean
isCamundaAdmin
(Authentication authentication) boolean
protected boolean
boolean
isPermissionDisabled
(Permission permission) protected boolean
isResourceValidForPermission
(PermissionCheck permissionCheck) protected boolean
isRevokeAuthCheckEnabled
(String userId, List<String> groupIds) selectAuthorizationByQueryCriteria
(AuthorizationQueryImpl authorizationQuery) selectAuthorizationCountByQueryCriteria
(AuthorizationQueryImpl authorizationQuery) void
update
(AuthorizationEntity authorization) void
validateResourceCompatibility
(AuthorizationEntity authorization) Methods inherited from class org.camunda.bpm.engine.impl.persistence.AbstractManager
close, deleteAuthorizations, deleteAuthorizationsForGroup, deleteAuthorizationsForUser, deleteDefaultAuthorizations, flush, getAttachmentManager, getAuthorizationManager, getBatchManager, getByteArrayManager, getCamundaFormDefinitionManager, getCaseDefinitionManager, getCaseExecutionManager, getCaseInstanceManager, getCommandContext, getCurrentAuthentication, getDbEntityManager, getDbSqlSession, getDecisionDefinitionManager, getDecisionRequirementsDefinitionManager, getDeploymentManager, getEventSubscriptionManager, getHistoricActivityInstanceManager, getHistoricBatchManager, getHistoricCaseActivityInstanceManager, getHistoricCaseInstanceManager, getHistoricDecisionInstanceManager, getHistoricDetailManager, getHistoricExternalTaskLogManager, getHistoricIdentityLinkManager, getHistoricIncidentManager, getHistoricJobLogManager, getHistoricProcessInstanceManager, getHistoricReportManager, getHistoricTaskInstanceManager, getHistoricVariableInstanceManager, getIdentityInfoManager, getIdentityLinkManager, getJobDefinitionManager, getJobManager, getProcessDefinitionManager, getProcessInstanceManager, getResourceAuthorizationProvider, getResourceManager, getSession, getTaskManager, getTaskReportManager, getTenantManager, getUserOperationLogManager, getVariableInstanceManager, isAuthorizationEnabled, saveDefaultAuthorizations
-
Field Details
-
LOG
-
EMPTY_LIST
-
availableAuthorizedGroupIds
Group ids for which authorizations exist in the database. This is initialized once per command by thefilterAuthenticatedGroupIds(List)
method. (Manager instances are command scoped). It is used to only check authorizations for groups for which authorizations exist. In other words, if for a given group no authorization exists in the DB, then auth checks are not performed for this group. -
isRevokeAuthCheckUsed
-
-
Constructor Details
-
AuthorizationManager
public AuthorizationManager()
-
-
Method Details
-
newPermissionCheckBuilder
-
createNewAuthorization
-
insert
- Overrides:
insert
in classAbstractManager
-
selectAuthorizationByQueryCriteria
public List<Authorization> selectAuthorizationByQueryCriteria(AuthorizationQueryImpl authorizationQuery) -
selectAuthorizationCountByQueryCriteria
-
findAuthorizationByUserIdAndResourceId
public AuthorizationEntity findAuthorizationByUserIdAndResourceId(int type, String userId, Resource resource, String resourceId) -
findAuthorizationByGroupIdAndResourceId
public AuthorizationEntity findAuthorizationByGroupIdAndResourceId(int type, String groupId, Resource resource, String resourceId) -
findAuthorization
public AuthorizationEntity findAuthorization(int type, String userId, String groupId, Resource resource, String resourceId) -
update
-
delete
- Overrides:
delete
in classAbstractManager
-
checkAuthorization
-
checkAuthorization
-
checkAuthorization
- Overrides:
checkAuthorization
in classAbstractManager
-
isAuthorized
-
isAuthorized
-
isAuthorized
-
isRevokeAuthCheckEnabled
-
createCompositePermissionCheck
-
isAuthorized
public boolean isAuthorized(String userId, List<String> groupIds, CompositePermissionCheck compositePermissionCheck) -
isAuthorized
-
isResourceValidForPermission
-
validateResourceCompatibility
-
configureQuery
-
configureQueryHistoricFinishedInstanceReport
public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource) -
enableQueryAuthCheck
-
configureQuery
- Overrides:
configureQuery
in classAbstractManager
-
configureQuery
-
configureQuery
public void configureQuery(AbstractQuery query, Resource resource, String queryParam, Permission permission) -
isPermissionDisabled
-
addPermissionCheck
protected void addPermissionCheck(AuthorizationCheck authCheck, CompositePermissionCheck compositeCheck) -
deleteAuthorizationsByResourceIds
-
deleteAuthorizationsByResourceId
-
deleteAuthorizationsByResourceIdAndUserId
-
deleteAuthorizationsByResourceIdAndGroupId
-
checkCamundaAdmin
public void checkCamundaAdmin()Checks if the current authentication contains the groupGroups.CAMUNDA_ADMIN
. The check is ignored if the authorization is disabled or no authentication exists.- Throws:
AuthorizationException
-
checkCamundaAdminOrPermission
-
isCamundaAdmin
- Parameters:
authentication
- authentication to check, cannot benull
- Returns:
true
if the given authentication contains the groupGroups.CAMUNDA_ADMIN
or the user
-
configureDeploymentQuery
-
configureProcessDefinitionQuery
-
configureExecutionQuery
-
configureTaskQuery
-
configureEventSubscriptionQuery
-
configureConditionalEventSubscriptionQuery
-
configureIncidentQuery
-
configureVariableInstanceQuery
-
configureJobDefinitionQuery
-
configureJobQuery
-
configureHistoricProcessInstanceQuery
-
configureHistoricActivityInstanceQuery
-
configureHistoricTaskInstanceQuery
-
configureHistoricVariableInstanceQuery
-
configureHistoricDetailQuery
-
configureHistoricVariableAndDetailQuery
-
configureHistoricJobLogQuery
-
configureHistoricIncidentQuery
-
configureHistoricIdentityLinkQuery
-
configureHistoricDecisionInstanceQuery
-
configureHistoricExternalTaskLogQuery
-
configureUserOperationLogQuery
-
configureHistoricBatchQuery
-
configureDeploymentStatisticsQuery
-
configureProcessDefinitionStatisticsQuery
-
configureActivityStatisticsQuery
-
configureExternalTaskQuery
-
configureExternalTaskFetch
-
configureDecisionDefinitionQuery
-
configureDecisionRequirementsDefinitionQuery
public void configureDecisionRequirementsDefinitionQuery(DecisionRequirementsDefinitionQueryImpl query) -
configureBatchQuery
-
configureBatchStatisticsQuery
-
filterAuthenticatedGroupIds
-
getAllGroups
-
isAuthCheckExecuted
protected boolean isAuthCheckExecuted() -
isEnsureSpecificVariablePermission
public boolean isEnsureSpecificVariablePermission() -
isHistoricInstancePermissionsEnabled
protected boolean isHistoricInstancePermissionsEnabled() -
addRemovalTimeToAuthorizationsByRootProcessInstanceId
public DbOperation addRemovalTimeToAuthorizationsByRootProcessInstanceId(String rootProcessInstanceId, Date removalTime, Integer batchSize) -
addRemovalTimeToAuthorizationsByProcessInstanceId
public DbOperation addRemovalTimeToAuthorizationsByProcessInstanceId(String processInstanceId, Date removalTime, Integer batchSize) -
deleteAuthorizationsByRemovalTime
public DbOperation deleteAuthorizationsByRemovalTime(Date removalTime, int minuteFrom, int minuteTo, int batchSize)
-