org.camunda.bpm.engine.impl.persistence.entity

Class AuthorizationManager

java.lang.Object

org.camunda.bpm.engine.impl.persistence.AbstractManager

org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager

All Implemented Interfaces:

Session

public class AuthorizationManager
extends AbstractManager

Author:

Daniel Meyer

Field Summary

Fields

Modifier and Type	Field and Description
protected Set<String>	availableAuthorizedGroupIds Group ids for which authorizations exist in the database.
static String	DEFAULT_AUTHORIZATION_CHECK
protected static List<String>	EMPTY_LIST

Constructor Summary

Constructors

Constructor and Description
AuthorizationManager()

Method Summary

Methods

Modifier and Type	Method and Description
protected void	addPermissionCheck(AbstractQuery query, Resource resource, String queryParam, Permission permission)
void	checkAuthorization(List<PermissionCheck> permissionChecks)
void	checkAuthorization(PermissionCheck... permissionChecks)
void	checkAuthorization(Permission permission, Resource resource)
void	checkAuthorization(Permission permission, Resource resource, String resourceId)
void	checkCreateDeployment()
void	checkCreateProcessInstance(ProcessDefinitionEntity definition)
void	checkCreateTask()
void	checkDeleteDeployment(String deploymentId)
void	checkDeleteHistoricProcessInstance(HistoricProcessInstance instance)
void	checkDeleteHistoricTaskInstance(HistoricTaskInstanceEntity task)
void	checkDeleteProcessInstance(ExecutionEntity execution)
void	checkDeleteTask(TaskEntity task)
void	checkDeleteUserOperationLog(UserOperationLogEntry entry)
void	checkReadDeployment(String deploymentId)
void	checkReadHistoricJobLog(HistoricJobLogEventEntity historicJobLog)
void	checkReadProcessDefinition(ProcessDefinitionEntity definition)
void	checkReadProcessDefinition(String processDefinitionKey)
void	checkReadProcessInstance(ExecutionEntity execution)
void	checkReadProcessInstance(JobEntity job)
void	checkReadProcessInstance(String processInstanceId)
void	checkReadTask(TaskEntity task)
void	checkUpdateProcessDefinitionById(String processDefinitionId)
void	checkUpdateProcessDefinitionByKey(String processDefinitionKey)
void	checkUpdateProcessInstance(ExecutionEntity execution)
void	checkUpdateProcessInstance(JobEntity job)
void	checkUpdateProcessInstanceById(String processInstanceId)
void	checkUpdateProcessInstanceByProcessDefinitionId(String processDefinitionId)
void	checkUpdateProcessInstanceByProcessDefinitionKey(String processDefinitionKey)
void	checkUpdateTask(TaskEntity task)
void	configureActivityStatisticsQuery(ActivityStatisticsQueryImpl query)
void	configureDeploymentQuery(DeploymentQueryImpl query)
void	configureDeploymentStatisticsQuery(DeploymentStatisticsQueryImpl query)
void	configureEventSubscriptionQuery(EventSubscriptionQueryImpl query)
void	configureExecutionQuery(AbstractQuery query)
void	configureHistoricActivityInstanceQuery(HistoricActivityInstanceQueryImpl query)
void	configureHistoricDetailQuery(HistoricDetailQueryImpl query)
void	configureHistoricIncidentQuery(HistoricIncidentQueryImpl query)
void	configureHistoricJobLogQuery(HistoricJobLogQueryImpl query)
void	configureHistoricProcessInstanceQuery(HistoricProcessInstanceQueryImpl query)
void	configureHistoricTaskInstanceQuery(HistoricTaskInstanceQueryImpl query)
void	configureHistoricVariableInstanceQuery(HistoricVariableInstanceQueryImpl query)
void	configureIncidentQuery(IncidentQueryImpl query)
void	configureJobDefinitionQuery(JobDefinitionQueryImpl query)
void	configureJobQuery(JobQueryImpl query)
void	configureProcessDefinitionQuery(ProcessDefinitionQueryImpl query)
void	configureProcessDefinitionStatisticsQuery(ProcessDefinitionStatisticsQueryImpl query)
void	configureQuery(AbstractQuery query)
void	configureQuery(AbstractQuery query, Resource resource)
void	configureQuery(AbstractQuery query, Resource resource, String queryParam)
void	configureQuery(AbstractQuery query, Resource resource, String queryParam, Permission permission)
void	configureTaskQuery(TaskQueryImpl query)
void	configureUserOperationLogQuery(UserOperationLogQueryImpl query)
protected void	configureVariableInstanceQuery(VariableInstanceQueryImpl query)
Authorization	createNewAuthorization(int type)
void	delete(DbEntity authorization)
void	deleteAuthorizationsByResourceId(Resource resource, String resourceId)
List<String>	filterAuthenticatedGroupIds(List<String> authenticatedGroupIds)
AuthorizationEntity	findAuthorization(int type, String userId, String groupId, Resource resource, String resourceId)
AuthorizationEntity	findAuthorizationByGroupIdAndResourceId(int type, String groupId, Resource resource, String resourceId)
AuthorizationEntity	findAuthorizationByUserIdAndResourceId(int type, String userId, Resource resource, String resourceId)
void	insert(DbEntity authorization)
boolean	isAuthorized(Permission permission, Resource resource, String resourceId)
boolean	isAuthorized(String userId, List<String> groupIds, List<PermissionCheck> permissionChecks)
boolean	isAuthorized(String userId, List<String> groupIds, Permission permission, Resource resource, String resourceId)
void	isCamundaAdmin()
List<Authorization>	selectAuthorizationByQueryCriteria(AuthorizationQueryImpl authorizationQuery)
Long	selectAuthorizationCountByQueryCriteria(AuthorizationQueryImpl authorizationQuery)
void	update(AuthorizationEntity authorization)

Methods inherited from class org.camunda.bpm.engine.impl.persistence.AbstractManager

close, deleteAuthorizations, deleteDefaultAuthorizations, flush, getAttachmentManager, getAuthorizationManager, getByteArrayManager, getCaseDefinitionManager, getCaseExecutionManager, getCaseInstanceManager, getCommandContext, getCurrentAuthentication, getDbEntityManager, getDbSqlSession, getDeploymentManager, getEventSubscriptionManager, getHistoricActivityInstanceManager, getHistoricCaseActivityInstanceManager, getHistoricCaseInstanceManager, getHistoricDetailManager, getHistoricIncidentManager, getHistoricJobLogManager, getHistoricProcessInstanceManager, getHistoricTaskInstanceManager, getHistoricVariableInstanceManager, getIdentityInfoManager, getIdentityLinkManager, getJobDefinitionManager, getJobManager, getProcessDefinitionManager, getProcessInstanceManager, getResourceAuthorizationProvider, getResourceManager, getSession, getTaskManager, getUserOperationLogManager, getVariableInstanceManager, isAuthorizationEnabled, saveDefaultAuthorizations

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_AUTHORIZATION_CHECK

public static final String DEFAULT_AUTHORIZATION_CHECK

See Also:

Constant Field Values

EMPTY_LIST

protected static final List<String> EMPTY_LIST

availableAuthorizedGroupIds

protected Set<String> availableAuthorizedGroupIds

Group ids for which authorizations exist in the database. This is initialized once per command by the filterAuthenticatedGroupIds(List) method. (Manager instances are command scoped). It is used to only check authorizations for groups for which authorizations exist. In other words, if for a given group no authorization exists in the DB, then auth checks are not performed for this group.

Constructor Detail

AuthorizationManager

public AuthorizationManager()

Method Detail

createNewAuthorization

public Authorization createNewAuthorization(int type)

insert

public void insert(DbEntity authorization)

Overrides:

insert in class AbstractManager

selectAuthorizationByQueryCriteria

public List<Authorization> selectAuthorizationByQueryCriteria(AuthorizationQueryImpl authorizationQuery)

selectAuthorizationCountByQueryCriteria

public Long selectAuthorizationCountByQueryCriteria(AuthorizationQueryImpl authorizationQuery)

findAuthorizationByUserIdAndResourceId

public AuthorizationEntity findAuthorizationByUserIdAndResourceId(int type,
                                                         String userId,
                                                         Resource resource,
                                                         String resourceId)

findAuthorizationByGroupIdAndResourceId

public AuthorizationEntity findAuthorizationByGroupIdAndResourceId(int type,
                                                          String groupId,
                                                          Resource resource,
                                                          String resourceId)

findAuthorization

public AuthorizationEntity findAuthorization(int type,
                                    String userId,
                                    String groupId,
                                    Resource resource,
                                    String resourceId)

update

public void update(AuthorizationEntity authorization)

delete

public void delete(DbEntity authorization)

Overrides:

delete in class AbstractManager

checkAuthorization

public void checkAuthorization(PermissionCheck... permissionChecks)

checkAuthorization

public void checkAuthorization(List<PermissionCheck> permissionChecks)

checkAuthorization

public void checkAuthorization(Permission permission,
                      Resource resource)

checkAuthorization

public void checkAuthorization(Permission permission,
                      Resource resource,
                      String resourceId)

Overrides:

checkAuthorization in class AbstractManager

isAuthorized

public boolean isAuthorized(Permission permission,
                   Resource resource,
                   String resourceId)

isAuthorized

public boolean isAuthorized(String userId,
                   List<String> groupIds,
                   Permission permission,
                   Resource resource,
                   String resourceId)

isAuthorized

public boolean isAuthorized(String userId,
                   List<String> groupIds,
                   List<PermissionCheck> permissionChecks)

configureQuery

public void configureQuery(AbstractQuery query)

configureQuery

public void configureQuery(AbstractQuery query,
                  Resource resource)

Overrides:

configureQuery in class AbstractManager

configureQuery

public void configureQuery(AbstractQuery query,
                  Resource resource,
                  String queryParam)

configureQuery

public void configureQuery(AbstractQuery query,
                  Resource resource,
                  String queryParam,
                  Permission permission)

addPermissionCheck

protected void addPermissionCheck(AbstractQuery query,
                      Resource resource,
                      String queryParam,
                      Permission permission)

deleteAuthorizationsByResourceId

public void deleteAuthorizationsByResourceId(Resource resource,
                                    String resourceId)

isCamundaAdmin

public void isCamundaAdmin()

checkCreateDeployment

public void checkCreateDeployment()

checkReadDeployment

public void checkReadDeployment(String deploymentId)

checkDeleteDeployment

public void checkDeleteDeployment(String deploymentId)

checkReadProcessDefinition

public void checkReadProcessDefinition(ProcessDefinitionEntity definition)

checkReadProcessDefinition

public void checkReadProcessDefinition(String processDefinitionKey)

checkUpdateProcessDefinitionById

public void checkUpdateProcessDefinitionById(String processDefinitionId)

checkUpdateProcessDefinitionByKey

public void checkUpdateProcessDefinitionByKey(String processDefinitionKey)

checkCreateProcessInstance

public void checkCreateProcessInstance(ProcessDefinitionEntity definition)

checkReadProcessInstance

public void checkReadProcessInstance(String processInstanceId)

checkReadProcessInstance

public void checkReadProcessInstance(ExecutionEntity execution)

checkReadProcessInstance

public void checkReadProcessInstance(JobEntity job)

checkReadHistoricJobLog

public void checkReadHistoricJobLog(HistoricJobLogEventEntity historicJobLog)

checkUpdateProcessInstanceById

public void checkUpdateProcessInstanceById(String processInstanceId)

checkUpdateProcessInstance

public void checkUpdateProcessInstance(ExecutionEntity execution)

checkUpdateProcessInstance

public void checkUpdateProcessInstance(JobEntity job)

checkUpdateProcessInstanceByProcessDefinitionId

public void checkUpdateProcessInstanceByProcessDefinitionId(String processDefinitionId)

checkUpdateProcessInstanceByProcessDefinitionKey

public void checkUpdateProcessInstanceByProcessDefinitionKey(String processDefinitionKey)

checkDeleteProcessInstance

public void checkDeleteProcessInstance(ExecutionEntity execution)

checkDeleteHistoricProcessInstance

public void checkDeleteHistoricProcessInstance(HistoricProcessInstance instance)

checkCreateTask

public void checkCreateTask()

checkReadTask

public void checkReadTask(TaskEntity task)

checkUpdateTask

public void checkUpdateTask(TaskEntity task)

checkDeleteTask

public void checkDeleteTask(TaskEntity task)

checkDeleteHistoricTaskInstance

public void checkDeleteHistoricTaskInstance(HistoricTaskInstanceEntity task)

checkDeleteUserOperationLog

public void checkDeleteUserOperationLog(UserOperationLogEntry entry)

configureDeploymentQuery

public void configureDeploymentQuery(DeploymentQueryImpl query)

configureProcessDefinitionQuery

public void configureProcessDefinitionQuery(ProcessDefinitionQueryImpl query)

configureExecutionQuery

public void configureExecutionQuery(AbstractQuery query)

configureTaskQuery

public void configureTaskQuery(TaskQueryImpl query)

configureEventSubscriptionQuery

public void configureEventSubscriptionQuery(EventSubscriptionQueryImpl query)

configureIncidentQuery

public void configureIncidentQuery(IncidentQueryImpl query)

configureVariableInstanceQuery

protected void configureVariableInstanceQuery(VariableInstanceQueryImpl query)

configureJobDefinitionQuery

public void configureJobDefinitionQuery(JobDefinitionQueryImpl query)

configureJobQuery

public void configureJobQuery(JobQueryImpl query)

configureHistoricProcessInstanceQuery

public void configureHistoricProcessInstanceQuery(HistoricProcessInstanceQueryImpl query)

configureHistoricActivityInstanceQuery

public void configureHistoricActivityInstanceQuery(HistoricActivityInstanceQueryImpl query)

configureHistoricTaskInstanceQuery

public void configureHistoricTaskInstanceQuery(HistoricTaskInstanceQueryImpl query)

configureHistoricVariableInstanceQuery

public void configureHistoricVariableInstanceQuery(HistoricVariableInstanceQueryImpl query)

configureHistoricDetailQuery

public void configureHistoricDetailQuery(HistoricDetailQueryImpl query)

configureHistoricJobLogQuery

public void configureHistoricJobLogQuery(HistoricJobLogQueryImpl query)

configureHistoricIncidentQuery

public void configureHistoricIncidentQuery(HistoricIncidentQueryImpl query)

configureUserOperationLogQuery

public void configureUserOperationLogQuery(UserOperationLogQueryImpl query)

configureDeploymentStatisticsQuery

public void configureDeploymentStatisticsQuery(DeploymentStatisticsQueryImpl query)

configureProcessDefinitionStatisticsQuery

public void configureProcessDefinitionStatisticsQuery(ProcessDefinitionStatisticsQueryImpl query)

configureActivityStatisticsQuery

public void configureActivityStatisticsQuery(ActivityStatisticsQueryImpl query)

filterAuthenticatedGroupIds

public List<String> filterAuthenticatedGroupIds(List<String> authenticatedGroupIds)