Package com.flowable.platform.security.service

Class AbstractPlatformSecurityService

java.lang.Object

com.flowable.platform.security.service.AbstractPlatformSecurityService

All Implemented Interfaces:

PermissionServiceRegistryAware, Aware

Direct Known Subclasses:

CasePermissionServiceImpl, ExternalWorkerJobPermissionService, PlatformAgentService, PlatformAppService, PlatformCaseDefinitionService, PlatformCaseInstanceService, PlatformCasePageService, PlatformCommentService, PlatformContentItemService, PlatformEntityLinkService, PlatformPageService, PlatformProcessDefinitionService, PlatformProcessInstanceService, PlatformStandardDataQuerySafeQueryTransformer, PlatformTaskService, ProcessPermissionServiceImpl, TaskPermissionServiceImpl, WorkDefinitionService, WorkIndexService

public abstract class AbstractPlatformSecurityService
extends Object
implements PermissionServiceRegistryAware

Field Summary

Fields

Modifier and Type	Field	Description
protected String[]	additionalAdminUsers
protected static final String	CASE_PREFIX
protected org.flowable.cmmn.api.CmmnRepositoryService	cmmnRepositoryService
protected org.flowable.cmmn.api.CmmnRuntimeService	cmmnRuntimeService
protected org.flowable.cmmn.api.CmmnTaskService	cmmnTaskService
protected String	defaultSecurityPolicyKey
protected SecurityPolicyModel	defaultSecurityPolicyModel
protected static final String	EXTERNAL_WORKER_PREFIX
protected boolean	inspectEnabled
protected PermissionServiceRegistry	permissionServiceRegistry
protected PlatformSecurityInterceptor	platformSecurityInterceptor
protected PolicyRepositoryService	policyRepositoryService
protected static final String	PROCESS_PREFIX
protected org.flowable.engine.RepositoryService	repositoryService
protected org.flowable.engine.RuntimeService	runtimeService
protected static final String	SECURITY_POLICY_MODEL
protected static final String	TASK_PREFIX
protected org.flowable.engine.TaskService	taskService

Constructor Summary

Constructors

Constructor	Description
AbstractPlatformSecurityService()

Method Summary

Modifier and Type	Method	Description
protected void	addAdditionalPermissions(List<String> permissions, String role, String prefix, SecurityPolicyModel securityPolicyModel)
protected boolean	currentUserHasAdminRights()
protected boolean	currentUserIsSuperAdmin()
protected List<String>	fetchCasePermissionMappings(String caseInstanceId, String startUserId, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, org.flowable.cmmn.api.repository.CaseDefinition caseDefinition, String tenantId)
protected List<String>	fetchCasePermissionMappings(org.flowable.cmmn.api.runtime.CaseInstance caseInstance, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks)
protected SecurityPolicyModel	fetchCaseSecurityPolicyModel(org.flowable.cmmn.api.repository.CaseDefinition caseDefinition, String tenantId)
protected List<String>	fetchPermissions(SecurityPolicyModel securityPolicyModel, String prefix, String startUserId, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys)
protected List<String>	fetchPermissionsForTask(SecurityPolicyModel securityPolicyModel, String assignee, String owner, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys)
protected List<String>	fetchProcessPermissionMappings(String processInstanceId, String startUserId, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, org.flowable.engine.repository.ProcessDefinition processDefinition, String tenantId)
protected List<String>	fetchProcessPermissionMappings(org.flowable.engine.runtime.ProcessInstance processInstance, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks)
protected SecurityPolicyModel	fetchProcessSecurityPolicyModel(org.flowable.engine.repository.ProcessDefinition processDefinition, String tenantId)
protected SecurityPolicyModel	fetchSecurityPolicyModel(org.flowable.bpmn.model.Process process, String tenantId)
protected SecurityPolicyModel	fetchSecurityPolicyModel(org.flowable.cmmn.model.Case caze, String tenantId)
protected SecurityPolicyModel	fetchSecurityPolicyModelForCaseInstance(String caseInstanceId)
protected SecurityPolicyModel	fetchSecurityPolicyModelForProcessInstance(String processInstanceId)
protected SecurityPolicyModel	fetchSecurityPolicyModelForTask(org.flowable.bpmn.model.FlowElement flowElement, org.flowable.bpmn.model.Process process, String tenantId)
protected SecurityPolicyModel	fetchSecurityPolicyModelForTask(org.flowable.cmmn.model.PlanItemDefinition planItemDefinition, org.flowable.cmmn.model.Case caze, String tenantId)
protected List<String>	fetchTaskPermissionMappings(String taskId, String taskDefinitionKey, String assignee, String owner, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, org.flowable.cmmn.api.repository.CaseDefinition caseDefinition, String tenantId)
protected List<String>	fetchTaskPermissionMappings(String taskId, String taskDefinitionKey, String assignee, String owner, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, org.flowable.engine.repository.ProcessDefinition processDefinition, String tenantId)
protected List<String>	fetchTaskPermissionMappings(org.flowable.task.api.Task task, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks)
protected List<String>	fetchTaskPermissionMappingsForCase(String taskDefinitionKey, String caseDefinitionId, String assignee, String owner, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, String tenantId)
protected List<String>	fetchTaskPermissionMappingsForProcess(String taskDefinitionKey, String processDefinitionId, String assignee, String owner, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, String tenantId)
protected SecurityPolicyModel	fetchTaskSecurityPolicyModelForCase(String taskDefinitionKey, String caseDefinitionId, String tenantId)
protected SecurityPolicyModel	fetchTaskSecurityPolicyModelForProcess(String taskDefinitionKey, String processDefinitionId, String tenantId)
protected List<String>	filterPermissionsForRole(String role, String prefix, SecurityPolicyModel securityPolicyModel)
protected String	getCmmnExtensionElementValue(String name, Map<String,List<org.flowable.cmmn.model.ExtensionElement>> extensionElements)
protected Set<String>	getCurrentGroupKeys()
protected SecurityScope	getCurrentSecurityScope()
protected String	getCurrentTenantId()
protected String	getCurrentUserId()
protected SecurityPolicyModel	getDefaultSecurityPolicyModel(String tenantId)
protected String	getExtensionElementValue(String name, Map<String,List<org.flowable.bpmn.model.ExtensionElement>> extensionElements)
protected SecurityPolicyModel	getSecurityPolicyModelByKey(String securityPolicyModelKey, String tenantId)
protected boolean	groupOrUserMatches(String identityLinkUser, String identityLinkGroup, String userId, Set<String> groupKeys)
protected boolean	groupOrUserMatches(org.flowable.identitylink.api.IdentityLinkInfo identityLink, String userId, Set<String> groupKeys)
protected boolean	hasAnyMatchingIdentityLink(Collection<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys)
protected boolean	hasAssigneeOrOwnerIdentityLink(List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks)
protected boolean	hasPermissionForEntityLinks(String permission, List<org.flowable.entitylink.api.EntityLink> entityLinks, String userId, Set<String> groupKeys, String tenantId)
protected boolean	hasPermissionForHistoricEntityLinks(String permission, List<org.flowable.entitylink.api.history.HistoricEntityLink> entityLinks, String userId, Set<String> groupKeys, String tenantId)
void	setPermissionServiceRegistry(PermissionServiceRegistry permissionServiceRegistry)	Set the PermissionRegistry that this object should use.
protected String	translatePermissionForScope(String permission, String scopeType)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

SECURITY_POLICY_MODEL

protected static final String SECURITY_POLICY_MODEL

See Also:

• Constant Field Values

CASE_PREFIX

protected static final String CASE_PREFIX

See Also:

• Constant Field Values

PROCESS_PREFIX

protected static final String PROCESS_PREFIX

See Also:

• Constant Field Values

TASK_PREFIX

protected static final String TASK_PREFIX

See Also:

• Constant Field Values

EXTERNAL_WORKER_PREFIX

protected static final String EXTERNAL_WORKER_PREFIX

See Also:

• Constant Field Values

repositoryService

@Autowired(required=false)
protected org.flowable.engine.RepositoryService repositoryService

cmmnRepositoryService

@Autowired(required=false)
protected org.flowable.cmmn.api.CmmnRepositoryService cmmnRepositoryService

runtimeService

@Autowired(required=false)
protected org.flowable.engine.RuntimeService runtimeService

cmmnRuntimeService

@Autowired(required=false)
protected org.flowable.cmmn.api.CmmnRuntimeService cmmnRuntimeService

taskService

@Autowired(required=false)
protected org.flowable.engine.TaskService taskService

cmmnTaskService

@Autowired(required=false)
protected org.flowable.cmmn.api.CmmnTaskService cmmnTaskService

policyRepositoryService

@Autowired(required=false)
protected PolicyRepositoryService policyRepositoryService

platformSecurityInterceptor

@Autowired(required=false)
protected PlatformSecurityInterceptor platformSecurityInterceptor

additionalAdminUsers

@Value("${flowable.platform.idm.additional-admin-users:}")
protected String[] additionalAdminUsers

permissionServiceRegistry

protected PermissionServiceRegistry permissionServiceRegistry

defaultSecurityPolicyKey

@Value("${flowable.policy.default-security-policy:basic-security-policy}")
protected String defaultSecurityPolicyKey

defaultSecurityPolicyModel

protected SecurityPolicyModel defaultSecurityPolicyModel

inspectEnabled

@Value("${flowable.inspect.enabled:false}")
protected boolean inspectEnabled

Constructor Details

AbstractPlatformSecurityService

public AbstractPlatformSecurityService()

Method Details

fetchCasePermissionMappings

protected List<String> fetchCasePermissionMappings(org.flowable.cmmn.api.runtime.CaseInstance caseInstance,
 List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks)

fetchCasePermissionMappings

protected List<String> fetchCasePermissionMappings(String caseInstanceId,
 String startUserId,
 List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks,
 org.flowable.cmmn.api.repository.CaseDefinition caseDefinition,
 String tenantId)

fetchCaseSecurityPolicyModel

protected SecurityPolicyModel fetchCaseSecurityPolicyModel(org.flowable.cmmn.api.repository.CaseDefinition caseDefinition,
 String tenantId)

fetchProcessPermissionMappings

protected List<String> fetchProcessPermissionMappings(org.flowable.engine.runtime.ProcessInstance processInstance,
 List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks)

fetchProcessPermissionMappings

protected List<String> fetchProcessPermissionMappings(String processInstanceId,
 String startUserId,
 List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks,
 org.flowable.engine.repository.ProcessDefinition processDefinition,
 String tenantId)

fetchProcessSecurityPolicyModel

protected SecurityPolicyModel fetchProcessSecurityPolicyModel(org.flowable.engine.repository.ProcessDefinition processDefinition,
 String tenantId)

fetchTaskPermissionMappingsForProcess

protected List<String> fetchTaskPermissionMappingsForProcess(String taskDefinitionKey,
 String processDefinitionId,
 String assignee,
 String owner,
 List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks,
 String tenantId)

fetchTaskPermissionMappingsForCase

protected List<String> fetchTaskPermissionMappingsForCase(String taskDefinitionKey,
 String caseDefinitionId,
 String assignee,
 String owner,
 List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks,
 String tenantId)

fetchTaskSecurityPolicyModelForProcess

protected SecurityPolicyModel fetchTaskSecurityPolicyModelForProcess(String taskDefinitionKey,
 String processDefinitionId,
 String tenantId)

fetchSecurityPolicyModelForProcessInstance

protected SecurityPolicyModel fetchSecurityPolicyModelForProcessInstance(String processInstanceId)

fetchTaskSecurityPolicyModelForCase

protected SecurityPolicyModel fetchTaskSecurityPolicyModelForCase(String taskDefinitionKey,
 String caseDefinitionId,
 String tenantId)

fetchSecurityPolicyModelForCaseInstance

protected SecurityPolicyModel fetchSecurityPolicyModelForCaseInstance(String caseInstanceId)

fetchTaskPermissionMappings

protected List<String> fetchTaskPermissionMappings(org.flowable.task.api.Task task,
 List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks)

fetchTaskPermissionMappings

protected List<String> fetchTaskPermissionMappings(String taskId,
 String taskDefinitionKey,
 String assignee,
 String owner,
 List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks,
 org.flowable.engine.repository.ProcessDefinition processDefinition,
 String tenantId)

fetchTaskPermissionMappings

protected List<String> fetchTaskPermissionMappings(String taskId,
 String taskDefinitionKey,
 String assignee,
 String owner,
 List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks,
 org.flowable.cmmn.api.repository.CaseDefinition caseDefinition,
 String tenantId)

fetchPermissions

protected List<String> fetchPermissions(SecurityPolicyModel securityPolicyModel,
 String prefix,
 String startUserId,
 List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks,
 String userId,
 Set<String> groupKeys)

fetchPermissionsForTask

protected List<String> fetchPermissionsForTask(SecurityPolicyModel securityPolicyModel,
 String assignee,
 String owner,
 List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks,
 String userId,
 Set<String> groupKeys)

hasAssigneeOrOwnerIdentityLink

protected boolean hasAssigneeOrOwnerIdentityLink(List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks)

filterPermissionsForRole

protected List<String> filterPermissionsForRole(String role,
 String prefix,
 SecurityPolicyModel securityPolicyModel)

addAdditionalPermissions

protected void addAdditionalPermissions(List<String> permissions,
 String role,
 String prefix,
 SecurityPolicyModel securityPolicyModel)

fetchSecurityPolicyModel

protected SecurityPolicyModel fetchSecurityPolicyModel(org.flowable.cmmn.model.Case caze,
 String tenantId)

fetchSecurityPolicyModel

protected SecurityPolicyModel fetchSecurityPolicyModel(org.flowable.bpmn.model.Process process,
 String tenantId)

fetchSecurityPolicyModelForTask

protected SecurityPolicyModel fetchSecurityPolicyModelForTask(org.flowable.bpmn.model.FlowElement flowElement,
 org.flowable.bpmn.model.Process process,
 String tenantId)

fetchSecurityPolicyModelForTask

protected SecurityPolicyModel fetchSecurityPolicyModelForTask(org.flowable.cmmn.model.PlanItemDefinition planItemDefinition,
 org.flowable.cmmn.model.Case caze,
 String tenantId)

getCurrentGroupKeys

protected Set<String> getCurrentGroupKeys()

getCurrentUserId

protected String getCurrentUserId()

getCurrentTenantId

protected String getCurrentTenantId()

getCurrentSecurityScope

protected SecurityScope getCurrentSecurityScope()

currentUserHasAdminRights

protected boolean currentUserHasAdminRights()

currentUserIsSuperAdmin

protected boolean currentUserIsSuperAdmin()

groupOrUserMatches

protected boolean groupOrUserMatches(org.flowable.identitylink.api.IdentityLinkInfo identityLink,
 String userId,
 Set<String> groupKeys)

groupOrUserMatches

protected boolean groupOrUserMatches(String identityLinkUser,
 String identityLinkGroup,
 String userId,
 Set<String> groupKeys)

hasAnyMatchingIdentityLink

protected boolean hasAnyMatchingIdentityLink(Collection<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks,
 String userId,
 Set<String> groupKeys)

hasPermissionForEntityLinks

protected boolean hasPermissionForEntityLinks(String permission,
 List<org.flowable.entitylink.api.EntityLink> entityLinks,
 String userId,
 Set<String> groupKeys,
 String tenantId)

hasPermissionForHistoricEntityLinks

protected boolean hasPermissionForHistoricEntityLinks(String permission,
 List<org.flowable.entitylink.api.history.HistoricEntityLink> entityLinks,
 String userId,
 Set<String> groupKeys,
 String tenantId)

setPermissionServiceRegistry

public void setPermissionServiceRegistry(PermissionServiceRegistry permissionServiceRegistry)

Description copied from interface: PermissionServiceRegistryAware

Set the PermissionRegistry that this object should use.

Specified by:

setPermissionServiceRegistry in interface PermissionServiceRegistryAware

Parameters:

permissionServiceRegistry - to be used by this object

getSecurityPolicyModelByKey

protected SecurityPolicyModel getSecurityPolicyModelByKey(String securityPolicyModelKey,
 String tenantId)

getDefaultSecurityPolicyModel

protected SecurityPolicyModel getDefaultSecurityPolicyModel(String tenantId)

getCmmnExtensionElementValue

protected String getCmmnExtensionElementValue(String name,
 Map<String,List<org.flowable.cmmn.model.ExtensionElement>> extensionElements)

getExtensionElementValue

protected String getExtensionElementValue(String name,
 Map<String,List<org.flowable.bpmn.model.ExtensionElement>> extensionElements)

translatePermissionForScope

protected String translatePermissionForScope(String permission,
 String scopeType)