Class CasePermissionServiceImpl
java.lang.Object
com.flowable.platform.security.service.AbstractPlatformSecurityService
com.flowable.platform.security.permission.CasePermissionServiceImpl
- All Implemented Interfaces:
CasePermissionService, PermissionService, PermissionServiceRegistryAware, Aware
public class CasePermissionServiceImpl
extends AbstractPlatformSecurityService
implements CasePermissionService
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected org.flowable.cmmn.engine.CmmnEngineConfigurationprotected org.flowable.cmmn.api.CmmnHistoryServiceprotected PlatformIdentityServiceprotected final StringFields inherited from class AbstractPlatformSecurityService
additionalAdminUsers, CASE_PREFIX, cmmnRepositoryService, cmmnRuntimeService, cmmnTaskService, defaultSecurityPolicyKey, defaultSecurityPolicyModel, EXTERNAL_WORKER_PREFIX, inspectEnabled, permissionServiceRegistry, platformSecurityInterceptor, policyRepositoryService, PROCESS_PREFIX, repositoryService, runtimeService, SECURITY_POLICY_MODEL, TASK_PREFIX, taskService -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected booleancheckPermissionInCaseParent(String casePermission, SecurityPolicyModel securityPolicyModel) fetchPermissionsForHistoricScope(String scopeId, boolean checkWritePermissionInParent, String userId, Set<String> groupKeys, String tenantId) fetchPermissionsForHistoricScope(String scopeId, String userId, Set<String> groupKeys, String tenantId) fetchPermissionsForRuntimeScope(String scopeId, boolean checkWritePermissionInParent, String userId, Set<String> groupKeys, String tenantId) fetchPermissionsForRuntimeScope(String scopeId, String userId, Set<String> groupKeys, String tenantId) fetchSecurityPolicyModelForCaseInstance(String caseDefinitionId, String tenantId) protected org.flowable.cmmn.api.repository.CaseDefinitionfindCaseDefinition(String caseDefinitionId, String caseDefinitionKey, String tenantId) org.flowable.cmmn.api.runtime.CaseInstancegetCaseInstance(String caseInstanceId, String tenantId) org.flowable.cmmn.api.history.HistoricCaseInstancegetHistoricCaseInstance(String caseInstanceId, String tenantId) getHistoricCasePermissions(String caseInstanceId, String definitionId, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, String tenantId) getRuntimeCasePermissions(String caseInstanceId, String definitionId, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, String tenantId) The scope type that this permissions service supports.protected SecurityPolicyModelgetSecurityModel(String caseDefinitionId, String tenantId) protected booleanhasPermission(String permission, String startUserId, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, SecurityPolicyModel securityPolicyModel) protected booleanhasPermissionForCaseInstance(String permission, String caseInstanceId, boolean isHistoricInstance, String startUserId, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, String caseDefinitionId, String userId, Set<String> groupKeys, String tenantId) booleanhasPermissionForCaseInstance(String permission, org.flowable.cmmn.api.runtime.CaseInstance caseInstance, String userId, Set<String> groupKeys, String tenantId) booleanhasPermissionForHistoricCaseInstance(String permission, org.flowable.cmmn.api.history.HistoricCaseInstance caseInstance, String userId, Set<String> groupKeys, String tenantId) booleanhasPermissionForHistoricScope(String permission, String scopeId, String userId, Set<String> groupKeys, String tenantId) booleanhasPermissionForRuntimeScope(String permission, String scopeId, String userId, Set<String> groupKeys, String tenantId) booleanhasPermissionForScope(String permission, String scopeId, String userId, Set<String> groupKeys, String tenantId) booleanhasReadPermissionOnScopeDefinition(String scopeDefinitionId, String scopeDefinitionKey, String userId, Set<String> groupKeys, String tenantId) Collection<org.flowable.identitylink.api.IdentityLinkInfo> resolveCandidateIdentityLinks(String caseInstanceId, String caseDefinitionId) Resolves the identity links used to filter the assignee candidate list of a running case instance.translateParentPermissions(List<String> parentPermissions, String scopeType) voidvalidateParticipantValue(org.flowable.cmmn.api.runtime.CaseInstance caseInstance, String participantCandidate, String userId, Set<String> groupKeys, String tenantId) voidvalidatePermissionForCaseInstance(String permission, org.flowable.cmmn.api.runtime.CaseInstance caseInstance, String userId, Set<String> groupKeys, String tenantId) voidvalidatePermissionForHistoricCaseInstance(String permission, org.flowable.cmmn.api.history.HistoricCaseInstance caseInstance, String userId, Set<String> groupKeys, String tenantId) Methods inherited from class AbstractPlatformSecurityService
addAdditionalPermissions, currentUserHasAdminRights, currentUserIsSuperAdmin, fetchCasePermissionMappings, fetchCasePermissionMappings, fetchCaseSecurityPolicyModel, fetchPermissions, fetchPermissionsForTask, fetchProcessPermissionMappings, fetchProcessPermissionMappings, fetchProcessSecurityPolicyModel, fetchSecurityPolicyModel, fetchSecurityPolicyModel, fetchSecurityPolicyModelForCaseInstance, fetchSecurityPolicyModelForProcessInstance, fetchSecurityPolicyModelForTask, fetchSecurityPolicyModelForTask, fetchTaskPermissionMappings, fetchTaskPermissionMappings, fetchTaskPermissionMappings, fetchTaskPermissionMappingsForCase, fetchTaskPermissionMappingsForProcess, fetchTaskSecurityPolicyModelForCase, fetchTaskSecurityPolicyModelForProcess, filterPermissionsForRole, getCmmnExtensionElementValue, getCurrentGroupKeys, getCurrentSecurityScope, getCurrentTenantId, getCurrentUserId, getDefaultSecurityPolicyModel, getExtensionElementValue, getSecurityPolicyModelByKey, groupOrUserMatches, groupOrUserMatches, hasAnyMatchingIdentityLink, hasAssigneeOrOwnerIdentityLink, hasPermissionForEntityLinks, hasPermissionForHistoricEntityLinks, setPermissionServiceRegistry, translatePermissionForScope
-
Field Details
-
cmmnHistoryService
-
cmmnEngineConfiguration
-
identityService
-
participantCandidateGroups
-
-
Constructor Details
-
CasePermissionServiceImpl
-
-
Method Details
-
getScopeType
Description copied from interface:PermissionServiceThe scope type that this permissions service supports.- Specified by:
getScopeTypein interfacePermissionService
-
hasPermissionForScope
public boolean hasPermissionForScope(String permission, String scopeId, String userId, Set<String> groupKeys, String tenantId) - Specified by:
hasPermissionForScopein interfacePermissionService
-
validatePermissionForCaseInstance
public void validatePermissionForCaseInstance(String permission, org.flowable.cmmn.api.runtime.CaseInstance caseInstance, String userId, Set<String> groupKeys, String tenantId) - Specified by:
validatePermissionForCaseInstancein interfaceCasePermissionService
-
hasPermissionForCaseInstance
public boolean hasPermissionForCaseInstance(String permission, org.flowable.cmmn.api.runtime.CaseInstance caseInstance, String userId, Set<String> groupKeys, String tenantId) - Specified by:
hasPermissionForCaseInstancein interfaceCasePermissionService
-
validatePermissionForHistoricCaseInstance
public void validatePermissionForHistoricCaseInstance(String permission, org.flowable.cmmn.api.history.HistoricCaseInstance caseInstance, String userId, Set<String> groupKeys, String tenantId) - Specified by:
validatePermissionForHistoricCaseInstancein interfaceCasePermissionService
-
hasPermissionForHistoricCaseInstance
public boolean hasPermissionForHistoricCaseInstance(String permission, org.flowable.cmmn.api.history.HistoricCaseInstance caseInstance, String userId, Set<String> groupKeys, String tenantId) - Specified by:
hasPermissionForHistoricCaseInstancein interfaceCasePermissionService
-
hasPermissionForRuntimeScope
public boolean hasPermissionForRuntimeScope(String permission, String scopeId, String userId, Set<String> groupKeys, String tenantId) - Specified by:
hasPermissionForRuntimeScopein interfacePermissionService
-
fetchPermissionsForRuntimeScope
public List<String> fetchPermissionsForRuntimeScope(String scopeId, String userId, Set<String> groupKeys, String tenantId) - Specified by:
fetchPermissionsForRuntimeScopein interfacePermissionService
-
fetchPermissionsForRuntimeScope
public List<String> fetchPermissionsForRuntimeScope(String scopeId, boolean checkWritePermissionInParent, String userId, Set<String> groupKeys, String tenantId) - Specified by:
fetchPermissionsForRuntimeScopein interfacePermissionService
-
hasPermissionForHistoricScope
public boolean hasPermissionForHistoricScope(String permission, String scopeId, String userId, Set<String> groupKeys, String tenantId) - Specified by:
hasPermissionForHistoricScopein interfacePermissionService
-
fetchPermissionsForHistoricScope
public List<String> fetchPermissionsForHistoricScope(String scopeId, String userId, Set<String> groupKeys, String tenantId) - Specified by:
fetchPermissionsForHistoricScopein interfacePermissionService
-
fetchPermissionsForHistoricScope
public List<String> fetchPermissionsForHistoricScope(String scopeId, boolean checkWritePermissionInParent, String userId, Set<String> groupKeys, String tenantId) - Specified by:
fetchPermissionsForHistoricScopein interfacePermissionService
-
getRuntimeCasePermissions
public List<String> getRuntimeCasePermissions(String caseInstanceId, String definitionId, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, String tenantId) - Specified by:
getRuntimeCasePermissionsin interfaceCasePermissionService
-
getHistoricCasePermissions
public List<String> getHistoricCasePermissions(String caseInstanceId, String definitionId, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, String tenantId) - Specified by:
getHistoricCasePermissionsin interfaceCasePermissionService
-
hasReadPermissionOnScopeDefinition
public boolean hasReadPermissionOnScopeDefinition(String scopeDefinitionId, String scopeDefinitionKey, String userId, Set<String> groupKeys, String tenantId) - Specified by:
hasReadPermissionOnScopeDefinitionin interfacePermissionService
-
getCaseInstance
public org.flowable.cmmn.api.runtime.CaseInstance getCaseInstance(String caseInstanceId, String tenantId) - Specified by:
getCaseInstancein interfaceCasePermissionService
-
getHistoricCaseInstance
public org.flowable.cmmn.api.history.HistoricCaseInstance getHistoricCaseInstance(String caseInstanceId, String tenantId) - Specified by:
getHistoricCaseInstancein interfaceCasePermissionService
-
fetchSecurityPolicyModelForCaseInstance
public SecurityPolicyModel fetchSecurityPolicyModelForCaseInstance(String caseDefinitionId, String tenantId) - Specified by:
fetchSecurityPolicyModelForCaseInstancein interfaceCasePermissionService
-
hasPermissionForCaseInstance
-
hasPermission
protected boolean hasPermission(String permission, String startUserId, List<? extends org.flowable.identitylink.api.IdentityLinkInfo> identityLinks, SecurityPolicyModel securityPolicyModel) -
getSecurityModel
-
findCaseDefinition
-
translateParentPermissions
-
checkPermissionInCaseParent
protected boolean checkPermissionInCaseParent(String casePermission, SecurityPolicyModel securityPolicyModel) -
validateParticipantValue
public void validateParticipantValue(org.flowable.cmmn.api.runtime.CaseInstance caseInstance, String participantCandidate, String userId, Set<String> groupKeys, String tenantId) - Specified by:
validateParticipantValuein interfaceCasePermissionService
-
resolveCandidateIdentityLinks
public Collection<org.flowable.identitylink.api.IdentityLinkInfo> resolveCandidateIdentityLinks(String caseInstanceId, String caseDefinitionId) Description copied from interface:CasePermissionServiceResolves the identity links used to filter the assignee candidate list of a running case instance.- Specified by:
resolveCandidateIdentityLinksin interfaceCasePermissionService- Parameters:
caseInstanceId- the id of the case instance to resolve identity links for.caseDefinitionId- the id of the case definition; used to read thecandidates-typeextension element.- Returns:
- the identity links to restrict the candidate list to, or an empty collection when no
candidates-typefilter is configured, the configured value is unrecognized, or the filter resolves to no users/groups. Callers treat an empty collection as "no filter applied" (all users eligible), mirroring the task candidate behaviour.
-