Class AbstractPlatformSecurityService
java.lang.Object
com.flowable.platform.security.service.AbstractPlatformSecurityService
- All Implemented Interfaces:
PermissionServiceRegistryAware,Aware
- Direct Known Subclasses:
CasePermissionServiceImpl,ExternalWorkerJobPermissionService,PlatformAppService,PlatformCaseDefinitionService,PlatformCaseInstanceService,PlatformCasePageService,PlatformCommentService,PlatformContentItemService,PlatformEntityLinkService,PlatformPageService,PlatformProcessDefinitionService,PlatformProcessInstanceService,PlatformStandardDataQuerySafeQueryTransformer,PlatformTaskService,ProcessPermissionServiceImpl,TaskPermissionServiceImpl,WorkDefinitionService,WorkIndexService
public abstract class AbstractPlatformSecurityService
extends Object
implements PermissionServiceRegistryAware
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected String[]protected static final Stringprotected CmmnRepositoryServiceprotected CmmnRuntimeServiceprotected CmmnTaskServiceprotected Stringprotected SecurityPolicyModelprotected static final Stringprotected booleanprotected PermissionServiceRegistryprotected PlatformSecurityInterceptorprotected PolicyRepositoryServiceprotected static final Stringprotected RepositoryServiceprotected RuntimeServiceprotected static final Stringprotected static final Stringprotected TaskService -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidaddAdditionalPermissions(List<String> permissions, String role, String prefix, SecurityPolicyModel securityPolicyModel) protected booleanprotected booleanfetchCasePermissionMappings(String caseInstanceId, String startUserId, List<? extends IdentityLinkInfo> identityLinks, CaseDefinition caseDefinition, String tenantId) fetchCasePermissionMappings(CaseInstance caseInstance, List<? extends IdentityLinkInfo> identityLinks) protected SecurityPolicyModelfetchCaseSecurityPolicyModel(CaseDefinition caseDefinition, String tenantId) fetchPermissions(SecurityPolicyModel securityPolicyModel, String prefix, String startUserId, List<? extends IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys) fetchPermissionsForTask(SecurityPolicyModel securityPolicyModel, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys) fetchProcessPermissionMappings(String processInstanceId, String startUserId, List<? extends IdentityLinkInfo> identityLinks, ProcessDefinition processDefinition, String tenantId) fetchProcessPermissionMappings(ProcessInstance processInstance, List<? extends IdentityLinkInfo> identityLinks) protected SecurityPolicyModelfetchProcessSecurityPolicyModel(ProcessDefinition processDefinition, String tenantId) protected SecurityPolicyModelfetchSecurityPolicyModel(Process process, String tenantId) protected SecurityPolicyModelfetchSecurityPolicyModel(Case caze, String tenantId) protected SecurityPolicyModelfetchSecurityPolicyModelForCaseInstance(String caseInstanceId) protected SecurityPolicyModelfetchSecurityPolicyModelForProcessInstance(String processInstanceId) protected SecurityPolicyModelfetchSecurityPolicyModelForTask(FlowElement flowElement, Process process, String tenantId) protected SecurityPolicyModelfetchSecurityPolicyModelForTask(PlanItemDefinition planItemDefinition, Case caze, String tenantId) fetchTaskPermissionMappings(String taskId, String taskDefinitionKey, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, CaseDefinition caseDefinition, String tenantId) fetchTaskPermissionMappings(String taskId, String taskDefinitionKey, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, ProcessDefinition processDefinition, String tenantId) fetchTaskPermissionMappings(Task task, List<? extends IdentityLinkInfo> identityLinks) fetchTaskPermissionMappingsForCase(String taskDefinitionKey, String caseDefinitionId, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, String tenantId) fetchTaskPermissionMappingsForProcess(String taskDefinitionKey, String processDefinitionId, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, String tenantId) protected SecurityPolicyModelfetchTaskSecurityPolicyModelForCase(String taskDefinitionKey, String caseDefinitionId, String tenantId) protected SecurityPolicyModelfetchTaskSecurityPolicyModelForProcess(String taskDefinitionKey, String processDefinitionId, String tenantId) filterPermissionsForRole(String role, String prefix, SecurityPolicyModel securityPolicyModel) protected StringgetCmmnExtensionElementValue(String name, Map<String, List<ExtensionElement>> extensionElements) protected SecurityScopeprotected Stringprotected Stringprotected SecurityPolicyModelgetDefaultSecurityPolicyModel(String tenantId) protected StringgetExtensionElementValue(String name, Map<String, List<ExtensionElement>> extensionElements) protected SecurityPolicyModelgetSecurityPolicyModelByKey(String securityPolicyModelKey, String tenantId) protected booleangroupOrUserMatches(String identityLinkUser, String identityLinkGroup, String userId, Set<String> groupKeys) protected booleangroupOrUserMatches(IdentityLinkInfo identityLink, String userId, Set<String> groupKeys) protected booleanhasAnyMatchingIdentityLink(Collection<? extends IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys) protected booleanhasAssigneeOrOwnerIdentityLink(List<? extends IdentityLinkInfo> identityLinks) protected booleanhasPermissionForEntityLinks(String permission, List<EntityLink> entityLinks, String userId, Set<String> groupKeys, String tenantId) protected booleanhasPermissionForHistoricEntityLinks(String permission, List<HistoricEntityLink> entityLinks, String userId, Set<String> groupKeys, String tenantId) voidsetPermissionServiceRegistry(PermissionServiceRegistry permissionServiceRegistry) Set the PermissionRegistry that this object should use.protected StringtranslatePermissionForScope(String permission, String scopeType)
-
Field Details
-
SECURITY_POLICY_MODEL
- See Also:
-
CASE_PREFIX
- See Also:
-
PROCESS_PREFIX
- See Also:
-
TASK_PREFIX
- See Also:
-
EXTERNAL_WORKER_PREFIX
- See Also:
-
repositoryService
-
cmmnRepositoryService
-
runtimeService
-
cmmnRuntimeService
-
taskService
-
cmmnTaskService
-
policyRepositoryService
-
platformSecurityInterceptor
-
additionalAdminUsers
-
permissionServiceRegistry
-
defaultSecurityPolicyKey
-
defaultSecurityPolicyModel
-
inspectEnabled
-
-
Constructor Details
-
AbstractPlatformSecurityService
public AbstractPlatformSecurityService()
-
-
Method Details
-
fetchCasePermissionMappings
protected List<String> fetchCasePermissionMappings(CaseInstance caseInstance, List<? extends IdentityLinkInfo> identityLinks) -
fetchCasePermissionMappings
protected List<String> fetchCasePermissionMappings(String caseInstanceId, String startUserId, List<? extends IdentityLinkInfo> identityLinks, CaseDefinition caseDefinition, String tenantId) -
fetchCaseSecurityPolicyModel
protected SecurityPolicyModel fetchCaseSecurityPolicyModel(CaseDefinition caseDefinition, String tenantId) -
fetchProcessPermissionMappings
protected List<String> fetchProcessPermissionMappings(ProcessInstance processInstance, List<? extends IdentityLinkInfo> identityLinks) -
fetchProcessPermissionMappings
protected List<String> fetchProcessPermissionMappings(String processInstanceId, String startUserId, List<? extends IdentityLinkInfo> identityLinks, ProcessDefinition processDefinition, String tenantId) -
fetchProcessSecurityPolicyModel
protected SecurityPolicyModel fetchProcessSecurityPolicyModel(ProcessDefinition processDefinition, String tenantId) -
fetchTaskPermissionMappingsForProcess
-
fetchTaskPermissionMappingsForCase
-
fetchTaskSecurityPolicyModelForProcess
protected SecurityPolicyModel fetchTaskSecurityPolicyModelForProcess(String taskDefinitionKey, String processDefinitionId, String tenantId) -
fetchSecurityPolicyModelForProcessInstance
-
fetchTaskSecurityPolicyModelForCase
protected SecurityPolicyModel fetchTaskSecurityPolicyModelForCase(String taskDefinitionKey, String caseDefinitionId, String tenantId) -
fetchSecurityPolicyModelForCaseInstance
-
fetchTaskPermissionMappings
protected List<String> fetchTaskPermissionMappings(Task task, List<? extends IdentityLinkInfo> identityLinks) -
fetchTaskPermissionMappings
protected List<String> fetchTaskPermissionMappings(String taskId, String taskDefinitionKey, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, ProcessDefinition processDefinition, String tenantId) -
fetchTaskPermissionMappings
protected List<String> fetchTaskPermissionMappings(String taskId, String taskDefinitionKey, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, CaseDefinition caseDefinition, String tenantId) -
fetchPermissions
protected List<String> fetchPermissions(SecurityPolicyModel securityPolicyModel, String prefix, String startUserId, List<? extends IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys) -
fetchPermissionsForTask
protected List<String> fetchPermissionsForTask(SecurityPolicyModel securityPolicyModel, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys) -
hasAssigneeOrOwnerIdentityLink
-
filterPermissionsForRole
protected List<String> filterPermissionsForRole(String role, String prefix, SecurityPolicyModel securityPolicyModel) -
addAdditionalPermissions
protected void addAdditionalPermissions(List<String> permissions, String role, String prefix, SecurityPolicyModel securityPolicyModel) -
fetchSecurityPolicyModel
-
fetchSecurityPolicyModel
-
fetchSecurityPolicyModelForTask
protected SecurityPolicyModel fetchSecurityPolicyModelForTask(FlowElement flowElement, Process process, String tenantId) -
fetchSecurityPolicyModelForTask
protected SecurityPolicyModel fetchSecurityPolicyModelForTask(PlanItemDefinition planItemDefinition, Case caze, String tenantId) -
getCurrentGroupKeys
-
getCurrentUserId
-
getCurrentTenantId
-
getCurrentSecurityScope
-
currentUserHasAdminRights
protected boolean currentUserHasAdminRights() -
currentUserIsSuperAdmin
protected boolean currentUserIsSuperAdmin() -
groupOrUserMatches
protected boolean groupOrUserMatches(IdentityLinkInfo identityLink, String userId, Set<String> groupKeys) -
groupOrUserMatches
-
hasAnyMatchingIdentityLink
protected boolean hasAnyMatchingIdentityLink(Collection<? extends IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys) -
hasPermissionForEntityLinks
-
hasPermissionForHistoricEntityLinks
-
setPermissionServiceRegistry
Description copied from interface:PermissionServiceRegistryAwareSet the PermissionRegistry that this object should use.- Specified by:
setPermissionServiceRegistryin interfacePermissionServiceRegistryAware- Parameters:
permissionServiceRegistry- to be used by this object
-
getSecurityPolicyModelByKey
protected SecurityPolicyModel getSecurityPolicyModelByKey(String securityPolicyModelKey, String tenantId) -
getDefaultSecurityPolicyModel
-
getCmmnExtensionElementValue
-
getExtensionElementValue
-
translatePermissionForScope
-