Package com.flowable.platform.service.permission

Class UserPermissionServiceImpl

java.lang.Object
com.flowable.platform.service.permission.AbstractDmnBasedPermissionHelper<PlatformUser>
com.flowable.platform.service.permission.UserPermissionServiceImpl
All Implemented Interfaces:
UserPermissionService
public class UserPermissionServiceImpl extends AbstractDmnBasedPermissionHelper<PlatformUser> implements UserPermissionService
The default permission service implementing permission checks in the context of a user. Its based on a single permission model used for all actions.
Author:
Micha Kiener

  • Field Details

    • decisionKeyDefaultPermissions

      protected String decisionKeyDefaultPermissions

    • coreIdmEngineConfiguration

      protected final CoreIdmEngineConfiguration coreIdmEngineConfiguration

  • Constructor Details

  • Method Details

    • checkUserCreation

      @Deprecated public Optional<String> checkUserCreation(String userId, String userToCreateId)
      Deprecated.
      Description copied from interface: UserPermissionService
      Evaluates the permissions for the given user when creating a new user.
      Specified by:
      checkUserCreation in interface UserPermissionService
      Parameters:
      userId - the id of the user to check the permissions for (not the one being deactivated)
      userToCreateId - the id of the new user to be created
      Returns:
      the permission error message, if permission is denied to create the user or no message, if permission is granted

    • checkUserCreation

      public Optional<String> checkUserCreation(String userId, Collection<String> userGroupKeys, String userTenantId, String userToCreateId)
      Description copied from interface: UserPermissionService
      Evaluates the permissions for the given user when creating a new user.
      Specified by:
      checkUserCreation in interface UserPermissionService
      Parameters:
      userId - the id of the user to check the permissions for (not the one being deactivated)
      userGroupKeys - the group keys of the user to check the permissions
      userTenantId - the tenant id of the user to check the permissions
      userToCreateId - the id of the new user to be created
      Returns:
      the permission error message, if permission is denied to create the user or no message, if permission is granted

    • checkUserDeactivation

      @Deprecated public Optional<String> checkUserDeactivation(String userId, String userToDeactivateId)
      Deprecated.
      Description copied from interface: UserPermissionService
      Evaluates the permissions for the given user when deactivating a user.
      Specified by:
      checkUserDeactivation in interface UserPermissionService
      Parameters:
      userId - the id of the user to check the permissions for (not the one being deactivated)
      userToDeactivateId - the id of the user to be deactivated
      Returns:
      the permission error message, if permission is denied to deactivate the user or no message, if permission is granted

    • checkUserDeactivation

      public Optional<String> checkUserDeactivation(String userId, Collection<String> userGroupKeys, String userTenantId, String userToDeactivateId)
      Description copied from interface: UserPermissionService
      Evaluates the permissions for the given user when deactivating a user.
      Specified by:
      checkUserDeactivation in interface UserPermissionService
      Parameters:
      userId - the id of the user to check the permissions for (not the one being deactivated)
      userGroupKeys - the group keys of the user to check the permissions
      userTenantId - the tenant id of the user to check the permissions
      userToDeactivateId - the id of the user to be deactivated
      Returns:
      the permission error message, if permission is denied to deactivate the user or no message, if permission is granted

    • checkUserReactivation

      @Deprecated public Optional<String> checkUserReactivation(String userId, String userToReactivateId)
      Deprecated.
      Description copied from interface: UserPermissionService
      Evaluates the permissions for the given user when reactivating a user.
      Specified by:
      checkUserReactivation in interface UserPermissionService
      Parameters:
      userId - the id of the user to check the permissions for (not the one being reactivated)
      userToReactivateId - the id of the user to be reactivated
      Returns:
      the permission error message, if permission is denied to reactivate the user or no message, if permission is granted

    • checkUserReactivation

      public Optional<String> checkUserReactivation(String userId, Collection<String> userGroupKeys, String userTenantId, String userToReactivateId)
      Specified by:
      checkUserReactivation in interface UserPermissionService

    • createRuleInputForDefaultModel

      protected Map<String,Object> createRuleInputForDefaultModel(String userId, AuthorizedAction action, PlatformUser scopedObject, Map<String,Object> detailedRuleInput, CommandContext commandContext)
      Description copied from class: AbstractDmnBasedPermissionHelper
      If AbstractDmnBasedPermissionHelper.getDecisionKeyDefaultPermissions() returns a non-null value, this method must be implemented in order to create the rule input data for evaluating the default permission model. The easiest way is by just returning the same rule input as being used for the detailed rule model, but in some cases, the rule input data is different for the default DMN model.
      Specified by:
      createRuleInputForDefaultModel in class AbstractDmnBasedPermissionHelper<PlatformUser>
      Parameters:
      userId - the id of the user to test for action permissions
      action - the action to test privileges
      scopedObject - the optional scoped object for which the action should be checked
      detailedRuleInput - the rule input as provided and used for the detailed rule model execution
      commandContext - the command context used for execution or access to further services
      Returns:
      the rule input data used for executing the default DMN permission model

    • getTenantId

      protected String getTenantId(PlatformUser user)
      Specified by:
      getTenantId in class AbstractDmnBasedPermissionHelper<PlatformUser>

    • getDecisionKeyDefaultPermissions

      protected String getDecisionKeyDefaultPermissions()
      Description copied from class: AbstractDmnBasedPermissionHelper
      If the permission helper is based on a default and detail DMN permission rule mechanism, this method must return the DMN key of the default permission rule model to execute.
      Specified by:
      getDecisionKeyDefaultPermissions in class AbstractDmnBasedPermissionHelper<PlatformUser>
      Returns:
      the optional key of the default DMN permission model, null, if none needed

    • setDecisionKeyDefaultPermissions

      public void setDecisionKeyDefaultPermissions(String decisionKeyDefaultPermissions)