com.flowable.platform.service.permission

Class UserPermissionServiceImpl

java.lang.Object

com.flowable.platform.service.permission.AbstractDmnBasedPermissionHelper<PlatformUser>

com.flowable.platform.service.permission.UserPermissionServiceImpl

All Implemented Interfaces:

UserPermissionService

public class UserPermissionServiceImpl
extends AbstractDmnBasedPermissionHelper<PlatformUser>
implements UserPermissionService

The default permission service implementing permission checks in the context of a user. Its based on a single permission model used for all actions.

Author:

Micha Kiener

Field Summary

Fields

Modifier and Type	Field and Description
protected CoreIdmEngineConfiguration	coreIdmEngineConfiguration
protected String	decisionKeyDefaultPermissions

Fields inherited from class com.flowable.platform.service.permission.AbstractDmnBasedPermissionHelper

NONE_VALUE, OUTPUT_KEY_ERROR_MESSAGE, OUTPUT_KEY_ERROR_MESSAGE_CODE, OUTPUT_KEY_GROUP_NEEDED, OUTPUT_KEY_PERMISSION

Constructor Summary

Constructors

Constructor and Description
UserPermissionServiceImpl(CoreIdmEngineConfiguration coreIdmEngineConfiguration)

Method Summary

Modifier and Type	Method and Description
Optional<String>	checkUserCreation(String userId, Collection<String> userGroupKeys, String userTenantId, String userToCreateId)
Optional<String>	checkUserCreation(String userId, String userToCreateId) Deprecated.
Optional<String>	checkUserDeactivation(String userId, Collection<String> userGroupKeys, String userTenantId, String userToDeactivateId)
Optional<String>	checkUserDeactivation(String userId, String userToDeactivateId) Deprecated.
Optional<String>	checkUserReactivation(String userId, Collection<String> userGroupKeys, String userTenantId, String userToReactivateId)
Optional<String>	checkUserReactivation(String userId, String userToReactivateId) Deprecated.
protected Map<String,Object>	createRuleInputForDefaultModel(String userId, AuthorizedAction action, PlatformUser scopedObject, Map<String,Object> detailedRuleInput, CommandContext commandContext) If AbstractDmnBasedPermissionHelper.getDecisionKeyDefaultPermissions() returns a non-null value, this method must be implemented in order to create the rule input data for evaluating the default permission model.
protected String	getDecisionKeyDefaultPermissions() If the permission helper is based on a default and detail DMN permission rule mechanism, this method must return the DMN key of the default permission rule model to execute.
protected String	getTenantId(PlatformUser user)
void	setDecisionKeyDefaultPermissions(String decisionKeyDefaultPermissions)

Methods inherited from class com.flowable.platform.service.permission.AbstractDmnBasedPermissionHelper

evaluateDefaultPermissionOutput, evaluatePermissionRuleOutput, evaluatePermissionsAndProcessResult, executeAndLogPermissionModel, getEmptyListOnNullValue, getGroups, isGroupMember, isUserMemberOfGroup, isUserType, processErrorMessage, renderErrorMessage

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

decisionKeyDefaultPermissions

protected String decisionKeyDefaultPermissions

coreIdmEngineConfiguration

protected final CoreIdmEngineConfiguration coreIdmEngineConfiguration

Constructor Detail

UserPermissionServiceImpl

public UserPermissionServiceImpl(CoreIdmEngineConfiguration coreIdmEngineConfiguration)

Method Detail

checkUserCreation

@Deprecated
public Optional<String> checkUserCreation(String userId,
                                                      String userToCreateId)

Deprecated.

Specified by:

checkUserCreation in interface UserPermissionService

checkUserCreation

public Optional<String> checkUserCreation(String userId,
                                          Collection<String> userGroupKeys,
                                          String userTenantId,
                                          String userToCreateId)

Specified by:

checkUserCreation in interface UserPermissionService

checkUserDeactivation

@Deprecated
public Optional<String> checkUserDeactivation(String userId,
                                                          String userToDeactivateId)

Deprecated.

Specified by:

checkUserDeactivation in interface UserPermissionService

checkUserDeactivation

public Optional<String> checkUserDeactivation(String userId,
                                              Collection<String> userGroupKeys,
                                              String userTenantId,
                                              String userToDeactivateId)

Specified by:

checkUserDeactivation in interface UserPermissionService

checkUserReactivation

@Deprecated
public Optional<String> checkUserReactivation(String userId,
                                                          String userToReactivateId)

Deprecated.

Specified by:

checkUserReactivation in interface UserPermissionService

checkUserReactivation

public Optional<String> checkUserReactivation(String userId,
                                              Collection<String> userGroupKeys,
                                              String userTenantId,
                                              String userToReactivateId)

Specified by:

checkUserReactivation in interface UserPermissionService

createRuleInputForDefaultModel

protected Map<String,Object> createRuleInputForDefaultModel(String userId,
                                                            AuthorizedAction action,
                                                            PlatformUser scopedObject,
                                                            Map<String,Object> detailedRuleInput,
                                                            CommandContext commandContext)

Description copied from class: AbstractDmnBasedPermissionHelper

If AbstractDmnBasedPermissionHelper.getDecisionKeyDefaultPermissions() returns a non-null value, this method must be implemented in order to create the rule input data for evaluating the default permission model. The easiest way is by just returning the same rule input as being used for the detailed rule model, but in some cases, the rule input data is different for the default DMN model.

Specified by:

createRuleInputForDefaultModel in class AbstractDmnBasedPermissionHelper<PlatformUser>

Parameters:

userId - the id of the user to test for action permissions

action - the action to test privileges

scopedObject - the optional scoped object for which the action should be checked

detailedRuleInput - the rule input as provided and used for the detailed rule model execution

commandContext - the command context used for execution or access to further services

Returns:

the rule input data used for executing the default DMN permission model

getTenantId

protected String getTenantId(PlatformUser user)

Specified by:

getTenantId in class AbstractDmnBasedPermissionHelper<PlatformUser>

getDecisionKeyDefaultPermissions

protected String getDecisionKeyDefaultPermissions()

Description copied from class: AbstractDmnBasedPermissionHelper

If the permission helper is based on a default and detail DMN permission rule mechanism, this method must return the DMN key of the default permission rule model to execute.

Specified by:

getDecisionKeyDefaultPermissions in class AbstractDmnBasedPermissionHelper<PlatformUser>

Returns:

the optional key of the default DMN permission model, null, if none needed

setDecisionKeyDefaultPermissions

public void setDecisionKeyDefaultPermissions(String decisionKeyDefaultPermissions)