java.lang.Object

com.flowable.platform.security.service.AbstractPlatformSecurityService

All Implemented Interfaces:: PermissionServiceRegistryAware, Aware

Direct Known Subclasses:: CasePermissionServiceImpl, ExternalWorkerJobPermissionService, PlatformAppService, PlatformCaseDefinitionService, PlatformCaseInstanceService, PlatformCasePageService, PlatformCommentService, PlatformContentItemService, PlatformEntityLinkService, PlatformProcessDefinitionService, PlatformProcessInstanceService, PlatformStandardDataQuerySafeQueryTransformer, PlatformTaskService, ProcessPermissionServiceImpl, TaskPermissionServiceImpl, WorkDefinitionService, WorkIndexService

public abstract class AbstractPlatformSecurityService extends Object implements PermissionServiceRegistryAware

Field Summary

Fields

Modifier and Type

Field

Description

protected String[]

additionalAdminUsers

protected static final String

CASE_PREFIX

protected CmmnRepositoryService

cmmnRepositoryService

protected CmmnRuntimeService

cmmnRuntimeService

protected CmmnTaskService

cmmnTaskService

protected String

defaultSecurityPolicyKey

protected SecurityPolicyModel

defaultSecurityPolicyModel

protected static final String

EXTERNAL_WORKER_PREFIX

protected boolean

inspectEnabled

protected PermissionServiceRegistry

permissionServiceRegistry

protected PlatformSecurityInterceptor

platformSecurityInterceptor

protected PolicyRepositoryService

policyRepositoryService

protected static final String

PROCESS_PREFIX

protected RepositoryService

repositoryService

protected RuntimeService

runtimeService

protected static final String

SECURITY_POLICY_MODEL

protected static final String

TASK_PREFIX

protected TaskService

taskService
Constructor Summary

Constructors

Constructor

Description

AbstractPlatformSecurityService()
Method Summary

Modifier and Type

Method

Description

protected boolean

currentUserHasAdminRights()

protected boolean

currentUserIsSuperAdmin()

protected List<String>

fetchCasePermissionMappings(String caseInstanceId, String startUserId, List<? extends IdentityLinkInfo> identityLinks, CaseDefinition caseDefinition, String tenantId)

protected List<String>

fetchCasePermissionMappings(CaseInstance caseInstance, List<? extends IdentityLinkInfo> identityLinks)

protected SecurityPolicyModel

fetchCaseSecurityPolicyModel(CaseDefinition caseDefinition, String tenantId)

protected List<String>

fetchPermissions(SecurityPolicyModel securityPolicyModel, String prefix, String startUserId, List<? extends IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys)

protected List<String>

fetchPermissionsForTask(SecurityPolicyModel securityPolicyModel, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys)

protected List<String>

fetchProcessPermissionMappings(String processInstanceId, String startUserId, List<? extends IdentityLinkInfo> identityLinks, ProcessDefinition processDefinition, String tenantId)

protected List<String>

fetchProcessPermissionMappings(ProcessInstance processInstance, List<? extends IdentityLinkInfo> identityLinks)

protected SecurityPolicyModel

fetchProcessSecurityPolicyModel(ProcessDefinition processDefinition, String tenantId)

protected SecurityPolicyModel

fetchSecurityPolicyModel(Process process, String tenantId)

protected SecurityPolicyModel

fetchSecurityPolicyModel(Case caze, String tenantId)

protected SecurityPolicyModel

fetchSecurityPolicyModelForCaseInstance(String caseInstanceId)

protected SecurityPolicyModel

fetchSecurityPolicyModelForProcessInstance(String processInstanceId)

protected SecurityPolicyModel

fetchSecurityPolicyModelForTask(FlowElement flowElement, Process process, String tenantId)

protected SecurityPolicyModel

fetchSecurityPolicyModelForTask(PlanItemDefinition planItemDefinition, Case caze, String tenantId)

protected List<String>

fetchTaskPermissionMappings(String taskId, String taskDefinitionKey, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, CaseDefinition caseDefinition, String tenantId)

protected List<String>

fetchTaskPermissionMappings(String taskId, String taskDefinitionKey, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, ProcessDefinition processDefinition, String tenantId)

protected List<String>

fetchTaskPermissionMappings(Task task, List<? extends IdentityLinkInfo> identityLinks)

protected List<String>

fetchTaskPermissionMappingsForCase(String taskDefinitionKey, String caseDefinitionId, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, String tenantId)

protected List<String>

fetchTaskPermissionMappingsForProcess(String taskDefinitionKey, String processDefinitionId, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, String tenantId)

protected SecurityPolicyModel

fetchTaskSecurityPolicyModelForCase(String taskDefinitionKey, String caseDefinitionId, String tenantId)

protected SecurityPolicyModel

fetchTaskSecurityPolicyModelForProcess(String taskDefinitionKey, String processDefinitionId, String tenantId)

protected List<String>

filterPermissionsForRole(String role, String prefix, SecurityPolicyModel securityPolicyModel)

protected String

getCmmnExtensionElementValue(String name, Map<String,List<ExtensionElement>> extensionElements)

protected Set<String>

getCurrentGroupKeys()

protected SecurityScope

getCurrentSecurityScope()

protected String

getCurrentTenantId()

protected String

getCurrentUserId()

protected SecurityPolicyModel

getDefaultSecurityPolicyModel(String tenantId)

protected String

getExtensionElementValue(String name, Map<String,List<ExtensionElement>> extensionElements)

protected SecurityPolicyModel

getSecurityPolicyModelByKey(String securityPolicyModelKey, String tenantId)

protected boolean

groupOrUserMatches(String identityLinkUser, String identityLinkGroup, String userId, Set<String> groupKeys)

protected boolean

groupOrUserMatches(IdentityLinkInfo identityLink, String userId, Set<String> groupKeys)

protected boolean

hasAnyMatchingIdentityLink(Collection<? extends IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys)

protected boolean

hasAssigneeOrOwnerIdentityLink(List<? extends IdentityLinkInfo> identityLinks)

protected boolean

hasPermissionForEntityLinks(String permission, List<EntityLink> entityLinks, String userId, Set<String> groupKeys, String tenantId)

protected boolean

hasPermissionForHistoricEntityLinks(String permission, List<HistoricEntityLink> entityLinks, String userId, Set<String> groupKeys, String tenantId)

void

setPermissionServiceRegistry(PermissionServiceRegistry permissionServiceRegistry)

Set the PermissionRegistry that this object should use.

protected String

translatePermissionForScope(String permission, String scopeType)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- SECURITY_POLICY_MODEL
  
  protected static final String SECURITY_POLICY_MODEL
  See Also:
  
  Constant Field Values
- CASE_PREFIX
  
  protected static final String CASE_PREFIX
  See Also:
  
  Constant Field Values
- PROCESS_PREFIX
  
  protected static final String PROCESS_PREFIX
  See Also:
  
  Constant Field Values
- TASK_PREFIX
  
  protected static final String TASK_PREFIX
  See Also:
  
  Constant Field Values
- EXTERNAL_WORKER_PREFIX
  
  protected static final String EXTERNAL_WORKER_PREFIX
  See Also:
  
  Constant Field Values
- repositoryService
  
  @Autowired(required=false) protected RepositoryService repositoryService
- cmmnRepositoryService
  
  @Autowired(required=false) protected CmmnRepositoryService cmmnRepositoryService
- runtimeService
  
  @Autowired(required=false) protected RuntimeService runtimeService
- cmmnRuntimeService
  
  @Autowired(required=false) protected CmmnRuntimeService cmmnRuntimeService
- taskService
  
  @Autowired(required=false) protected TaskService taskService
- cmmnTaskService
  
  @Autowired(required=false) protected CmmnTaskService cmmnTaskService
- policyRepositoryService
  
  @Autowired(required=false) protected PolicyRepositoryService policyRepositoryService
- platformSecurityInterceptor
  
  @Autowired(required=false) protected PlatformSecurityInterceptor platformSecurityInterceptor
- additionalAdminUsers
  
  @Value("${flowable.platform.idm.additional-admin-users:}") protected String[] additionalAdminUsers
- permissionServiceRegistry
  
  protected PermissionServiceRegistry permissionServiceRegistry
- defaultSecurityPolicyKey
  
  @Value("${flowable.policy.default-security-policy:basic-security-policy}") protected String defaultSecurityPolicyKey
- defaultSecurityPolicyModel
  
  protected SecurityPolicyModel defaultSecurityPolicyModel
- inspectEnabled
  
  @Value("${flowable.inspect.enabled:false}") protected boolean inspectEnabled
Constructor Details
- AbstractPlatformSecurityService
  
  public AbstractPlatformSecurityService()
Method Details
- fetchCasePermissionMappings
  
  protected List<String> fetchCasePermissionMappings(CaseInstance caseInstance, List<? extends IdentityLinkInfo> identityLinks)
- fetchCasePermissionMappings
  
  protected List<String> fetchCasePermissionMappings(String caseInstanceId, String startUserId, List<? extends IdentityLinkInfo> identityLinks, CaseDefinition caseDefinition, String tenantId)
- fetchCaseSecurityPolicyModel
  
  protected SecurityPolicyModel fetchCaseSecurityPolicyModel(CaseDefinition caseDefinition, String tenantId)
- fetchProcessPermissionMappings
  
  protected List<String> fetchProcessPermissionMappings(ProcessInstance processInstance, List<? extends IdentityLinkInfo> identityLinks)
- fetchProcessPermissionMappings
  
  protected List<String> fetchProcessPermissionMappings(String processInstanceId, String startUserId, List<? extends IdentityLinkInfo> identityLinks, ProcessDefinition processDefinition, String tenantId)
- fetchProcessSecurityPolicyModel
  
  protected SecurityPolicyModel fetchProcessSecurityPolicyModel(ProcessDefinition processDefinition, String tenantId)
- fetchTaskPermissionMappingsForProcess
  
  protected List<String> fetchTaskPermissionMappingsForProcess(String taskDefinitionKey, String processDefinitionId, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, String tenantId)
- fetchTaskPermissionMappingsForCase
  
  protected List<String> fetchTaskPermissionMappingsForCase(String taskDefinitionKey, String caseDefinitionId, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, String tenantId)
- fetchTaskSecurityPolicyModelForProcess
  
  protected SecurityPolicyModel fetchTaskSecurityPolicyModelForProcess(String taskDefinitionKey, String processDefinitionId, String tenantId)
- fetchSecurityPolicyModelForProcessInstance
  
  protected SecurityPolicyModel fetchSecurityPolicyModelForProcessInstance(String processInstanceId)
- fetchTaskSecurityPolicyModelForCase
  
  protected SecurityPolicyModel fetchTaskSecurityPolicyModelForCase(String taskDefinitionKey, String caseDefinitionId, String tenantId)
- fetchSecurityPolicyModelForCaseInstance
  
  protected SecurityPolicyModel fetchSecurityPolicyModelForCaseInstance(String caseInstanceId)
- fetchTaskPermissionMappings
  
  protected List<String> fetchTaskPermissionMappings(Task task, List<? extends IdentityLinkInfo> identityLinks)
- fetchTaskPermissionMappings
  
  protected List<String> fetchTaskPermissionMappings(String taskId, String taskDefinitionKey, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, ProcessDefinition processDefinition, String tenantId)
- fetchTaskPermissionMappings
  
  protected List<String> fetchTaskPermissionMappings(String taskId, String taskDefinitionKey, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, CaseDefinition caseDefinition, String tenantId)
- fetchPermissions
  
  protected List<String> fetchPermissions(SecurityPolicyModel securityPolicyModel, String prefix, String startUserId, List<? extends IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys)
- fetchPermissionsForTask
  
  protected List<String> fetchPermissionsForTask(SecurityPolicyModel securityPolicyModel, String assignee, String owner, List<? extends IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys)
- hasAssigneeOrOwnerIdentityLink
  
  protected boolean hasAssigneeOrOwnerIdentityLink(List<? extends IdentityLinkInfo> identityLinks)
- filterPermissionsForRole
  
  protected List<String> filterPermissionsForRole(String role, String prefix, SecurityPolicyModel securityPolicyModel)
- fetchSecurityPolicyModel
  
  protected SecurityPolicyModel fetchSecurityPolicyModel(Case caze, String tenantId)
- fetchSecurityPolicyModel
  
  protected SecurityPolicyModel fetchSecurityPolicyModel(Process process, String tenantId)
- fetchSecurityPolicyModelForTask
  
  protected SecurityPolicyModel fetchSecurityPolicyModelForTask(FlowElement flowElement, Process process, String tenantId)
- fetchSecurityPolicyModelForTask
  
  protected SecurityPolicyModel fetchSecurityPolicyModelForTask(PlanItemDefinition planItemDefinition, Case caze, String tenantId)
- getCurrentGroupKeys
  
  protected Set<String> getCurrentGroupKeys()
- getCurrentUserId
  
  protected String getCurrentUserId()
- getCurrentTenantId
  
  protected String getCurrentTenantId()
- getCurrentSecurityScope
  
  protected SecurityScope getCurrentSecurityScope()
- currentUserHasAdminRights
  
  protected boolean currentUserHasAdminRights()
- currentUserIsSuperAdmin
  
  protected boolean currentUserIsSuperAdmin()
- groupOrUserMatches
  
  protected boolean groupOrUserMatches(IdentityLinkInfo identityLink, String userId, Set<String> groupKeys)
- groupOrUserMatches
  
  protected boolean groupOrUserMatches(String identityLinkUser, String identityLinkGroup, String userId, Set<String> groupKeys)
- hasAnyMatchingIdentityLink
  
  protected boolean hasAnyMatchingIdentityLink(Collection<? extends IdentityLinkInfo> identityLinks, String userId, Set<String> groupKeys)
- hasPermissionForEntityLinks
  
  protected boolean hasPermissionForEntityLinks(String permission, List<EntityLink> entityLinks, String userId, Set<String> groupKeys, String tenantId)
- hasPermissionForHistoricEntityLinks
  
  protected boolean hasPermissionForHistoricEntityLinks(String permission, List<HistoricEntityLink> entityLinks, String userId, Set<String> groupKeys, String tenantId)
- setPermissionServiceRegistry
  
  public void setPermissionServiceRegistry(PermissionServiceRegistry permissionServiceRegistry)
  
  Description copied from interface: PermissionServiceRegistryAware
  
  Set the PermissionRegistry that this object should use.
  
  Specified by:
  
  setPermissionServiceRegistry in interface PermissionServiceRegistryAware
  
  Parameters:
  
  permissionServiceRegistry - to be used by this object
- getSecurityPolicyModelByKey
  
  protected SecurityPolicyModel getSecurityPolicyModelByKey(String securityPolicyModelKey, String tenantId)
- getDefaultSecurityPolicyModel
  
  protected SecurityPolicyModel getDefaultSecurityPolicyModel(String tenantId)
- getCmmnExtensionElementValue
  
  protected String getCmmnExtensionElementValue(String name, Map<String,List<ExtensionElement>> extensionElements)
- getExtensionElementValue
  
  protected String getExtensionElementValue(String name, Map<String,List<ExtensionElement>> extensionElements)
- translatePermissionForScope
  
  protected String translatePermissionForScope(String permission, String scopeType)

Class AbstractPlatformSecurityService

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Details

SECURITY_POLICY_MODEL

CASE_PREFIX

PROCESS_PREFIX

TASK_PREFIX

EXTERNAL_WORKER_PREFIX

repositoryService

cmmnRepositoryService

runtimeService

cmmnRuntimeService

taskService

cmmnTaskService

policyRepositoryService

platformSecurityInterceptor

additionalAdminUsers

permissionServiceRegistry

defaultSecurityPolicyKey

defaultSecurityPolicyModel

inspectEnabled

Constructor Details

AbstractPlatformSecurityService

Method Details

fetchCasePermissionMappings

fetchCasePermissionMappings

fetchCaseSecurityPolicyModel

fetchProcessPermissionMappings

fetchProcessPermissionMappings

fetchProcessSecurityPolicyModel

fetchTaskPermissionMappingsForProcess

fetchTaskPermissionMappingsForCase

fetchTaskSecurityPolicyModelForProcess

fetchSecurityPolicyModelForProcessInstance

fetchTaskSecurityPolicyModelForCase

fetchSecurityPolicyModelForCaseInstance

fetchTaskPermissionMappings

fetchTaskPermissionMappings

fetchTaskPermissionMappings

fetchPermissions

fetchPermissionsForTask

hasAssigneeOrOwnerIdentityLink

filterPermissionsForRole

fetchSecurityPolicyModel

fetchSecurityPolicyModel

fetchSecurityPolicyModelForTask

fetchSecurityPolicyModelForTask

getCurrentGroupKeys

getCurrentUserId

getCurrentTenantId

getCurrentSecurityScope

currentUserHasAdminRights

currentUserIsSuperAdmin

groupOrUserMatches

groupOrUserMatches

hasAnyMatchingIdentityLink

hasPermissionForEntityLinks

hasPermissionForHistoricEntityLinks

setPermissionServiceRegistry

getSecurityPolicyModelByKey

getDefaultSecurityPolicyModel

getCmmnExtensionElementValue

getExtensionElementValue

translatePermissionForScope