Package org.bonitasoft.engine.authorization

Class PermissionServiceImpl

java.lang.Object

org.bonitasoft.engine.authorization.PermissionServiceImpl

All Implemented Interfaces:

PermissionService, LifecycleService, TenantLifecycleService

@Component
@ConditionalOnSingleCandidate(PermissionService.class)
public class PermissionServiceImpl
extends Object
implements PermissionService

Permission service implementation

Author:

Baptiste Mesta

Field Summary

Fields

Modifier and Type	Field	Description
protected final BooleanProperty	dynamicPermissionCheck
protected final DynamicPermissionsChecks	dynamicPermissionsChecks
static final String	EXTENSION_SEPARATOR
protected groovy.lang.GroovyClassLoader	groovyClassLoader
static final String	PROPERTY_API_EXTENSIONS
static final String	PROPERTY_CONTENT_TYPE
static final String	PROPERTY_METHOD_MASK
static final String	PROPERTY_PATH_TEMPLATE_MASK
static final String	PROPERTY_PERMISSIONS_MASK
static final String	PROPERTY_TO_ENABLE_DYNAMIC_PERMISSIONS
static final String	RESOURCE_PERMISSION_KEY_MASK
static final String	RESOURCE_PERMISSION_VALUE
static final String	RESOURCES_PROPERTY

Fields inherited from interface org.bonitasoft.engine.authorization.PermissionService

PROFILE_TYPE_AUTHORIZATION_PREFIX, SCRIPT_TYPE_AUTHORIZATION_PREFIX, USER_TYPE_AUTHORIZATION_PREFIX

Constructor Summary

Constructors

Constructor	Description
PermissionServiceImpl(ClassLoaderService classLoaderService, SessionAccessor sessionAccessor, SessionService sessionService, CompoundPermissionsMapping compoundPermissionsMapping, ResourcesPermissionsMapping resourcesPermissionsMapping, CustomPermissionsMapping customPermissionsMapping, DynamicPermissionsChecks dynamicPermissionsChecks, boolean dynamicPermissionCheck)

Method Summary

Modifier and Type	Method	Description
void	addCustomEntityPermissions(String entity, Set<String> resourcePermissions)
void	addPermissions(String pageName, Properties pageProperties)
protected boolean	checkAPICallWithScript(String className, org.bonitasoft.engine.api.permission.APICallContext context)
protected boolean	checkDynamicPermissionsWithProfilesOrUsername(Set<String> resourceAuthorizations, Set<String> userPermissions)
protected boolean	checkDynamicPermissionsWithScript(org.bonitasoft.engine.api.permission.APICallContext apiCallContext, String resourceClassName)
protected void	checkResourceAuthorizationsSyntax(Set<String> resourceAuthorizations)
protected APIAccessorImpl	createAPIAccessorImpl()
Set<String>	getCustomPagePermissions(String declaredPageResources, ResourcesPermissionsMapping resourcesPermissionsMapping)
protected Set<String>	getDeclaredPermissions(String apiName, String resourceName, String method, String resourceQualifiers, ResourcesPermissionsMapping resourcesPermissionsMapping)
protected Set<String>	getResourceAuthorizationsForProfileOrUser(Set<String> resourcePermissions)
protected String	getResourceClassName(Set<String> resourcePermissions)
Set<String>	getResourceDynamicPermissions(String resourceKey)
Set<String>	getResourcePermissions(String resourceKey)
protected Class<?>	getRuleClass(String className)
SSession	getSession()
boolean	isAuthorized(org.bonitasoft.engine.api.permission.APICallContext apiCallContext)
protected boolean	isAuthorizedByDynamicPermissions(org.bonitasoft.engine.api.permission.APICallContext apiCallContext, Set<String> userPermissions, Set<String> resourceDynamicPermissions)
protected boolean	isAuthorizedByStaticPermissions(org.bonitasoft.engine.api.permission.APICallContext apiCallContext)
void	reload()
void	removeCustomEntityPermissions(String entity)
void	removePermissions(Properties pageProperties)
void	start()	Start the service
void	stop()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.bonitasoft.engine.commons.LifecycleService

pause, resume

Methods inherited from interface org.bonitasoft.engine.commons.TenantLifecycleService

init

Field Details

PROPERTY_TO_ENABLE_DYNAMIC_PERMISSIONS

public static final String PROPERTY_TO_ENABLE_DYNAMIC_PERMISSIONS

See Also:

• Constant Field Values

RESOURCES_PROPERTY

public static final String RESOURCES_PROPERTY

See Also:

• Constant Field Values

PROPERTY_CONTENT_TYPE

public static final String PROPERTY_CONTENT_TYPE

See Also:

• Constant Field Values

PROPERTY_API_EXTENSIONS

public static final String PROPERTY_API_EXTENSIONS

See Also:

• Constant Field Values

PROPERTY_METHOD_MASK

public static final String PROPERTY_METHOD_MASK

See Also:

• Constant Field Values

PROPERTY_PATH_TEMPLATE_MASK

public static final String PROPERTY_PATH_TEMPLATE_MASK

See Also:

• Constant Field Values

PROPERTY_PERMISSIONS_MASK

public static final String PROPERTY_PERMISSIONS_MASK

See Also:

• Constant Field Values

RESOURCE_PERMISSION_KEY_MASK

public static final String RESOURCE_PERMISSION_KEY_MASK

See Also:

• Constant Field Values

RESOURCE_PERMISSION_VALUE

public static final String RESOURCE_PERMISSION_VALUE

See Also:

• Constant Field Values

EXTENSION_SEPARATOR

public static final String EXTENSION_SEPARATOR

See Also:

• Constant Field Values

groovyClassLoader

protected groovy.lang.GroovyClassLoader groovyClassLoader

dynamicPermissionsChecks

protected final DynamicPermissionsChecks dynamicPermissionsChecks

dynamicPermissionCheck

protected final BooleanProperty dynamicPermissionCheck

Constructor Details

PermissionServiceImpl

public PermissionServiceImpl(ClassLoaderService classLoaderService,
 SessionAccessor sessionAccessor,
 SessionService sessionService,
 CompoundPermissionsMapping compoundPermissionsMapping,
 ResourcesPermissionsMapping resourcesPermissionsMapping,
 CustomPermissionsMapping customPermissionsMapping,
 DynamicPermissionsChecks dynamicPermissionsChecks,
 @Value("${bonita.runtime.authorization.dynamic-check.enabled:true}")
 boolean dynamicPermissionCheck)

Method Details

checkAPICallWithScript

protected boolean checkAPICallWithScript(String className,
 org.bonitasoft.engine.api.permission.APICallContext context)
                                  throws SExecutionException,
ClassNotFoundException

Throws:

SExecutionException

ClassNotFoundException

getRuleClass

protected Class<?> getRuleClass(String className)
                         throws SExecutionException,
ClassNotFoundException

Throws:

SExecutionException

ClassNotFoundException

getSession

public SSession getSession()
                    throws SExecutionException

Throws:

SExecutionException

reload

public void reload()
            throws SExecutionException

Throws:

SExecutionException

createAPIAccessorImpl

protected APIAccessorImpl createAPIAccessorImpl()

start

public void start()
           throws SBonitaException

Description copied from interface: LifecycleService

Start the service

Specified by:

start in interface LifecycleService

Throws:

SBonitaException

stop

public void stop()

Specified by:

stop in interface LifecycleService

isAuthorized

public boolean isAuthorized(org.bonitasoft.engine.api.permission.APICallContext apiCallContext)
                     throws SExecutionException

Specified by:

isAuthorized in interface PermissionService

Throws:

SExecutionException

isAuthorizedByStaticPermissions

protected boolean isAuthorizedByStaticPermissions(org.bonitasoft.engine.api.permission.APICallContext apiCallContext)
                                           throws SExecutionException

Throws:

SExecutionException

isAuthorizedByDynamicPermissions

protected boolean isAuthorizedByDynamicPermissions(org.bonitasoft.engine.api.permission.APICallContext apiCallContext,
 Set<String> userPermissions,
 Set<String> resourceDynamicPermissions)
                                            throws SExecutionException

Throws:

SExecutionException

checkResourceAuthorizationsSyntax

protected void checkResourceAuthorizationsSyntax(Set<String> resourceAuthorizations)

getResourceAuthorizationsForProfileOrUser

protected Set<String> getResourceAuthorizationsForProfileOrUser(Set<String> resourcePermissions)

checkDynamicPermissionsWithProfilesOrUsername

protected boolean checkDynamicPermissionsWithProfilesOrUsername(Set<String> resourceAuthorizations,
 Set<String> userPermissions)

checkDynamicPermissionsWithScript

protected boolean checkDynamicPermissionsWithScript(org.bonitasoft.engine.api.permission.APICallContext apiCallContext,
 String resourceClassName)
                                             throws SExecutionException,
ClassNotFoundException

Throws:

SExecutionException

ClassNotFoundException

getResourceClassName

protected String getResourceClassName(Set<String> resourcePermissions)

getResourceDynamicPermissions

public Set<String> getResourceDynamicPermissions(String resourceKey)

getDeclaredPermissions

protected Set<String> getDeclaredPermissions(String apiName,
 String resourceName,
 String method,
 String resourceQualifiers,
 ResourcesPermissionsMapping resourcesPermissionsMapping)

addPermissions

public void addPermissions(String pageName,
 Properties pageProperties)

Specified by:

addPermissions in interface PermissionService

removePermissions

public void removePermissions(Properties pageProperties)

Specified by:

removePermissions in interface PermissionService

getCustomPagePermissions

public Set<String> getCustomPagePermissions(String declaredPageResources,
 ResourcesPermissionsMapping resourcesPermissionsMapping)

getResourcePermissions

public Set<String> getResourcePermissions(String resourceKey)

Specified by:

getResourcePermissions in interface PermissionService

addCustomEntityPermissions

public void addCustomEntityPermissions(String entity,
 Set<String> resourcePermissions)

removeCustomEntityPermissions

public void removeCustomEntityPermissions(String entity)