org.camunda.bpm.engine.impl.cfg.auth.ResourceAuthorizationProvider Maven / Gradle / Ivy
/*
* Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
* under one or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information regarding copyright
* ownership. Camunda licenses this file to you under the Apache License,
* Version 2.0; you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.camunda.bpm.engine.impl.cfg.auth;
import org.camunda.bpm.engine.filter.Filter;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.Tenant;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity;
import org.camunda.bpm.engine.repository.DecisionDefinition;
import org.camunda.bpm.engine.repository.DecisionRequirementsDefinition;
import org.camunda.bpm.engine.repository.Deployment;
import org.camunda.bpm.engine.repository.ProcessDefinition;
import org.camunda.bpm.engine.runtime.ProcessInstance;
import org.camunda.bpm.engine.task.IdentityLinkType;
import org.camunda.bpm.engine.task.Task;
/**
* Manages (create/update/delete) default authorization when an entity is
* changed
*
* Implementations should throw an exception when a specific resource's id is *
, as
* *
represents access to all resources/by all users.
*
*
* @author Daniel Meyer
*/
public interface ResourceAuthorizationProvider {
// Users /////////////////////////////////////////////
/**
* Invoked whenever a new user is created
*
* @param user
* a newly created user
* @return a list of authorizations to be automatically added when a new user
* is created.
*/
public AuthorizationEntity[] newUser(User user);
/**
* Invoked whenever a new group is created
*
* @param group
* a newly created {@link Group}
* @return a list of authorizations to be automatically added when a new
* {@link Group} is created.
*/
public AuthorizationEntity[] newGroup(Group group);
/**
*
* Invoked whenever a new tenant is created
*
*
* @param tenant
* a newly created {@link Tenant}
* @return a list of authorizations to be automatically added when a new
* {@link Tenant} is created.
*/
public AuthorizationEntity[] newTenant(Tenant tenant);
/**
* Invoked whenever a user is added to a group
*
* @param userId
* the id of the user who is added to a group a newly created
* {@link User}
* @param groupId
* the id of the group to which the user is added
* @return a list of authorizations to be automatically added when a new
* {@link User} is created.
*/
public AuthorizationEntity[] groupMembershipCreated(String groupId, String userId);
/**
* Invoked whenever an user is added to a tenant.
*
* @param tenant
* the id of the tenant
* @param userId
* the id of the user
* @return a list of authorizations to be automatically added when a new
* membership is created.
*/
public AuthorizationEntity[] tenantMembershipCreated(Tenant tenant, User user);
/**
* Invoked whenever a group is added to a tenant.
*
* @param tenant
* the id of the tenant
* @param groupId
* the id of the group
* @return a list of authorizations to be automatically added when a new
* membership is created.
*/
public AuthorizationEntity[] tenantMembershipCreated(Tenant tenant, Group group);
// Filter ////////////////////////////////////////////////
/**
* Invoked whenever a new filter is created
*
* @param filter the newly created filter
* @return a list of authorizations to be automatically added when a new
* {@link Filter} is created.
*/
public AuthorizationEntity[] newFilter(Filter filter);
// Deployment //////////////////////////////////////////////
/**
* Invoked whenever a new deployment is created
*
* @param deployment the newly created deployment
* @return a list of authorizations to be automatically added when a new
* {@link Deployment} is created.
*/
public AuthorizationEntity[] newDeployment(Deployment deployment);
// Process Definition //////////////////////////////////////
/**
* Invoked whenever a new process definition is created
*
* @param processDefinition the newly created process definition
* @return a list of authorizations to be automatically added when a new
* {@link ProcessDefinition} is created.
*/
public AuthorizationEntity[] newProcessDefinition(ProcessDefinition processDefinition);
// Process Instance ///////////////////////////////////////
/**
* Invoked whenever a new process instance is started
*
* @param processInstance the newly started process instance
* @return a list of authorizations to be automatically added when a new
* {@link ProcessInstance} is started.
*/
public AuthorizationEntity[] newProcessInstance(ProcessInstance processInstance);
// Task /////////////////////////////////////////////////
/**
* Invoked whenever a new task is created
*
* @param task the newly created task
* @return a list of authorizations to be automatically added when a new
* {@link Task} is created.
*/
public AuthorizationEntity[] newTask(Task task);
/**
* Invoked whenever an user has been assigned to a task.
*
* @param task the task on which the assignee has been changed
* @param oldAssignee the old assignee of the task
* @param newAssignee the new assignee of the task
*
* @return a list of authorizations to be automatically added when an
* assignee of a task changes.
*/
public AuthorizationEntity[] newTaskAssignee(Task task, String oldAssignee, String newAssignee);
/**
* Invoked whenever an user has been set as the owner of a task.
*
* @param task the task on which the owner has been changed
* @param oldOwner the old owner of the task
* @param newOwner the new owner of the task
*
* @return a list of authorizations to be automatically added when the
* owner of a task changes.
*/
public AuthorizationEntity[] newTaskOwner(Task task, String oldOwner, String newOwner);
/**
* Invoked whenever a new user identity link has been added to a task.
*
* @param task the task on which a new identity link has been added
* @param userId the user for which the identity link has been created
* @param type the type of the identity link (e.g. {@link IdentityLinkType#CANDIDATE})
*
* @return a list of authorizations to be automatically added when
* a new user identity link has been added.
*/
public AuthorizationEntity[] newTaskUserIdentityLink(Task task, String userId, String type);
/**
* Invoked whenever a new group identity link has been added to a task.
*
* @param task the task on which a new identity link has been added
* @param groupId the group for which the identity link has been created
* @param type the type of the identity link (e.g. {@link IdentityLinkType#CANDIDATE})
*
* @return a list of authorizations to be automatically added when
* a new group identity link has been added.
*/
public AuthorizationEntity[] newTaskGroupIdentityLink(Task task, String groupId, String type);
/**
* Invoked whenever a user identity link of a task has been deleted.
*
* @param task the task on which the identity link has been deleted
* @param userId the user for which the identity link has been deleted
* @param type the type of the identity link (e.g. {@link IdentityLinkType#CANDIDATE})
*
* @return a list of authorizations to be automatically deleted when
* a user identity link has been deleted.
*/
public AuthorizationEntity[] deleteTaskUserIdentityLink(Task task, String userId, String type);
/**
* Invoked whenever a group identity link of a task has been deleted.
*
* @param task the task on which the identity link has been deleted
* @param groupId the group for which the identity link has been deleted
* @param type the type of the identity link (e.g. {@link IdentityLinkType#CANDIDATE})
*
* @return a list of authorizations to be automatically deleted when
* a group identity link has been deleted.
*/
public AuthorizationEntity[] deleteTaskGroupIdentityLink(Task task, String groupId, String type);
/**
* Invoked whenever a new decision definition is created.
*
* @param decisionDefinition the newly created decision definition
* @return a list of authorizations to be automatically added when a new
* {@link DecisionDefinition} is created.
*/
public AuthorizationEntity[] newDecisionDefinition(DecisionDefinition decisionDefinition);
/**
* Invoked whenever a new decision requirements definition is created.
*
* @param decisionRequirementsDefinition the newly created decision requirements definition
* @return a list of authorizations to be automatically added when a new
* {@link DecisionRequirementsDefinition} is created.
*/
public AuthorizationEntity[] newDecisionRequirementsDefinition(DecisionRequirementsDefinition decisionRequirementsDefinition);
}