Interface AuthorizationManager

  • All Known Implementing Classes:
    AuthorizationManagerImpl

    public interface AuthorizationManager
    Responsible for authorizing access to case instances based on the context.
    • Method Detail

      • checkAuthorization

        void checkAuthorization​(String caseId)
                         throws SecurityException
        Checks if the caller (based on identity provider) is authorized to work with a case identified by caseId
        Parameters:
        caseId - unique id of the case
        Throws:
        SecurityException - thrown when caller is not authorized to access the case instance
      • checkOperationAuthorization

        void checkOperationAuthorization​(String caseId,
                                         AuthorizationManager.ProtectedOperation operation)
                                  throws SecurityException
        Checks if the caller (based on identity provider) is authorized to perform given operation on a case.
        Parameters:
        caseId - unique id of the case
        operation - operations that is being invoked
        Throws:
        SecurityException - thrown when caller is not authorized to access the case instance
      • filterByDataAuthorization

        Map<String,​Object> filterByDataAuthorization​(String caseId,
                                                           CaseFileInstance caseFileInstance,
                                                           Map<String,​Object> data)
        Filters provided data by data restrictions. This guarantees only data authorized for given user will be returned.
        Parameters:
        caseId - unique id of the case
        caseFileInstance - case file associated with given case instance
        data - actual data to be filtered
        Returns:
        returns filtered map of data if any restriction applied
      • checkDataAuthorization

        void checkDataAuthorization​(String caseId,
                                    CaseFileInstance caseFileInstance,
                                    Collection<String> dataNames)
        Check if caller (based on identity provider) is authorized to manipulate given data
        Parameters:
        caseId - unique id of the case
        caseFileInstance - case file associated with given case instance
        dataNames - data names to be manipulated/put into the case instance
        Throws:
        SecurityException - thrown when caller is not authorized to manipulate any of the given data
      • filterByCommentAuthorization

        List<CommentInstance> filterByCommentAuthorization​(String caseId,
                                                           CaseFileInstance caseFileInstance,
                                                           List<CommentInstance> comments)
        Filters provided comments by their restrictions. This guarantees only comments authorized to be seen by user will be returned.
        Parameters:
        caseId - unique id of the case
        caseFileInstance - case file associated with given case instance
        comments - comments to be filtered
        Returns:
        filtered comments if any restrictions applied or same as given as argument
      • checkCommentAuthorization

        void checkCommentAuthorization​(String caseId,
                                       CaseFileInstance caseFileInstance,
                                       CommentInstance commentInstance)
        Check if caller (based on identity provider) is authorized to manipulate given comment
        Parameters:
        caseId - unique id of the case
        caseFileInstance - case file associated with given case instance
        commentInstance - comment that is about to be manipulated (updated or removed)
        Throws:
        SecurityException - thrown when caller is not authorized to manipulate given comment