Package com.avoka.fc.core.security

Class FormSubmissionAccessController

java.lang.Object

com.avoka.fc.core.security.FormSubmissionAccessController

All Implemented Interfaces:

IFormSubmissionAccessController

public class FormSubmissionAccessController
extends Object
implements IFormSubmissionAccessController

Provide a submission access controller service.

Since:

3.6.0

Nested Class Summary

Nested classes/interfaces inherited from interface com.avoka.fc.core.security.IFormSubmissionAccessController

IFormSubmissionAccessController.AccessPermission, IFormSubmissionAccessController.AccessStatus, IFormSubmissionAccessController.JsAppAccessStatus

Constructor Summary

Constructors

Constructor	Description
FormSubmissionAccessController()

Method Summary

Modifier and Type	Method	Description
IAuthenticationService	getAuthenticationService()	Return authentication service instance.
IFormSubmissionAccessController.AccessStatus	getCompletedSubmissionAccessStatus(Submission submission, HttpServletRequest request)	Return the users access status to the given completed submission.
IFormSubmissionAccessController.AccessStatus	getCompletedSubmissionAccessStatus(Submission submission, HttpServletRequest request, boolean checkOrgAccess)	Return the users access status to the given completed submission.
IFormSubmissionAccessController.AccessStatus	getFormAccessStatus(Form form, HttpServletRequest request)	Gets user's the form access status.
String	getFormCspHeaderValue(Form form)	Return the 'Content Security Policy' (CSP) HTTP Security Header value for the given form.
IFormSubmissionAccessController.JsAppAccessStatus	getInProgressJsAppAccessStatus(Submission submission, HttpServletRequest request, Portal portal)	Return the users access status to the given in-progress (not completed) 'JS App' submission.
IFormSubmissionAccessController.AccessStatus	getInProgressSubmissionAccessStatus(Submission submission, HttpServletRequest request)	Return the users access status to the given in-progress submission.
IFormSubmissionAccessController.AccessStatus	getInProgressSubmissionAccessStatus(Submission submission, HttpServletRequest request, boolean checkOrgAccess)	Return the users access status to the given in-progress (not completed) submission.
IFormSubmissionAccessController.AccessStatus	getReceiptAccessStatus(Submission submission, HttpServletRequest request)	Return the users access status to the given submission receipt when returning later (i.e.
String	getSystemFormCspHeader()	Return the System 'Content Security Policy' (CSP) HTTP Security Header value.
String	getUserAgentSaveChallengeSessionRecovery()
boolean	hasAnonymousSubmissionAccess(Submission submission, HttpServletRequest request)	Check whether the submission can be accessed by the current user.
boolean	hasFormAccessPermissions(Form form, HttpServletRequest request, Set<IFormSubmissionAccessController.AccessPermission> accessPermissions)	Checks if is user has the specified access permissions to the form.
boolean	hasJobAccess(Job job, HttpServletRequest request)	Return true if the user has access to view the job details based on their group access control.
boolean	isValidNumberSaveChallengeRequests(Submission submission, HttpServletRequest request)	Check whether the current user can make another save challenge attempt.
void	onSaveChallengeSuccess(Submission submission, HttpServletRequest request)	Called after a valid save challenge it resets the submission fields submission.saveChallengeFailures=0, submission.saveChallengeLastFailure=null
void	setAuthenticationService(IAuthenticationService authenticationService)	Set the authentication service.
void	setEnableEventLogging(boolean enableLogging)	Specify whether to perform access control security event logging.
void	setFormCspHeaderValue(String value)	Set the Form 'Content Security Policy' (CSP) HTTP security header value.
void	setSupportBrowserIE10(boolean support)	Specify whether to support the browser IE10.
void	setSupportBrowserIE8(boolean support)	Specify whether to support the browser IE8.
void	setSupportBrowserIE9(boolean support)	Specify whether to support the browser IE9.
void	setUserAgentSaveChallengeSessionRecovery(String value)
void	updateSubmissionSession(Submission submission, HttpServletRequest request)	Update new session info on the submission record.
String	validateTaskReassignment(Submission submission, UserAccount newAssignee, HttpServletRequest request)	Checks if a task can be reassigned to a user by the current user.
String	validateTaskUnassignment(Submission submission, HttpServletRequest request)	Checks if a task can be unassigned by the current user.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

FormSubmissionAccessController

public FormSubmissionAccessController()

Method Detail

getFormAccessStatus

public IFormSubmissionAccessController.AccessStatus getFormAccessStatus(Form form,
                                                                        HttpServletRequest request)

Gets user's the form access status.

Specified by:

getFormAccessStatus in interface IFormSubmissionAccessController

Parameters:

form - the form

request - the request

Returns:

the form access status

See Also:

IFormSubmissionAccessController.getFormAccessStatus(Form, HttpServletRequest)

getInProgressSubmissionAccessStatus

public IFormSubmissionAccessController.AccessStatus getInProgressSubmissionAccessStatus(Submission submission,
                                                                                        HttpServletRequest request)

Return the users access status to the given in-progress submission.

Specified by:

getInProgressSubmissionAccessStatus in interface IFormSubmissionAccessController

Parameters:

submission - the submission to check (required)

request - the user request (required)

Returns:

the user submission access control status

Since:

4.0.0

See Also:

IFormSubmissionAccessController.getInProgressSubmissionAccessStatus(Submission, HttpServletRequest)

getInProgressSubmissionAccessStatus

public IFormSubmissionAccessController.AccessStatus getInProgressSubmissionAccessStatus(Submission submission,
                                                                                        HttpServletRequest request,
                                                                                        boolean checkOrgAccess)

Description copied from interface: IFormSubmissionAccessController

Return the users access status to the given in-progress (not completed) submission. Please note this includes task submissions.

Valid submission form status values:

• Assigned - task submissions
• Opened - task submissions
• Saved
• Submitted

Specified by:

getInProgressSubmissionAccessStatus in interface IFormSubmissionAccessController

Parameters:

submission - the submission to check (required)

request - the user request (required)

checkOrgAccess - flag to check if the user has org access (required)

Returns:

the user submission access control status

Since:

19.5.0

See Also:

IFormSubmissionAccessController.getInProgressSubmissionAccessStatus(Submission, HttpServletRequest, boolean)

getInProgressJsAppAccessStatus

public IFormSubmissionAccessController.JsAppAccessStatus getInProgressJsAppAccessStatus(Submission submission,
                                                                                        HttpServletRequest request,
                                                                                        Portal portal)

Return the users access status to the given in-progress (not completed) 'JS App' submission.

Note this method does not allReturn the users access status to the given in-progress (not completed) 'JS App' submission.

Specified by:

getInProgressJsAppAccessStatus in interface IFormSubmissionAccessController

Parameters:

submission - the submission to check, must be a 'JS App' form type (required)

request - the user request (required)

portal - the request portal (required)

Returns:

the user submission access control status

Since:

18.11.0

See Also:

IFormSubmissionAccessController.getInProgressJsAppAccessStatus(Submission, HttpServletRequest, Portal)

getCompletedSubmissionAccessStatus

public IFormSubmissionAccessController.AccessStatus getCompletedSubmissionAccessStatus(Submission submission,
                                                                                       HttpServletRequest request)

Return the users access status to the given completed submission.

Specified by:

getCompletedSubmissionAccessStatus in interface IFormSubmissionAccessController

Parameters:

submission - the submission (required)

request - the request (required)

Returns:

the completed submission access status

See Also:

IFormSubmissionAccessController.getCompletedSubmissionAccessStatus(Submission, HttpServletRequest, boolean)

getCompletedSubmissionAccessStatus

public IFormSubmissionAccessController.AccessStatus getCompletedSubmissionAccessStatus(Submission submission,
                                                                                       HttpServletRequest request,
                                                                                       boolean checkOrgAccess)

Return the users access status to the given completed submission.

Specified by:

getCompletedSubmissionAccessStatus in interface IFormSubmissionAccessController

Parameters:

submission - the submission (required)

request - the request (required)

checkOrgAccess - flag to check if the user has access (required)

Returns:

the completed submission access status

Since:

19.5.0

See Also:

IFormSubmissionAccessController.getCompletedSubmissionAccessStatus(Submission, HttpServletRequest, boolean)

getReceiptAccessStatus

public IFormSubmissionAccessController.AccessStatus getReceiptAccessStatus(Submission submission,
                                                                           HttpServletRequest request)

Return the users access status to the given submission receipt when returning later (i.e. via a receipt challenge).

Specified by:

getReceiptAccessStatus in interface IFormSubmissionAccessController

Parameters:

submission - the submission (required)

request - the request (required)

Returns:

the receipt access status

See Also:

IFormSubmissionAccessController.getReceiptAccessStatus(Submission, HttpServletRequest)

hasFormAccessPermissions

public boolean hasFormAccessPermissions(Form form,
                                        HttpServletRequest request,
                                        Set<IFormSubmissionAccessController.AccessPermission> accessPermissions)

Checks if is user has the specified access permissions to the form.

Specified by:

hasFormAccessPermissions in interface IFormSubmissionAccessController

Parameters:

form - the form (required)

request - the request (required)

accessPermissions - the set of form access permissions (required)

Returns:

true, if is user associated to form

See Also:

IFormSubmissionAccessController.hasFormAccessPermissions(Form, HttpServletRequest, Set)

hasAnonymousSubmissionAccess

public boolean hasAnonymousSubmissionAccess(Submission submission,
                                            HttpServletRequest request)

Check whether the submission can be accessed by the current user. Generally, this is permitted if the session ID matches, or if the IP address matches and access occurs within a configurable grace period.

Specified by:

hasAnonymousSubmissionAccess in interface IFormSubmissionAccessController

Parameters:

submission - the submission a valid anonymous submission (required)

request - the current HTTP request (required)

Returns:

true if the user is allowed to access the submission

See Also:

IFormSubmissionAccessController.hasAnonymousSubmissionAccess(Submission, HttpServletRequest)

updateSubmissionSession

public void updateSubmissionSession(Submission submission,
                                    HttpServletRequest request)

Update new session info on the submission record.

Specified by:

updateSubmissionSession in interface IFormSubmissionAccessController

Parameters:

submission - the submission (required)

request - the request (required)

hasJobAccess

public boolean hasJobAccess(Job job,
                            HttpServletRequest request)

Return true if the user has access to view the job details based on their group access control. Note: This does not mean that the user will be able to access any or all submissions associated with the job.

Specified by:

hasJobAccess in interface IFormSubmissionAccessController

Parameters:

job - the job

request - the current HTTP request (required)

Returns:

true if the user is allowed to view the job record

Since:

4.0.0

See Also:

IFormSubmissionAccessController.hasJobAccess(Job, HttpServletRequest)

validateTaskReassignment

public String validateTaskReassignment(Submission submission,
                                       UserAccount newAssignee,
                                       HttpServletRequest request)

Checks if a task can be reassigned to a user by the current user. Returns a string describing the error, or null if the reassignment request is valid. NOTE: This method does not actually reassign the task,

Specified by:

validateTaskReassignment in interface IFormSubmissionAccessController

Parameters:

submission - the task submission (required)

newAssignee - the new assignee (required)

request - the HTTP servlet request (required)

Returns:

a string describing the error, or null if the reassignment request is valid

Since:

4.1.0

See Also:

IFormSubmissionAccessController.validateTaskReassignment(Submission, UserAccount, HttpServletRequest)

validateTaskUnassignment

public String validateTaskUnassignment(Submission submission,
                                       HttpServletRequest request)

Checks if a task can be unassigned by the current user. Returns a string describing the error, or null if the unassignment request is valid. NOTE: This method does not actually reassign the task.

Specified by:

validateTaskUnassignment in interface IFormSubmissionAccessController

Parameters:

submission - the task submission (required)

request - the HTTP servlet request (required)

Returns:

a string describing the error, or null if the unassignment request is valid

Since:

4.1.0

See Also:

IFormSubmissionAccessController.validateTaskUnassignment(Submission, HttpServletRequest)

getAuthenticationService

public IAuthenticationService getAuthenticationService()

Return authentication service instance.

Specified by:

getAuthenticationService in interface IFormSubmissionAccessController

Returns:

authentication service instance

See Also:

IFormSubmissionAccessController.getAuthenticationService()

setAuthenticationService

public void setAuthenticationService(IAuthenticationService authenticationService)

Set the authentication service.

Specified by:

setAuthenticationService in interface IFormSubmissionAccessController

Parameters:

authenticationService - the authentication service

See Also:

IFormSubmissionAccessController.setAuthenticationService(IAuthenticationService)

isValidNumberSaveChallengeRequests

public boolean isValidNumberSaveChallengeRequests(Submission submission,
                                                  HttpServletRequest request)

Check whether the current user can make another save challenge attempt. This implementation checks fields on the submission save_challenge_failures and save_challenge_last_failure

Specified by:

isValidNumberSaveChallengeRequests in interface IFormSubmissionAccessController

Parameters:

submission - the submission (optional, though false will be returned for a null value)

request - the HTTP servlet request (required)

Returns:

true if the user has not exceeded the number of save challenge attempts

Since:

4.1.0

See Also:

IFormSubmissionAccessController.isValidNumberSaveChallengeRequests(Submission, HttpServletRequest)

onSaveChallengeSuccess

public void onSaveChallengeSuccess(Submission submission,
                                   HttpServletRequest request)

Called after a valid save challenge it resets the submission fields submission.saveChallengeFailures=0, submission.saveChallengeLastFailure=null

Specified by:

onSaveChallengeSuccess in interface IFormSubmissionAccessController

Parameters:

submission - the task submission (required)

request - the HTTP servlet request (required)

Since:

17.10.0

See Also:

IFormSubmissionAccessController.onSaveChallengeSuccess(Submission, HttpServletRequest)

setEnableEventLogging

public void setEnableEventLogging(boolean enableLogging)

Specify whether to perform access control security event logging. Enabled by default, but can be switched off for performing background access control checks like rendering email templates and populating prefill data.

Specified by:

setEnableEventLogging in interface IFormSubmissionAccessController

Parameters:

enableLogging - specify whether to enable access control security event logging.

Since:

4.3.1

See Also:

IFormSubmissionAccessController.setEnableEventLogging(boolean)

getUserAgentSaveChallengeSessionRecovery

public String getUserAgentSaveChallengeSessionRecovery()

Returns:

the userAgentSaveChallengeSessionRecovery

Since:

4.3.2

setUserAgentSaveChallengeSessionRecovery

public void setUserAgentSaveChallengeSessionRecovery(String value)

Parameters:

value - the userAgentSaveChallengeSessionRecovery to set

Since:

4.3.2

setSupportBrowserIE8

public void setSupportBrowserIE8(boolean support)

Specify whether to support the browser IE8.

Specified by:

setSupportBrowserIE8 in interface IFormSubmissionAccessController

Parameters:

support - specify whether to the browser IE8.

Since:

4.3.3

See Also:

IFormSubmissionAccessController.setSupportBrowserIE8(boolean)

setSupportBrowserIE9

public void setSupportBrowserIE9(boolean support)

Specify whether to support the browser IE9.

Specified by:

setSupportBrowserIE9 in interface IFormSubmissionAccessController

Parameters:

support - specify whether to the browser IE9.

Since:

4.3.3

See Also:

IFormSubmissionAccessController.setSupportBrowserIE9(boolean)

setSupportBrowserIE10

public void setSupportBrowserIE10(boolean support)

Specify whether to support the browser IE10.

Specified by:

setSupportBrowserIE10 in interface IFormSubmissionAccessController

Parameters:

support - specify whether to the browser IE10.

Since:

4.3.3

See Also:

IFormSubmissionAccessController.setSupportBrowserIE10(boolean)

getFormCspHeaderValue

public String getFormCspHeaderValue(Form form)

Return the 'Content Security Policy' (CSP) HTTP Security Header value for the given form.

Specified by:

getFormCspHeaderValue in interface IFormSubmissionAccessController

Parameters:

form - the form (required)

Returns:

the 'Content Security Policy' (CSP) HTTP Security Header value for the given form.

Since:

4.3.3

See Also:

IFormSubmissionAccessController.getFormCspHeaderValue(Form)

getSystemFormCspHeader

public String getSystemFormCspHeader()

Return the System 'Content Security Policy' (CSP) HTTP Security Header value.

Specified by:

getSystemFormCspHeader in interface IFormSubmissionAccessController

Returns:

the System 'Content Security Policy' (CSP) HTTP Security Header value.

Since:

5.1.4

See Also:

IFormSubmissionAccessController.getSystemFormCspHeader()

setFormCspHeaderValue

public void setFormCspHeaderValue(String value)

Set the Form 'Content Security Policy' (CSP) HTTP security header value.

Specified by:

setFormCspHeaderValue in interface IFormSubmissionAccessController

Parameters:

value - the Form 'Content Security Policy' (CSP) HTTP security header value.

Since:

4.3.3

See Also:

IFormSubmissionAccessController.setFormCspHeaderValue(String)