Package com.avoka.fc.core.security
Class FormSubmissionAccessController
java.lang.Object
com.avoka.fc.core.security.FormSubmissionAccessController
- All Implemented Interfaces:
IFormSubmissionAccessController
public class FormSubmissionAccessController
extends Object
implements IFormSubmissionAccessController
Provide a submission access controller service.
- Since:
- 3.6.0
-
Nested Class Summary
Nested classes/interfaces inherited from interface com.avoka.fc.core.security.IFormSubmissionAccessController
IFormSubmissionAccessController.AccessPermission, IFormSubmissionAccessController.AccessStatus, IFormSubmissionAccessController.JsAppAccessStatus
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionReturn authentication service instance.getCompletedSubmissionAccessStatus
(Submission submission, jakarta.servlet.http.HttpServletRequest request) Return the users access status to the given completed submission.getCompletedSubmissionAccessStatus
(Submission submission, jakarta.servlet.http.HttpServletRequest request, boolean checkOrgAccess) Return the users access status to the given completed submission.getFormAccessStatus
(Form form, jakarta.servlet.http.HttpServletRequest request) Gets user's the form access status.getFormCspHeaderValue
(Form form) Return the 'Content Security Policy' (CSP) HTTP Security Header value for the given form.getInProgressJsAppAccessStatus
(Submission submission, jakarta.servlet.http.HttpServletRequest request, Portal portal) Return the users access status to the given in-progress (not completed) 'JS App' submission.getInProgressSubmissionAccessStatus
(Submission submission, jakarta.servlet.http.HttpServletRequest request) Return the users access status to the given in-progress submission.getInProgressSubmissionAccessStatus
(Submission submission, jakarta.servlet.http.HttpServletRequest request, boolean checkOrgAccess) Return the users access status to the given in-progress (not completed) submission.getReceiptAccessStatus
(Submission submission, jakarta.servlet.http.HttpServletRequest request) Return the users access status to the given submission receipt when returning later (i.e.Return the System 'Content Security Policy' (CSP) HTTP Security Header value.boolean
hasAnonymousSubmissionAccess
(Submission submission, jakarta.servlet.http.HttpServletRequest request) Check whether the submission can be accessed by the current user.boolean
hasFormAccessPermissions
(Form form, jakarta.servlet.http.HttpServletRequest request, Set<IFormSubmissionAccessController.AccessPermission> accessPermissions) Checks if is user has the specified access permissions to the form.boolean
hasJobAccess
(Job job, jakarta.servlet.http.HttpServletRequest request) Return true if the user has access to view the job details based on their group access control.boolean
isValidNumberSaveChallengeRequests
(Submission submission, jakarta.servlet.http.HttpServletRequest request) Check whether the current user can make another save challenge attempt.void
onSaveChallengeSuccess
(Submission submission, jakarta.servlet.http.HttpServletRequest request) Called after a valid save challenge it resets the submission fields submission.saveChallengeFailures=0, submission.saveChallengeLastFailure=nullvoid
setAuthenticationService
(IAuthenticationService authenticationService) Set the authentication service.void
setEnableEventLogging
(boolean enableLogging) Specify whether to perform access control security event logging.void
setFormCspHeaderValue
(String value) Set the Form 'Content Security Policy' (CSP) HTTP security header value.void
setSupportBrowserIE10
(boolean support) Specify whether to support the browser IE10.void
setSupportBrowserIE8
(boolean support) Specify whether to support the browser IE8.void
setSupportBrowserIE9
(boolean support) Specify whether to support the browser IE9.void
void
updateSubmissionSession
(Submission submission, jakarta.servlet.http.HttpServletRequest request) Update new session info on the submission record.validateTaskReassignment
(Submission submission, UserAccount newAssignee, jakarta.servlet.http.HttpServletRequest request) Checks if a task can be reassigned to a user by the current user.validateTaskUnassignment
(Submission submission, jakarta.servlet.http.HttpServletRequest request) Checks if a task can be unassigned by the current user.
-
Constructor Details
-
FormSubmissionAccessController
public FormSubmissionAccessController()
-
-
Method Details
-
getFormAccessStatus
public IFormSubmissionAccessController.AccessStatus getFormAccessStatus(Form form, jakarta.servlet.http.HttpServletRequest request) Gets user's the form access status.- Specified by:
getFormAccessStatus
in interfaceIFormSubmissionAccessController
- Parameters:
form
- the formrequest
- the request- Returns:
- the form access status
- See Also:
-
getInProgressSubmissionAccessStatus
public IFormSubmissionAccessController.AccessStatus getInProgressSubmissionAccessStatus(Submission submission, jakarta.servlet.http.HttpServletRequest request) Return the users access status to the given in-progress submission.- Specified by:
getInProgressSubmissionAccessStatus
in interfaceIFormSubmissionAccessController
- Parameters:
submission
- the submission to check (required)request
- the user request (required)- Returns:
- the user submission access control status
- Since:
- 4.0.0
- See Also:
-
getInProgressSubmissionAccessStatus
public IFormSubmissionAccessController.AccessStatus getInProgressSubmissionAccessStatus(Submission submission, jakarta.servlet.http.HttpServletRequest request, boolean checkOrgAccess) Description copied from interface:IFormSubmissionAccessController
Return the users access status to the given in-progress (not completed) submission. Please note this includes task submissions. Valid submission form status values:- Assigned - task submissions
- Opened - task submissions
- Saved
- Submitted
- Specified by:
getInProgressSubmissionAccessStatus
in interfaceIFormSubmissionAccessController
- Parameters:
submission
- the submission to check (required)request
- the user request (required)checkOrgAccess
- flag to check if the user has org access (required)- Returns:
- the user submission access control status
- Since:
- 19.5.0
- See Also:
-
getInProgressJsAppAccessStatus
public IFormSubmissionAccessController.JsAppAccessStatus getInProgressJsAppAccessStatus(Submission submission, jakarta.servlet.http.HttpServletRequest request, Portal portal) Return the users access status to the given in-progress (not completed) 'JS App' submission.
Note this method does not allReturn the users access status to the given in-progress (not completed) 'JS App' submission.
- Specified by:
getInProgressJsAppAccessStatus
in interfaceIFormSubmissionAccessController
- Parameters:
submission
- the submission to check, must be a 'JS App' form type (required)request
- the user request (required)portal
- the request portal (required)- Returns:
- the user submission access control status
- Since:
- 18.11.0
- See Also:
-
getCompletedSubmissionAccessStatus
public IFormSubmissionAccessController.AccessStatus getCompletedSubmissionAccessStatus(Submission submission, jakarta.servlet.http.HttpServletRequest request) Return the users access status to the given completed submission.- Specified by:
getCompletedSubmissionAccessStatus
in interfaceIFormSubmissionAccessController
- Parameters:
submission
- the submission (required)request
- the request (required)- Returns:
- the completed submission access status
- See Also:
-
getCompletedSubmissionAccessStatus
public IFormSubmissionAccessController.AccessStatus getCompletedSubmissionAccessStatus(Submission submission, jakarta.servlet.http.HttpServletRequest request, boolean checkOrgAccess) Return the users access status to the given completed submission.- Specified by:
getCompletedSubmissionAccessStatus
in interfaceIFormSubmissionAccessController
- Parameters:
submission
- the submission (required)request
- the request (required)checkOrgAccess
- flag to check if the user has access (required)- Returns:
- the completed submission access status
- Since:
- 19.5.0
- See Also:
-
getReceiptAccessStatus
public IFormSubmissionAccessController.AccessStatus getReceiptAccessStatus(Submission submission, jakarta.servlet.http.HttpServletRequest request) Return the users access status to the given submission receipt when returning later (i.e. via a receipt challenge).- Specified by:
getReceiptAccessStatus
in interfaceIFormSubmissionAccessController
- Parameters:
submission
- the submission (required)request
- the request (required)- Returns:
- the receipt access status
- See Also:
-
hasFormAccessPermissions
public boolean hasFormAccessPermissions(Form form, jakarta.servlet.http.HttpServletRequest request, Set<IFormSubmissionAccessController.AccessPermission> accessPermissions) Checks if is user has the specified access permissions to the form.- Specified by:
hasFormAccessPermissions
in interfaceIFormSubmissionAccessController
- Parameters:
form
- the form (required)request
- the request (required)accessPermissions
- the set of form access permissions (required)- Returns:
- true, if is user associated to form
- See Also:
-
hasAnonymousSubmissionAccess
public boolean hasAnonymousSubmissionAccess(Submission submission, jakarta.servlet.http.HttpServletRequest request) Check whether the submission can be accessed by the current user. Generally, this is permitted if the session ID matches, or if the IP address matches and access occurs within a configurable grace period.- Specified by:
hasAnonymousSubmissionAccess
in interfaceIFormSubmissionAccessController
- Parameters:
submission
- the submission a valid anonymous submission (required)request
- the current HTTP request (required)- Returns:
- true if the user is allowed to access the submission
- See Also:
-
updateSubmissionSession
public void updateSubmissionSession(Submission submission, jakarta.servlet.http.HttpServletRequest request) Update new session info on the submission record.- Specified by:
updateSubmissionSession
in interfaceIFormSubmissionAccessController
- Parameters:
submission
- the submission (required)request
- the request (required)
-
hasJobAccess
Return true if the user has access to view the job details based on their group access control. Note: This does not mean that the user will be able to access any or all submissions associated with the job.- Specified by:
hasJobAccess
in interfaceIFormSubmissionAccessController
- Parameters:
job
- the jobrequest
- the current HTTP request (required)- Returns:
- true if the user is allowed to view the job record
- Since:
- 4.0.0
- See Also:
-
validateTaskReassignment
public String validateTaskReassignment(Submission submission, UserAccount newAssignee, jakarta.servlet.http.HttpServletRequest request) Checks if a task can be reassigned to a user by the current user. Returns a string describing the error, or null if the reassignment request is valid. NOTE: This method does not actually reassign the task,- Specified by:
validateTaskReassignment
in interfaceIFormSubmissionAccessController
- Parameters:
submission
- the task submission (required)newAssignee
- the new assignee (required)request
- the HTTP servlet request (required)- Returns:
- a string describing the error, or null if the reassignment request is valid
- Since:
- 4.1.0
- See Also:
-
validateTaskUnassignment
public String validateTaskUnassignment(Submission submission, jakarta.servlet.http.HttpServletRequest request) Checks if a task can be unassigned by the current user. Returns a string describing the error, or null if the unassignment request is valid. NOTE: This method does not actually reassign the task.- Specified by:
validateTaskUnassignment
in interfaceIFormSubmissionAccessController
- Parameters:
submission
- the task submission (required)request
- the HTTP servlet request (required)- Returns:
- a string describing the error, or null if the unassignment request is valid
- Since:
- 4.1.0
- See Also:
-
getAuthenticationService
Return authentication service instance.- Specified by:
getAuthenticationService
in interfaceIFormSubmissionAccessController
- Returns:
- authentication service instance
- See Also:
-
setAuthenticationService
Set the authentication service.- Specified by:
setAuthenticationService
in interfaceIFormSubmissionAccessController
- Parameters:
authenticationService
- the authentication service- See Also:
-
isValidNumberSaveChallengeRequests
public boolean isValidNumberSaveChallengeRequests(Submission submission, jakarta.servlet.http.HttpServletRequest request) Check whether the current user can make another save challenge attempt. This implementation checks fields on the submission save_challenge_failures and save_challenge_last_failure- Specified by:
isValidNumberSaveChallengeRequests
in interfaceIFormSubmissionAccessController
- Parameters:
submission
- the submission (optional, though false will be returned for a null value)request
- the HTTP servlet request (required)- Returns:
- true if the user has not exceeded the number of save challenge attempts
- Since:
- 4.1.0
- See Also:
-
onSaveChallengeSuccess
public void onSaveChallengeSuccess(Submission submission, jakarta.servlet.http.HttpServletRequest request) Called after a valid save challenge it resets the submission fields submission.saveChallengeFailures=0, submission.saveChallengeLastFailure=null- Specified by:
onSaveChallengeSuccess
in interfaceIFormSubmissionAccessController
- Parameters:
submission
- the task submission (required)request
- the HTTP servlet request (required)- Since:
- 17.10.0
- See Also:
-
setEnableEventLogging
public void setEnableEventLogging(boolean enableLogging) Specify whether to perform access control security event logging. Enabled by default, but can be switched off for performing background access control checks like rendering email templates and populating prefill data.- Specified by:
setEnableEventLogging
in interfaceIFormSubmissionAccessController
- Parameters:
enableLogging
- specify whether to enable access control security event logging.- Since:
- 4.3.1
- See Also:
-
getUserAgentSaveChallengeSessionRecovery
- Returns:
- the userAgentSaveChallengeSessionRecovery
- Since:
- 4.3.2
-
setUserAgentSaveChallengeSessionRecovery
- Parameters:
value
- the userAgentSaveChallengeSessionRecovery to set- Since:
- 4.3.2
-
setSupportBrowserIE8
public void setSupportBrowserIE8(boolean support) Specify whether to support the browser IE8.- Specified by:
setSupportBrowserIE8
in interfaceIFormSubmissionAccessController
- Parameters:
support
- specify whether to the browser IE8.- Since:
- 4.3.3
- See Also:
-
setSupportBrowserIE9
public void setSupportBrowserIE9(boolean support) Specify whether to support the browser IE9.- Specified by:
setSupportBrowserIE9
in interfaceIFormSubmissionAccessController
- Parameters:
support
- specify whether to the browser IE9.- Since:
- 4.3.3
- See Also:
-
setSupportBrowserIE10
public void setSupportBrowserIE10(boolean support) Specify whether to support the browser IE10.- Specified by:
setSupportBrowserIE10
in interfaceIFormSubmissionAccessController
- Parameters:
support
- specify whether to the browser IE10.- Since:
- 4.3.3
- See Also:
-
getFormCspHeaderValue
Return the 'Content Security Policy' (CSP) HTTP Security Header value for the given form.- Specified by:
getFormCspHeaderValue
in interfaceIFormSubmissionAccessController
- Parameters:
form
- the form (required)- Returns:
- the 'Content Security Policy' (CSP) HTTP Security Header value for the given form.
- Since:
- 4.3.3
- See Also:
-
getSystemFormCspHeader
Return the System 'Content Security Policy' (CSP) HTTP Security Header value.- Specified by:
getSystemFormCspHeader
in interfaceIFormSubmissionAccessController
- Returns:
- the System 'Content Security Policy' (CSP) HTTP Security Header value.
- Since:
- 5.1.4
- See Also:
-
setFormCspHeaderValue
Set the Form 'Content Security Policy' (CSP) HTTP security header value.- Specified by:
setFormCspHeaderValue
in interfaceIFormSubmissionAccessController
- Parameters:
value
- the Form 'Content Security Policy' (CSP) HTTP security header value.- Since:
- 4.3.3
- See Also:
-