Package com.avoka.fc.core.security

Interface IFormSubmissionAccessController

All Known Implementing Classes:
FormSubmissionAccessController
public interface IFormSubmissionAccessController
Provide a submission access controller service.
Since:
3.6.0

  • Method Details

    • getFormAccessStatus

      IFormSubmissionAccessController.AccessStatus getFormAccessStatus(Form form, jakarta.servlet.http.HttpServletRequest request)
      Gets user's the form access status.
      Parameters:
      form - the form (required)
      request - the request (required)
      Returns:
      the form access status

    • getInProgressSubmissionAccessStatus

      IFormSubmissionAccessController.AccessStatus getInProgressSubmissionAccessStatus(Submission submission, jakarta.servlet.http.HttpServletRequest request)
      Return the users access status to the given in-progress (not completed) submission. Please note this includes task submissions.

      Valid submission form status values:

      • Assigned - task submissions
      • Opened - task submissions
      • Saved
      • Submitted
      Parameters:
      submission - the submission to check (required)
      request - the user request (required)
      Returns:
      the user submission access control status
      Since:
      4.0

    • getInProgressSubmissionAccessStatus

      IFormSubmissionAccessController.AccessStatus getInProgressSubmissionAccessStatus(Submission submission, jakarta.servlet.http.HttpServletRequest request, boolean checkOrgAccess)
      Return the users access status to the given in-progress (not completed) submission. Please note this includes task submissions.

      Valid submission form status values:

      • Assigned - task submissions
      • Opened - task submissions
      • Saved
      • Submitted
      Parameters:
      submission - the submission to check (required)
      request - the user request (required)
      checkOrgAccess - flag to check if the user has org access (required)
      Returns:
      the user submission access control status
      Since:
      19.5.0

    • getInProgressJsAppAccessStatus

      IFormSubmissionAccessController.JsAppAccessStatus getInProgressJsAppAccessStatus(Submission submission, jakarta.servlet.http.HttpServletRequest request, Portal portal)
      Return the users access status to the given in-progress (not completed) 'JS App' submission. This method is valid only for 'JS App' form types, and is not valid for Maestro or Composer form types. Please note this includes task submissions.

      Valid submission form status values:

      • Assigned - task submissions
      • Opened - task submissions
      • Saved
      • Submitted
      Parameters:
      submission - the submission to check, must be a 'JS App' form type (required)
      request - the user request (required)
      portal - the request portal (required)
      Returns:
      the user submission access control status
      Since:
      18.11.0

    • getCompletedSubmissionAccessStatus

      IFormSubmissionAccessController.AccessStatus getCompletedSubmissionAccessStatus(Submission submission, jakarta.servlet.http.HttpServletRequest request, boolean checkOrgAccess)
      Return the users access status to the given completed submission.
      Parameters:
      submission - the submission (required)
      request - the request (required)
      checkOrgAccess - flag to check if the user has org access (required)
      Returns:
      the completed submission access status
      Since:
      19.5.0

    • getCompletedSubmissionAccessStatus

      IFormSubmissionAccessController.AccessStatus getCompletedSubmissionAccessStatus(Submission submission, jakarta.servlet.http.HttpServletRequest request)
      Return the users access status to the given completed submission.
      Parameters:
      submission - the submission (required)
      request - the request (required)
      Returns:
      the completed submission access status

    • getReceiptAccessStatus

      IFormSubmissionAccessController.AccessStatus getReceiptAccessStatus(Submission submission, jakarta.servlet.http.HttpServletRequest request)
      Return the users access status to the given submission receipt when returning later (i.e. via a receipt challenge).
      Parameters:
      submission - the submission (required)
      request - the request (required)
      Returns:
      the receipt access status

    • hasFormAccessPermissions

      boolean hasFormAccessPermissions(Form form, jakarta.servlet.http.HttpServletRequest request, Set<IFormSubmissionAccessController.AccessPermission> accessPermissions)
      Checks if is user has the specified access permissions to the form.
      Parameters:
      form - the form (required)
      request - the request (required)
      accessPermissions - the set of form access permissions (required)
      Returns:
      true, if is user associated to form

    • hasAnonymousSubmissionAccess

      boolean hasAnonymousSubmissionAccess(Submission submission, jakarta.servlet.http.HttpServletRequest request)
      Check whether the submission can be accessed by the current user. Generally, this is permitted if the session ID matches, or if the IP address matches and access occurs within a configurable grace period.
      Parameters:
      submission - the submission a valid anonymous submission
      request - the current HTTP request (required)
      Returns:
      true if the user is allowed to access the submission

    • hasJobAccess

      boolean hasJobAccess(Job job, jakarta.servlet.http.HttpServletRequest request)
      Return true if the user has access to view the job details based on their group access control.
      Parameters:
      job - the job
      request - the current HTTP request (required)
      Returns:
      true if the user is allowed to view the job record
      Since:
      4.0.0

    • getAuthenticationService

      IAuthenticationService getAuthenticationService()
      Return authentication service instance.
      Returns:
      authentication service instance

    • setAuthenticationService

      void setAuthenticationService(IAuthenticationService authenticationService)
      Set the authentication service.
      Parameters:
      authenticationService - the authentication service

    • updateSubmissionSession

      void updateSubmissionSession(Submission submission, jakarta.servlet.http.HttpServletRequest request)
      Update new session info on the submission record.
      Parameters:
      submission - the submission (required)
      request - the request (required)

    • validateTaskReassignment

      String validateTaskReassignment(Submission submission, UserAccount newAssignee, jakarta.servlet.http.HttpServletRequest request)
      Checks if a task can be reassigned to a user by the current user. Returns a string describing the error, or null if the reassignment request is valid. NOTE: This method does not actually reassign the task,
      Parameters:
      submission - the task submission (required)
      newAssignee - the new assignee (required)
      request - the HTTP servlet request (required)
      Returns:
      a string describing the error, or null if the reassignment request is valid
      Since:
      4.1.0

    • validateTaskUnassignment

      String validateTaskUnassignment(Submission submission, jakarta.servlet.http.HttpServletRequest request)
      Checks if a task can be unassigned by the current user. Returns a string describing the error, or null if the unassignment request is valid. NOTE: This method does not actually reassign the task,
      Parameters:
      submission - the task submission (required)
      request - the HTTP servlet request (required)
      Returns:
      a string describing the error, or null if the unassignment request is valid
      Since:
      4.1.0

    • isValidNumberSaveChallengeRequests

      boolean isValidNumberSaveChallengeRequests(Submission submission, jakarta.servlet.http.HttpServletRequest request)
      Check whether the current user can make another save challenge attempt.
      Parameters:
      submission - the submission
      request - the HTTP servlet request (required)
      Returns:
      true if the user has not exceeded the number of save challenge attempts
      Since:
      4.1.0

    • onSaveChallengeSuccess

      void onSaveChallengeSuccess(Submission submission, jakarta.servlet.http.HttpServletRequest request)
      On successful login will resets the submission failures and last failure.
      Parameters:
      submission - the task submission (required)
      request - the HTTP servlet request (required)
      Since:
      17.10.0

    • setEnableEventLogging

      void setEnableEventLogging(boolean enableLogging)
      Specify whether to perform access control security event logging. Enabled by default, but can be switched off for performing background access control checks like rendering email templates and populating prefill data.
      Parameters:
      enableLogging - specify whether to enable access control security event logging.
      Since:
      4.3.1

    • setSupportBrowserIE8

      void setSupportBrowserIE8(boolean support)
      Specify whether to support the browser IE8.
      Parameters:
      support - specify whether to the browser IE8.
      Since:
      4.3.3

    • setSupportBrowserIE9

      void setSupportBrowserIE9(boolean support)
      Specify whether to support the browser IE9.
      Parameters:
      support - specify whether to the browser IE9.
      Since:
      4.3.3

    • setSupportBrowserIE10

      void setSupportBrowserIE10(boolean support)
      Specify whether to support the browser IE10.
      Parameters:
      support - specify whether to the browser IE10.
      Since:
      4.3.3

    • getFormCspHeaderValue

      String getFormCspHeaderValue(Form form)
      Return the 'Content Security Policy' (CSP) HTTP Security Header value for the given form.
      Parameters:
      form - the form (required)
      Returns:
      the 'Content Security Policy' (CSP) HTTP Security Header value for the given form.
      Since:
      4.3.3

    • setFormCspHeaderValue

      void setFormCspHeaderValue(String value)
      Set the Form 'Content Security Policy' (CSP) HTTP security header value.
      Parameters:
      value - the Form 'Content Security Policy' (CSP) HTTP security header value.
      Since:
      4.3.3

    • getSystemFormCspHeader

      String getSystemFormCspHeader()
      Return the System 'Content Security Policy' (CSP) HTTP Security Header value.
      Returns:
      the System 'Content Security Policy' (CSP) HTTP Security Header value.
      Since:
      5.1.4