Configuring context conditions

Context conditions can be used to further specify the policy on an element in Valtimo. When a condition is used in the policy it will match the conditions against the element it is trying to access. Context conditions are restrictions on top of those, to define policies that only work within the context of another resource.

This page requires:

Use case

Use case: An implementation has 5 case types. Financial advisors should only be able to start processes for cases of 1 case type.

Solution:

  • Give the financial advisors ROLE_FINANCIAL.

  • Configure with conditions in PBAC that only ROLE_FINANCIAL can start processes, within the context of cases with a specific case definition name.

Example

Permission with context condition

In the example below, a junior financial advisor is only allowed to start an intake processes for clients who have less than 5000 euros to their name.

[
    {
        "resourceType": "com.ritense.valtimo.camunda.domain.CamundaExecution",
        "action": "create",
        "roleKey": "ROLE_JR_FINANCIAL",
        "conditions": [
            {
                "type": "container",
                "resourceType": "com.ritense.valtimo.camunda.domain.CamundaProcessDefinition",
                "conditions": [
                    {
                        "type": "field",
                        "field": "key",
                        "operator": "==",
                        "value": "intake-process"
                    }
                ]
            }
        ],
        "contextResourceType": "com.ritense.document.domain.impl.JsonSchemaDocument",
        "contextConditions": [
            {
                "type": "expression",
                "field": "content.content",
                "path": "$.funds",
                "operator": "<",
                "value": 5000,
                "clazz": "java.lang.Integer"
            }
        ]
    }
]

Last updated