org.flowable.idm.api.Group Java Examples

@Test
@Deployment
public void testMultipleServiceInvocationsFromDelegate() {
    runtimeService.startProcessInstanceByKey("multipleServiceInvocations");

    // The service task should have created a user which is part of the admin group
    User user = identityService.createUserQuery().singleResult();
    assertEquals("Kermit", user.getId());
    Group group = identityService.createGroupQuery().groupMember(user.getId()).singleResult();
    assertNotNull(group);
    assertEquals("admin", group.getId());

    // Cleanup
    identityService.deleteUser("Kermit");
    identityService.deleteGroup("admin");
    identityService.deleteMembership("Kermit", "admin");
}
 

@BeforeEach
public void setUp() throws Exception {

    Group accountants = identityService.newGroup("accountancy");
    identityService.saveGroup(accountants);
    Group managers = identityService.newGroup("management");
    identityService.saveGroup(managers);
    Group sales = identityService.newGroup("sales");
    identityService.saveGroup(sales);

    User kermit = identityService.newUser(KERMIT);
    identityService.saveUser(kermit);
    identityService.createMembership(KERMIT, "accountancy");

    User gonzo = identityService.newUser(GONZO);
    identityService.saveUser(gonzo);
    identityService.createMembership(GONZO, "management");
    identityService.createMembership(GONZO, "accountancy");
    identityService.createMembership(GONZO, "sales");
}
 

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    String name = authentication.getName();
    String password = authentication.getCredentials().toString();

    boolean authenticated = identityService.checkPassword(name, password);
    if (authenticated) {
        List<Group> groups = identityService.createGroupQuery().groupMember(name).list();
        Collection<GrantedAuthority> grantedAuthorities = new ArrayList<>();
        for (Group group : groups) {
            grantedAuthorities.add(new SimpleGrantedAuthority(group.getId()));
        }
        return new UsernamePasswordAuthenticationToken(name, password, grantedAuthorities);
    } else {
        throw new BadCredentialsException("Authentication failed for this username and password");
    }
}
 

@Test
public void testCreateMemberships() {
    Group group = identityService.newGroup("group");
    User tom = identityService.newUser("tom");
    User mat = identityService.newUser("mat");

    // save group
    identityService.saveGroup(group);
    // save users
    identityService.saveUser(tom);
    identityService.saveUser(mat);
    // create memberships
    identityService.createMembership(tom.getId(), group.getId());
    identityService.createMembership(mat.getId(), group.getId());

    // verify that the group has been created
    assertThat(identityService.createGroupQuery().groupId(group.getId()).singleResult()).isNotNull();
    // verify that the users have been created
    assertThat(identityService.createUserQuery().userId(tom.getId()).singleResult()).isNotNull();
    assertThat(identityService.createUserQuery().userId(mat.getId()).singleResult()).isNotNull();
    // verify that the users are members of the group
    assertThat(identityService.createGroupQuery().groupMember(tom.getId()).singleResult()).isNotNull();
    assertThat(identityService.createGroupQuery().groupMember(mat.getId()).singleResult()).isNotNull();
}
 

public PrivilegeResponse createPrivilegeResponse(Privilege privilege, List<User> users, List<Group> groups) {
    PrivilegeResponse response = createPrivilegeResponse(privilege);
    
    List<UserResponse> userResponses = new ArrayList<>(users.size());
    for (User user : users) {
        userResponses.add(createUserResponse(user, false));
    }
    response.setUsers(userResponses);
    
    List<GroupResponse> groupResponses = new ArrayList<>(groups.size());
    for (Group group : groups) {
        groupResponses.add(createGroupResponse(group));
    }
    response.setGroups(groupResponses);
    
    return response;
}
 

@ApiOperation(value = "Get a single privilege", tags = { "Privileges" })
@ApiResponses(value = {
        @ApiResponse(code = 200, message = "Indicates the privilege exists and is returned."),
        @ApiResponse(code = 404, message = "Indicates the requested privilege does not exist.")
})
@GetMapping(value = "/privileges/{privilegeId}", produces = "application/json")
public PrivilegeResponse getUser(@ApiParam(name = "privilegeId") @PathVariable String privilegeId, HttpServletRequest request) {
    Privilege privilege = identityService.createPrivilegeQuery().privilegeId(privilegeId).singleResult();
    
    if (privilege == null) {
        throw new FlowableObjectNotFoundException("Could not find privilege with id " + privilegeId, Privilege.class);
    }
    
    if (restApiInterceptor != null) {
        restApiInterceptor.accessPrivilegeInfoById(privilege);
    }
    
    List<User> users = identityService.getUsersWithPrivilege(privilege.getId());
    List<Group> groups = identityService.getGroupsWithPrivilege(privilege.getId());
    
    return restResponseFactory.createPrivilegeResponse(privilege, users, groups); 
}
 

@Test
public void testCreateMembershipAlreadyExisting() {
    Group sales = identityService.newGroup("sales");
    identityService.saveGroup(sales);
    User johndoe = identityService.newUser("johndoe");
    identityService.saveUser(johndoe);

    // Create the membership
    identityService.createMembership(johndoe.getId(), sales.getId());

    assertThatThrownBy(() -> identityService.createMembership(johndoe.getId(), sales.getId()))
            .isInstanceOf(RuntimeException.class);

    identityService.deleteGroup(sales.getId());
    identityService.deleteUser(johndoe.getId());
}
 

@ApiOperation(value = "Delete a group", tags = { "Groups" })
@ApiResponses(value = {
        @ApiResponse(code = 204, message = "Indicates the group was found and  has been deleted. Response-body is intentionally empty."),
        @ApiResponse(code = 404, message = "Indicates the requested group does not exist.")
})
@DeleteMapping("/groups/{groupId}")
public void deleteGroup(@ApiParam(name = "groupId") @PathVariable String groupId, HttpServletResponse response) {
    Group group = getGroupFromRequest(groupId);
    
    if (restApiInterceptor != null) {
        restApiInterceptor.deleteGroup(group);
    }
    
    identityService.deleteGroup(group.getId());
    response.setStatus(HttpStatus.NO_CONTENT.value());
}
 

@ApiOperation(value = "Update a group", tags = {
        "Groups" }, notes = "All request values are optional. For example, you can only include the name attribute in the request body JSON-object, only updating the name of the group, leaving all other fields unaffected. When an attribute is explicitly included and is set to null, the group-value will be updated to null.")
@ApiResponses(value = {
        @ApiResponse(code = 200, message = "Indicates the group was updated."),
        @ApiResponse(code = 404, message = "Indicates the requested group was not found."),
        @ApiResponse(code = 409, message = "Indicates the requested group was updated simultaneously.")
})
@PutMapping(value = "/identity/groups/{groupId}", produces = "application/json")
public GroupResponse updateGroup(@ApiParam(name = "groupId") @PathVariable String groupId, @RequestBody GroupRequest groupRequest, HttpServletRequest request) {
    Group group = getGroupFromRequest(groupId);

    if (groupRequest.getId() == null || groupRequest.getId().equals(group.getId())) {
        if (groupRequest.isNameChanged()) {
            group.setName(groupRequest.getName());
        }
        if (groupRequest.isTypeChanged()) {
            group.setType(groupRequest.getType());
        }
        identityService.saveGroup(group);
    } else {
        throw new FlowableIllegalArgumentException("Key provided in request body does not match the key in the resource URL.");
    }

    return restResponseFactory.createGroupResponse(group);
}
 

@Override
public void execute(DelegateExecution execution) {

    IdentityService identityService = Context.getProcessEngineConfiguration().getIdentityService();

    String username = "Kermit";
    User user = identityService.newUser(username);
    user.setPassword("123");
    user.setFirstName("Manually");
    user.setLastName("created");
    identityService.saveUser(user);

    // Add admin group
    Group group = identityService.newGroup("admin");
    identityService.saveGroup(group);

    identityService.createMembership(username, "admin");
}
 

@GetMapping(value = "/rest/admin/privileges/{privilegeId}")
public PrivilegeRepresentation getPrivilege(@PathVariable String privilegeId) {

    Privilege privilege = privilegeService.findPrivilege(privilegeId);

    if (privilege != null) {
        PrivilegeRepresentation privilegeRepresentation = new PrivilegeRepresentation();
        privilegeRepresentation.setId(privilege.getId());
        privilegeRepresentation.setName(privilege.getName());

        List<User> users = privilegeService.findUsersWithPrivilege(privilegeId);
        for (User user : users) {
            privilegeRepresentation.addUser(new UserRepresentation(user));
        }

        List<Group> groups = privilegeService.findGroupsWithPrivilege(privilegeId);
        for (Group group : groups) {
            privilegeRepresentation.addGroup(new GroupRepresentation(group));
        }

        return privilegeRepresentation;
    } else {
        throw new NotFoundException();
    }
}
 

public void testQuerySorting() {
    // asc
    assertEquals(4, identityService.createGroupQuery().orderByGroupId().asc().count());
    assertEquals(4, identityService.createGroupQuery().orderByGroupName().asc().count());
    assertEquals(4, identityService.createGroupQuery().orderByGroupType().asc().count());

    // desc
    assertEquals(4, identityService.createGroupQuery().orderByGroupId().desc().count());
    assertEquals(4, identityService.createGroupQuery().orderByGroupName().desc().count());
    assertEquals(4, identityService.createGroupQuery().orderByGroupType().desc().count());

    // Multiple sortings
    GroupQuery query = identityService.createGroupQuery().orderByGroupType().asc().orderByGroupName().desc();
    List<Group> groups = query.list();
    assertEquals(4, query.count());

    assertEquals("security", groups.get(0).getType());
    assertEquals("user", groups.get(1).getType());
    assertEquals("user", groups.get(2).getType());
    assertEquals("user", groups.get(3).getType());

    assertEquals("admin", groups.get(0).getId());
    assertEquals("muppets", groups.get(1).getId());
    assertEquals("mammals", groups.get(2).getId());
    assertEquals("frogs", groups.get(3).getId());
}
 

@Test
public void testGroupOptimisticLockingException() {
    Group group = idmIdentityService.newGroup("group");
    idmIdentityService.saveGroup(group);

    Group group1 = idmIdentityService.createGroupQuery().singleResult();
    Group group2 = idmIdentityService.createGroupQuery().singleResult();

    group1.setName("name one");
    idmIdentityService.saveGroup(group1);

    assertThatThrownBy(() -> {
        group2.setName("name two");
        idmIdentityService.saveGroup(group2);
    })
            .isExactlyInstanceOf(FlowableOptimisticLockingException.class);

    idmIdentityService.deleteGroup(group.getId());
}
 

@ApiOperation(value = "Delete a member from a group", tags = { "Groups" })
@ApiResponses(value = {
        @ApiResponse(code = 204, message = "Indicates the group was found and the member has been deleted. The response body is left empty intentionally."),
        @ApiResponse(code = 404, message = "Indicates the requested group was not found or that the user is not a member of the group. The status description contains additional information about the error.")
})
@DeleteMapping("/identity/groups/{groupId}/members/{userId}")
public void deleteMembership(@ApiParam(name = "groupId") @PathVariable("groupId") String groupId, @ApiParam(name = "userId") @PathVariable("userId") String userId, HttpServletRequest request, HttpServletResponse response) {

    Group group = getGroupFromRequest(groupId);

    // Check if user is not a member of group since API does not return typed exception
    if (identityService.createUserQuery().memberOfGroup(group.getId()).userId(userId).count() != 1) {
        throw new FlowableObjectNotFoundException("User '" + userId + "' is not part of group '" + group.getId() + "'.", null);
    }

    identityService.deleteMembership(userId, group.getId());
    response.setStatus(HttpStatus.NO_CONTENT.value());
}
 

/**
 * Test deleting a single group.
 */
@Test
public void testDeleteGroup() throws Exception {
    try {
        Group testGroup = identityService.newGroup("testgroup");
        testGroup.setName("Test group");
        testGroup.setType("Test type");
        identityService.saveGroup(testGroup);

        closeResponse(executeRequest(new HttpDelete(SERVER_URL_PREFIX + RestUrls.createRelativeResourceUrl(RestUrls.URL_GROUP, "testgroup")), HttpStatus.SC_NO_CONTENT));

        assertThat(identityService.createGroupQuery().groupId("testgroup").singleResult()).isNull();

    } finally {
        try {
            identityService.deleteGroup("testgroup");
        } catch (Throwable ignore) {
            // Ignore, since the group may not have been created in the test
            // or already deleted
        }
    }
}
 

@Test
public void testCreateMembershipAlreadyExisting() {
    Group sales = idmIdentityService.newGroup("sales");
    idmIdentityService.saveGroup(sales);
    User johndoe = idmIdentityService.newUser("johndoe");
    idmIdentityService.saveUser(johndoe);

    // Create the membership
    idmIdentityService.createMembership(johndoe.getId(), sales.getId());

    assertThatThrownBy(() -> idmIdentityService.createMembership(johndoe.getId(), sales.getId()))
            .isInstanceOf(RuntimeException.class);

    idmIdentityService.deleteGroup(sales.getId());
    idmIdentityService.deleteUser(johndoe.getId());
}
 

@Test
public void testDeleteMembership() {
    Group sales = identityService.newGroup("sales");
    identityService.saveGroup(sales);

    User johndoe = identityService.newUser("johndoe");
    identityService.saveUser(johndoe);
    // Add membership
    identityService.createMembership(johndoe.getId(), sales.getId());

    List<Group> groups = identityService.createGroupQuery().groupMember(johndoe.getId()).list();
    assertThat(groups)
            .extracting(Group::getId)
            .containsExactly("sales");

    // Delete the membership and check members of sales group
    identityService.deleteMembership(johndoe.getId(), sales.getId());
    groups = identityService.createGroupQuery().groupMember(johndoe.getId()).list();
    assertThat(groups).isEmpty();

    identityService.deleteGroup("sales");
    identityService.deleteUser("johndoe");
}
 

/**
 * @deprecated Privileges are no longer required use {@link #FlowableUser(User, boolean, List, Collection)} instead
 */
@Deprecated
public FlowableUser(User user, boolean active, List<? extends Group> groups, List<? extends Privilege> privileges,
    Collection<? extends GrantedAuthority> authorities) {
    super(user.getId(), user.getPassword() == null ? "" : user.getPassword(), active, active, active, active, authorities);
    this.user = user;
    this.groups = Collections.unmodifiableList(groups);
    this.privileges = Collections.unmodifiableList(privileges);
}
 

public Set<String> getGroupIds(List<Group> groups) {
    Set<String> groupIds = new HashSet<String>();
    for (Group group : groups) {
        groupIds.add(group.getId());
    }
    return groupIds;
}
 

public void deleteUser(String userId) {
    List<Privilege> privileges = identityService.createPrivilegeQuery().userId(userId).list();
    for (Privilege privilege : privileges) {
        identityService.deleteUserPrivilegeMapping(privilege.getId(), userId);
    }

    List<Group> groups = identityService.createGroupQuery().groupMember(userId).list();
    if (groups != null && groups.size() > 0) {
        for (Group group : groups) {
            identityService.deleteMembership(userId, group.getId());
        }
    }
    identityService.deleteUser(userId);
}
 

@Override
public List<String> getGroupsForCandidateUser(String candidateUser) {
    IdentityService identityService = getProcessEngineConfiguration().getIdentityService();
    List<Group> groups = identityService.createGroupQuery().groupMember(candidateUser).list();
    List<String> groupIds = new ArrayList<>();
    for (Group group : groups) {
        groupIds.add(group.getId());
    }
    return groupIds;
}
 

protected void createUsers() {
    User user = idmIdentityService.newUser("kermit");
    user.setFirstName("Kermit");
    user.setLastName("the Frog");
    user.setPassword("kermit");
    idmIdentityService.saveUser(user);

    Group group = idmIdentityService.newGroup("admin");
    group.setName("Administrators");
    idmIdentityService.saveGroup(group);

    idmIdentityService.createMembership(user.getId(), group.getId());
}
 

@GetMapping(value = "/rest/workflow-groups/{groupId}")
public GroupRepresentation getGroup(@PathVariable String groupId, HttpServletResponse response) {
    Group group = remoteIdmService.getGroup(groupId);

    if (group == null) {
        throw new NotFoundException("Group with id: " + groupId + " does not exist or is inactive");
    }

    return new GroupRepresentation(group);
}
 

public void deleteGroupMember(String groupId, String userId) {
    verifyGroupMemberExists(groupId, userId);
    Group group = identityService.createGroupQuery().groupId(groupId).singleResult();
    if (group == null) {
        throw new NotFoundException();
    }

    User user = identityService.createUserQuery().userId(userId).singleResult();
    if (user == null) {
        throw new NotFoundException();
    }

    identityService.deleteMembership(userId, groupId);
}
 

@Test
public void testDeleteMembershipUnexistingUser() {
    Group sales = idmIdentityService.newGroup("sales");
    idmIdentityService.saveGroup(sales);
    // No exception should be thrown when user doesn't exist
    idmIdentityService.deleteMembership("unexistinguser", sales.getId());
    idmIdentityService.deleteGroup(sales.getId());
}
 

@SuppressWarnings({ "unchecked", "rawtypes" })
@Override
public List<Group> execute(CommandContext commandContext) {
    ProcessDefinitionEntity processDefinition = CommandContextUtil.getProcessDefinitionEntityManager(commandContext).findById(processDefinitionId);

    if (processDefinition == null) {
        throw new FlowableObjectNotFoundException("Cannot find process definition with id " + processDefinitionId, ProcessDefinition.class);
    }

    IdentityService identityService = CommandContextUtil.getProcessEngineConfiguration(commandContext).getIdentityService();

    List<String> groupIds = new ArrayList<>();
    List<IdentityLink> identityLinks = (List) processDefinition.getIdentityLinks();
    for (IdentityLink identityLink : identityLinks) {
        if (identityLink.getGroupId() != null && identityLink.getGroupId().length() > 0) {

            if (!groupIds.contains(identityLink.getGroupId())) {
                groupIds.add(identityLink.getGroupId());
            }
        }
    }

    if (groupIds.size() > 0) {
        return identityService.createGroupQuery().groupIds(groupIds).list();

    } else {
        return new ArrayList<>();
    }
}
 

protected List<Group> executeQuery() {
    if (getUserId() != null) {
        return findGroupsByUser(getUserId());
    } else if (getId() != null) {
        return findGroupsById(getId());
    } else {
        return findAllGroups();
    }
}
 

public FlowableUser(User user, String username, boolean enabled,
    List<? extends Group> groups, Collection<? extends GrantedAuthority> authorities) {
    super(username, user.getPassword() == null ? "" : user.getPassword(), enabled, true, true, true, authorities);
    this.user = user;
    this.groups = Collections.unmodifiableList(groups);
    this.privileges = Collections.emptyList();
}
 

private List<String> getGroupIdsForUser(User user) {
    List<String> groupIds = new ArrayList<>();
    RemoteUser remoteUser = (RemoteUser) user;

    for (Group group : remoteUser.getGroups()) {
        groupIds.add(String.valueOf(group.getId()));
    }
    return groupIds;
}
 

private String getGroupName(String groupId) {
    if (ObjectUtils.isEmpty(groupId)) {
        return null;
    }
    Group group = identityService.createGroupQuery().groupId(groupId).singleResult();
    if (group != null) {
        return group.getName();
    }
    return null;
}