org.camunda.bpm.engine.authorization.Authorization Java Examples
The following examples show how to use
org.camunda.bpm.engine.authorization.Authorization.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SaveAuthorizationCmd.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public Authorization execute(CommandContext commandContext) {
final AuthorizationManager authorizationManager = commandContext.getAuthorizationManager();
authorizationManager.validateResourceCompatibility(authorization);
provideRemovalTime(commandContext);
String operationType = null;
AuthorizationEntity previousValues = null;
if(authorization.getId() == null) {
authorizationManager.insert(authorization);
operationType = UserOperationLogEntry.OPERATION_TYPE_CREATE;
} else {
previousValues = commandContext.getDbEntityManager().selectById(AuthorizationEntity.class, authorization.getId());
authorizationManager.update(authorization);
operationType = UserOperationLogEntry.OPERATION_TYPE_UPDATE;
}
commandContext.getOperationLogManager().logAuthorizationOperation(operationType, authorization, previousValues);
return authorization;
}
Example #2
| Source File: AuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
protected User createUser(String userId) {
User user = identityService.newUser(userId);
identityService.saveUser(user);
// give user all permission to manipulate authorizations
Authorization authorization = createGrantAuthorization(AUTHORIZATION, ANY);
authorization.setUserId(userId);
authorization.addPermission(ALL);
saveAuthorization(authorization);
// give user all permission to manipulate users
authorization = createGrantAuthorization(USER, ANY);
authorization.setUserId(userId);
authorization.addPermission(Permissions.ALL);
saveAuthorization(authorization);
return user;
}
Example #3
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testReportResourcePermissions() {
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
authorization.setUserId(userId);
authorization.addPermission(CREATE);
authorization.addPermission(READ);
authorization.addPermission(UPDATE);
authorization.addPermission(DELETE);
authorization.setResource(REPORT);
authorization.setResourceId(ANY);
authorizationService.saveAuthorization(authorization);
processEngineConfiguration.setAuthorizationEnabled(true);
assertEquals(true, authorizationService.isUserAuthorized(userId, null, CREATE, REPORT));
assertEquals(true, authorizationService.isUserAuthorized(userId, null, READ, REPORT));
assertEquals(true, authorizationService.isUserAuthorized(userId, null, UPDATE, REPORT));
assertEquals(true, authorizationService.isUserAuthorized(userId, null, DELETE, REPORT));
processEngineConfiguration.setAuthorizationEnabled(false);
}
Example #4
| Source File: AuthorizationRestServiceInteractionTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testDeleteAuthorization() {
Authorization authorization = MockProvider.createMockGlobalAuthorization();
AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
when(authorizationQuery.singleResult()).thenReturn(authorization);
given()
.pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
.then().expect()
.statusCode(Status.NO_CONTENT.getStatusCode())
.when()
.delete(AUTH_RESOURCE_PATH);
verify(authorizationQuery).authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID);
verify(authorizationServiceMock).deleteAuthorization(MockProvider.EXAMPLE_AUTHORIZATION_ID);
}
Example #5
| Source File: AuthorizationServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testDeleteAuthorization() {
// create global auth
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(AUTHORIZATION);
basePerms.setResourceId(ANY);
basePerms.addPermission(ALL);
basePerms.removePermission(DELETE); // revoke delete
authorizationService.saveAuthorization(basePerms);
// turn on authorization
processEngineConfiguration.setAuthorizationEnabled(true);
identityService.setAuthenticatedUserId(jonny2);
try {
// try to delete authorization
authorizationService.deleteAuthorization(basePerms.getId());
fail("exception expected");
} catch (AuthorizationException e) {
assertEquals(1, e.getMissingAuthorizations().size());
MissingAuthorization info = e.getMissingAuthorizations().get(0);
assertEquals(jonny2, e.getUserId());
assertExceptionInfo(DELETE.getName(), AUTHORIZATION.resourceName(), basePerms.getId(), info);
}
}
Example #6
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testGlobalUniqueConstraints() {
Resource resource1 = TestResource.RESOURCE1;
Authorization authorization1 = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
Authorization authorization2 = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
authorization1.setResource(resource1);
authorization1.setResourceId("someId");
authorization2.setResource(resource1);
authorization2.setResourceId("someId");
// the first one can be saved
authorizationService.saveAuthorization(authorization1);
// the second one cannot
try {
authorizationService.saveAuthorization(authorization2);
fail("exception expected");
} catch(Exception e) {
//expected
}
}
Example #7
| Source File: HistoricInstancePermissionsAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@After
public void tearDown() {
engineConfiguration
.setEnableHistoricInstancePermissions(false)
.setAuthorizationEnabled(false);
identityService.clearAuthentication();
List<Authorization> auths = authorizationService.createAuthorizationQuery()
.userIdIn(USER_ID)
.list();
for (Authorization authorization : auths) {
authorizationService.deleteAuthorization(authorization.getId());
}
}
Example #8
| Source File: AuthorizationRestServiceInteractionTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testDeleteAuthorizationThrowsAuthorizationException() {
Authorization authorization = MockProvider.createMockGlobalAuthorization();
AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
when(authorizationQuery.singleResult()).thenReturn(authorization);
String message = "expected authorization exception";
doThrow(new AuthorizationException(message)).when(authorizationServiceMock).deleteAuthorization(MockProvider.EXAMPLE_AUTHORIZATION_ID);
given()
.pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
.then().expect()
.statusCode(Status.FORBIDDEN.getStatusCode())
.contentType(ContentType.JSON)
.body("type", equalTo(AuthorizationException.class.getSimpleName()))
.body("message", equalTo(message))
.when()
.delete(AUTH_RESOURCE_PATH);
}
Example #9
| Source File: AuthorizationUserOperationLogTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testLogCreatedOnAuthorizationCreationWithAllPermission() {
// given
createGrantAuthorizationWithoutAuthentication(OPERATION_LOG_CATEGORY, CATEGORY_ADMIN, userId, READ);
UserOperationLogQuery query = historyService.createUserOperationLogQuery();
assertEquals(0, query.count());
// when
PermissionProvider permissionProvider = processEngineConfiguration.getPermissionProvider();
processEngineConfiguration.setPermissionProvider(new TestPermissionProvider());
createGrantAuthorizationGroup(TestResource.RESOURCE1, Authorization.ANY, "testGroupId", TestPermissions.ALL);
processEngineConfiguration.setPermissionProvider(permissionProvider);
// then
assertEquals(6, query.count());
UserOperationLogEntry entry = query.property("permissions").singleResult();
assertEquals(UserOperationLogEntry.OPERATION_TYPE_CREATE, entry.getOperationType());
assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
assertEquals(TestPermissions.ALL.getName(), entry.getNewValue());
}
Example #10
| Source File: AuthorizationServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testSaveAuthorizationSetPermissionsWithValidResource() throws Exception {
// given
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
authorization.setUserId("userId");
authorization.addPermission(Permissions.ACCESS);
// 'ACCESS' is not allowed for Batches
// however, it will be reset by next line, so saveAuthorization will be successful
authorization.setPermissions(
new BatchPermissions[] { BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES });
authorization.setResource(Resources.BATCH);
authorization.setResourceId(ANY);
processEngineConfiguration.setAuthorizationEnabled(true);
// when
authorizationService.saveAuthorization(authorization);
// then
Authorization authorizationResult = authorizationService.createAuthorizationQuery().resourceType(Resources.BATCH).singleResult();
assertNotNull(authorizationResult);
assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES));
}
Example #11
| Source File: GroupAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testTaskQueryWithGroupAuthorization() {
for (String testGroupId : testGroupIds) {
createGroupGrantAuthorization(Resources.TASK, Authorization.ANY, testGroupId);
}
processEngineConfiguration.getCommandExecutorTxRequired().execute(new Command<Void>() {
public Void execute(CommandContext commandContext) {
AuthorizationManager authorizationManager = spyOnSession(commandContext, AuthorizationManager.class);
TaskQueryImpl taskQuery = (TaskQueryImpl) spy(processEngine.getTaskService().createTaskQuery());
AuthorizationCheck authCheck = spy(new AuthorizationCheck());
when(taskQuery.getAuthCheck()).thenReturn(authCheck);
taskQuery.list();
verify(authorizationManager, atLeastOnce()).filterAuthenticatedGroupIds(eq(testGroupIds));
verify(authCheck, atLeastOnce()).setAuthGroupIds((List<String>) argThat(containsInAnyOrder(testGroupIds.toArray())));
return null;
}
});
}
Example #12
| Source File: GroupAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testTaskQueryWithOneGroupAuthorization() {
createGroupGrantAuthorization(Resources.TASK, Authorization.ANY, testGroupIds.get(0));
processEngineConfiguration.getCommandExecutorTxRequired().execute(new Command<Void>() {
public Void execute(CommandContext commandContext) {
AuthorizationManager authorizationManager = spyOnSession(commandContext, AuthorizationManager.class);
TaskQueryImpl taskQuery = (TaskQueryImpl) spy(processEngine.getTaskService().createTaskQuery());
AuthorizationCheck authCheck = spy(new AuthorizationCheck());
when(taskQuery.getAuthCheck()).thenReturn(authCheck);
taskQuery.list();
verify(authorizationManager, atLeastOnce()).filterAuthenticatedGroupIds(eq(testGroupIds));
verify(authCheck).setAuthGroupIds(eq(testGroupIds.subList(0, 1)));
return null;
}
});
}
Example #13
| Source File: CreateStandaloneTaskDeleteAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testWithDeleteHistoryPermissionOnAnyProcessDefinition() {
// given
UserOperationLogQuery query = historyService.createUserOperationLogQuery().taskId("myTaskForUserOperationLogDel");
// assume
assertEquals(1, query.count());
Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
auth.setUserId(USER_ID);
auth.setPermissions(new Permissions[] {Permissions.DELETE_HISTORY});
auth.setResource(Resources.PROCESS_DEFINITION);
auth.setResourceId("*");
authorizationService.saveAuthorization(auth);
engineConfiguration.setAuthorizationEnabled(true);
// when
historyService.deleteUserOperationLogEntry(query.singleResult().getId());
// then
assertNull(historyService.createUserOperationLogQuery().taskId("myTaskForUserOperationLogDel").singleResult());
}
Example #14
| Source File: DeploymentAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testClearAuthorizationOnDeleteDeployment() {
// given
createGrantAuthorization(DEPLOYMENT, ANY, userId, CREATE);
Deployment deployment = repositoryService
.createDeployment()
.addClasspathResource(FIRST_RESOURCE)
.deploy();
String deploymentId = deployment.getId();
AuthorizationQuery query = authorizationService
.createAuthorizationQuery()
.userIdIn(userId)
.resourceId(deploymentId);
Authorization authorization = query.singleResult();
assertNotNull(authorization);
// when
repositoryService.deleteDeployment(deploymentId);
authorization = query.singleResult();
assertNull(authorization);
deleteDeployment(deploymentId);
}
Example #15
| Source File: AuthorizationServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testAuthorizationQueryAuthorizations() {
// we are jonny2
String authUserId = "jonny2";
identityService.setAuthenticatedUserId(authUserId);
// create new auth wich revokes read access on auth
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(AUTHORIZATION);
basePerms.setResourceId(ANY);
authorizationService.saveAuthorization(basePerms);
// I can see it
assertEquals(1, authorizationService.createAuthorizationQuery().count());
// now enable checks
processEngineConfiguration.setAuthorizationEnabled(true);
// I can't see it
assertEquals(0, authorizationService.createAuthorizationQuery().count());
}
Example #16
| Source File: AuthorizationSpec.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public Authorization instantiate(AuthorizationService authorizationService, Map<String, String> replacements) {
Authorization authorization = authorizationService.createNewAuthorization(type);
// TODO: group id is missing
authorization.setResource(resource);
if (replacements.containsKey(resourceId)) {
authorization.setResourceId(replacements.get(resourceId));
}
else {
authorization.setResourceId(resourceId);
}
authorization.setUserId(userId);
authorization.setPermissions(permissions);
return authorization;
}
Example #17
| Source File: AuthorizationRestServiceInteractionTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testUpdateNonExistingAuthorization() {
Authorization authorization = MockProvider.createMockGlobalAuthorization();
AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
when(authorizationQuery.singleResult()).thenReturn(null);
AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization, processEngineConfigurationMock);
given()
.pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
.body(dto).contentType(ContentType.JSON)
.then().expect()
.statusCode(Status.NOT_FOUND.getStatusCode()).contentType(ContentType.JSON)
.body("message", equalTo("Authorization with id "+MockProvider.EXAMPLE_AUTHORIZATION_ID+" does not exist."))
.when()
.put(AUTH_RESOURCE_PATH);
verify(authorizationServiceMock, never()).saveAuthorization(authorization);
}
Example #18
| Source File: AdminGroupsTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testWithAdminGroup() {
processEngineConfiguration.getAdminGroups().add("adminGroup");
processEngineConfiguration.setAuthorizationEnabled(false);
identityService.setAuthentication("admin", Collections.singletonList("adminGroup"), null);
Authorization userAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
userAuth.setUserId("admin");
userAuth.setResource(USER);
userAuth.setResourceId(ANY);
userAuth.addPermission(READ);
authorizationService.saveAuthorization(userAuth);
processEngineConfiguration.setAuthorizationEnabled(true);
// when
identityService.unlockUser("jonny1");
// then no exception
}
Example #19
| Source File: AuthorizationRestServiceInteractionTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testSaveAuthorizationThrowsAuthorizationException() {
String message = "expected authorization exception";
when(authorizationServiceMock.saveAuthorization(any(Authorization.class))).thenThrow(new AuthorizationException(message));
Authorization authorization = MockProvider.createMockGrantAuthorization();
when(authorizationServiceMock.createNewAuthorization(Authorization.AUTH_TYPE_GRANT)).thenReturn(authorization);
AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization, processEngineConfigurationMock);
given()
.body(dto)
.contentType(ContentType.JSON)
.then().expect()
.statusCode(Status.FORBIDDEN.getStatusCode())
.contentType(ContentType.JSON)
.body("type", equalTo(AuthorizationException.class.getSimpleName()))
.body("message", equalTo(message))
.when()
.post(AUTH_CREATE_PATH);
}
Example #20
| Source File: ProcessDefinitionAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testQueryWithRevokedReadPermission() {
// given
// given user gets all permissions on any process definition
createGrantAuthorization(PROCESS_DEFINITION, ANY, userId, ALL);
Authorization authorization = createRevokeAuthorization(PROCESS_DEFINITION, ONE_TASK_PROCESS_KEY);
authorization.setUserId(userId);
authorization.removePermission(READ);
saveAuthorization(authorization);
// when
ProcessDefinitionQuery query = repositoryService.createProcessDefinitionQuery();
// then
verifyQueryResults(query, 1);
ProcessDefinition definition = query.singleResult();
assertNotNull(definition);
assertEquals(TWO_TASKS_PROCESS_KEY, definition.getKey());
}
Example #21
| Source File: AuthorizationRestServiceQueryTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testCompleteGetParameters() {
List<Authorization> mockAuthorizations = MockProvider.createMockGlobalAuthorizations();
AuthorizationQuery mockQuery = setUpMockQuery(mockAuthorizations);
Map<String, String> queryParameters = getCompleteStringQueryParameters();
RequestSpecification requestSpecification = given().contentType(POST_JSON_CONTENT_TYPE);
for (Entry<String, String> paramEntry : queryParameters.entrySet()) {
requestSpecification.parameter(paramEntry.getKey(), paramEntry.getValue());
}
requestSpecification.expect().statusCode(Status.OK.getStatusCode())
.when().get(SERVICE_PATH);
verify(mockQuery).authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID);
verify(mockQuery).authorizationType(MockProvider.EXAMPLE_AUTHORIZATION_TYPE);
verify(mockQuery).userIdIn(new String[]{MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_ID2});
verify(mockQuery).groupIdIn(new String[]{MockProvider.EXAMPLE_GROUP_ID, MockProvider.EXAMPLE_GROUP_ID2});
verify(mockQuery).resourceType(MockProvider.EXAMPLE_RESOURCE_TYPE_ID);
verify(mockQuery).resourceId(MockProvider.EXAMPLE_RESOURCE_ID);
verify(mockQuery).list();
}
Example #22
| Source File: AuthorizationRestServiceInteractionTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testUpdateAuthorizationThrowsAuthorizationException() {
Authorization authorization = MockProvider.createMockGlobalAuthorization();
AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization, processEngineConfigurationMock);
AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
when(authorizationQuery.singleResult()).thenReturn(authorization);
String message = "expected authorization exception";
when(authorizationServiceMock.saveAuthorization(any(Authorization.class))).thenThrow(new AuthorizationException(message));
given()
.pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
.body(dto).contentType(ContentType.JSON)
.then().expect()
.statusCode(Status.FORBIDDEN.getStatusCode())
.contentType(ContentType.JSON)
.body("type", equalTo(AuthorizationException.class.getSimpleName()))
.body("message", equalTo(message))
.when()
.put(AUTH_RESOURCE_PATH);
}
Example #23
| Source File: LdapDisableAuthorizationCheckTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testGroupQueryPaginationWithAuthenticatedUserWithAuthorizations() {
createGrantAuthorization(GROUP, "management", "oscar", READ);
createGrantAuthorization(GROUP, "consulting", "oscar", READ);
createGrantAuthorization(GROUP, "external", "oscar", READ);
try {
processEngineConfiguration.setAuthorizationEnabled(true);
identityService.setAuthenticatedUserId("oscar");
testGroupPaging(identityService);
} finally {
processEngineConfiguration.setAuthorizationEnabled(false);
identityService.clearAuthentication();
for (Authorization authorization : authorizationService.createAuthorizationQuery().list()) {
authorizationService.deleteAuthorization(authorization.getId());
}
}
}
Example #24
| Source File: IdentityServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testUserUpdateAuthorizations() {
// crate user while still in god-mode:
User jonny1 = identityService.newUser("jonny1");
identityService.saveUser(jonny1);
// create global auth
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(USER);
basePerms.setResourceId(ANY);
basePerms.addPermission(ALL);
basePerms.removePermission(UPDATE); // revoke update
authorizationService.saveAuthorization(basePerms);
// turn on authorization
processEngineConfiguration.setAuthorizationEnabled(true);
identityService.setAuthenticatedUserId(jonny2);
// fetch user:
jonny1 = identityService.createUserQuery().singleResult();
jonny1.setFirstName("Jonny");
try {
identityService.saveUser(jonny1);
fail("exception expected");
} catch (AuthorizationException e) {
assertEquals(1, e.getMissingAuthorizations().size());
MissingAuthorization info = e.getMissingAuthorizations().get(0);
assertEquals(jonny2, e.getUserId());
assertExceptionInfo(UPDATE.getName(), USER.resourceName(), "jonny1", info);
}
// but I can create a new user:
User jonny3 = identityService.newUser("jonny3");
identityService.saveUser(jonny3);
}
Example #25
| Source File: AuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected Authorization createAuthorization(int type, Resource resource, String resourceId) {
Authorization authorization = authorizationService.createNewAuthorization(type);
authorization.setResource(resource);
if (resourceId != null) {
authorization.setResourceId(resourceId);
}
return authorization;
}
Example #26
| Source File: IdentityServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testMembershipCreateAuthorizations() {
User jonny1 = identityService.newUser("jonny1");
identityService.saveUser(jonny1);
Group group1 = identityService.newGroup("group1");
identityService.saveGroup(group1);
// add base permission which allows nobody to add users to groups
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(GROUP_MEMBERSHIP);
basePerms.setResourceId(ANY);
basePerms.addPermission(ALL); // add all then remove 'crate'
basePerms.removePermission(CREATE);
authorizationService.saveAuthorization(basePerms);
processEngineConfiguration.setAuthorizationEnabled(true);
identityService.setAuthenticatedUserId(jonny2);
try {
identityService.createMembership("jonny1", "group1");
fail("exception expected");
} catch (AuthorizationException e) {
assertEquals(1, e.getMissingAuthorizations().size());
MissingAuthorization info = e.getMissingAuthorizations().get(0);
assertEquals(jonny2, e.getUserId());
assertExceptionInfo(CREATE.getName(), GROUP_MEMBERSHIP.resourceName(), "group1", info);
}
}
Example #27
| Source File: AuthorizationRestServiceImpl.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public List<AuthorizationDto> queryAuthorizations(AuthorizationQueryDto queryDto, Integer firstResult, Integer maxResults) {
queryDto.setObjectMapper(getObjectMapper());
AuthorizationQuery query = queryDto.toQuery(getProcessEngine());
List<Authorization> resultList;
if(firstResult != null || maxResults != null) {
resultList = executePaginatedQuery(query, firstResult, maxResults);
} else {
resultList = query.list();
}
return AuthorizationDto.fromAuthorizationList(resultList, processEngine.getProcessEngineConfiguration());
}
Example #28
| Source File: TaskReadVariablePermissionAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected void verifyUserAuthorization(String userId) {
authRule.disableAuthorization();
if (AUTHORIZATION_TYP_RUNTIME.equals(authorizationType)) {
Authorization runtimeUserAuthorization = authorizationService.createAuthorizationQuery()
.resourceType(TASK)
.userIdIn(userId)
.singleResult();
assertNotNull(runtimeUserAuthorization);
verifyReadVariablePermission(runtimeUserAuthorization, TaskPermissions.READ_VARIABLE);
} else if (AUTHORIZATION_TYP_HISTORIC.equals(authorizationType)) {
Authorization historyUserAuthorization = authorizationService.createAuthorizationQuery()
.resourceType(HISTORIC_TASK)
.userIdIn(userId)
.singleResult();
assertNotNull(historyUserAuthorization);
verifyReadVariablePermission(historyUserAuthorization, HistoricTaskPermissions.READ_VARIABLE);
} else {
throw new RuntimeException("auth type not found");
}
}
Example #29
| Source File: HistoricTaskInstanceAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testProcessTaskClearHistoricAuthorization() {
// given
processEngineConfiguration.setEnableHistoricInstancePermissions(true);
startProcessInstanceByKey(PROCESS_KEY);
String taskId = selectSingleTask().getId();
createGrantAuthorization(PROCESS_DEFINITION, PROCESS_KEY, userId, ALL);
createGrantAuthorization(HISTORIC_TASK, taskId, userId, ALL);
disableAuthorization();
Authorization authorization = authorizationService.createAuthorizationQuery()
.resourceType(HISTORIC_TASK)
.resourceId(taskId)
.singleResult();
enableAuthorization();
assertNotNull(authorization);
taskService.complete(taskId);
// when
historyService.deleteHistoricTaskInstance(taskId);
// then
disableAuthorization();
authorization = authorizationService.createAuthorizationQuery()
.resourceType(HISTORIC_TASK)
.resourceId(taskId)
.singleResult();
enableAuthorization();
assertNull(authorization);
// clear
taskService.deleteTask(taskId);
}
Example #30
| Source File: AuthorizationQueryTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected void tearDown() throws Exception {
List<Authorization> list = authorizationService.createAuthorizationQuery().list();
for (Authorization authorization : list) {
authorizationService.deleteAuthorization(authorization.getId());
}
super.tearDown();
}
