Java Code Examples for org.camunda.bpm.engine.authorization.Authorization#addPermission()
The following examples show how to use
org.camunda.bpm.engine.authorization.Authorization#addPermission() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testIsPermissionGrantedBatchResource() {
// given
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
String userId = "userId";
authorization.setUserId(userId);
authorization.addPermission(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES);
authorization.addPermission(BatchPermissions.CREATE_BATCH_DELETE_FINISHED_PROCESS_INSTANCES);
authorization.addPermission(BatchPermissions.CREATE_BATCH_DELETE_RUNNING_PROCESS_INSTANCES);
authorization.setResource(Resources.BATCH);
authorization.setResourceId(ANY);
authorizationService.saveAuthorization(authorization);
// then
Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult();
assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_FINISHED_PROCESS_INSTANCES));
assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_RUNNING_PROCESS_INSTANCES));
assertFalse(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MODIFY_PROCESS_INSTANCES));
assertFalse(authorizationResult.isPermissionGranted(Permissions.ACCESS));
assertFalse(authorizationResult.isPermissionGranted(Permissions.CREATE));
}
Example 2
| Source File: AuthorizationServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testIsUserAuthorizedWithValidResourceImpl() {
// given
ResourceImpl resource = new ResourceImpl("application", 0);
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
String userId = "userId";
authorization.setUserId(userId);
authorization.addPermission(Permissions.ACCESS);
authorization.setResource(Resources.APPLICATION);
authorization.setResourceId(ANY);
authorizationService.saveAuthorization(authorization);
processEngineConfiguration.setAuthorizationEnabled(true);
// then
assertEquals(true, authorizationService.isUserAuthorized(userId, null, Permissions.ACCESS, resource));
}
Example 3
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testIsPermissionGrantedAccess() {
// given
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
String userId = "userId";
authorization.setUserId(userId);
authorization.addPermission(Permissions.ACCESS);
authorization.setResource(Resources.APPLICATION);
authorization.setResourceId(ANY);
authorizationService.saveAuthorization(authorization);
// then
Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult();
assertTrue(authorizationResult.isPermissionGranted(Permissions.ACCESS));
assertFalse(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
assertFalse(authorizationResult.isPermissionGranted(ProcessInstancePermissions.RETRY_JOB));
assertFalse(authorizationResult.isPermissionGranted(ProcessDefinitionPermissions.RETRY_JOB));
}
Example 4
| Source File: AuthorizationQueryAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testQueryCorrectAndIncorrectPersmission() throws Exception {
// given
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
authorization.setUserId("userId");
authorization.setResource(Resources.PROCESS_DEFINITION);
authorization.addPermission(Permissions.READ);
authorization.addPermission(ProcessDefinitionPermissions.RETRY_JOB);
authorization.setResourceId(ANY);
authorizationService.saveAuthorization(authorization);
processEngineConfiguration.setAuthorizationEnabled(true);
// assume
Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.PROCESS_DEFINITION).singleResult();
assertNotNull(authResult);
// then
assertEquals(0, authorizationService.createAuthorizationQuery()
.hasPermission(Permissions.READ)
.hasPermission(Permissions.ACCESS)
.count());
}
Example 5
| Source File: IdentityServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testTenanGroupMembershipDeleteAuthorizations() {
Group group1 = identityService.newGroup("group1");
identityService.saveGroup(group1);
Tenant tenant1 = identityService.newTenant("tenant1");
identityService.saveTenant(tenant1);
// add base permission which allows nobody to delete memberships
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(TENANT_MEMBERSHIP);
basePerms.setResourceId(ANY);
basePerms.addPermission(ALL); // add all then remove 'delete'
basePerms.removePermission(DELETE);
authorizationService.saveAuthorization(basePerms);
processEngineConfiguration.setAuthorizationEnabled(true);
identityService.setAuthenticatedUserId(jonny2);
try {
identityService.deleteTenantGroupMembership("tenant1", "group1");
fail("exception expected");
} catch (AuthorizationException e) {
assertEquals(1, e.getMissingAuthorizations().size());
MissingAuthorization info = e.getMissingAuthorizations().get(0);
assertEquals(jonny2, e.getUserId());
assertExceptionInfo(DELETE.getName(), TENANT_MEMBERSHIP.resourceName(), "tenant1", info);
}
}
Example 6
| Source File: IdentityServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testTenantUserMembershipDeleteAuthorizations() {
User jonny1 = identityService.newUser("jonny1");
identityService.saveUser(jonny1);
Tenant tenant1 = identityService.newTenant("tenant1");
identityService.saveTenant(tenant1);
// add base permission which allows nobody to delete memberships
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(TENANT_MEMBERSHIP);
basePerms.setResourceId(ANY);
basePerms.addPermission(ALL); // add all then remove 'delete'
basePerms.removePermission(DELETE);
authorizationService.saveAuthorization(basePerms);
processEngineConfiguration.setAuthorizationEnabled(true);
identityService.setAuthenticatedUserId(jonny2);
try {
identityService.deleteTenantUserMembership("tenant1", "jonny1");
fail("exception expected");
} catch (AuthorizationException e) {
assertEquals(1, e.getMissingAuthorizations().size());
MissingAuthorization info = e.getMissingAuthorizations().get(0);
assertEquals(jonny2, e.getUserId());
assertExceptionInfo(DELETE.getName(), TENANT_MEMBERSHIP.resourceName(), "tenant1", info);
}
}
Example 7
| Source File: AuthorizationQueryTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected void createAuthorization(String userId, String groupId, Resource resourceType, String resourceId, Permission... permissions) {
Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
authorization.setUserId(userId);
authorization.setGroupId(groupId);
authorization.setResource(resourceType);
authorization.setResourceId(resourceId);
for (Permission permission : permissions) {
authorization.addPermission(permission);
}
authorizationService.saveAuthorization(authorization);
}
Example 8
| Source File: AuthorizationScenario.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected static Authorization createAuthorization(AuthorizationService authorizationService, Permission permission, Resources resource, String userId) {
Authorization auth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
auth.addPermission(permission);
auth.setResource(resource);
auth.setResourceId(Authorization.ANY);
auth.setUserId(userId);
return auth;
}
Example 9
| Source File: AuthorizationTestBaseRule.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void createGrantAuthorization(Resource resource, String resourceId, String userId, Permission... permissions) {
Authorization authorization = createAuthorization(Authorization.AUTH_TYPE_GRANT, resource, resourceId);
authorization.setUserId(userId);
for (Permission permission : permissions) {
authorization.addPermission(permission);
}
engineRule.getAuthorizationService().saveAuthorization(authorization);
manageAuthorization(authorization);
}
Example 10
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testReportResourceAuthorization() {
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
authorization.setUserId(userId);
authorization.addPermission(ALL);
authorization.setResource(REPORT);
authorization.setResourceId(ANY);
authorizationService.saveAuthorization(authorization);
processEngineConfiguration.setAuthorizationEnabled(true);
assertEquals(true, authorizationService.isUserAuthorized(userId, Arrays.asList(groupId), ALL, REPORT));
processEngineConfiguration.setAuthorizationEnabled(false);
}
Example 11
| Source File: FilterAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected User createTestUser(String userId) {
User user = identityService.newUser(userId);
identityService.saveUser(user);
// give user all permission to manipulate authorisations
Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
authorization.setUserId(user.getId());
authorization.setResource(Resources.AUTHORIZATION);
authorization.setResourceId(Authorization.ANY);
authorization.addPermission(Permissions.ALL);
authorizationService.saveAuthorization(authorization);
// give user all permission to manipulate users
authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
authorization.setUserId(user.getId());
authorization.setResource(Resources.USER);
authorization.setResourceId(Authorization.ANY);
authorization.addPermission(Permissions.ALL);
authorizationService.saveAuthorization(authorization);
authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
authorization.setUserId(user.getId());
authorization.setResource(Resources.TASK);
authorization.setResourceId(Authorization.ANY);
authorization.addPermission(Permissions.ALL);
authorizationService.saveAuthorization(authorization);
return user;
}
Example 12
| Source File: IdentityServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testMembershipDeleteAuthorizations() {
User jonny1 = identityService.newUser("jonny1");
identityService.saveUser(jonny1);
Group group1 = identityService.newGroup("group1");
identityService.saveGroup(group1);
// add base permission which allows nobody to add users to groups
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(GROUP_MEMBERSHIP);
basePerms.setResourceId(ANY);
basePerms.addPermission(ALL); // add all then remove 'delete'
basePerms.removePermission(DELETE);
authorizationService.saveAuthorization(basePerms);
processEngineConfiguration.setAuthorizationEnabled(true);
identityService.setAuthenticatedUserId(jonny2);
try {
identityService.deleteMembership("jonny1", "group1");
fail("exception expected");
} catch (AuthorizationException e) {
assertEquals(1, e.getMissingAuthorizations().size());
MissingAuthorization info = e.getMissingAuthorizations().get(0);
assertEquals(jonny2, e.getUserId());
assertExceptionInfo(DELETE.getName(), GROUP_MEMBERSHIP.resourceName(), "group1", info);
}
}
Example 13
| Source File: GroupAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected void createGroupGrantAuthorization(Resource resource, String resourceId, String groupId, Permission... permissions) {
Authorization authorization = createGrantAuthorization(resource, resourceId);
authorization.setGroupId(groupId);
for (Permission permission : permissions) {
authorization.addPermission(permission);
}
saveAuthorization(authorization);
}
Example 14
| Source File: KeycloakGroupQueryTest.java From camunda-bpm-identity-keycloak with Apache License 2.0 | 5 votes |
|
protected void createGrantAuthorization(Resource resource, String resourceId, String userId, Permission... permissions) {
Authorization authorization = createAuthorization(AUTH_TYPE_GRANT, resource, resourceId);
authorization.setUserId(userId);
for (Permission permission : permissions) {
authorization.addPermission(permission);
}
authorizationService.saveAuthorization(authorization);
}
Example 15
| Source File: IdentityServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testTenantUpdateAuthorizations() {
// create tenant
Tenant tenant = new TenantEntity("tenant");
identityService.saveTenant(tenant);
// create global auth
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(TENANT);
basePerms.setResourceId(ANY);
basePerms.addPermission(ALL);
basePerms.removePermission(UPDATE); // revoke update
authorizationService.saveAuthorization(basePerms);
// turn on authorization
processEngineConfiguration.setAuthorizationEnabled(true);
identityService.setAuthenticatedUserId(jonny2);
// fetch user:
tenant = identityService.createTenantQuery().singleResult();
tenant.setName("newName");
try {
identityService.saveTenant(tenant);
fail("exception expected");
} catch (AuthorizationException e) {
assertEquals(1, e.getMissingAuthorizations().size());
MissingAuthorization info = e.getMissingAuthorizations().get(0);
assertEquals(jonny2, e.getUserId());
assertExceptionInfo(UPDATE.getName(), TENANT.resourceName(), "tenant", info);
}
// but I can create a new tenant:
Tenant newTenant = identityService.newTenant("newTenant");
identityService.saveTenant(newTenant);
}
Example 16
| Source File: AuthorizationServiceWithEnabledAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testUserOverrideGroupOverrideGlobalAuthorizationCheck() {
Resource resource1 = TestResource.RESOURCE1;
// create global authorization which grants all permissions to all users (on resource1):
Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
globalGrant.setResource(resource1);
globalGrant.setResourceId(ANY);
globalGrant.addPermission(ALL);
authorizationService.saveAuthorization(globalGrant);
// revoke READ for group "sales"
Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
groupRevoke.setGroupId("sales");
groupRevoke.setResource(resource1);
groupRevoke.setResourceId(ANY);
groupRevoke.removePermission(READ);
authorizationService.saveAuthorization(groupRevoke);
// add READ for jonny
Authorization userGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
userGrant.setUserId("jonny");
userGrant.setResource(resource1);
userGrant.setResourceId(ANY);
userGrant.addPermission(READ);
authorizationService.saveAuthorization(userGrant);
List<String> jonnysGroups = Arrays.asList("sales", "marketing");
List<String> someOneElsesGroups = Collections.singletonList("marketing");
// jonny can read
assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1));
assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1));
// someone else in the same groups cannot
assertFalse(authorizationService.isUserAuthorized("someone else", jonnysGroups, READ, resource1));
// someone else in different groups can
assertTrue(authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
}
Example 17
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testDashboardResourceAuthorization() {
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
authorization.setUserId(userId);
authorization.addPermission(ALL);
authorization.setResource(DASHBOARD);
authorization.setResourceId(ANY);
authorizationService.saveAuthorization(authorization);
processEngineConfiguration.setAuthorizationEnabled(true);
assertEquals(true, authorizationService.isUserAuthorized(userId, Arrays.asList(groupId), ALL, DASHBOARD));
processEngineConfiguration.setAuthorizationEnabled(false);
}
Example 18
| Source File: DefaultUserLifecycleBean.java From Showcase with Apache License 2.0 | 5 votes |
|
private void grantAuthorizationWithPermissions(Group adminGroup) {
Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
authorization.setGroupId(adminGroup.getId());
authorization.setResource(Resources.USER);
authorization.addPermission(org.camunda.bpm.engine.authorization.Permissions.ALL);
authorizationService.saveAuthorization(authorization);
}
Example 19
| Source File: AuthorizationPerformanceTestCase.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected void userGrant(String userId, Resource resource, Permission... perms) {
AuthorizationService authorizationService = engine.getAuthorizationService();
Authorization groupGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
groupGrant.setResource(resource);
groupGrant.setResourceId(ANY);
for (Permission permission : perms) {
groupGrant.addPermission(permission);
}
groupGrant.setUserId(userId);
authorizationService.saveAuthorization(groupGrant);
}
Example 20
| Source File: IdentityServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 4 votes |
|
public void testUserQueryAuthorizations() {
// we are jonny2
String authUserId = "jonny2";
identityService.setAuthenticatedUserId(authUserId);
// create new user jonny1
User jonny1 = identityService.newUser("jonny1");
identityService.saveUser(jonny1);
// set base permission for all users (no-one has any permissions on users)
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(USER);
basePerms.setResourceId(ANY);
authorizationService.saveAuthorization(basePerms);
// now enable checks
processEngineConfiguration.setAuthorizationEnabled(true);
// we cannot fetch the user
assertNull(identityService.createUserQuery().singleResult());
assertEquals(0, identityService.createUserQuery().count());
processEngineConfiguration.setAuthorizationEnabled(false);
// now we add permission for jonny2 to read the user:
Authorization ourPerms = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
ourPerms.setUserId(authUserId);
ourPerms.setResource(USER);
ourPerms.setResourceId(ANY);
ourPerms.addPermission(READ);
authorizationService.saveAuthorization(ourPerms);
processEngineConfiguration.setAuthorizationEnabled(true);
// now we can fetch the user
assertNotNull(identityService.createUserQuery().singleResult());
assertEquals(1, identityService.createUserQuery().count());
// change the base permission:
processEngineConfiguration.setAuthorizationEnabled(false);
basePerms = authorizationService.createAuthorizationQuery().resourceType(USER).userIdIn("*").singleResult();
basePerms.addPermission(READ);
authorizationService.saveAuthorization(basePerms);
processEngineConfiguration.setAuthorizationEnabled(true);
// we can still fetch the user
assertNotNull(identityService.createUserQuery().singleResult());
assertEquals(1, identityService.createUserQuery().count());
// revoke permission for jonny2:
processEngineConfiguration.setAuthorizationEnabled(false);
ourPerms = authorizationService.createAuthorizationQuery().resourceType(USER).userIdIn(authUserId).singleResult();
ourPerms.removePermission(READ);
authorizationService.saveAuthorization(ourPerms);
Authorization revoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
revoke.setUserId(authUserId);
revoke.setResource(USER);
revoke.setResourceId(ANY);
revoke.removePermission(READ);
authorizationService.saveAuthorization(revoke);
processEngineConfiguration.setAuthorizationEnabled(true);
// now we cannot fetch the user
assertNull(identityService.createUserQuery().singleResult());
assertEquals(0, identityService.createUserQuery().count());
// delete our perms
processEngineConfiguration.setAuthorizationEnabled(false);
authorizationService.deleteAuthorization(ourPerms.getId());
authorizationService.deleteAuthorization(revoke.getId());
processEngineConfiguration.setAuthorizationEnabled(true);
// now the base permission applies and grants us read access
assertNotNull(identityService.createUserQuery().singleResult());
assertEquals(1, identityService.createUserQuery().count());
}
