protected static Authorization createAuthorization(AuthorizationService authorizationService, Permission permission, Resources resource, String userId) { Authorization auth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); auth.addPermission(permission); auth.setResource(resource); auth.setResourceId(Authorization.ANY); auth.setUserId(userId); return auth; } }
public static void update(AuthorizationCreateDto dto, Authorization dbAuthorization) { dbAuthorization.setGroupId(dto.getGroupId()); dbAuthorization.setUserId(dto.getUserId()); dbAuthorization.setResourceType(dto.getResourceType()); dbAuthorization.setResourceId(dto.getResourceId()); dbAuthorization.setPermissions(PermissionConverter.getPermissionsForNames(dto.getPermissions(), dto.getResourceType())); }
public static AuthorizationDto fromAuthorization(Authorization dbAuthorization) { AuthorizationDto authorizationDto = new AuthorizationDto(); authorizationDto.setId(dbAuthorization.getId()); authorizationDto.setType(dbAuthorization.getAuthorizationType()); Permission[] dbPermissions = getPermissions(dbAuthorization); authorizationDto.setPermissions(PermissionConverter.getNamesForPermissions(dbAuthorization, dbPermissions)); authorizationDto.setUserId(dbAuthorization.getUserId()); authorizationDto.setGroupId(dbAuthorization.getGroupId()); authorizationDto.setResourceType(dbAuthorization.getResourceType()); authorizationDto.setResourceId(dbAuthorization.getResourceId()); return authorizationDto; }
private static Permission[] getPermissions(Authorization dbAuthorization) { int givenResourceType = dbAuthorization.getResourceType(); if (givenResourceType == Resources.BATCH.resourceType()) { return dbAuthorization.getPermissions(BatchPermissions.values()); } else if (givenResourceType == Resources.PROCESS_DEFINITION.resourceType()) { return dbAuthorization.getPermissions(ProcessDefinitionPermissions.values()); } else if (givenResourceType == Resources.PROCESS_INSTANCE.resourceType()) { return dbAuthorization.getPermissions(ProcessInstancePermissions.values()); } else { return dbAuthorization.getPermissions(Permissions.values()); } }
@Test public void testCreateGrantAuthorization() { Authorization authorization = MockProvider.createMockGrantAuthorization(); when(authorizationServiceMock.createNewAuthorization(Authorization.AUTH_TYPE_GRANT)).thenReturn(authorization); when(authorizationServiceMock.saveAuthorization(authorization)).thenReturn(authorization); AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(authorization); AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization); given() .body(dto).contentType(ContentType.JSON) .then().expect() .statusCode(Status.OK.getStatusCode()) .when() .post(AUTH_CREATE_PATH); verify(authorizationServiceMock).createNewAuthorization(Authorization.AUTH_TYPE_GRANT); verify(authorization, times(2)).setUserId(authorization.getUserId()); verify(authorization, times(4)).setResourceType(authorization.getAuthorizationType()); verify(authorization, times(2)).setResourceId(authorization.getResourceId()); verify(authorization, times(2)).setPermissions(authorization.getPermissions(Permissions.values())); verify(authorizationServiceMock).saveAuthorization(authorization); }
public Authorization instantiate(AuthorizationService authorizationService, Map<String, String> replacements) { Authorization authorization = authorizationService.createNewAuthorization(type); // TODO: group id is missing authorization.setResource(resource); if (replacements.containsKey(resourceId)) { authorization.setResourceId(replacements.get(resourceId)); } else { authorization.setResourceId(resourceId); } authorization.setUserId(userId); authorization.setPermissions(permissions); return authorization; }
public void testIsPermissionRevokedAccess() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE); String userId = "userId"; authorization.setUserId(userId); authorization.removePermission(Permissions.ACCESS); authorization.setResource(Resources.APPLICATION); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult(); assertTrue(authorizationResult.isPermissionRevoked(Permissions.ACCESS)); assertFalse(authorizationResult.isPermissionRevoked(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertFalse(authorizationResult.isPermissionRevoked(ProcessInstancePermissions.RETRY_JOB)); assertFalse(authorizationResult.isPermissionRevoked(ProcessDefinitionPermissions.RETRY_JOB)); }
protected void createGrantAuthorization(Resource resource, String resourceId, String userId, Permission... permissions) { Authorization authorization = createGrantAuthorization(resource, resourceId); authorization.setUserId(userId); for (Permission permission : permissions) { authorization.addPermission(permission); } saveAuthorization(authorization); }
protected Authorization createAuthorization(int type, Resource resource, String resourceId) { Authorization authorization = authorizationService.createNewAuthorization(type); authorization.setResource(resource); if (resourceId != null) { authorization.setResourceId(resourceId); } return authorization; }
Authorization authorization2 = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization1.setResource(resource1); authorization1.setResourceId("someId"); authorization1.setGroupId("someGroup"); authorization2.setResource(resource1); authorization2.setResourceId("someId"); authorization2.setGroupId("someGroup"); authorization3.setResource(resource1); authorization3.setResourceId("someId"); authorization3.setGroupId("someGroup"); authorization4.setResource(resource1); authorization4.setResourceId("someId"); authorization4.setGroupId("someGroup");
public void testStandaloneTaskAddCandidateUserCreateNewAuthorization() { // given String taskId = "myTask"; createTask(taskId); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.addCandidateUser(taskId, "demo"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); deleteTask(taskId, true); }
private void createAuthorizations(ProcessEngine processEngine1) { Authorization newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL); newAuthorization.setResource(Resources.PROCESS_INSTANCE); newAuthorization.setResourceId("*"); newAuthorization.setPermissions(new Permission[] { Permissions.CREATE }); processEngine1.getAuthorizationService().saveAuthorization(newAuthorization); newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL); newAuthorization.setResource(Resources.PROCESS_DEFINITION); newAuthorization.setResourceId("*"); newAuthorization.setPermissions(new Permission[] { Permissions.CREATE_INSTANCE }); processEngine1.getAuthorizationService().saveAuthorization(newAuthorization); newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL); newAuthorization.setResource(Resources.TASK); newAuthorization.setResourceId("*"); newAuthorization.setPermissions(new Permission[] { Permissions.READ, Permissions.TASK_WORK }); processEngine1.getAuthorizationService().saveAuthorization(newAuthorization); }
public void testCreateUser() { // initially there are no authorizations for jonny2: assertEquals(0, authorizationService.createAuthorizationQuery().userIdIn("jonny2").count()); // create new user identityService.saveUser(identityService.newUser("jonny2")); // now there is an authorization for jonny2 which grants him ALL permissions on himself Authorization authorization = authorizationService.createAuthorizationQuery().userIdIn("jonny2").singleResult(); assertNotNull(authorization); assertEquals(AUTH_TYPE_GRANT, authorization.getAuthorizationType()); assertEquals(USER.resourceType(), authorization.getResourceType()); assertEquals("jonny2", authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(ALL)); // delete the user identityService.deleteUser("jonny2"); // the authorization is deleted as well: assertEquals(0, authorizationService.createAuthorizationQuery().userIdIn("jonny2").count()); }
public void testRevokeAuthorizationType() { Authorization revokeAuthorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE); // I can set userId = null revokeAuthorization.setUserId(null); // I can set userId = ANY revokeAuthorization.setUserId(ANY); // I can set anything else: revokeAuthorization.setUserId("something"); // I can set groupId = null revokeAuthorization.setGroupId(null); // I can set anything else: revokeAuthorization.setGroupId("something"); }
authorization.setResource(resource1); authorization.setGroupId("someId"); authorization.setUserId("someOtherId"); authorization.setResource(resource1); authorization.setUserId("someId"); authorization.setUserId("someId");
authorization.setResource(Resources.USER); assertEquals(1, authorization.getPermissions(Permissions.values()).length); assertFalse(authorization.isPermissionGranted(CREATE)); assertFalse(authorization.isPermissionGranted(DELETE)); assertFalse(authorization.isPermissionGranted(READ)); assertFalse(authorization.isPermissionGranted(UPDATE)); authorization.addPermission(CREATE); assertTrue(authorization.isPermissionGranted(CREATE)); assertFalse(authorization.isPermissionGranted(DELETE)); assertFalse(authorization.isPermissionGranted(READ)); assertFalse(authorization.isPermissionGranted(UPDATE)); authorization.addPermission(DELETE); assertTrue(authorization.isPermissionGranted(CREATE)); assertTrue(authorization.isPermissionGranted(DELETE)); assertFalse(authorization.isPermissionGranted(READ)); assertFalse(authorization.isPermissionGranted(UPDATE)); authorization.addPermission(READ); assertTrue(authorization.isPermissionGranted(CREATE)); assertTrue(authorization.isPermissionGranted(DELETE)); assertTrue(authorization.isPermissionGranted(READ)); assertFalse(authorization.isPermissionGranted(UPDATE)); authorization.addPermission(UPDATE); assertTrue(authorization.isPermissionGranted(CREATE));
public void testCreateAuthorizationWithGroupId() { Resource resource1 = TestResource.RESOURCE1; // initially, no authorization exists: assertEquals(0, authorizationService.createAuthorizationQuery().count()); // simple create / delete with userId Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setGroupId("aGroupId"); authorization.setResource(resource1); // save the authorization authorizationService.saveAuthorization(authorization); // authorization exists assertEquals(1, authorizationService.createAuthorizationQuery().count()); // delete the authorization authorizationService.deleteAuthorization(authorization.getId()); // it's gone assertEquals(0, authorizationService.createAuthorizationQuery().count()); }
protected void createGroupGrantAuthorization(Resource resource, String resourceId, String groupId, Permission... permissions) { Authorization authorization = createGrantAuthorization(resource, resourceId); authorization.setGroupId(groupId); for (Permission permission : permissions) { authorization.addPermission(permission); } saveAuthorization(authorization); }
Assert.assertTrue(assertionFailureMessage, message.contains(missingAuthorization.getUserId())); Assert.assertEquals(missingAuthorization.getUserId(), e.getUserId()); for (Permission permission : missingAuthorization.getPermissions(Permissions.values())) { if (permission != Permissions.NONE) { Assert.assertTrue(assertionFailureMessage, message.contains(permission.getName())); if (!Authorization.ANY.equals(missingAuthorization.getResourceId())) { Assert.assertTrue(assertionFailureMessage, message.contains(missingAuthorization.getResourceId())); Resource resource = AuthorizationTestUtil.getResourceByType(missingAuthorization.getResourceType()); Assert.assertTrue(assertionFailureMessage, message.contains(resource.resourceName()));
public void testQueryWithGroupAuthorizationRevokedReadPermission() { // given // given user gets all permissions on any process definition Authorization authorization = createGrantAuthorization(PROCESS_DEFINITION, ANY); authorization.setGroupId(groupId); authorization.addPermission(ALL); saveAuthorization(authorization); authorization = createRevokeAuthorization(PROCESS_DEFINITION, ONE_TASK_PROCESS_KEY); authorization.setGroupId(groupId); authorization.removePermission(READ); saveAuthorization(authorization); // when ProcessDefinitionQuery query = repositoryService.createProcessDefinitionQuery(); // then verifyQueryResults(query, 1); ProcessDefinition definition = query.singleResult(); assertNotNull(definition); assertEquals(TWO_TASKS_PROCESS_KEY, definition.getKey()); }