@Test public void testCreateAndDeleteTenantGroupMembershipForMultipleTenants() { createTenant(TENANT_TWO); identityService.createTenantGroupMembership(TENANT_ONE, GROUP_ID); identityService.createTenantGroupMembership(TENANT_TWO, GROUP_ID); assertEquals(2, authorizationService.createAuthorizationQuery() .groupIdIn(GROUP_ID) .resourceType(Resources.TENANT) .hasPermission(Permissions.READ).count()); identityService.deleteTenantGroupMembership(TENANT_ONE, GROUP_ID); assertEquals(1, authorizationService.createAuthorizationQuery() .groupIdIn(GROUP_ID) .resourceType(Resources.TENANT) .hasPermission(Permissions.READ).count()); }
protected void applyFilters(AuthorizationQuery query) { if (id != null) { query.authorizationId(id); } if (type != null) { query.authorizationType(type); } if (userIdIn != null) { query.userIdIn(userIdIn); } if (groupIdIn != null) { query.groupIdIn(groupIdIn); } if (resourceType != null) { query.resourceType(resourceType); } if (resourceId != null) { query.resourceId(resourceId); } }
protected Authorization getDbAuthorization() { Authorization dbAuthorization = authorizationService.createAuthorizationQuery() .authorizationId(resourceId) .singleResult(); if (dbAuthorization == null) { throw new InvalidRequestException(Status.NOT_FOUND, "Authorization with id " + resourceId + " does not exist."); } else { return dbAuthorization; } }
private AuthorizationQuery setUpMockQuery(List<Authorization> list) { AuthorizationQuery query = mock(AuthorizationQuery.class); when(query.list()).thenReturn(list); when(query.count()).thenReturn((long) list.size()); when(processEngine.getAuthorizationService().createAuthorizationQuery()).thenReturn(query); return query; }
assertEquals(2, authorizationService.createAuthorizationQuery().userIdIn("user1").list().size()); assertEquals(1, authorizationService.createAuthorizationQuery().userIdIn("user2").list().size()); assertEquals(1, authorizationService.createAuthorizationQuery().userIdIn("user3").list().size()); assertEquals(3, authorizationService.createAuthorizationQuery().userIdIn("user1", "user2").list().size()); assertEquals(0, authorizationService.createAuthorizationQuery().userIdIn("non-existing").list().size()); assertEquals(2, authorizationService.createAuthorizationQuery().groupIdIn("group1").list().size()); assertEquals(1, authorizationService.createAuthorizationQuery().groupIdIn("group2").list().size()); assertEquals(1, authorizationService.createAuthorizationQuery().groupIdIn("group3").list().size()); assertEquals(3, authorizationService.createAuthorizationQuery().groupIdIn("group1", "group2").list().size()); assertEquals(0, authorizationService.createAuthorizationQuery().groupIdIn("non-existing").list().size()); assertEquals(4, authorizationService.createAuthorizationQuery().resourceType(resource1).list().size()); assertEquals(0, authorizationService.createAuthorizationQuery().resourceType(nonExisting).list().size()); assertEquals(2, authorizationService.createAuthorizationQuery().resourceId("resource1-2").list().size()); assertEquals(0, authorizationService.createAuthorizationQuery().resourceId("non-existing").list().size()); assertEquals(1, authorizationService.createAuthorizationQuery().hasPermission(TestPermissions.ACCESS).list().size()); assertEquals(2, authorizationService.createAuthorizationQuery().hasPermission(TestPermissions.DELETE).list().size()); assertEquals(2, authorizationService.createAuthorizationQuery().hasPermission(TestPermissions.READ).list().size()); assertEquals(3, authorizationService.createAuthorizationQuery().hasPermission(TestPermissions.UPDATE).list().size()); assertEquals(2, authorizationService.createAuthorizationQuery().hasPermission(TestPermissions.READ).hasPermission(TestPermissions.UPDATE).list().size()); assertEquals(2, authorizationService.createAuthorizationQuery().hasPermission(TestPermissions.UPDATE).hasPermission(TestPermissions.READ).list().size()); assertEquals(0, authorizationService.createAuthorizationQuery().hasPermission(TestPermissions.READ).hasPermission(TestPermissions.ACCESS).list().size()); assertEquals(1, authorizationService.createAuthorizationQuery().userIdIn("user1").resourceType(resource1).list().size()); assertEquals(0, authorizationService.createAuthorizationQuery().userIdIn("user1").resourceType(nonExisting).list().size());
public void testClearAuthorizationOnDeleteDeployment() { // given createGrantAuthorization(DEPLOYMENT, ANY, userId, CREATE); Deployment deployment = repositoryService .createDeployment() .addClasspathResource(FIRST_RESOURCE) .deploy(); String deploymentId = deployment.getId(); AuthorizationQuery query = authorizationService .createAuthorizationQuery() .userIdIn(userId) .resourceId(deploymentId); Authorization authorization = query.singleResult(); assertNotNull(authorization); // when repositoryService.deleteDeployment(deploymentId); authorization = query.singleResult(); assertNull(authorization); deleteDeployment(deploymentId); }
public void testCaseTaskAddCandidateUserNoAuthorization() { // given createCaseInstanceByKey(CASE_KEY); String taskId = selectSingleTask().getId(); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.addCandidateUser(taskId, "demo"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNull(authorization); }
public void testInvalidQueries() { // cannot query for user id and group id at the same time try { authorizationService.createAuthorizationQuery().groupIdIn("a").userIdIn("b").count(); } catch(ProcessEngineException e) { assertTextPresent("Cannot query for user and group authorizations at the same time.", e.getMessage()); } try { authorizationService.createAuthorizationQuery().userIdIn("b").groupIdIn("a").count(); } catch(ProcessEngineException e) { assertTextPresent("Cannot query for user and group authorizations at the same time.", e.getMessage()); } }
public void testCaseTaskAddCandidateGroupNoAuthorization() { // given createCaseInstanceByKey(CASE_KEY); String taskId = selectSingleTask().getId(); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.addCandidateGroup(taskId, "management"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .groupIdIn("management") .singleResult(); enableAuthorization(); assertNull(authorization); }
public void testDeleteProcessInstanceClearAuthorization() { // given String processInstanceId = startProcessInstanceByKey(PROCESS_KEY).getId(); createGrantAuthorization(PROCESS_INSTANCE, processInstanceId, userId, ALL); disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .resourceId(processInstanceId) .singleResult(); enableAuthorization(); assertNotNull(authorization); // when runtimeService.deleteProcessInstance(processInstanceId, null); // then disableAuthorization(); authorization = authorizationService .createAuthorizationQuery() .resourceId(processInstanceId) .singleResult(); enableAuthorization(); assertNull(authorization); }
public void testTenantAuthorizationAfterDeleteGroup() { // given jonny2 who is allowed to do group operations User jonny = identityService.newUser(jonny2); identityService.saveUser(jonny); grantPermissions(); // turn on authorization processEngineConfiguration.setAuthorizationEnabled(true); identityService.setAuthenticatedUserId(jonny2); // create group Group group1 = identityService.newGroup("group1"); identityService.saveGroup(group1); // and tenant String tenant1 = "tenant1"; Tenant tenant = identityService.newTenant(tenant1); identityService.saveTenant(tenant); identityService.createTenantGroupMembership(tenant1, "group1"); // assume TenantQuery query = identityService.createTenantQuery().groupMember("group1"); assertThat(query.count(), is(1L)); // when identityService.deleteGroup("group1"); // turn off authorization processEngineConfiguration.setAuthorizationEnabled(false); // then assertThat(query.count(), is(0L)); assertThat(authorizationService.createAuthorizationQuery().resourceType(TENANT).groupIdIn("group1").count(), is(0L)); }
public void testTenantAuthorizationAfterDeleteUser() { // given jonny2 who is allowed to do user operations User jonny = identityService.newUser(jonny2); identityService.saveUser(jonny); grantPermissions(); // turn on authorization processEngineConfiguration.setAuthorizationEnabled(true); identityService.setAuthenticatedUserId(jonny2); // create user User jonny1 = identityService.newUser("jonny1"); identityService.saveUser(jonny1); String jonny1Id = jonny1.getId(); // and tenant String tenant1 = "tenant1"; Tenant tenant = identityService.newTenant(tenant1); identityService.saveTenant(tenant); identityService.createTenantUserMembership(tenant1, jonny1Id); // assume TenantQuery query = identityService.createTenantQuery().userMember(jonny1Id); assertThat(query.count(), is(1L)); // when identityService.deleteUser(jonny1Id); // turn off authorization processEngineConfiguration.setAuthorizationEnabled(false); // then assertThat(query.count(), is(0L)); assertThat(authorizationService.createAuthorizationQuery().resourceType(TENANT).userIdIn(jonny1Id).count(), is(0L)); }
public void testCreateGroup() { // initially there are no authorizations for group "sales": assertEquals(0, authorizationService.createAuthorizationQuery().groupIdIn("sales").count()); // create new group identityService.saveGroup(identityService.newGroup("sales")); // now there is an authorization for sales which grants all members READ permissions Authorization authorization = authorizationService.createAuthorizationQuery().groupIdIn("sales").singleResult(); assertNotNull(authorization); assertEquals(AUTH_TYPE_GRANT, authorization.getAuthorizationType()); assertEquals(GROUP.resourceType(), authorization.getResourceType()); assertEquals("sales", authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); // delete the group identityService.deleteGroup("sales"); // the authorization is deleted as well: assertEquals(0, authorizationService.createAuthorizationQuery().groupIdIn("sales").count()); }
public void testCreateUser() { // initially there are no authorizations for jonny2: assertEquals(0, authorizationService.createAuthorizationQuery().userIdIn("jonny2").count()); // create new user identityService.saveUser(identityService.newUser("jonny2")); // now there is an authorization for jonny2 which grants him ALL permissions on himself Authorization authorization = authorizationService.createAuthorizationQuery().userIdIn("jonny2").singleResult(); assertNotNull(authorization); assertEquals(AUTH_TYPE_GRANT, authorization.getAuthorizationType()); assertEquals(USER.resourceType(), authorization.getResourceType()); assertEquals("jonny2", authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(ALL)); // delete the user identityService.deleteUser("jonny2"); // the authorization is deleted as well: assertEquals(0, authorizationService.createAuthorizationQuery().userIdIn("jonny2").count()); }
public static void createGrantUserAuthorization(ProcessEngine engine, String[] userIds, Permission[] permissions, Resource resource, String[] resourceIds) { for (String userId : userIds) { for (String resourceId : resourceIds) { if (engine.getAuthorizationService().createAuthorizationQuery().userIdIn(userId).resourceId(resourceId).count() == 0) { Authorization createAuth = engine.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GRANT); createAuth.setUserId(userId); for (Permission permission : permissions) { createAuth.addPermission(permission); } createAuth.setResourceId(resourceId); createAuth.setResource(resource); engine.getAuthorizationService().saveAuthorization(createAuth); } } } }
protected CountResultDto getAuthorizationCount(AuthorizationQueryDto queryDto) { AuthorizationQuery query = queryDto.toQuery(getProcessEngine()); long count = query.count(); return new CountResultDto(count); }
protected void tearDown() throws Exception { processEngineConfiguration.setAuthorizationEnabled(false); List<Authorization> jonnysAuths = authorizationService.createAuthorizationQuery().userIdIn("jonny").list(); for (Authorization authorization : jonnysAuths) { authorizationService.deleteAuthorization(authorization.getId()); } super.tearDown(); }
public void testSaveAuthorizationSetPermissionsWithValidResource() throws Exception { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId("userId"); authorization.addPermission(Permissions.ACCESS); // 'ACCESS' is not allowed for Batches // however, it will be reset by next line, so saveAuthorization will be successful authorization.setPermissions( new BatchPermissions[] { BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES }); authorization.setResource(Resources.BATCH); authorization.setResourceId(ANY); processEngineConfiguration.setAuthorizationEnabled(true); // when authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().resourceType(Resources.BATCH).singleResult(); assertNotNull(authorizationResult); assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES)); }
public List<AuthorizationDto> queryAuthorizations(AuthorizationQueryDto queryDto, Integer firstResult, Integer maxResults) { queryDto.setObjectMapper(getObjectMapper()); AuthorizationQuery query = queryDto.toQuery(getProcessEngine()); List<Authorization> resultList; if(firstResult != null || maxResults != null) { resultList = executePaginatedQuery(query, firstResult, maxResults); } else { resultList = query.list(); } return AuthorizationDto.fromAuthorizationList(resultList); }
@Deployment public void testAssignSameGroupToProcessTwice() { //given createGrantAuthorization(Resources.PROCESS_DEFINITION, Authorization.ANY, userId, Permissions.ALL); createGrantAuthorization(Resources.PROCESS_INSTANCE, Authorization.ANY, userId, Permissions.ALL); // when runtimeService.startProcessInstanceByKey("process"); // then List<Authorization> auths = authorizationService.createAuthorizationQuery().groupIdIn("abc").list(); assertTrue(auths.size() == 1); }