public void testIsPermissionGrantedRetryJob() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); String userId = "userId"; authorization.setUserId(userId); authorization.addPermission(ProcessInstancePermissions.RETRY_JOB); authorization.setResource(Resources.PROCESS_INSTANCE); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult(); assertTrue(authorizationResult.isPermissionGranted(ProcessInstancePermissions.RETRY_JOB)); assertFalse(authorizationResult.isPermissionGranted(Permissions.ACCESS)); assertFalse(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertFalse(authorizationResult.isPermissionGranted(ProcessDefinitionPermissions.RETRY_JOB)); }
public void testIsPermissionGrantedAccess() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); String userId = "userId"; authorization.setUserId(userId); authorization.addPermission(Permissions.ACCESS); authorization.setResource(Resources.APPLICATION); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult(); assertTrue(authorizationResult.isPermissionGranted(Permissions.ACCESS)); assertFalse(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertFalse(authorizationResult.isPermissionGranted(ProcessInstancePermissions.RETRY_JOB)); assertFalse(authorizationResult.isPermissionGranted(ProcessDefinitionPermissions.RETRY_JOB)); }
public void testCreateAuthorizationOnDeploy() { // given createGrantAuthorization(DEPLOYMENT, ANY, userId, CREATE); Deployment deployment = repositoryService .createDeployment() .addClasspathResource(FIRST_RESOURCE) .deploy(); // when Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn(userId) .resourceId(deployment.getId()) .singleResult(); // then assertNotNull(authorization); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(DELETE)); assertFalse(authorization.isPermissionGranted(UPDATE)); deleteDeployment(deployment.getId()); }
public void testSaveAuthorizationSetPermissionsWithValidResource() throws Exception { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId("userId"); authorization.addPermission(Permissions.ACCESS); // 'ACCESS' is not allowed for Batches // however, it will be reset by next line, so saveAuthorization will be successful authorization.setPermissions( new BatchPermissions[] { BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES }); authorization.setResource(Resources.BATCH); authorization.setResourceId(ANY); processEngineConfiguration.setAuthorizationEnabled(true); // when authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().resourceType(Resources.BATCH).singleResult(); assertNotNull(authorizationResult); assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES)); }
public void testStandaloneTaskAddCandidateUserCreateNewAuthorization() { // given String taskId = "myTask"; createTask(taskId); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.addCandidateUser(taskId, "demo"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); deleteTask(taskId, true); }
public void testStandaloneTaskSetAssigneeCreateNewAuthorization() { // given String taskId = "myTask"; createTask(taskId); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.setAssignee(taskId, "demo"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); deleteTask(taskId, true); }
public void testStandaloneTaskSetOwnerCreateNewAuthorization() { // given String taskId = "myTask"; createTask(taskId); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.setOwner(taskId, "demo"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); deleteTask(taskId, true); }
public void testStandaloneTaskAddCandidateGroupCreateNewAuthorization() { // given String taskId = "myTask"; createTask(taskId); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.addCandidateGroup(taskId, "management"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .groupIdIn("management") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); deleteTask(taskId, true); }
public void testProcessTaskSetOwnerCreateNewAuthorization() { // given startProcessInstanceByKey(PROCESS_KEY); String taskId = selectSingleTask().getId(); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.setOwner(taskId, "demo"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); }
public void testProcessTaskSetAssigneeCreateNewAuthorization() { // given startProcessInstanceByKey(PROCESS_KEY); String taskId = selectSingleTask().getId(); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.setAssignee(taskId, "demo"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); }
public void testProcessTaskAddCandidateGroupUpdateAuthorization() { // given startProcessInstanceByKey(PROCESS_KEY); String taskId = selectSingleTask().getId(); createGrantAuthorization(TASK, taskId, userId, UPDATE); createGrantAuthorization(TASK, taskId, "demo", DELETE); // when taskService.addCandidateGroup(taskId, "management"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .groupIdIn("management") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); }
public void testStandaloneTaskAddCandidateUserUpdateAuthorization() { // given String taskId = "myTask"; createTask(taskId); createGrantAuthorization(TASK, taskId, userId, UPDATE); createGrantAuthorization(TASK, taskId, "demo", DELETE); // when taskService.addCandidateUser(taskId, "demo"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); deleteTask(taskId, true); }
public void testStandaloneTaskSetAssigneeToNullAuthorizationStillAvailable() { // given String taskId = "myTask"; createTask(taskId); createGrantAuthorization(TASK, taskId, userId, UPDATE); // set assignee to demo -> an authorization for demo is available taskService.setAssignee(taskId, "demo"); // when taskService.setAssignee(taskId, null); // then // authorization for demo is still available disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); deleteTask(taskId, true); }
public void testProcessTaskAddCandidateUserCreateNewAuthorization() { // given startProcessInstanceByKey(PROCESS_KEY); String taskId = selectSingleTask().getId(); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.addCandidateUser(taskId, "demo"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); }
public void testStandaloneTaskSetOwnerOutsideCommandContextSave() { // given String taskId = "myTask"; createTask(taskId); createGrantAuthorization(TASK, taskId, userId, UPDATE); Task task = selectSingleTask(); task.setOwner("demo"); // when taskService.saveTask(task); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); deleteTask(taskId, true); }
public void testProcessTaskSetAssigneeUpdateAuthorization() { // given startProcessInstanceByKey(PROCESS_KEY); String taskId = selectSingleTask().getId(); createGrantAuthorization(TASK, taskId, userId, UPDATE); createGrantAuthorization(TASK, taskId, "demo", DELETE); // when taskService.setAssignee(taskId, "demo"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); }
public void testProcessTaskSetOwnerUpdateAuthorization() { // given startProcessInstanceByKey(PROCESS_KEY); String taskId = selectSingleTask().getId(); createGrantAuthorization(TASK, taskId, userId, UPDATE); createGrantAuthorization(TASK, taskId, "demo", DELETE); // when taskService.setOwner(taskId, "demo"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); }
public void testPermissionsOnAssignSameAssigneeAndOwnerToTask() { try { // given createGrantAuthorization(Resources.TASK, Authorization.ANY, userId, Permissions.CREATE, Permissions.DELETE, Permissions.READ); processEngineConfiguration.setResourceAuthorizationProvider(new MyExtendedPermissionDefaultAuthorizationProvider()); // when Task newTask = taskService.newTask(); newTask.setAssignee("Horst"); newTask.setOwner("Horst"); taskService.saveTask(newTask); // then Authorization auth = authorizationService.createAuthorizationQuery().userIdIn("Horst").singleResult(); assertTrue(auth.isPermissionGranted(Permissions.DELETE)); taskService.deleteTask(newTask.getId(), true); } finally { processEngineConfiguration.setResourceAuthorizationProvider(new DefaultAuthorizationProvider()); } }
public void testCreateUser() { // initially there are no authorizations for jonny2: assertEquals(0, authorizationService.createAuthorizationQuery().userIdIn("jonny2").count()); // create new user identityService.saveUser(identityService.newUser("jonny2")); // now there is an authorization for jonny2 which grants him ALL permissions on himself Authorization authorization = authorizationService.createAuthorizationQuery().userIdIn("jonny2").singleResult(); assertNotNull(authorization); assertEquals(AUTH_TYPE_GRANT, authorization.getAuthorizationType()); assertEquals(USER.resourceType(), authorization.getResourceType()); assertEquals("jonny2", authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(ALL)); // delete the user identityService.deleteUser("jonny2"); // the authorization is deleted as well: assertEquals(0, authorizationService.createAuthorizationQuery().userIdIn("jonny2").count()); }
public void testCreateGroup() { // initially there are no authorizations for group "sales": assertEquals(0, authorizationService.createAuthorizationQuery().groupIdIn("sales").count()); // create new group identityService.saveGroup(identityService.newGroup("sales")); // now there is an authorization for sales which grants all members READ permissions Authorization authorization = authorizationService.createAuthorizationQuery().groupIdIn("sales").singleResult(); assertNotNull(authorization); assertEquals(AUTH_TYPE_GRANT, authorization.getAuthorizationType()); assertEquals(GROUP.resourceType(), authorization.getResourceType()); assertEquals("sales", authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); // delete the group identityService.deleteGroup("sales"); // the authorization is deleted as well: assertEquals(0, authorizationService.createAuthorizationQuery().groupIdIn("sales").count()); }