protected static Authorization createAuthorization(AuthorizationService authorizationService, Permission permission, Resources resource, String userId) { Authorization auth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); auth.addPermission(permission); auth.setResource(resource); auth.setResourceId(Authorization.ANY); auth.setUserId(userId); return auth; } }
public void testSaveAuthorizationMultipleResourcesIncludingInvalidResource() throws Exception { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId("userId"); authorization.addPermission(Permissions.READ_HISTORY); authorization.addPermission(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES); authorization.setResource(Resources.PROCESS_DEFINITION); processEngineConfiguration.setAuthorizationEnabled(true); try { // when authorizationService.saveAuthorization(authorization); fail("expected exception"); } catch (BadUserRequestException e) { // then assertTrue(e.getMessage().contains("The resource type with id:'6' is not valid for 'CREATE_BATCH_MIGRATE_PROCESS_INSTANCES' permission.")); } }
protected Authorization createAuthorization(int type, Resource resource, String resourceId) { Authorization authorization = authorizationService.createNewAuthorization(type); authorization.setResource(resource); if (resourceId != null) { authorization.setResourceId(resourceId); } return authorization; }
protected Authorization createAuthorization(int type, Resource resource, String resourceId) { Authorization authorization = authorizationService.createNewAuthorization(type); authorization.setResource(resource); if (resourceId != null) { authorization.setResourceId(resourceId); } return authorization; }
protected void grouptGrant(String groupId, Resource resource, Permission... perms) { AuthorizationService authorizationService = engine.getAuthorizationService(); Authorization groupGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); groupGrant.setResource(resource); groupGrant.setResourceId(ANY); for (Permission permission : perms) { groupGrant.addPermission(permission); } groupGrant.setGroupId(groupId); authorizationService.saveAuthorization(groupGrant); }
protected void userGrant(String userId, Resource resource, Permission... perms) { AuthorizationService authorizationService = engine.getAuthorizationService(); Authorization groupGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); groupGrant.setResource(resource); groupGrant.setResourceId(ANY); for (Permission permission : perms) { groupGrant.addPermission(permission); } groupGrant.setUserId(userId); authorizationService.saveAuthorization(groupGrant); }
protected Authorization createAuthorization(int type, Resource resource, String resourceId) { Authorization authorization = engineRule.getAuthorizationService().createNewAuthorization(type); authorization.setResource(resource); if (resourceId != null) { authorization.setResourceId(resourceId); } return authorization; }
public Authorization instantiate(AuthorizationService authorizationService, Map<String, String> replacements) { Authorization authorization = authorizationService.createNewAuthorization(type); // TODO: group id is missing authorization.setResource(resource); if (replacements.containsKey(resourceId)) { authorization.setResourceId(replacements.get(resourceId)); } else { authorization.setResourceId(resourceId); } authorization.setUserId(userId); authorization.setPermissions(permissions); return authorization; }
protected Authorization createAuthorization(Permission permission, String resourceId) { Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT); authorization.setUserId(testUser.getId()); authorization.setResource(Resources.FILTER); authorization.addPermission(permission); if (resourceId != null) { authorization.setResourceId(resourceId); } return authorization; }
protected void createAuthorization(String userId, String groupId, Resource resourceType, String resourceId, Permission... permissions) { Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.setGroupId(groupId); authorization.setResource(resourceType); authorization.setResourceId(resourceId); for (Permission permission : permissions) { authorization.addPermission(permission); } authorizationService.saveAuthorization(authorization); }
protected void grantAuthorization(String userId, Resource resource, String resourceId, Permission permission) { Authorization authorization = engineRule.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GRANT); authorization.setResource(resource); authorization.setResourceId(resourceId); authorization.addPermission(permission); authorization.setUserId(userId); engineRule.getAuthorizationService().saveAuthorization(authorization); authorizations.add(authorization); } }
public void testDashboardResourceAuthorization() { MyResourceAuthorizationProvider.clearProperties(); Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.addPermission(ALL); authorization.setResource(DASHBOARD); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); assertEquals(true, authorizationService.isUserAuthorized(userId, Arrays.asList(groupId), ALL, DASHBOARD)); processEngineConfiguration.setAuthorizationEnabled(false); }
public void testReportResourceAuthorization() { MyResourceAuthorizationProvider.clearProperties(); Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.addPermission(ALL); authorization.setResource(REPORT); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); assertEquals(true, authorizationService.isUserAuthorized(userId, Arrays.asList(groupId), ALL, REPORT)); processEngineConfiguration.setAuthorizationEnabled(false); }
public void testIsUserAuthorizedWithValidResourceImpl() { // given ResourceImpl resource = new ResourceImpl("authorization", 0); Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); String userId = "userId"; authorization.setUserId(userId); authorization.addPermission(Permissions.ACCESS); authorization.setResource(Resources.APPLICATION); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); // then assertEquals(true, authorizationService.isUserAuthorized(userId, null, Permissions.ACCESS, resource)); }
public void testAuthorizationQueryAuthorizations() { // we are jonny2 String authUserId = "jonny2"; identityService.setAuthenticatedUserId(authUserId); // create new auth wich revokes read access on auth Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); basePerms.setResource(AUTHORIZATION); basePerms.setResourceId(ANY); authorizationService.saveAuthorization(basePerms); // I can see it assertEquals(1, authorizationService.createAuthorizationQuery().count()); // now enable checks processEngineConfiguration.setAuthorizationEnabled(true); // I can't see it assertEquals(0, authorizationService.createAuthorizationQuery().count()); }
public void testIsPermissionRevokedRetryJob() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE); String userId = "userId"; authorization.setUserId(userId); authorization.removePermission(ProcessInstancePermissions.RETRY_JOB); authorization.setResource(Resources.PROCESS_INSTANCE); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult(); assertTrue(authorizationResult.isPermissionRevoked(ProcessInstancePermissions.RETRY_JOB)); assertFalse(authorizationResult.isPermissionRevoked(Permissions.ACCESS)); assertFalse(authorizationResult.isPermissionRevoked(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertFalse(authorizationResult.isPermissionRevoked(ProcessDefinitionPermissions.RETRY_JOB)); }
@Test public void testQuerySingleCorrectPermission() throws Exception { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId("userId"); authorization.setResource(Resources.PROCESS_DEFINITION); authorization.addPermission(Permissions.READ); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); // assume Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.PROCESS_DEFINITION).singleResult(); assertNotNull(authResult); // then assertEquals(1, authorizationService.createAuthorizationQuery().hasPermission(Permissions.READ).count()); }
@Test public void testQuerySingleIncorrectPermission() throws Exception { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId("userId"); authorization.setResource(Resources.BATCH); authorization.addPermission(BatchPermissions.CREATE_BATCH_DELETE_RUNNING_PROCESS_INSTANCES); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); // assume Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.BATCH).singleResult(); assertNotNull(authResult); // then assertEquals(0, authorizationService.createAuthorizationQuery().hasPermission(Permissions.CREATE_INSTANCE).count()); }
public void testIsPermissionGrantedRetryJob() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); String userId = "userId"; authorization.setUserId(userId); authorization.addPermission(ProcessInstancePermissions.RETRY_JOB); authorization.setResource(Resources.PROCESS_INSTANCE); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult(); assertTrue(authorizationResult.isPermissionGranted(ProcessInstancePermissions.RETRY_JOB)); assertFalse(authorizationResult.isPermissionGranted(Permissions.ACCESS)); assertFalse(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertFalse(authorizationResult.isPermissionGranted(ProcessDefinitionPermissions.RETRY_JOB)); }
public void testIsPermissionRevokedAccess() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE); String userId = "userId"; authorization.setUserId(userId); authorization.removePermission(Permissions.ACCESS); authorization.setResource(Resources.APPLICATION); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult(); assertTrue(authorizationResult.isPermissionRevoked(Permissions.ACCESS)); assertFalse(authorizationResult.isPermissionRevoked(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertFalse(authorizationResult.isPermissionRevoked(ProcessInstancePermissions.RETRY_JOB)); assertFalse(authorizationResult.isPermissionRevoked(ProcessDefinitionPermissions.RETRY_JOB)); }