protected void applyFilters(AuthorizationQuery query) { if (id != null) { query.authorizationId(id); } if (type != null) { query.authorizationType(type); } if (userIdIn != null) { query.userIdIn(userIdIn); } if (groupIdIn != null) { query.groupIdIn(groupIdIn); } if (resourceType != null) { query.resourceType(resourceType); } if (resourceId != null) { query.resourceId(resourceId); } }
protected void applyFilters(AuthorizationQuery query) { if (id != null) { query.authorizationId(id); } if (type != null) { query.authorizationType(type); } if (userIdIn != null) { query.userIdIn(userIdIn); } if (groupIdIn != null) { query.groupIdIn(groupIdIn); } if (resourceType != null) { query.resourceType(resourceType); } if (resourceId != null) { query.resourceId(resourceId); } }
@Test public void testCompleteGetParameters() { List<Authorization> mockAuthorizations = MockProvider.createMockGlobalAuthorizations(); AuthorizationQuery mockQuery = setUpMockQuery(mockAuthorizations); Map<String, String> queryParameters = getCompleteStringQueryParameters(); RequestSpecification requestSpecification = given().contentType(POST_JSON_CONTENT_TYPE); for (Entry<String, String> paramEntry : queryParameters.entrySet()) { requestSpecification.parameter(paramEntry.getKey(), paramEntry.getValue()); } requestSpecification.expect().statusCode(Status.OK.getStatusCode()) .when().get(SERVICE_PATH); verify(mockQuery).authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID); verify(mockQuery).authorizationType(MockProvider.EXAMPLE_AUTHORIZATION_TYPE); verify(mockQuery).userIdIn(new String[]{MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_ID2}); verify(mockQuery).groupIdIn(new String[]{MockProvider.EXAMPLE_GROUP_ID, MockProvider.EXAMPLE_GROUP_ID2}); verify(mockQuery).resourceType(MockProvider.EXAMPLE_RESOURCE_TYPE_ID); verify(mockQuery).resourceId(MockProvider.EXAMPLE_RESOURCE_ID); verify(mockQuery).list(); }
@Deployment public void testAssignSameGroupToProcessTwice() { //given createGrantAuthorization(Resources.PROCESS_DEFINITION, Authorization.ANY, userId, Permissions.ALL); createGrantAuthorization(Resources.PROCESS_INSTANCE, Authorization.ANY, userId, Permissions.ALL); // when runtimeService.startProcessInstanceByKey("process"); // then List<Authorization> auths = authorizationService.createAuthorizationQuery().groupIdIn("abc").list(); assertTrue(auths.size() == 1); }
public void testInvalidQueries() { // cannot query for user id and group id at the same time try { authorizationService.createAuthorizationQuery().groupIdIn("a").userIdIn("b").count(); } catch(ProcessEngineException e) { assertTextPresent("Cannot query for user and group authorizations at the same time.", e.getMessage()); } try { authorizationService.createAuthorizationQuery().userIdIn("b").groupIdIn("a").count(); } catch(ProcessEngineException e) { assertTextPresent("Cannot query for user and group authorizations at the same time.", e.getMessage()); } }
@Test public void testCreateAndDeleteTenantGroupMembership() { identityService.createTenantGroupMembership(TENANT_ONE, GROUP_ID); identityService.deleteTenantGroupMembership(TENANT_ONE, GROUP_ID); assertEquals(0, authorizationService.createAuthorizationQuery() .groupIdIn(GROUP_ID) .resourceType(Resources.TENANT) .hasPermission(Permissions.READ).count()); identityService.setAuthentication(USER_ID, Collections.singletonList(GROUP_ID)); assertEquals(0,identityService.createTenantQuery() .count()); }
public void testCreateGroup() { // initially there are no authorizations for group "sales": assertEquals(0, authorizationService.createAuthorizationQuery().groupIdIn("sales").count()); // create new group identityService.saveGroup(identityService.newGroup("sales")); // now there is an authorization for sales which grants all members READ permissions Authorization authorization = authorizationService.createAuthorizationQuery().groupIdIn("sales").singleResult(); assertNotNull(authorization); assertEquals(AUTH_TYPE_GRANT, authorization.getAuthorizationType()); assertEquals(GROUP.resourceType(), authorization.getResourceType()); assertEquals("sales", authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); // delete the group identityService.deleteGroup("sales"); // the authorization is deleted as well: assertEquals(0, authorizationService.createAuthorizationQuery().groupIdIn("sales").count()); }
@Test public void testCreateAndDeleteTenantGroupMembershipForMultipleTenants() { createTenant(TENANT_TWO); identityService.createTenantGroupMembership(TENANT_ONE, GROUP_ID); identityService.createTenantGroupMembership(TENANT_TWO, GROUP_ID); assertEquals(2, authorizationService.createAuthorizationQuery() .groupIdIn(GROUP_ID) .resourceType(Resources.TENANT) .hasPermission(Permissions.READ).count()); identityService.deleteTenantGroupMembership(TENANT_ONE, GROUP_ID); assertEquals(1, authorizationService.createAuthorizationQuery() .groupIdIn(GROUP_ID) .resourceType(Resources.TENANT) .hasPermission(Permissions.READ).count()); }
@Test public void testCreateTenantGroupMembership() { identityService.createTenantGroupMembership(TENANT_ONE, GROUP_ID); assertEquals(1, authorizationService.createAuthorizationQuery() .groupIdIn(GROUP_ID) .resourceType(Resources.TENANT) .resourceId(TENANT_ONE) .hasPermission(Permissions.READ).count()); identityService.setAuthentication(USER_ID, Collections.singletonList(GROUP_ID)); assertEquals(TENANT_ONE,identityService.createTenantQuery() .singleResult() .getId()); }
assertEquals(2, authorizationService.createAuthorizationQuery().groupIdIn("group1").list().size()); assertEquals(1, authorizationService.createAuthorizationQuery().groupIdIn("group2").list().size()); assertEquals(1, authorizationService.createAuthorizationQuery().groupIdIn("group3").list().size()); assertEquals(3, authorizationService.createAuthorizationQuery().groupIdIn("group1", "group2").list().size()); assertEquals(0, authorizationService.createAuthorizationQuery().groupIdIn("non-existing").list().size()); assertEquals(1, authorizationService.createAuthorizationQuery().groupIdIn("group2").resourceType(resource2).list().size()); assertEquals(0, authorizationService.createAuthorizationQuery().groupIdIn("group1").resourceType(nonExisting).list().size());
if(authorizationService.createAuthorizationQuery().groupIdIn(administratorGroupName).resourceType(resource).resourceId(ANY).count() == 0) { AuthorizationEntity adminGroupAuth = new AuthorizationEntity(AUTH_TYPE_GRANT); adminGroupAuth.setGroupId(administratorGroupName);
if(authorizationService.createAuthorizationQuery().groupIdIn(administratorGroupName).resourceType(resource).resourceId(ANY).count() == 0) { AuthorizationEntity adminGroupAuth = new AuthorizationEntity(AUTH_TYPE_GRANT); adminGroupAuth.setGroupId(administratorGroupName);
public void testCaseTaskAddCandidateGroupNoAuthorization() { // given createCaseInstanceByKey(CASE_KEY); String taskId = selectSingleTask().getId(); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.addCandidateGroup(taskId, "management"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .groupIdIn("management") .singleResult(); enableAuthorization(); assertNull(authorization); }
public void testTenantAuthorizationAfterDeleteGroup() { // given jonny2 who is allowed to do group operations User jonny = identityService.newUser(jonny2); identityService.saveUser(jonny); grantPermissions(); // turn on authorization processEngineConfiguration.setAuthorizationEnabled(true); identityService.setAuthenticatedUserId(jonny2); // create group Group group1 = identityService.newGroup("group1"); identityService.saveGroup(group1); // and tenant String tenant1 = "tenant1"; Tenant tenant = identityService.newTenant(tenant1); identityService.saveTenant(tenant); identityService.createTenantGroupMembership(tenant1, "group1"); // assume TenantQuery query = identityService.createTenantQuery().groupMember("group1"); assertThat(query.count(), is(1L)); // when identityService.deleteGroup("group1"); // turn off authorization processEngineConfiguration.setAuthorizationEnabled(false); // then assertThat(query.count(), is(0L)); assertThat(authorizationService.createAuthorizationQuery().resourceType(TENANT).groupIdIn("group1").count(), is(0L)); }
assertEquals(2, authorizationService.createAuthorizationQuery().groupIdIn("group1").count()); assertEquals(1, authorizationService.createAuthorizationQuery().groupIdIn("group2").count()); assertEquals(1, authorizationService.createAuthorizationQuery().groupIdIn("group3").count()); assertEquals(3, authorizationService.createAuthorizationQuery().groupIdIn("group1", "group2").count()); assertEquals(0, authorizationService.createAuthorizationQuery().groupIdIn("non-existing").count()); assertEquals(1, authorizationService.createAuthorizationQuery().groupIdIn("group2").resourceType(resource2).count()); assertEquals(0, authorizationService.createAuthorizationQuery().groupIdIn("group1").resourceType(nonExisting).count());
public void testStandaloneTaskAddCandidateGroupCreateNewAuthorization() { // given String taskId = "myTask"; createTask(taskId); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.addCandidateGroup(taskId, "management"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .groupIdIn("management") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); deleteTask(taskId, true); }
public void testStandaloneTaskAddCandidateGroupUpdateAuthorization() { // given String taskId = "myTask"; createTask(taskId); createGrantAuthorization(TASK, taskId, userId, UPDATE); createGrantAuthorization(TASK, taskId, "demo", DELETE); // when taskService.addCandidateGroup(taskId, "management"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .groupIdIn("management") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); deleteTask(taskId, true); }
public void testProcessTaskAddCandidateGroupCreateNewAuthorization() { // given startProcessInstanceByKey(PROCESS_KEY); String taskId = selectSingleTask().getId(); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.addCandidateGroup(taskId, "management"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .groupIdIn("management") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); }
public void testProcessTaskAddCandidateGroupUpdateAuthorization() { // given startProcessInstanceByKey(PROCESS_KEY); String taskId = selectSingleTask().getId(); createGrantAuthorization(TASK, taskId, userId, UPDATE); createGrantAuthorization(TASK, taskId, "demo", DELETE); // when taskService.addCandidateGroup(taskId, "management"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .groupIdIn("management") .singleResult(); enableAuthorization(); assertNotNull(authorization); assertEquals(TASK.resourceType(), authorization.getResourceType()); assertEquals(taskId, authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser())); }