@Test public void testCompleteGetParameters() { List<Authorization> mockAuthorizations = MockProvider.createMockGlobalAuthorizations(); AuthorizationQuery mockQuery = setUpMockQuery(mockAuthorizations); Map<String, String> queryParameters = getCompleteStringQueryParameters(); RequestSpecification requestSpecification = given().contentType(POST_JSON_CONTENT_TYPE); for (Entry<String, String> paramEntry : queryParameters.entrySet()) { requestSpecification.parameter(paramEntry.getKey(), paramEntry.getValue()); } requestSpecification.expect().statusCode(Status.OK.getStatusCode()) .when().get(SERVICE_PATH); verify(mockQuery).authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID); verify(mockQuery).authorizationType(MockProvider.EXAMPLE_AUTHORIZATION_TYPE); verify(mockQuery).userIdIn(new String[]{MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_ID2}); verify(mockQuery).groupIdIn(new String[]{MockProvider.EXAMPLE_GROUP_ID, MockProvider.EXAMPLE_GROUP_ID2}); verify(mockQuery).resourceType(MockProvider.EXAMPLE_RESOURCE_TYPE_ID); verify(mockQuery).resourceId(MockProvider.EXAMPLE_RESOURCE_ID); verify(mockQuery).list(); }
@Deployment public void testAssignSameUserToProcessTwice() { //given createGrantAuthorization(Resources.PROCESS_DEFINITION, Authorization.ANY, userId, Permissions.ALL); createGrantAuthorization(Resources.PROCESS_INSTANCE, Authorization.ANY, userId, Permissions.ALL); // when runtimeService.startProcessInstanceByKey("process"); // then List<Authorization> auths = authorizationService.createAuthorizationQuery().userIdIn("hans").list(); assertTrue(auths.size() == 1); }
@Deployment public void testAssignSameAssigneeAndOwnerToProcess() { //given createGrantAuthorization(Resources.PROCESS_DEFINITION, Authorization.ANY, userId, Permissions.ALL); createGrantAuthorization(Resources.PROCESS_INSTANCE, Authorization.ANY, userId, Permissions.ALL); // when runtimeService.startProcessInstanceByKey("process"); // then List<Authorization> auths = authorizationService.createAuthorizationQuery().userIdIn("horst").list(); assertTrue(auths.size() == 1); }
public void testInvalidQueries() { // cannot query for user id and group id at the same time try { authorizationService.createAuthorizationQuery().groupIdIn("a").userIdIn("b").count(); } catch(ProcessEngineException e) { assertTextPresent("Cannot query for user and group authorizations at the same time.", e.getMessage()); } try { authorizationService.createAuthorizationQuery().userIdIn("b").groupIdIn("a").count(); } catch(ProcessEngineException e) { assertTextPresent("Cannot query for user and group authorizations at the same time.", e.getMessage()); } }
protected void tearDown() throws Exception { processEngineConfiguration.setAuthorizationEnabled(false); List<Authorization> jonnysAuths = authorizationService.createAuthorizationQuery().userIdIn("jonny").list(); for (Authorization authorization : jonnysAuths) { authorizationService.deleteAuthorization(authorization.getId()); } super.tearDown(); }
public void testCreateUser() { // initially there are no authorizations for jonny2: assertEquals(0, authorizationService.createAuthorizationQuery().userIdIn("jonny2").count()); // create new user identityService.saveUser(identityService.newUser("jonny2")); // now there is an authorization for jonny2 which grants him ALL permissions on himself Authorization authorization = authorizationService.createAuthorizationQuery().userIdIn("jonny2").singleResult(); assertNotNull(authorization); assertEquals(AUTH_TYPE_GRANT, authorization.getAuthorizationType()); assertEquals(USER.resourceType(), authorization.getResourceType()); assertEquals("jonny2", authorization.getResourceId()); assertTrue(authorization.isPermissionGranted(ALL)); // delete the user identityService.deleteUser("jonny2"); // the authorization is deleted as well: assertEquals(0, authorizationService.createAuthorizationQuery().userIdIn("jonny2").count()); }
@Test public void testCreateAndDeleteTenantUserMembershipForMultipleTenants() { createTenant(TENANT_TWO); identityService.createTenantUserMembership(TENANT_ONE, USER_ID); identityService.createTenantUserMembership(TENANT_TWO, USER_ID); assertEquals(2, authorizationService.createAuthorizationQuery() .userIdIn(USER_ID) .resourceType(Resources.TENANT) .hasPermission(Permissions.READ).count()); identityService.deleteTenantUserMembership(TENANT_ONE, USER_ID); assertEquals(1, authorizationService.createAuthorizationQuery() .userIdIn(USER_ID) .resourceType(Resources.TENANT) .hasPermission(Permissions.READ).count()); }
public void testCaseTaskAddCandidateUserNoAuthorization() { // given createCaseInstanceByKey(CASE_KEY); String taskId = selectSingleTask().getId(); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.addCandidateUser(taskId, "demo"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNull(authorization); }
public void testCaseTaskSetAssigneeNoAuthorization() { // given createCaseInstanceByKey(CASE_KEY); String taskId = selectSingleTask().getId(); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.setAssignee(taskId, "demo"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNull(authorization); }
public void testCaseTaskSetOwnerNoAuthorization() { // given createCaseInstanceByKey(CASE_KEY); String taskId = selectSingleTask().getId(); createGrantAuthorization(TASK, taskId, userId, UPDATE); // when taskService.setOwner(taskId, "demo"); // then disableAuthorization(); Authorization authorization = authorizationService .createAuthorizationQuery() .userIdIn("demo") .singleResult(); enableAuthorization(); assertNull(authorization); }
@Test public void testCreateAndDeleteTenantUserMembership() { identityService.createTenantUserMembership(TENANT_ONE, USER_ID); identityService.deleteTenantUserMembership(TENANT_ONE, USER_ID); assertEquals(0, authorizationService.createAuthorizationQuery() .userIdIn(USER_ID) .resourceType(Resources.TENANT) .hasPermission(Permissions.READ).count()); identityService.setAuthenticatedUserId(USER_ID); assertEquals(0,identityService.createTenantQuery() .count()); }
@Test public void testCreateTenantUserMembership() { identityService.createTenantUserMembership(TENANT_ONE, USER_ID); assertEquals(1, authorizationService.createAuthorizationQuery() .userIdIn(USER_ID) .resourceType(Resources.TENANT) .resourceId(TENANT_ONE) .hasPermission(Permissions.READ).count()); identityService.setAuthenticatedUserId(USER_ID); assertEquals(TENANT_ONE,identityService.createTenantQuery() .singleResult() .getId()); }
public void testClearAuthorizationOnDeleteDeployment() { // given createGrantAuthorization(DEPLOYMENT, ANY, userId, CREATE); Deployment deployment = repositoryService .createDeployment() .addClasspathResource(FIRST_RESOURCE) .deploy(); String deploymentId = deployment.getId(); AuthorizationQuery query = authorizationService .createAuthorizationQuery() .userIdIn(userId) .resourceId(deploymentId); Authorization authorization = query.singleResult(); assertNotNull(authorization); // when repositoryService.deleteDeployment(deploymentId); authorization = query.singleResult(); assertNull(authorization); deleteDeployment(deploymentId); }
public void testPermissionsOnAssignSameAssigneeAndOwnerToTask() { try { // given createGrantAuthorization(Resources.TASK, Authorization.ANY, userId, Permissions.CREATE, Permissions.DELETE, Permissions.READ); processEngineConfiguration.setResourceAuthorizationProvider(new MyExtendedPermissionDefaultAuthorizationProvider()); // when Task newTask = taskService.newTask(); newTask.setAssignee("Horst"); newTask.setOwner("Horst"); taskService.saveTask(newTask); // then Authorization auth = authorizationService.createAuthorizationQuery().userIdIn("Horst").singleResult(); assertTrue(auth.isPermissionGranted(Permissions.DELETE)); taskService.deleteTask(newTask.getId(), true); } finally { processEngineConfiguration.setResourceAuthorizationProvider(new DefaultAuthorizationProvider()); } }
public void testIsPermissionGrantedRetryJob() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); String userId = "userId"; authorization.setUserId(userId); authorization.addPermission(ProcessInstancePermissions.RETRY_JOB); authorization.setResource(Resources.PROCESS_INSTANCE); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult(); assertTrue(authorizationResult.isPermissionGranted(ProcessInstancePermissions.RETRY_JOB)); assertFalse(authorizationResult.isPermissionGranted(Permissions.ACCESS)); assertFalse(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertFalse(authorizationResult.isPermissionGranted(ProcessDefinitionPermissions.RETRY_JOB)); }
public void testIsPermissionRevokedAccess() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE); String userId = "userId"; authorization.setUserId(userId); authorization.removePermission(Permissions.ACCESS); authorization.setResource(Resources.APPLICATION); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult(); assertTrue(authorizationResult.isPermissionRevoked(Permissions.ACCESS)); assertFalse(authorizationResult.isPermissionRevoked(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertFalse(authorizationResult.isPermissionRevoked(ProcessInstancePermissions.RETRY_JOB)); assertFalse(authorizationResult.isPermissionRevoked(ProcessDefinitionPermissions.RETRY_JOB)); }
public void testIsPermissionRevokedRetryJob() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE); String userId = "userId"; authorization.setUserId(userId); authorization.removePermission(ProcessInstancePermissions.RETRY_JOB); authorization.setResource(Resources.PROCESS_INSTANCE); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult(); assertTrue(authorizationResult.isPermissionRevoked(ProcessInstancePermissions.RETRY_JOB)); assertFalse(authorizationResult.isPermissionRevoked(Permissions.ACCESS)); assertFalse(authorizationResult.isPermissionRevoked(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertFalse(authorizationResult.isPermissionRevoked(ProcessDefinitionPermissions.RETRY_JOB)); }
@Test public void testQuerySingleCorrectPermission() throws Exception { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId("userId"); authorization.setResource(Resources.PROCESS_DEFINITION); authorization.addPermission(Permissions.READ); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); // assume Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.PROCESS_DEFINITION).singleResult(); assertNotNull(authResult); // then assertEquals(1, authorizationService.createAuthorizationQuery().hasPermission(Permissions.READ).count()); }
@Test public void testQuerySingleIncorrectPermission() throws Exception { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId("userId"); authorization.setResource(Resources.BATCH); authorization.addPermission(BatchPermissions.CREATE_BATCH_DELETE_RUNNING_PROCESS_INSTANCES); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); // assume Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.BATCH).singleResult(); assertNotNull(authResult); // then assertEquals(0, authorizationService.createAuthorizationQuery().hasPermission(Permissions.CREATE_INSTANCE).count()); }
public void testIsPermissionGrantedAccess() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); String userId = "userId"; authorization.setUserId(userId); authorization.addPermission(Permissions.ACCESS); authorization.setResource(Resources.APPLICATION); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult(); assertTrue(authorizationResult.isPermissionGranted(Permissions.ACCESS)); assertFalse(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertFalse(authorizationResult.isPermissionGranted(ProcessInstancePermissions.RETRY_JOB)); assertFalse(authorizationResult.isPermissionGranted(ProcessDefinitionPermissions.RETRY_JOB)); }