public Authorization createNewAuthorization(int type) { checkAuthorization(CREATE, AUTHORIZATION, null); return new AuthorizationEntity(type); }
public Authorization createNewAuthorization(int type) { checkAuthorization(CREATE, AUTHORIZATION, null); return new AuthorizationEntity(type); }
protected AuthorizationEntity createGrantAuthorization(String userId, String groupId, Resource resource, String resourceId, Permission... permissions) { // assuming that there are no default authorizations for * if (userId != null) { ensureValidIndividualResourceId("Cannot create authorization for user " + userId, userId); } if (groupId != null) { ensureValidIndividualResourceId("Cannot create authorization for group " + groupId, groupId); } AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.setGroupId(groupId); authorization.setResource(resource); authorization.setResourceId(resourceId); if (permissions != null) { for (Permission permission : permissions) { authorization.addPermission(permission); } } return authorization; }
protected AuthorizationEntity createGrantAuthorization(String userId, String groupId, Resource resource, String resourceId, Permission... permissions) { // assuming that there are no default authorizations for * if (userId != null) { ensureValidIndividualResourceId("Cannot create authorization for user " + userId, userId); } if (groupId != null) { ensureValidIndividualResourceId("Cannot create authorization for group " + groupId, groupId); } AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.setGroupId(groupId); authorization.setResource(resource); authorization.setResourceId(resourceId); if (permissions != null) { for (Permission permission : permissions) { authorization.addPermission(permission); } } return authorization; }
public void testRevokeAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_REVOKE); authorization.setResource(Resources.DEPLOYMENT); assertFalse(authorization.isPermissionRevoked(ALL)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertEquals(0, perms.size()); authorization.removePermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(READ)); assertTrue(perms.contains(ALL)); assertEquals(2, perms.size()); try { authorization.isPermissionGranted(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionGranted' cannot be used for authorization with type 'REVOKE'.", e.getMessage()); } }
protected void grantPermissions() { AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(USER); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(GROUP); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(TENANT); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(TENANT_MEMBERSHIP); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); }
AuthorizationEntity adminGroupAuth = new AuthorizationEntity(AUTH_TYPE_GRANT); adminGroupAuth.setGroupId(administratorGroupName); adminGroupAuth.setResource(resource); AuthorizationEntity adminUserAuth = new AuthorizationEntity(AUTH_TYPE_GRANT); adminUserAuth.setUserId(administratorUserName); adminUserAuth.setResource(resource);
AuthorizationEntity adminGroupAuth = new AuthorizationEntity(AUTH_TYPE_GRANT); adminGroupAuth.setGroupId(administratorGroupName); adminGroupAuth.setResource(resource); AuthorizationEntity adminUserAuth = new AuthorizationEntity(AUTH_TYPE_GRANT); adminUserAuth.setUserId(administratorUserName); adminUserAuth.setResource(resource);
public void testGlobalAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setResource(Resources.DEPLOYMENT); assertFalse(authorization.isPermissionGranted(ALL)); assertTrue(authorization.isPermissionGranted(NONE)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertEquals(1, perms.size()); authorization.addPermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertTrue(perms.contains(READ)); assertEquals(2, perms.size()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(NONE)); // (none is always granted => you are always authorized to do nothing) try { authorization.isPermissionRevoked(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionRevoked' cannot be used for authorization with type 'GRANT'.", e.getMessage()); } }
public void testGrantAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setResource(Resources.DEPLOYMENT); assertFalse(authorization.isPermissionGranted(ALL)); assertTrue(authorization.isPermissionGranted(NONE)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertEquals(1, perms.size()); authorization.addPermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertTrue(perms.contains(READ)); assertEquals(2, perms.size()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(NONE)); // (none is always granted => you are always authorized to do nothing) try { authorization.isPermissionRevoked(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionRevoked' cannot be used for authorization with type 'GRANT'.", e.getMessage()); } }
public Authorization createNewAuthorization(int type) { checkAuthorization(CREATE, AUTHORIZATION, null); return new AuthorizationEntity(type); }
Authorization authorization = new AuthorizationEntity(AUTH_TYPE_REVOKE); authorization.setUserId("someUserId"); authorization.setResource(Resources.APPLICATION);
protected AuthorizationEntity createGrantAuthorization(String userId, String groupId, Resource resource, String resourceId, Permission... permissions) { // assuming that there are no default authorizations for * if (userId != null) { ensureValidIndividualResourceId("Cannot create authorization for user " + userId, userId); } if (groupId != null) { ensureValidIndividualResourceId("Cannot create authorization for group " + groupId, groupId); } AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.setGroupId(groupId); authorization.setResource(resource); authorization.setResourceId(resourceId); if (permissions != null) { for (Permission permission : permissions) { authorization.addPermission(permission); } } return authorization; }
public void testRevokeAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_REVOKE); assertFalse(authorization.isPermissionRevoked(ALL)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertEquals(0, perms.size()); authorization.removePermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(READ)); assertTrue(perms.contains(ALL)); assertEquals(2, perms.size()); try { authorization.isPermissionGranted(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionGranted' cannot be used for authorization with type 'REVOKE'.", e.getMessage()); } }
protected void grantPermissions() { AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(USER); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(GROUP); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(TENANT); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(TENANT_MEMBERSHIP); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); }
public static void createDefaultUsers(ProcessEngine engine) { LOGGER.info("Generating default users for showroom"); // ///////////////////////////////////// // create user as otherwise the invoice exmaple will re-create users // Give demo user Admin Rights as well addUser(engine, "demo", "demo", "Demo", "Demo"); // Admin USer - is allowed to do anything addUser(engine, "admin", "admin", "Camunda", "BPM"); if (addGroup(engine, Groups.CAMUNDA_ADMIN, "Camunda BPM Admin", "admin", "demo")) { // create ADMIN authorizations on all built-in resources for (Resource resource : Resources.values()) { if (engine.getAuthorizationService().createAuthorizationQuery().groupIdIn(Groups.CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) { AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT); userAdminAuth.setGroupId(Groups.CAMUNDA_ADMIN); userAdminAuth.setResource(resource); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); engine.getAuthorizationService().saveAuthorization(userAdminAuth); } } } }
public void testGrantAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); assertFalse(authorization.isPermissionGranted(ALL)); assertTrue(authorization.isPermissionGranted(NONE)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertEquals(1, perms.size()); authorization.addPermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertTrue(perms.contains(READ)); assertEquals(2, perms.size()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(NONE)); // (none is always granted => you are always authorized to do nothing) try { authorization.isPermissionRevoked(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionRevoked' cannot be used for authorization with type 'GRANT'.", e.getMessage()); } }
public void testGlobalAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); assertFalse(authorization.isPermissionGranted(ALL)); assertTrue(authorization.isPermissionGranted(NONE)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertEquals(1, perms.size()); authorization.addPermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertTrue(perms.contains(READ)); assertEquals(2, perms.size()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(NONE)); // (none is always granted => you are always authorized to do nothing) try { authorization.isPermissionRevoked(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionRevoked' cannot be used for authorization with type 'GRANT'.", e.getMessage()); } }
@Override public void postProcessEngineBuild(final ProcessEngine processEngine) { requireNonNull(adminUser); final IdentityService identityService = processEngine.getIdentityService(); final AuthorizationService authorizationService = processEngine.getAuthorizationService(); if (userAlreadyExists(identityService, adminUser)) { return; } createUser(identityService, adminUser); // create group if (identityService.createGroupQuery().groupId(CAMUNDA_ADMIN).count() == 0) { Group camundaAdminGroup = identityService.newGroup(CAMUNDA_ADMIN); camundaAdminGroup.setName("camunda BPM Administrators"); camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM); identityService.saveGroup(camundaAdminGroup); } // create ADMIN authorizations on all built-in resources for (Resource resource : Resources.values()) { if (authorizationService.createAuthorizationQuery().groupIdIn(CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) { AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT); userAdminAuth.setGroupId(CAMUNDA_ADMIN); userAdminAuth.setResource(resource); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); } } identityService.createMembership(adminUser.getId(), CAMUNDA_ADMIN); LOG.creatingInitialAdminUser(adminUser); }
Authorization authorization = new AuthorizationEntity(AUTH_TYPE_REVOKE); authorization.setUserId("someUserId"); authorization.setResource(Resources.APPLICATION);