protected AuthorizationEntity updateAuthorization(AuthorizationEntity authorization, String userId, String groupId, Resource resource, String resourceId, Permission... permissions) { if (authorization == null) { authorization = createGrantAuthorization(userId, groupId, resource, resourceId); updateAuthorizationBasedOnCacheEntries(authorization, userId, groupId, resource, resourceId); } if (permissions != null) { for (Permission permission : permissions) { authorization.addPermission(permission); } } return authorization; }
protected AuthorizationEntity updateAuthorization(AuthorizationEntity authorization, String userId, String groupId, Resource resource, String resourceId, Permission... permissions) { if (authorization == null) { authorization = createGrantAuthorization(userId, groupId, resource, resourceId); updateAuthorizationBasedOnCacheEntries(authorization, userId, groupId, resource, resourceId); } if (permissions != null) { for (Permission permission : permissions) { authorization.addPermission(permission); } } return authorization; }
public void setPermissions(Permission[] permissions) { resetPermissions(); for (Permission permission : permissions) { if(AUTH_TYPE_REVOKE == authorizationType) { removePermission(permission); } else { addPermission(permission); } } }
public void setPermissions(Permission[] permissions) { resetPermissions(); for (Permission permission : permissions) { if(AUTH_TYPE_REVOKE == authorizationType) { removePermission(permission); } else { addPermission(permission); } } }
public AuthorizationEntity[] newTaskAssignee(Task task, String oldAssignee, String newAssignee) { AuthorizationEntity[] authorizations = super.newTaskAssignee(task, oldAssignee, newAssignee); authorizations[0].addPermission(Permissions.DELETE); return authorizations; } }
protected AuthorizationEntity createGrantAuthorization(String userId, String groupId, Resource resource, String resourceId, Permission... permissions) { // assuming that there are no default authorizations for * if (userId != null) { ensureValidIndividualResourceId("Cannot create authorization for user " + userId, userId); } if (groupId != null) { ensureValidIndividualResourceId("Cannot create authorization for group " + groupId, groupId); } AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.setGroupId(groupId); authorization.setResource(resource); authorization.setResourceId(resourceId); if (permissions != null) { for (Permission permission : permissions) { authorization.addPermission(permission); } } return authorization; }
protected AuthorizationEntity createGrantAuthorization(String userId, String groupId, Resource resource, String resourceId, Permission... permissions) { // assuming that there are no default authorizations for * if (userId != null) { ensureValidIndividualResourceId("Cannot create authorization for user " + userId, userId); } if (groupId != null) { ensureValidIndividualResourceId("Cannot create authorization for group " + groupId, groupId); } AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.setGroupId(groupId); authorization.setResource(resource); authorization.setResourceId(resourceId); if (permissions != null) { for (Permission permission : permissions) { authorization.addPermission(permission); } } return authorization; }
protected void grantPermissions() { AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(USER); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(GROUP); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(TENANT); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(TENANT_MEMBERSHIP); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); }
adminGroupAuth.setResource(resource); adminGroupAuth.setResourceId(ANY); adminGroupAuth.addPermission(ALL); authorizationService.saveAuthorization(adminGroupAuth); LOG.grantGroupPermissions(administratorGroupName, resource.resourceName()); adminUserAuth.setResource(resource); adminUserAuth.setResourceId(ANY); adminUserAuth.addPermission(ALL); authorizationService.saveAuthorization(adminUserAuth); LOG.grantUserPermissions(administratorUserName, resource.resourceName());
public void testGlobalAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setResource(Resources.DEPLOYMENT); assertFalse(authorization.isPermissionGranted(ALL)); assertTrue(authorization.isPermissionGranted(NONE)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertEquals(1, perms.size()); authorization.addPermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertTrue(perms.contains(READ)); assertEquals(2, perms.size()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(NONE)); // (none is always granted => you are always authorized to do nothing) try { authorization.isPermissionRevoked(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionRevoked' cannot be used for authorization with type 'GRANT'.", e.getMessage()); } }
adminGroupAuth.setResource(resource); adminGroupAuth.setResourceId(ANY); adminGroupAuth.addPermission(ALL); authorizationService.saveAuthorization(adminGroupAuth); LOG.grantGroupPermissions(administratorGroupName, resource.resourceName()); adminUserAuth.setResource(resource); adminUserAuth.setResourceId(ANY); adminUserAuth.addPermission(ALL); authorizationService.saveAuthorization(adminUserAuth); LOG.grantUserPermissions(administratorUserName, resource.resourceName());
public void testGrantAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setResource(Resources.DEPLOYMENT); assertFalse(authorization.isPermissionGranted(ALL)); assertTrue(authorization.isPermissionGranted(NONE)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertEquals(1, perms.size()); authorization.addPermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertTrue(perms.contains(READ)); assertEquals(2, perms.size()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(NONE)); // (none is always granted => you are always authorized to do nothing) try { authorization.isPermissionRevoked(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionRevoked' cannot be used for authorization with type 'GRANT'.", e.getMessage()); } }
public void setPermissions(Permission[] permissions) { resetPermissions(); for (Permission permission : permissions) { if(AUTH_TYPE_REVOKE == authorizationType) { removePermission(permission); } else { addPermission(permission); } } }
protected AuthorizationEntity updateAuthorization(AuthorizationEntity authorization, String userId, String groupId, Resource resource, String resourceId, Permission... permissions) { if (authorization == null) { authorization = createGrantAuthorization(userId, groupId, resource, resourceId); updateAuthorizationBasedOnCacheEntries(authorization, userId, groupId, resource, resourceId); } if (permissions != null) { for (Permission permission : permissions) { authorization.addPermission(permission); } } return authorization; }
public AuthorizationEntity[] newTaskAssignee(Task task, String oldAssignee, String newAssignee) { AuthorizationEntity[] authorizations = super.newTaskAssignee(task, oldAssignee, newAssignee); authorizations[0].addPermission(Permissions.DELETE_HISTORY); return authorizations; } }
protected AuthorizationEntity createGrantAuthorization(String userId, String groupId, Resource resource, String resourceId, Permission... permissions) { // assuming that there are no default authorizations for * if (userId != null) { ensureValidIndividualResourceId("Cannot create authorization for user " + userId, userId); } if (groupId != null) { ensureValidIndividualResourceId("Cannot create authorization for group " + groupId, groupId); } AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.setGroupId(groupId); authorization.setResource(resource); authorization.setResourceId(resourceId); if (permissions != null) { for (Permission permission : permissions) { authorization.addPermission(permission); } } return authorization; }
protected void grantPermissions() { AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(USER); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(GROUP); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(TENANT); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GLOBAL); userAdminAuth.setResource(TENANT_MEMBERSHIP); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); authorizationService.saveAuthorization(userAdminAuth); }
public void testGrantAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); assertFalse(authorization.isPermissionGranted(ALL)); assertTrue(authorization.isPermissionGranted(NONE)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertEquals(1, perms.size()); authorization.addPermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertTrue(perms.contains(READ)); assertEquals(2, perms.size()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(NONE)); // (none is always granted => you are always authorized to do nothing) try { authorization.isPermissionRevoked(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionRevoked' cannot be used for authorization with type 'GRANT'.", e.getMessage()); } }
public static void createDefaultUsers(ProcessEngine engine) { LOGGER.info("Generating default users for showroom"); // ///////////////////////////////////// // create user as otherwise the invoice exmaple will re-create users // Give demo user Admin Rights as well addUser(engine, "demo", "demo", "Demo", "Demo"); // Admin USer - is allowed to do anything addUser(engine, "admin", "admin", "Camunda", "BPM"); if (addGroup(engine, Groups.CAMUNDA_ADMIN, "Camunda BPM Admin", "admin", "demo")) { // create ADMIN authorizations on all built-in resources for (Resource resource : Resources.values()) { if (engine.getAuthorizationService().createAuthorizationQuery().groupIdIn(Groups.CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) { AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT); userAdminAuth.setGroupId(Groups.CAMUNDA_ADMIN); userAdminAuth.setResource(resource); userAdminAuth.setResourceId(ANY); userAdminAuth.addPermission(ALL); engine.getAuthorizationService().saveAuthorization(userAdminAuth); } } } }
public void testGlobalAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); assertFalse(authorization.isPermissionGranted(ALL)); assertTrue(authorization.isPermissionGranted(NONE)); List<Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertEquals(1, perms.size()); authorization.addPermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.contains(NONE)); assertTrue(perms.contains(READ)); assertEquals(2, perms.size()); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(NONE)); // (none is always granted => you are always authorized to do nothing) try { authorization.isPermissionRevoked(READ); fail("Exception expected"); } catch (IllegalStateException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionRevoked' cannot be used for authorization with type 'GRANT'.", e.getMessage()); } }