Java Code Examples for org.camunda.bpm.engine.authorization.Authorization#setGroupId()
The following examples show how to use
org.camunda.bpm.engine.authorization.Authorization#setGroupId() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ProcessDefinitionAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
public void testQueryWithGroupAuthorizationRevokedReadPermission() { // given // given user gets all permissions on any process definition Authorization authorization = createGrantAuthorization(PROCESS_DEFINITION, ANY); authorization.setGroupId(groupId); authorization.addPermission(ALL); saveAuthorization(authorization); authorization = createRevokeAuthorization(PROCESS_DEFINITION, ONE_TASK_PROCESS_KEY); authorization.setGroupId(groupId); authorization.removePermission(READ); saveAuthorization(authorization); // when ProcessDefinitionQuery query = repositoryService.createProcessDefinitionQuery(); // then verifyQueryResults(query, 1); ProcessDefinition definition = query.singleResult(); assertNotNull(definition); assertEquals(TWO_TASKS_PROCESS_KEY, definition.getKey()); }
Example 2
Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
public void testCreateAuthorizationWithGroupId() { Resource resource1 = TestResource.RESOURCE1; // initially, no authorization exists: assertEquals(0, authorizationService.createAuthorizationQuery().count()); // simple create / delete with userId Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setGroupId("aGroupId"); authorization.setResource(resource1); // save the authorization authorizationService.saveAuthorization(authorization); // authorization exists assertEquals(1, authorizationService.createAuthorizationQuery().count()); // delete the authorization authorizationService.deleteAuthorization(authorization.getId()); // it's gone assertEquals(0, authorizationService.createAuthorizationQuery().count()); }
Example 3
Source File: AuthorizationDto.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
public static void update(AuthorizationDto dto, Authorization dbAuthorization, ProcessEngineConfiguration engineConfiguration) { dbAuthorization.setGroupId(dto.getGroupId()); dbAuthorization.setUserId(dto.getUserId()); dbAuthorization.setResourceId(dto.getResourceId()); // update optional fields if(dto.getResourceType() != null) { dbAuthorization.setResourceType(dto.getResourceType()); } if(dto.getPermissions() != null) { dbAuthorization.setPermissions(PermissionConverter.getPermissionsForNames(dto.getPermissions(), dto.getResourceType(), engineConfiguration)); } }
Example 4
Source File: DefaultUserLifecycleBean.java From Showcase with Apache License 2.0 | 5 votes |
private void grantAuthorizationWithPermissions(Group adminGroup) { Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT); authorization.setGroupId(adminGroup.getId()); authorization.setResource(Resources.USER); authorization.addPermission(org.camunda.bpm.engine.authorization.Permissions.ALL); authorizationService.saveAuthorization(authorization); }
Example 5
Source File: GroupAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
protected void createGroupGrantAuthorization(Resource resource, String resourceId, String groupId, Permission... permissions) { Authorization authorization = createGrantAuthorization(resource, resourceId); authorization.setGroupId(groupId); for (Permission permission : permissions) { authorization.addPermission(permission); } saveAuthorization(authorization); }
Example 6
Source File: AuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
protected void createGrantAuthorizationGroup(Resource resource, String resourceId, String groupId, Permission... permissions) { Authorization authorization = createGrantAuthorization(resource, resourceId); authorization.setGroupId(groupId); for (Permission permission : permissions) { authorization.addPermission(permission); } saveAuthorization(authorization); }
Example 7
Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
public void testGrantAuthorizationType() { Authorization grantAuthorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); // I can set userId = null grantAuthorization.setUserId(null); // I can set userId = ANY grantAuthorization.setUserId(ANY); // I can set anything else: grantAuthorization.setUserId("something"); // I can set groupId = null grantAuthorization.setGroupId(null); // I can set anything else: grantAuthorization.setGroupId("something"); }
Example 8
Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
public void testRevokeAuthorizationType() { Authorization revokeAuthorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE); // I can set userId = null revokeAuthorization.setUserId(null); // I can set userId = ANY revokeAuthorization.setUserId(ANY); // I can set anything else: revokeAuthorization.setUserId("something"); // I can set groupId = null revokeAuthorization.setGroupId(null); // I can set anything else: revokeAuthorization.setGroupId("something"); }
Example 9
Source File: AuthorizationServiceWithEnabledAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
public void testUserOverrideGroupOverrideGlobalAuthorizationCheck() { Resource resource1 = TestResource.RESOURCE1; // create global authorization which grants all permissions to all users (on resource1): Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); globalGrant.setResource(resource1); globalGrant.setResourceId(ANY); globalGrant.addPermission(ALL); authorizationService.saveAuthorization(globalGrant); // revoke READ for group "sales" Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE); groupRevoke.setGroupId("sales"); groupRevoke.setResource(resource1); groupRevoke.setResourceId(ANY); groupRevoke.removePermission(READ); authorizationService.saveAuthorization(groupRevoke); // add READ for jonny Authorization userGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); userGrant.setUserId("jonny"); userGrant.setResource(resource1); userGrant.setResourceId(ANY); userGrant.addPermission(READ); authorizationService.saveAuthorization(userGrant); List<String> jonnysGroups = Arrays.asList("sales", "marketing"); List<String> someOneElsesGroups = Collections.singletonList("marketing"); // jonny can read assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1)); assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1)); // someone else in the same groups cannot assertFalse(authorizationService.isUserAuthorized("someone else", jonnysGroups, READ, resource1)); // someone else in different groups can assertTrue(authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1)); }
Example 10
Source File: AuthorizationQueryTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
protected void createAuthorization(String userId, String groupId, Resource resourceType, String resourceId, Permission... permissions) { Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.setGroupId(groupId); authorization.setResource(resourceType); authorization.setResourceId(resourceId); for (Permission permission : permissions) { authorization.addPermission(permission); } authorizationService.saveAuthorization(authorization); }
Example 11
Source File: AuthorizationCreateDto.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
public static void update(AuthorizationCreateDto dto, Authorization dbAuthorization, ProcessEngineConfiguration engineConfiguration) { dbAuthorization.setGroupId(dto.getGroupId()); dbAuthorization.setUserId(dto.getUserId()); dbAuthorization.setResourceType(dto.getResourceType()); dbAuthorization.setResourceId(dto.getResourceId()); dbAuthorization.setPermissions(PermissionConverter.getPermissionsForNames(dto.getPermissions(), dto.getResourceType(), engineConfiguration)); }
Example 12
Source File: AuthorizationPerformanceTestCase.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
protected void grouptGrant(String groupId, Resource resource, Permission... perms) { AuthorizationService authorizationService = engine.getAuthorizationService(); Authorization groupGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); groupGrant.setResource(resource); groupGrant.setResourceId(ANY); for (Permission permission : perms) { groupGrant.addPermission(permission); } groupGrant.setGroupId(groupId); authorizationService.saveAuthorization(groupGrant); }
Example 13
Source File: Application.java From camunda-spring-boot-amqp-microservice-cloud-example with Apache License 2.0 | 4 votes |
public static void createDefaultUser(ProcessEngine engine) { // and add default user to Camunda to be ready-to-go if (engine.getIdentityService().createUserQuery().userId("demo").count() == 0) { User user = engine.getIdentityService().newUser("demo"); user.setFirstName("Demo"); user.setLastName("Demo"); user.setPassword("demo"); user.setEmail("demo@camunda.org"); engine.getIdentityService().saveUser(user); Group group = engine.getIdentityService().newGroup(Groups.CAMUNDA_ADMIN); group.setName("Administrators"); group.setType(Groups.GROUP_TYPE_SYSTEM); engine.getIdentityService().saveGroup(group); for (Resource resource : Resources.values()) { Authorization auth = engine.getAuthorizationService().createNewAuthorization(AUTH_TYPE_GRANT); auth.setGroupId(Groups.CAMUNDA_ADMIN); auth.addPermission(ALL); auth.setResourceId(ANY); auth.setResource(resource); engine.getAuthorizationService().saveAuthorization(auth); } engine.getIdentityService().createMembership("demo", Groups.CAMUNDA_ADMIN); } // create default "all tasks" filter if (engine.getFilterService().createFilterQuery().filterName("Alle").count() == 0) { Map<String, Object> filterProperties = new HashMap<String, Object>(); filterProperties.put("description", "Alle Aufgaben"); filterProperties.put("priority", 10); Filter filter = engine.getFilterService().newTaskFilter() // .setName("Alle") // .setProperties(filterProperties)// .setOwner("demo")// .setQuery(engine.getTaskService().createTaskQuery()); engine.getFilterService().saveFilter(filter); // and authorize demo user for it if (engine.getAuthorizationService().createAuthorizationQuery().resourceType(FILTER).resourceId(filter.getId()) // .userIdIn("demo").count() == 0) { Authorization managementGroupFilterRead = engine.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GRANT); managementGroupFilterRead.setResource(FILTER); managementGroupFilterRead.setResourceId(filter.getId()); managementGroupFilterRead.addPermission(ALL); managementGroupFilterRead.setUserId("demo"); engine.getAuthorizationService().saveAuthorization(managementGroupFilterRead); } } }
Example 14
Source File: AuthorizationUserOperationLogTest.java From camunda-bpm-platform with Apache License 2.0 | 4 votes |
public void testLogCreatedOnAuthorizationUpdate() { // given UserOperationLogQuery query = historyService.createUserOperationLogQuery(); Authorization authorization = createGrantAuthorizationWithoutAuthentication(Resources.PROCESS_DEFINITION, Authorization.ANY, "testUserId", Permissions.DELETE); createGrantAuthorizationWithoutAuthentication(OPERATION_LOG_CATEGORY, CATEGORY_ADMIN, userId, READ); assertEquals(0, query.count()); // when authorization.addPermission(Permissions.READ); authorization.setResource(Resources.PROCESS_INSTANCE); authorization.setResourceId("abc123"); authorization.setGroupId("testGroupId"); authorization.setUserId(null); saveAuthorization(authorization); // then assertEquals(7, query.count()); UserOperationLogEntry entry = query.property("permissionBits").singleResult(); assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType()); assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory()); assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType()); assertEquals(String.valueOf(Permissions.DELETE.getValue() | Permissions.READ.getValue()), entry.getNewValue()); assertEquals(String.valueOf(Permissions.DELETE.getValue()), entry.getOrgValue()); entry = query.property("permissions").singleResult(); assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType()); assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory()); assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType()); assertEquals(Permissions.READ.getName() + ", " + Permissions.DELETE.getName(), entry.getNewValue()); assertEquals(Permissions.DELETE.getName(), entry.getOrgValue()); entry = query.property("type").singleResult(); assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType()); assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory()); assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType()); assertEquals(String.valueOf(Authorization.AUTH_TYPE_GRANT), entry.getNewValue()); assertEquals(String.valueOf(Authorization.AUTH_TYPE_GRANT), entry.getOrgValue()); entry = query.property("resource").singleResult(); assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType()); assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory()); assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType()); assertEquals(Resources.PROCESS_INSTANCE.resourceName(), entry.getNewValue()); assertEquals(Resources.PROCESS_DEFINITION.resourceName(), entry.getOrgValue()); entry = query.property("resourceId").singleResult(); assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType()); assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory()); assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType()); assertEquals("abc123", entry.getNewValue()); assertEquals(Authorization.ANY, entry.getOrgValue()); entry = query.property("userId").singleResult(); assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType()); assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory()); assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType()); assertNull(entry.getNewValue()); assertEquals("testUserId", entry.getOrgValue()); entry = query.property("groupId").singleResult(); assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType()); assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory()); assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType()); assertEquals("testGroupId", entry.getNewValue()); assertNull(entry.getOrgValue()); }
Example 15
Source File: AuthorizationServiceWithEnabledAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 4 votes |
public void testGroupOverrideGlobalGrantAuthorizationCheck() { Resource resource1 = TestResource.RESOURCE1; // create global authorization which grants all permissions to all users (on resource1): Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); globalGrant.setResource(resource1); globalGrant.setResourceId(ANY); globalGrant.addPermission(ALL); authorizationService.saveAuthorization(globalGrant); // revoke READ for group "sales" Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE); groupRevoke.setGroupId("sales"); groupRevoke.setResource(resource1); groupRevoke.setResourceId(ANY); groupRevoke.removePermission(READ); authorizationService.saveAuthorization(groupRevoke); List<String> jonnysGroups = Arrays.asList("sales", "marketing"); List<String> someOneElsesGroups = Collections.singletonList("marketing"); // jonny does not have ALL permissions if queried with groups assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, ALL, resource1)); // if queried without groups he has assertTrue(authorizationService.isUserAuthorized("jonny", null, ALL, resource1)); // jonny can't read if queried with groups assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1)); // if queried without groups he has assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1)); // someone else who is in group "marketing" but but not "sales" can assertTrue(authorizationService.isUserAuthorized("someone else", someOneElsesGroups, ALL, resource1)); assertTrue(authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1)); assertTrue(authorizationService.isUserAuthorized("someone else", null, ALL, resource1)); assertTrue(authorizationService.isUserAuthorized("someone else", null, READ, resource1)); // he could'nt if he were in jonny's groups assertFalse(authorizationService.isUserAuthorized("someone else", jonnysGroups, ALL, resource1)); assertFalse(authorizationService.isUserAuthorized("someone else", jonnysGroups, READ, resource1)); // jonny can still delete assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, DELETE, resource1)); assertTrue(authorizationService.isUserAuthorized("jonny", null, DELETE, resource1)); }