Java Code Examples for org.camunda.bpm.engine.authorization.Authorization#setGroupId()

The following examples show how to use org.camunda.bpm.engine.authorization.Authorization#setGroupId() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ProcessDefinitionAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testQueryWithGroupAuthorizationRevokedReadPermission() {
  // given
  // given user gets all permissions on any process definition
  Authorization authorization = createGrantAuthorization(PROCESS_DEFINITION, ANY);
  authorization.setGroupId(groupId);
  authorization.addPermission(ALL);
  saveAuthorization(authorization);

  authorization = createRevokeAuthorization(PROCESS_DEFINITION, ONE_TASK_PROCESS_KEY);
  authorization.setGroupId(groupId);
  authorization.removePermission(READ);
  saveAuthorization(authorization);

  // when
  ProcessDefinitionQuery query = repositoryService.createProcessDefinitionQuery();

  // then
  verifyQueryResults(query, 1);

  ProcessDefinition definition = query.singleResult();
  assertNotNull(definition);
  assertEquals(TWO_TASKS_PROCESS_KEY, definition.getKey());
}
 
Example 2
Source File: AuthorizationServiceTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testCreateAuthorizationWithGroupId() {

    Resource resource1 = TestResource.RESOURCE1;

    // initially, no authorization exists:
    assertEquals(0, authorizationService.createAuthorizationQuery().count());

    // simple create / delete with userId
    Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    authorization.setGroupId("aGroupId");
    authorization.setResource(resource1);

    // save the authorization
    authorizationService.saveAuthorization(authorization);
    // authorization exists
    assertEquals(1, authorizationService.createAuthorizationQuery().count());
    // delete the authorization
    authorizationService.deleteAuthorization(authorization.getId());
    // it's gone
    assertEquals(0, authorizationService.createAuthorizationQuery().count());

  }
 
Example 3
Source File: AuthorizationDto.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public static void update(AuthorizationDto dto, Authorization dbAuthorization, ProcessEngineConfiguration engineConfiguration) {

    dbAuthorization.setGroupId(dto.getGroupId());
    dbAuthorization.setUserId(dto.getUserId());
    dbAuthorization.setResourceId(dto.getResourceId());

    // update optional fields

    if(dto.getResourceType() != null) {
      dbAuthorization.setResourceType(dto.getResourceType());
    }

    if(dto.getPermissions() != null) {
      dbAuthorization.setPermissions(PermissionConverter.getPermissionsForNames(dto.getPermissions(), dto.getResourceType(), engineConfiguration));
    }

  }
 
Example 4
Source File: DefaultUserLifecycleBean.java    From Showcase with Apache License 2.0 5 votes vote down vote up
private void grantAuthorizationWithPermissions(Group adminGroup) {
    Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
    authorization.setGroupId(adminGroup.getId());
    authorization.setResource(Resources.USER);
    authorization.addPermission(org.camunda.bpm.engine.authorization.Permissions.ALL);
    authorizationService.saveAuthorization(authorization);
}
 
Example 5
Source File: GroupAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected void createGroupGrantAuthorization(Resource resource, String resourceId, String groupId, Permission... permissions) {
  Authorization authorization = createGrantAuthorization(resource, resourceId);
  authorization.setGroupId(groupId);
  for (Permission permission : permissions) {
    authorization.addPermission(permission);
  }
  saveAuthorization(authorization);
}
 
Example 6
Source File: AuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected void createGrantAuthorizationGroup(Resource resource, String resourceId, String groupId, Permission... permissions) {
  Authorization authorization = createGrantAuthorization(resource, resourceId);
  authorization.setGroupId(groupId);
  for (Permission permission : permissions) {
    authorization.addPermission(permission);
  }
  saveAuthorization(authorization);
}
 
Example 7
Source File: AuthorizationServiceTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testGrantAuthorizationType() {
  Authorization grantAuthorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  // I can set userId = null
  grantAuthorization.setUserId(null);
  // I can set userId = ANY
  grantAuthorization.setUserId(ANY);
  // I can set anything else:
  grantAuthorization.setUserId("something");
  // I can set groupId = null
  grantAuthorization.setGroupId(null);
  // I can set anything else:
  grantAuthorization.setGroupId("something");
}
 
Example 8
Source File: AuthorizationServiceTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testRevokeAuthorizationType() {
  Authorization revokeAuthorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
  // I can set userId = null
  revokeAuthorization.setUserId(null);
  // I can set userId = ANY
  revokeAuthorization.setUserId(ANY);
  // I can set anything else:
  revokeAuthorization.setUserId("something");
  // I can set groupId = null
  revokeAuthorization.setGroupId(null);
  // I can set anything else:
  revokeAuthorization.setGroupId("something");
}
 
Example 9
Source File: AuthorizationServiceWithEnabledAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testUserOverrideGroupOverrideGlobalAuthorizationCheck() {
  Resource resource1 = TestResource.RESOURCE1;

  // create global authorization which grants all permissions to all users  (on resource1):
  Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
  globalGrant.setResource(resource1);
  globalGrant.setResourceId(ANY);
  globalGrant.addPermission(ALL);
  authorizationService.saveAuthorization(globalGrant);

  // revoke READ for group "sales"
  Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
  groupRevoke.setGroupId("sales");
  groupRevoke.setResource(resource1);
  groupRevoke.setResourceId(ANY);
  groupRevoke.removePermission(READ);
  authorizationService.saveAuthorization(groupRevoke);

  // add READ for jonny
  Authorization userGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  userGrant.setUserId("jonny");
  userGrant.setResource(resource1);
  userGrant.setResourceId(ANY);
  userGrant.addPermission(READ);
  authorizationService.saveAuthorization(userGrant);

  List<String> jonnysGroups = Arrays.asList("sales", "marketing");
  List<String> someOneElsesGroups = Collections.singletonList("marketing");

  // jonny can read
  assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1));
  assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1));

  // someone else in the same groups cannot
  assertFalse(authorizationService.isUserAuthorized("someone else", jonnysGroups, READ, resource1));

  // someone else in different groups can
  assertTrue(authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
}
 
Example 10
Source File: AuthorizationQueryTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected void createAuthorization(String userId, String groupId, Resource resourceType, String resourceId, Permission... permissions) {

    Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
    authorization.setUserId(userId);
    authorization.setGroupId(groupId);
    authorization.setResource(resourceType);
    authorization.setResourceId(resourceId);

    for (Permission permission : permissions) {
      authorization.addPermission(permission);
    }

    authorizationService.saveAuthorization(authorization);
  }
 
Example 11
Source File: AuthorizationCreateDto.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public static void update(AuthorizationCreateDto dto, Authorization dbAuthorization, ProcessEngineConfiguration engineConfiguration) {
  
  dbAuthorization.setGroupId(dto.getGroupId());
  dbAuthorization.setUserId(dto.getUserId());
  dbAuthorization.setResourceType(dto.getResourceType());
  dbAuthorization.setResourceId(dto.getResourceId());
  dbAuthorization.setPermissions(PermissionConverter.getPermissionsForNames(dto.getPermissions(), dto.getResourceType(), engineConfiguration));
  
}
 
Example 12
Source File: AuthorizationPerformanceTestCase.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected void grouptGrant(String groupId, Resource resource, Permission... perms) {

    AuthorizationService authorizationService = engine.getAuthorizationService();
    Authorization groupGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    groupGrant.setResource(resource);
    groupGrant.setResourceId(ANY);
    for (Permission permission : perms) {
      groupGrant.addPermission(permission);
    }
    groupGrant.setGroupId(groupId);
    authorizationService.saveAuthorization(groupGrant);
  }
 
Example 13
Source File: Application.java    From camunda-spring-boot-amqp-microservice-cloud-example with Apache License 2.0 4 votes vote down vote up
public static void createDefaultUser(ProcessEngine engine) {
  // and add default user to Camunda to be ready-to-go
  if (engine.getIdentityService().createUserQuery().userId("demo").count() == 0) {
    User user = engine.getIdentityService().newUser("demo");
    user.setFirstName("Demo");
    user.setLastName("Demo");
    user.setPassword("demo");
    user.setEmail("demo@camunda.org");
    engine.getIdentityService().saveUser(user);

    Group group = engine.getIdentityService().newGroup(Groups.CAMUNDA_ADMIN);
    group.setName("Administrators");
    group.setType(Groups.GROUP_TYPE_SYSTEM);
    engine.getIdentityService().saveGroup(group);

    for (Resource resource : Resources.values()) {
      Authorization auth = engine.getAuthorizationService().createNewAuthorization(AUTH_TYPE_GRANT);
      auth.setGroupId(Groups.CAMUNDA_ADMIN);
      auth.addPermission(ALL);
      auth.setResourceId(ANY);
      auth.setResource(resource);
      engine.getAuthorizationService().saveAuthorization(auth);
    }

    engine.getIdentityService().createMembership("demo", Groups.CAMUNDA_ADMIN);
  }

  // create default "all tasks" filter
  if (engine.getFilterService().createFilterQuery().filterName("Alle").count() == 0) {

    Map<String, Object> filterProperties = new HashMap<String, Object>();
    filterProperties.put("description", "Alle Aufgaben");
    filterProperties.put("priority", 10);

    Filter filter = engine.getFilterService().newTaskFilter() //
        .setName("Alle") //
        .setProperties(filterProperties)//
        .setOwner("demo")//
        .setQuery(engine.getTaskService().createTaskQuery());
    engine.getFilterService().saveFilter(filter);

    // and authorize demo user for it
    if (engine.getAuthorizationService().createAuthorizationQuery().resourceType(FILTER).resourceId(filter.getId()) //
        .userIdIn("demo").count() == 0) {
      Authorization managementGroupFilterRead = engine.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
      managementGroupFilterRead.setResource(FILTER);
      managementGroupFilterRead.setResourceId(filter.getId());
      managementGroupFilterRead.addPermission(ALL);
      managementGroupFilterRead.setUserId("demo");
      engine.getAuthorizationService().saveAuthorization(managementGroupFilterRead);
    }

  }
}
 
Example 14
Source File: AuthorizationUserOperationLogTest.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
public void testLogCreatedOnAuthorizationUpdate() {
  // given
  UserOperationLogQuery query = historyService.createUserOperationLogQuery();
  Authorization authorization = createGrantAuthorizationWithoutAuthentication(Resources.PROCESS_DEFINITION, Authorization.ANY, "testUserId",
      Permissions.DELETE);
  createGrantAuthorizationWithoutAuthentication(OPERATION_LOG_CATEGORY, CATEGORY_ADMIN, userId, READ);
  assertEquals(0, query.count());

  // when
  authorization.addPermission(Permissions.READ);
  authorization.setResource(Resources.PROCESS_INSTANCE);
  authorization.setResourceId("abc123");
  authorization.setGroupId("testGroupId");
  authorization.setUserId(null);
  saveAuthorization(authorization);

  // then
  assertEquals(7, query.count());

  UserOperationLogEntry entry = query.property("permissionBits").singleResult();
  assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType());
  assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
  assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
  assertEquals(String.valueOf(Permissions.DELETE.getValue() | Permissions.READ.getValue()), entry.getNewValue());
  assertEquals(String.valueOf(Permissions.DELETE.getValue()), entry.getOrgValue());

  entry = query.property("permissions").singleResult();
  assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType());
  assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
  assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
  assertEquals(Permissions.READ.getName() + ", " + Permissions.DELETE.getName(), entry.getNewValue());
  assertEquals(Permissions.DELETE.getName(), entry.getOrgValue());

  entry = query.property("type").singleResult();
  assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType());
  assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
  assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
  assertEquals(String.valueOf(Authorization.AUTH_TYPE_GRANT), entry.getNewValue());
  assertEquals(String.valueOf(Authorization.AUTH_TYPE_GRANT), entry.getOrgValue());

  entry = query.property("resource").singleResult();
  assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType());
  assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
  assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
  assertEquals(Resources.PROCESS_INSTANCE.resourceName(), entry.getNewValue());
  assertEquals(Resources.PROCESS_DEFINITION.resourceName(), entry.getOrgValue());

  entry = query.property("resourceId").singleResult();
  assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType());
  assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
  assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
  assertEquals("abc123", entry.getNewValue());
  assertEquals(Authorization.ANY, entry.getOrgValue());

  entry = query.property("userId").singleResult();
  assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType());
  assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
  assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
  assertNull(entry.getNewValue());
  assertEquals("testUserId", entry.getOrgValue());

  entry = query.property("groupId").singleResult();
  assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType());
  assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
  assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
  assertEquals("testGroupId", entry.getNewValue());
  assertNull(entry.getOrgValue());
}
 
Example 15
Source File: AuthorizationServiceWithEnabledAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
public void testGroupOverrideGlobalGrantAuthorizationCheck() {
  Resource resource1 = TestResource.RESOURCE1;

  // create global authorization which grants all permissions to all users  (on resource1):
  Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
  globalGrant.setResource(resource1);
  globalGrant.setResourceId(ANY);
  globalGrant.addPermission(ALL);
  authorizationService.saveAuthorization(globalGrant);

  // revoke READ for group "sales"
  Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
  groupRevoke.setGroupId("sales");
  groupRevoke.setResource(resource1);
  groupRevoke.setResourceId(ANY);
  groupRevoke.removePermission(READ);
  authorizationService.saveAuthorization(groupRevoke);

  List<String> jonnysGroups = Arrays.asList("sales", "marketing");
  List<String> someOneElsesGroups = Collections.singletonList("marketing");

  // jonny does not have ALL permissions if queried with groups
  assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, ALL, resource1));
  // if queried without groups he has
  assertTrue(authorizationService.isUserAuthorized("jonny", null, ALL, resource1));

  // jonny can't read if queried with groups
  assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1));
  // if queried without groups he has
  assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1));

  // someone else who is in group "marketing" but but not "sales" can
  assertTrue(authorizationService.isUserAuthorized("someone else", someOneElsesGroups, ALL, resource1));
  assertTrue(authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
  assertTrue(authorizationService.isUserAuthorized("someone else", null, ALL, resource1));
  assertTrue(authorizationService.isUserAuthorized("someone else", null, READ, resource1));
  // he could'nt if he were in jonny's groups
  assertFalse(authorizationService.isUserAuthorized("someone else", jonnysGroups, ALL, resource1));
  assertFalse(authorizationService.isUserAuthorized("someone else", jonnysGroups, READ, resource1));

  // jonny can still delete
  assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, DELETE, resource1));
  assertTrue(authorizationService.isUserAuthorized("jonny", null, DELETE, resource1));
}