Java Code Examples for org.camunda.bpm.engine.authorization.Authorization#setResourceId()
The following examples show how to use
org.camunda.bpm.engine.authorization.Authorization#setResourceId() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testIsPermissionGrantedAccess() {
// given
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
String userId = "userId";
authorization.setUserId(userId);
authorization.addPermission(Permissions.ACCESS);
authorization.setResource(Resources.APPLICATION);
authorization.setResourceId(ANY);
authorizationService.saveAuthorization(authorization);
// then
Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult();
assertTrue(authorizationResult.isPermissionGranted(Permissions.ACCESS));
assertFalse(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
assertFalse(authorizationResult.isPermissionGranted(ProcessInstancePermissions.RETRY_JOB));
assertFalse(authorizationResult.isPermissionGranted(ProcessDefinitionPermissions.RETRY_JOB));
}
Example 2
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testIsPermissionRevokedRetryJob() {
// given
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
String userId = "userId";
authorization.setUserId(userId);
authorization.removePermission(ProcessInstancePermissions.RETRY_JOB);
authorization.setResource(Resources.PROCESS_INSTANCE);
authorization.setResourceId(ANY);
authorizationService.saveAuthorization(authorization);
// then
Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult();
assertTrue(authorizationResult.isPermissionRevoked(ProcessInstancePermissions.RETRY_JOB));
assertFalse(authorizationResult.isPermissionRevoked(Permissions.ACCESS));
assertFalse(authorizationResult.isPermissionRevoked(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
assertFalse(authorizationResult.isPermissionRevoked(ProcessDefinitionPermissions.RETRY_JOB));
}
Example 3
| Source File: AuthorizationServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testSaveAuthorizationSetPermissionsWithValidResource() throws Exception {
// given
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
authorization.setUserId("userId");
authorization.addPermission(Permissions.ACCESS);
// 'ACCESS' is not allowed for Batches
// however, it will be reset by next line, so saveAuthorization will be successful
authorization.setPermissions(
new BatchPermissions[] { BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES });
authorization.setResource(Resources.BATCH);
authorization.setResourceId(ANY);
processEngineConfiguration.setAuthorizationEnabled(true);
// when
authorizationService.saveAuthorization(authorization);
// then
Authorization authorizationResult = authorizationService.createAuthorizationQuery().resourceType(Resources.BATCH).singleResult();
assertNotNull(authorizationResult);
assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES));
}
Example 4
| Source File: SetAssigneeProcessInstanceTaskAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testWithReadHistoryPermissionOnProcessDefinition() {
// given
Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
auth.setUserId(USER_ID);
auth.setPermissions(new Permissions[] {Permissions.READ_HISTORY});
auth.setResource(Resources.PROCESS_DEFINITION);
auth.setResourceId("oneTaskProcess_userOpLog");
authorizationService.saveAuthorization(auth);
engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);
// when
UserOperationLogQuery query = historyService.createUserOperationLogQuery().processDefinitionKey("oneTaskProcess_userOpLog");
// then
assertEquals(1, query.count());
}
Example 5
| Source File: AuthorizationSpec.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public Authorization instantiate(AuthorizationService authorizationService, Map<String, String> replacements) {
Authorization authorization = authorizationService.createNewAuthorization(type);
// TODO: group id is missing
authorization.setResource(resource);
if (replacements.containsKey(resourceId)) {
authorization.setResourceId(replacements.get(resourceId));
}
else {
authorization.setResourceId(resourceId);
}
authorization.setUserId(userId);
authorization.setPermissions(permissions);
return authorization;
}
Example 6
| Source File: SuspendProcessDefinitionDeleteAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
@Test
public void testWithDeleteHistoryPermissionOnAnyProcessDefinition() {
// given
UserOperationLogQuery query = historyService.createUserOperationLogQuery()
.processDefinitionKey("timerBoundaryProcess")
.beforeTimestamp(new Date(1549110000000l));
// assume
assertTrue(query.count() == 1 || query.count() == 2);
Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
auth.setUserId(USER_ID);
auth.setPermissions(new Permissions[] {Permissions.DELETE_HISTORY});
auth.setResource(Resources.PROCESS_DEFINITION);
auth.setResourceId("*");
authorizationService.saveAuthorization(auth);
String logId = query.list().get(0).getId();
String processInstanceId = query.list().get(0).getProcessInstanceId();
engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);
// when
historyService.deleteUserOperationLogEntry(logId);
// then
assertEquals(0, query.processInstanceId(processInstanceId).count());
}
Example 7
| Source File: KeycloakGroupQueryTest.java From camunda-bpm-identity-keycloak with Apache License 2.0 | 5 votes |
|
protected Authorization createAuthorization(int type, Resource resource, String resourceId) {
Authorization authorization = authorizationService.createNewAuthorization(type);
authorization.setResource(resource);
if (resourceId != null) {
authorization.setResourceId(resourceId);
}
return authorization;
}
Example 8
| Source File: AuthorizationServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testIsUserAuthorizedWithInvalidResourceMultiplePermissions() {
// given
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
String userId = "userId";
authorization.setUserId(userId);
authorization.addPermission(ProcessInstancePermissions.READ);
authorization.addPermission(ProcessInstancePermissions.RETRY_JOB);
authorization.setResource(Resources.PROCESS_INSTANCE);
authorization.setResourceId(ANY);
authorizationService.saveAuthorization(authorization);
processEngineConfiguration.setAuthorizationEnabled(true);
// then
assertEquals(true, authorizationService.isUserAuthorized(userId, null, Permissions.READ, Resources.PROCESS_INSTANCE));
assertEquals(true, authorizationService.isUserAuthorized(userId, null, ProcessInstancePermissions.RETRY_JOB, Resources.PROCESS_INSTANCE));
assertEquals(false, authorizationService.isUserAuthorized(userId, null, BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, Resources.BATCH));
assertEquals(false, authorizationService.isUserAuthorized(userId, null, ProcessDefinitionPermissions.RETRY_JOB, Resources.PROCESS_DEFINITION));
assertEquals(false, authorizationService.isUserAuthorized(userId, null, Permissions.ACCESS, Resources.APPLICATION));
try {
authorizationService.isUserAuthorized(userId, null, ProcessDefinitionPermissions.RETRY_JOB, Resources.PROCESS_INSTANCE);
fail("expected exception");
} catch (BadUserRequestException e) {
assertTrue(e.getMessage().contains("The resource type 'ProcessInstance' is not valid"));
assertTrue(e.getMessage().contains(ProcessDefinitionPermissions.RETRY_JOB.getName()));
}
}
Example 9
| Source File: AuthorizationServiceWithEnabledAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testUserOverrideGlobalRevokeAuthorizationCheck() {
Resource resource1 = TestResource.RESOURCE1;
// create global authorization which revokes all permissions to all users (on resource1):
Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
globalGrant.setResource(resource1);
globalGrant.setResourceId(ANY);
globalGrant.removePermission(ALL);
authorizationService.saveAuthorization(globalGrant);
// add READ for jonny
Authorization localRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
localRevoke.setUserId("jonny");
localRevoke.setResource(resource1);
localRevoke.setResourceId(ANY);
localRevoke.addPermission(READ);
authorizationService.saveAuthorization(localRevoke);
// jonny does not have ALL permissions
assertFalse(authorizationService.isUserAuthorized("jonny", null, ALL, resource1));
// jonny can read
assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1));
// jonny can't delete
assertFalse(authorizationService.isUserAuthorized("jonny", null, DELETE, resource1));
// someone else can't do anything
assertFalse(authorizationService.isUserAuthorized("someone else", null, ALL, resource1));
assertFalse(authorizationService.isUserAuthorized("someone else", null, READ, resource1));
assertFalse(authorizationService.isUserAuthorized("someone else", null, DELETE, resource1));
}
Example 10
| Source File: AuthorizationQueryAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
@Test
public void testQueryPermissionsWithWrongResource() throws Exception {
// given
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
authorization.setUserId("userId");
authorization.setResource(Resources.APPLICATION);
authorization.addPermission(Permissions.ACCESS);
authorization.setResourceId(ANY);
authorizationService.saveAuthorization(authorization);
processEngineConfiguration.setAuthorizationEnabled(true);
// assume
Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.APPLICATION).singleResult();
assertNotNull(authResult);
// when
Authorization accessResult = authorizationService.createAuthorizationQuery()
.hasPermission(Permissions.ACCESS)
.singleResult();
List<Authorization> retryJobPDResult = authorizationService.createAuthorizationQuery()
.hasPermission(ProcessDefinitionPermissions.RETRY_JOB)
.list();
List<Authorization> retryJobPIResult = authorizationService.createAuthorizationQuery()
.hasPermission(ProcessInstancePermissions.RETRY_JOB)
.list();
// then
assertNotNull(accessResult);
assertEquals(1, authorizationService.createAuthorizationQuery().hasPermission(Permissions.ACCESS).count());
assertTrue(retryJobPDResult.isEmpty());
assertEquals(0, authorizationService.createAuthorizationQuery().hasPermission(ProcessDefinitionPermissions.RETRY_JOB).count());
assertTrue(retryJobPIResult.isEmpty());
assertEquals(0, authorizationService.createAuthorizationQuery().hasPermission(ProcessInstancePermissions.RETRY_JOB).count());
}
Example 11
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testUpdatePersistentAuthorization() {
Resource resource1 = TestResource.RESOURCE1;
Resource resource2 = TestResource.RESOURCE2;
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
authorization.setUserId("aUserId");
authorization.setResource(resource1);
authorization.setResourceId("aResourceId");
authorization.addPermission(TestPermissions.ACCESS);
// save the authorization
authorizationService.saveAuthorization(authorization);
// validate authorization
Authorization savedAuthorization = authorizationService.createAuthorizationQuery().singleResult();
assertEquals("aUserId", savedAuthorization.getUserId());
assertEquals(resource1.resourceType(), savedAuthorization.getResourceType());
assertEquals("aResourceId", savedAuthorization.getResourceId());
assertTrue(savedAuthorization.isPermissionGranted(TestPermissions.ACCESS));
// update authorization
savedAuthorization.setUserId("anotherUserId");
savedAuthorization.setResource(resource2);
savedAuthorization.setResourceId("anotherResourceId");
savedAuthorization.addPermission(TestPermissions.DELETE);
authorizationService.saveAuthorization(savedAuthorization);
// validate authorization updated
savedAuthorization = authorizationService.createAuthorizationQuery().singleResult();
assertEquals("anotherUserId", savedAuthorization.getUserId());
assertEquals(resource2.resourceType(), savedAuthorization.getResourceType());
assertEquals("anotherResourceId", savedAuthorization.getResourceId());
assertTrue(savedAuthorization.isPermissionGranted(TestPermissions.ACCESS));
assertTrue(savedAuthorization.isPermissionGranted(TestPermissions.DELETE));
}
Example 12
| Source File: FilterAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected Authorization createAuthorization(Permission permission, String resourceId) {
Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
authorization.setUserId(testUser.getId());
authorization.setResource(Resources.FILTER);
authorization.addPermission(permission);
if (resourceId != null) {
authorization.setResourceId(resourceId);
}
return authorization;
}
Example 13
| Source File: AuthorizationScenario.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected static Authorization createAuthorization(AuthorizationService authorizationService, Permission permission, Resources resource, String userId) {
Authorization auth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
auth.addPermission(permission);
auth.setResource(resource);
auth.setResourceId(Authorization.ANY);
auth.setUserId(userId);
return auth;
}
Example 14
| Source File: AuthorizationPerformanceTestCase.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected void grouptGrant(String groupId, Resource resource, Permission... perms) {
AuthorizationService authorizationService = engine.getAuthorizationService();
Authorization groupGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
groupGrant.setResource(resource);
groupGrant.setResourceId(ANY);
for (Permission permission : perms) {
groupGrant.addPermission(permission);
}
groupGrant.setGroupId(groupId);
authorizationService.saveAuthorization(groupGrant);
}
Example 15
| Source File: KeycloakUserQueryTest.java From camunda-bpm-identity-keycloak with Apache License 2.0 | 5 votes |
|
protected Authorization createAuthorization(int type, Resource resource, String resourceId) {
Authorization authorization = authorizationService.createNewAuthorization(type);
authorization.setResource(resource);
if (resourceId != null) {
authorization.setResourceId(resourceId);
}
return authorization;
}
Example 16
| Source File: BatchSetRemovalTimeHierarchicalTest.java From camunda-bpm-platform with Apache License 2.0 | 4 votes |
|
@Test
public void shouldNotSetRemovalTime_HistoricProcessInstancePermissionsDisabled() {
// given
testRule.getProcessEngineConfiguration()
.setEnableHistoricInstancePermissions(false);
String rootProcessInstanceId = testRule.process().call().userTask().deploy().start();
Authorization authorization =
authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
authorization.setResource(Resources.HISTORIC_PROCESS_INSTANCE);
String processInstanceId = historyService.createHistoricProcessInstanceQuery()
.activeActivityIdIn("userTask")
.singleResult()
.getId();
authorization.setResourceId(processInstanceId);
authorization.setUserId("foo");
authorizationService.saveAuthorization(authorization);
// assume
AuthorizationQuery authQuery = authorizationService.createAuthorizationQuery()
.resourceType(Resources.HISTORIC_PROCESS_INSTANCE);
assertThat(authQuery.list())
.extracting("removalTime", "resourceId", "rootProcessInstanceId")
.containsExactly(tuple(null, processInstanceId, rootProcessInstanceId));
testRule.updateHistoryTimeToLive("rootProcess", 5);
// when
HistoricProcessInstanceQuery query =
historyService.createHistoricProcessInstanceQuery().rootProcessInstances();
testRule.syncExec(
historyService.setRemovalTimeToHistoricProcessInstances()
.calculatedRemovalTime()
.byQuery(query)
.hierarchical()
.executeAsync()
);
// then
authQuery = authorizationService.createAuthorizationQuery()
.resourceType(Resources.HISTORIC_PROCESS_INSTANCE);
assertThat(authQuery.list())
.extracting("removalTime", "resourceId", "rootProcessInstanceId")
.containsExactly(tuple(null, processInstanceId, rootProcessInstanceId));
}
Example 17
| Source File: FilterAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 4 votes |
|
protected void grantFilterPermission(Authorization authorization, String filterId) {
if (filterId != null) {
authorization.setResourceId(filterId);
}
authorizationService.saveAuthorization(authorization);
}
Example 18
| Source File: IdentityServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 4 votes |
|
public void testUserQueryAuthorizations() {
// we are jonny2
String authUserId = "jonny2";
identityService.setAuthenticatedUserId(authUserId);
// create new user jonny1
User jonny1 = identityService.newUser("jonny1");
identityService.saveUser(jonny1);
// set base permission for all users (no-one has any permissions on users)
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(USER);
basePerms.setResourceId(ANY);
authorizationService.saveAuthorization(basePerms);
// now enable checks
processEngineConfiguration.setAuthorizationEnabled(true);
// we cannot fetch the user
assertNull(identityService.createUserQuery().singleResult());
assertEquals(0, identityService.createUserQuery().count());
processEngineConfiguration.setAuthorizationEnabled(false);
// now we add permission for jonny2 to read the user:
Authorization ourPerms = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
ourPerms.setUserId(authUserId);
ourPerms.setResource(USER);
ourPerms.setResourceId(ANY);
ourPerms.addPermission(READ);
authorizationService.saveAuthorization(ourPerms);
processEngineConfiguration.setAuthorizationEnabled(true);
// now we can fetch the user
assertNotNull(identityService.createUserQuery().singleResult());
assertEquals(1, identityService.createUserQuery().count());
// change the base permission:
processEngineConfiguration.setAuthorizationEnabled(false);
basePerms = authorizationService.createAuthorizationQuery().resourceType(USER).userIdIn("*").singleResult();
basePerms.addPermission(READ);
authorizationService.saveAuthorization(basePerms);
processEngineConfiguration.setAuthorizationEnabled(true);
// we can still fetch the user
assertNotNull(identityService.createUserQuery().singleResult());
assertEquals(1, identityService.createUserQuery().count());
// revoke permission for jonny2:
processEngineConfiguration.setAuthorizationEnabled(false);
ourPerms = authorizationService.createAuthorizationQuery().resourceType(USER).userIdIn(authUserId).singleResult();
ourPerms.removePermission(READ);
authorizationService.saveAuthorization(ourPerms);
Authorization revoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
revoke.setUserId(authUserId);
revoke.setResource(USER);
revoke.setResourceId(ANY);
revoke.removePermission(READ);
authorizationService.saveAuthorization(revoke);
processEngineConfiguration.setAuthorizationEnabled(true);
// now we cannot fetch the user
assertNull(identityService.createUserQuery().singleResult());
assertEquals(0, identityService.createUserQuery().count());
// delete our perms
processEngineConfiguration.setAuthorizationEnabled(false);
authorizationService.deleteAuthorization(ourPerms.getId());
authorizationService.deleteAuthorization(revoke.getId());
processEngineConfiguration.setAuthorizationEnabled(true);
// now the base permission applies and grants us read access
assertNotNull(identityService.createUserQuery().singleResult());
assertEquals(1, identityService.createUserQuery().count());
}
Example 19
| Source File: BatchSetRemovalTimeHierarchicalTest.java From camunda-bpm-platform with Apache License 2.0 | 4 votes |
|
@Test
public void shouldSetRemovalTime_HistoricProcessInstanceAuthorization() {
// given
testRule.getProcessEngineConfiguration()
.setEnableHistoricInstancePermissions(true);
String rootProcessInstanceId = testRule.process().call().userTask().deploy().start();
Authorization authorization =
authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
authorization.setResource(Resources.HISTORIC_PROCESS_INSTANCE);
String processInstanceId = historyService.createHistoricProcessInstanceQuery()
.activeActivityIdIn("userTask")
.singleResult()
.getId();
authorization.setResourceId(processInstanceId);
authorization.setUserId("foo");
authorizationService.saveAuthorization(authorization);
// assume
AuthorizationQuery authQuery = authorizationService.createAuthorizationQuery()
.resourceType(Resources.HISTORIC_PROCESS_INSTANCE);
assertThat(authQuery.list())
.extracting("removalTime", "resourceId", "rootProcessInstanceId")
.containsExactly(tuple(null, processInstanceId, rootProcessInstanceId));
// when
testRule.updateHistoryTimeToLive("rootProcess", 5);
HistoricProcessInstanceQuery query =
historyService.createHistoricProcessInstanceQuery().rootProcessInstances();
testRule.syncExec(
historyService.setRemovalTimeToHistoricProcessInstances()
.calculatedRemovalTime()
.byQuery(query)
.hierarchical()
.executeAsync()
);
// then
authQuery = authorizationService.createAuthorizationQuery()
.resourceType(Resources.HISTORIC_PROCESS_INSTANCE);
Date removalTime = addDays(CURRENT_DATE, 5);
assertThat(authQuery.list())
.extracting("removalTime", "resourceId", "rootProcessInstanceId")
.containsExactly(tuple(removalTime, processInstanceId, rootProcessInstanceId));
}
Example 20
| Source File: RemovalTimeStrategyEndTest.java From camunda-bpm-platform with Apache License 2.0 | 2 votes |
|
@Test
public void shouldResolveHistoricTaskAuthorization_HistoricTaskInstance() {
// given
processEngineConfiguration.setEnableHistoricInstancePermissions(true);
testRule.deploy(CALLING_PROCESS);
testRule.deploy(CALLED_PROCESS);
ClockUtil.setCurrentTime(START_DATE);
runtimeService.startProcessInstanceByKey(CALLING_PROCESS_KEY);
String taskId = taskService.createTaskQuery().singleResult().getId();
Authorization authorization =
authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
authorization.setUserId("myUserId");
authorization.setResource(Resources.HISTORIC_TASK);
authorization.setResourceId(taskId);
// when
authorizationService.saveAuthorization(authorization);
authorization = authorizationService.createAuthorizationQuery()
.resourceType(Resources.HISTORIC_TASK)
.singleResult();
// assume
assertThat(authorization.getRemovalTime(), nullValue());
ClockUtil.setCurrentTime(END_DATE);
// when
taskService.complete(taskId);
Date removalTime = addDays(END_DATE, 5);
authorization = authorizationService.createAuthorizationQuery()
.resourceType(Resources.HISTORIC_TASK)
.singleResult();
// then
assertThat(authorization.getRemovalTime(), is(removalTime));
}
