Java Code Examples for org.camunda.bpm.engine.authorization.Authorization#setResourceId()

The following examples show how to use org.camunda.bpm.engine.authorization.Authorization#setResourceId() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AuthorizationServiceTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testIsPermissionGrantedAccess() {
  // given
  Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  String userId = "userId";
  authorization.setUserId(userId);
  authorization.addPermission(Permissions.ACCESS);
  authorization.setResource(Resources.APPLICATION);
  authorization.setResourceId(ANY);
  authorizationService.saveAuthorization(authorization);

  // then
  Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult();
  assertTrue(authorizationResult.isPermissionGranted(Permissions.ACCESS));
  assertFalse(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
  assertFalse(authorizationResult.isPermissionGranted(ProcessInstancePermissions.RETRY_JOB));
  assertFalse(authorizationResult.isPermissionGranted(ProcessDefinitionPermissions.RETRY_JOB));
}
 
Example 2
Source File: AuthorizationServiceTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testIsPermissionRevokedRetryJob() {
  // given
  Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
  String userId = "userId";
  authorization.setUserId(userId);
  authorization.removePermission(ProcessInstancePermissions.RETRY_JOB);
  authorization.setResource(Resources.PROCESS_INSTANCE);
  authorization.setResourceId(ANY);
  authorizationService.saveAuthorization(authorization);

  // then
  Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult();
  assertTrue(authorizationResult.isPermissionRevoked(ProcessInstancePermissions.RETRY_JOB));
  assertFalse(authorizationResult.isPermissionRevoked(Permissions.ACCESS));
  assertFalse(authorizationResult.isPermissionRevoked(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
  assertFalse(authorizationResult.isPermissionRevoked(ProcessDefinitionPermissions.RETRY_JOB));
}
 
Example 3
Source File: AuthorizationServiceAuthorizationsTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testSaveAuthorizationSetPermissionsWithValidResource() throws Exception {
  // given
  Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  authorization.setUserId("userId");
  authorization.addPermission(Permissions.ACCESS);
  // 'ACCESS' is not allowed for Batches
  // however, it will be reset by next line, so saveAuthorization will be successful
  authorization.setPermissions(
      new BatchPermissions[] { BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES });
  authorization.setResource(Resources.BATCH);
  authorization.setResourceId(ANY);

  processEngineConfiguration.setAuthorizationEnabled(true);

  // when
  authorizationService.saveAuthorization(authorization);

  // then
  Authorization authorizationResult = authorizationService.createAuthorizationQuery().resourceType(Resources.BATCH).singleResult();
  assertNotNull(authorizationResult);
  assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
  assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES));
}
 
Example 4
Source File: SetAssigneeProcessInstanceTaskAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testWithReadHistoryPermissionOnProcessDefinition() {
  // given
  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  auth.setUserId(USER_ID);
  auth.setPermissions(new Permissions[] {Permissions.READ_HISTORY});
  auth.setResource(Resources.PROCESS_DEFINITION);
  auth.setResourceId("oneTaskProcess_userOpLog");

  authorizationService.saveAuthorization(auth);
  engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);
  // when
  UserOperationLogQuery query = historyService.createUserOperationLogQuery().processDefinitionKey("oneTaskProcess_userOpLog");

  // then
  assertEquals(1, query.count());
}
 
Example 5
Source File: AuthorizationSpec.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public Authorization instantiate(AuthorizationService authorizationService, Map<String, String> replacements) {
  Authorization authorization = authorizationService.createNewAuthorization(type);

  // TODO: group id is missing
  authorization.setResource(resource);

  if (replacements.containsKey(resourceId)) {
    authorization.setResourceId(replacements.get(resourceId));
  }
  else {
    authorization.setResourceId(resourceId);
  }
  authorization.setUserId(userId);
  authorization.setPermissions(permissions);

  return authorization;
}
 
Example 6
Source File: SuspendProcessDefinitionDeleteAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testWithDeleteHistoryPermissionOnAnyProcessDefinition() {
  // given
  UserOperationLogQuery query = historyService.createUserOperationLogQuery()
      .processDefinitionKey("timerBoundaryProcess")
      .beforeTimestamp(new Date(1549110000000l));

  // assume
  assertTrue(query.count() == 1 || query.count() == 2);

  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  auth.setUserId(USER_ID);
  auth.setPermissions(new Permissions[] {Permissions.DELETE_HISTORY});
  auth.setResource(Resources.PROCESS_DEFINITION);
  auth.setResourceId("*");

  authorizationService.saveAuthorization(auth);
  String logId = query.list().get(0).getId();
  String processInstanceId = query.list().get(0).getProcessInstanceId();
  engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);

  // when
  historyService.deleteUserOperationLogEntry(logId);

  // then
  assertEquals(0, query.processInstanceId(processInstanceId).count());
}
 
Example 7
Source File: KeycloakGroupQueryTest.java    From camunda-bpm-identity-keycloak with Apache License 2.0 5 votes vote down vote up
protected Authorization createAuthorization(int type, Resource resource, String resourceId) {
	Authorization authorization = authorizationService.createNewAuthorization(type);

	authorization.setResource(resource);
	if (resourceId != null) {
		authorization.setResourceId(resourceId);
	}

	return authorization;
}
 
Example 8
Source File: AuthorizationServiceAuthorizationsTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testIsUserAuthorizedWithInvalidResourceMultiplePermissions() {
  // given
  Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  String userId = "userId";
  authorization.setUserId(userId);
  authorization.addPermission(ProcessInstancePermissions.READ);
  authorization.addPermission(ProcessInstancePermissions.RETRY_JOB);
  authorization.setResource(Resources.PROCESS_INSTANCE);
  authorization.setResourceId(ANY);
  authorizationService.saveAuthorization(authorization);

  processEngineConfiguration.setAuthorizationEnabled(true);

  // then
  assertEquals(true, authorizationService.isUserAuthorized(userId, null, Permissions.READ, Resources.PROCESS_INSTANCE));
  assertEquals(true, authorizationService.isUserAuthorized(userId, null, ProcessInstancePermissions.RETRY_JOB, Resources.PROCESS_INSTANCE));
  assertEquals(false, authorizationService.isUserAuthorized(userId, null, BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, Resources.BATCH));
  assertEquals(false, authorizationService.isUserAuthorized(userId, null, ProcessDefinitionPermissions.RETRY_JOB, Resources.PROCESS_DEFINITION));
  assertEquals(false, authorizationService.isUserAuthorized(userId, null, Permissions.ACCESS, Resources.APPLICATION));
  try {
    authorizationService.isUserAuthorized(userId, null, ProcessDefinitionPermissions.RETRY_JOB, Resources.PROCESS_INSTANCE);
    fail("expected exception");
  } catch (BadUserRequestException e) {
    assertTrue(e.getMessage().contains("The resource type 'ProcessInstance' is not valid"));
    assertTrue(e.getMessage().contains(ProcessDefinitionPermissions.RETRY_JOB.getName()));
  }
}
 
Example 9
Source File: AuthorizationServiceWithEnabledAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testUserOverrideGlobalRevokeAuthorizationCheck() {
  Resource resource1 = TestResource.RESOURCE1;

  // create global authorization which revokes all permissions to all users  (on resource1):
  Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
  globalGrant.setResource(resource1);
  globalGrant.setResourceId(ANY);
  globalGrant.removePermission(ALL);
  authorizationService.saveAuthorization(globalGrant);

  // add READ for jonny
  Authorization localRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  localRevoke.setUserId("jonny");
  localRevoke.setResource(resource1);
  localRevoke.setResourceId(ANY);
  localRevoke.addPermission(READ);
  authorizationService.saveAuthorization(localRevoke);

  // jonny does not have ALL permissions
  assertFalse(authorizationService.isUserAuthorized("jonny", null, ALL, resource1));
  // jonny can read
  assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1));
  // jonny can't delete
  assertFalse(authorizationService.isUserAuthorized("jonny", null, DELETE, resource1));

  // someone else can't do anything
  assertFalse(authorizationService.isUserAuthorized("someone else", null, ALL, resource1));
  assertFalse(authorizationService.isUserAuthorized("someone else", null, READ, resource1));
  assertFalse(authorizationService.isUserAuthorized("someone else", null, DELETE, resource1));
}
 
Example 10
Source File: AuthorizationQueryAuthorizationsTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testQueryPermissionsWithWrongResource() throws Exception {
  // given
  Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  authorization.setUserId("userId");
  authorization.setResource(Resources.APPLICATION);
  authorization.addPermission(Permissions.ACCESS);
  authorization.setResourceId(ANY);
  authorizationService.saveAuthorization(authorization);

  processEngineConfiguration.setAuthorizationEnabled(true);

  // assume
  Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.APPLICATION).singleResult();
  assertNotNull(authResult);

  // when
  Authorization accessResult = authorizationService.createAuthorizationQuery()
      .hasPermission(Permissions.ACCESS)
      .singleResult();
  List<Authorization> retryJobPDResult = authorizationService.createAuthorizationQuery()
      .hasPermission(ProcessDefinitionPermissions.RETRY_JOB)
      .list();
  List<Authorization> retryJobPIResult = authorizationService.createAuthorizationQuery()
      .hasPermission(ProcessInstancePermissions.RETRY_JOB)
      .list();

  // then
  assertNotNull(accessResult);
  assertEquals(1, authorizationService.createAuthorizationQuery().hasPermission(Permissions.ACCESS).count());
  assertTrue(retryJobPDResult.isEmpty());
  assertEquals(0, authorizationService.createAuthorizationQuery().hasPermission(ProcessDefinitionPermissions.RETRY_JOB).count());
  assertTrue(retryJobPIResult.isEmpty());
  assertEquals(0, authorizationService.createAuthorizationQuery().hasPermission(ProcessInstancePermissions.RETRY_JOB).count());
}
 
Example 11
Source File: AuthorizationServiceTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testUpdatePersistentAuthorization() {

    Resource resource1 = TestResource.RESOURCE1;
    Resource resource2 = TestResource.RESOURCE2;
    Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    authorization.setUserId("aUserId");
    authorization.setResource(resource1);
    authorization.setResourceId("aResourceId");
    authorization.addPermission(TestPermissions.ACCESS);

    // save the authorization
    authorizationService.saveAuthorization(authorization);

    // validate authorization
    Authorization savedAuthorization = authorizationService.createAuthorizationQuery().singleResult();
    assertEquals("aUserId", savedAuthorization.getUserId());
    assertEquals(resource1.resourceType(), savedAuthorization.getResourceType());
    assertEquals("aResourceId", savedAuthorization.getResourceId());
    assertTrue(savedAuthorization.isPermissionGranted(TestPermissions.ACCESS));

    // update authorization
    savedAuthorization.setUserId("anotherUserId");
    savedAuthorization.setResource(resource2);
    savedAuthorization.setResourceId("anotherResourceId");
    savedAuthorization.addPermission(TestPermissions.DELETE);
    authorizationService.saveAuthorization(savedAuthorization);

    // validate authorization updated
    savedAuthorization = authorizationService.createAuthorizationQuery().singleResult();
    assertEquals("anotherUserId", savedAuthorization.getUserId());
    assertEquals(resource2.resourceType(), savedAuthorization.getResourceType());
    assertEquals("anotherResourceId", savedAuthorization.getResourceId());
    assertTrue(savedAuthorization.isPermissionGranted(TestPermissions.ACCESS));
    assertTrue(savedAuthorization.isPermissionGranted(TestPermissions.DELETE));

  }
 
Example 12
Source File: FilterAuthorizationsTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected Authorization createAuthorization(Permission permission, String resourceId) {
  Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  authorization.setUserId(testUser.getId());
  authorization.setResource(Resources.FILTER);
  authorization.addPermission(permission);
  if (resourceId != null) {
    authorization.setResourceId(resourceId);
  }
  return authorization;
}
 
Example 13
Source File: AuthorizationScenario.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected static Authorization createAuthorization(AuthorizationService authorizationService, Permission permission, Resources resource, String userId) {
  Authorization auth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  auth.addPermission(permission);
  auth.setResource(resource);
  auth.setResourceId(Authorization.ANY);
  auth.setUserId(userId);
  return auth;
}
 
Example 14
Source File: AuthorizationPerformanceTestCase.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected void grouptGrant(String groupId, Resource resource, Permission... perms) {

    AuthorizationService authorizationService = engine.getAuthorizationService();
    Authorization groupGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    groupGrant.setResource(resource);
    groupGrant.setResourceId(ANY);
    for (Permission permission : perms) {
      groupGrant.addPermission(permission);
    }
    groupGrant.setGroupId(groupId);
    authorizationService.saveAuthorization(groupGrant);
  }
 
Example 15
Source File: KeycloakUserQueryTest.java    From camunda-bpm-identity-keycloak with Apache License 2.0 5 votes vote down vote up
protected Authorization createAuthorization(int type, Resource resource, String resourceId) {
  Authorization authorization = authorizationService.createNewAuthorization(type);

  authorization.setResource(resource);
  if (resourceId != null) {
    authorization.setResourceId(resourceId);
  }

  return authorization;
}
 
Example 16
Source File: BatchSetRemovalTimeHierarchicalTest.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
@Test
public void shouldNotSetRemovalTime_HistoricProcessInstancePermissionsDisabled() {
  // given
  testRule.getProcessEngineConfiguration()
      .setEnableHistoricInstancePermissions(false);

  String rootProcessInstanceId = testRule.process().call().userTask().deploy().start();

  Authorization authorization =
      authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  authorization.setResource(Resources.HISTORIC_PROCESS_INSTANCE);

  String processInstanceId = historyService.createHistoricProcessInstanceQuery()
      .activeActivityIdIn("userTask")
      .singleResult()
      .getId();

  authorization.setResourceId(processInstanceId);
  authorization.setUserId("foo");

  authorizationService.saveAuthorization(authorization);

  // assume
  AuthorizationQuery authQuery = authorizationService.createAuthorizationQuery()
      .resourceType(Resources.HISTORIC_PROCESS_INSTANCE);

  assertThat(authQuery.list())
      .extracting("removalTime", "resourceId", "rootProcessInstanceId")
      .containsExactly(tuple(null, processInstanceId, rootProcessInstanceId));

  testRule.updateHistoryTimeToLive("rootProcess", 5);

  // when
  HistoricProcessInstanceQuery query =
      historyService.createHistoricProcessInstanceQuery().rootProcessInstances();

  testRule.syncExec(
      historyService.setRemovalTimeToHistoricProcessInstances()
          .calculatedRemovalTime()
          .byQuery(query)
          .hierarchical()
          .executeAsync()
  );

  // then
  authQuery = authorizationService.createAuthorizationQuery()
      .resourceType(Resources.HISTORIC_PROCESS_INSTANCE);

  assertThat(authQuery.list())
      .extracting("removalTime", "resourceId", "rootProcessInstanceId")
      .containsExactly(tuple(null, processInstanceId, rootProcessInstanceId));
}
 
Example 17
Source File: FilterAuthorizationsTest.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
protected void grantFilterPermission(Authorization authorization, String filterId) {
  if (filterId != null) {
    authorization.setResourceId(filterId);
  }
  authorizationService.saveAuthorization(authorization);
}
 
Example 18
Source File: IdentityServiceAuthorizationsTest.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
public void testUserQueryAuthorizations() {

    // we are jonny2
    String authUserId = "jonny2";
    identityService.setAuthenticatedUserId(authUserId);

    // create new user jonny1
    User jonny1 = identityService.newUser("jonny1");
    identityService.saveUser(jonny1);

    // set base permission for all users (no-one has any permissions on users)
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(USER);
    basePerms.setResourceId(ANY);
    authorizationService.saveAuthorization(basePerms);

    // now enable checks
    processEngineConfiguration.setAuthorizationEnabled(true);

    // we cannot fetch the user
    assertNull(identityService.createUserQuery().singleResult());
    assertEquals(0, identityService.createUserQuery().count());

    processEngineConfiguration.setAuthorizationEnabled(false);

    // now we add permission for jonny2 to read the user:
    Authorization ourPerms = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    ourPerms.setUserId(authUserId);
    ourPerms.setResource(USER);
    ourPerms.setResourceId(ANY);
    ourPerms.addPermission(READ);
    authorizationService.saveAuthorization(ourPerms);

    processEngineConfiguration.setAuthorizationEnabled(true);

    // now we can fetch the user
    assertNotNull(identityService.createUserQuery().singleResult());
    assertEquals(1, identityService.createUserQuery().count());

    // change the base permission:
    processEngineConfiguration.setAuthorizationEnabled(false);
    basePerms = authorizationService.createAuthorizationQuery().resourceType(USER).userIdIn("*").singleResult();
    basePerms.addPermission(READ);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);

    // we can still fetch the user
    assertNotNull(identityService.createUserQuery().singleResult());
    assertEquals(1, identityService.createUserQuery().count());


    // revoke permission for jonny2:
    processEngineConfiguration.setAuthorizationEnabled(false);
    ourPerms = authorizationService.createAuthorizationQuery().resourceType(USER).userIdIn(authUserId).singleResult();
    ourPerms.removePermission(READ);
    authorizationService.saveAuthorization(ourPerms);

    Authorization revoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
    revoke.setUserId(authUserId);
    revoke.setResource(USER);
    revoke.setResourceId(ANY);
    revoke.removePermission(READ);
    authorizationService.saveAuthorization(revoke);
    processEngineConfiguration.setAuthorizationEnabled(true);

    // now we cannot fetch the user
    assertNull(identityService.createUserQuery().singleResult());
    assertEquals(0, identityService.createUserQuery().count());


    // delete our perms
    processEngineConfiguration.setAuthorizationEnabled(false);
    authorizationService.deleteAuthorization(ourPerms.getId());
    authorizationService.deleteAuthorization(revoke.getId());
    processEngineConfiguration.setAuthorizationEnabled(true);

    // now the base permission applies and grants us read access
    assertNotNull(identityService.createUserQuery().singleResult());
    assertEquals(1, identityService.createUserQuery().count());

  }
 
Example 19
Source File: BatchSetRemovalTimeHierarchicalTest.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
@Test
public void shouldSetRemovalTime_HistoricProcessInstanceAuthorization() {
  // given
  testRule.getProcessEngineConfiguration()
      .setEnableHistoricInstancePermissions(true);

  String rootProcessInstanceId = testRule.process().call().userTask().deploy().start();

  Authorization authorization =
      authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  authorization.setResource(Resources.HISTORIC_PROCESS_INSTANCE);

  String processInstanceId = historyService.createHistoricProcessInstanceQuery()
      .activeActivityIdIn("userTask")
      .singleResult()
      .getId();

  authorization.setResourceId(processInstanceId);
  authorization.setUserId("foo");

  authorizationService.saveAuthorization(authorization);

  // assume
  AuthorizationQuery authQuery = authorizationService.createAuthorizationQuery()
      .resourceType(Resources.HISTORIC_PROCESS_INSTANCE);

  assertThat(authQuery.list())
      .extracting("removalTime", "resourceId", "rootProcessInstanceId")
      .containsExactly(tuple(null, processInstanceId, rootProcessInstanceId));

  // when
  testRule.updateHistoryTimeToLive("rootProcess", 5);

  HistoricProcessInstanceQuery query =
      historyService.createHistoricProcessInstanceQuery().rootProcessInstances();

  testRule.syncExec(
      historyService.setRemovalTimeToHistoricProcessInstances()
          .calculatedRemovalTime()
          .byQuery(query)
          .hierarchical()
          .executeAsync()
  );

  // then
  authQuery = authorizationService.createAuthorizationQuery()
      .resourceType(Resources.HISTORIC_PROCESS_INSTANCE);

  Date removalTime = addDays(CURRENT_DATE, 5);
  assertThat(authQuery.list())
      .extracting("removalTime", "resourceId", "rootProcessInstanceId")
      .containsExactly(tuple(removalTime, processInstanceId, rootProcessInstanceId));
}
 
Example 20
Source File: RemovalTimeStrategyEndTest.java    From camunda-bpm-platform with Apache License 2.0 2 votes vote down vote up
@Test
public void shouldResolveHistoricTaskAuthorization_HistoricTaskInstance() {
  // given
  processEngineConfiguration.setEnableHistoricInstancePermissions(true);

  testRule.deploy(CALLING_PROCESS);

  testRule.deploy(CALLED_PROCESS);

  ClockUtil.setCurrentTime(START_DATE);

  runtimeService.startProcessInstanceByKey(CALLING_PROCESS_KEY);

  String taskId = taskService.createTaskQuery().singleResult().getId();

  Authorization authorization =
      authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);

  authorization.setUserId("myUserId");
  authorization.setResource(Resources.HISTORIC_TASK);
  authorization.setResourceId(taskId);

  // when
  authorizationService.saveAuthorization(authorization);

  authorization = authorizationService.createAuthorizationQuery()
      .resourceType(Resources.HISTORIC_TASK)
      .singleResult();

  // assume
  assertThat(authorization.getRemovalTime(), nullValue());

  ClockUtil.setCurrentTime(END_DATE);

  // when
  taskService.complete(taskId);

  Date removalTime = addDays(END_DATE, 5);

  authorization = authorizationService.createAuthorizationQuery()
      .resourceType(Resources.HISTORIC_TASK)
      .singleResult();

  // then
  assertThat(authorization.getRemovalTime(), is(removalTime));
}