Java Code Examples for org.camunda.bpm.engine.authorization.Authorization#addPermission()
The following examples show how to use
org.camunda.bpm.engine.authorization.Authorization#addPermission() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
public void testIsPermissionGrantedBatchResource() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); String userId = "userId"; authorization.setUserId(userId); authorization.addPermission(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES); authorization.addPermission(BatchPermissions.CREATE_BATCH_DELETE_FINISHED_PROCESS_INSTANCES); authorization.addPermission(BatchPermissions.CREATE_BATCH_DELETE_RUNNING_PROCESS_INSTANCES); authorization.setResource(Resources.BATCH); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult(); assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_FINISHED_PROCESS_INSTANCES)); assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_RUNNING_PROCESS_INSTANCES)); assertFalse(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MODIFY_PROCESS_INSTANCES)); assertFalse(authorizationResult.isPermissionGranted(Permissions.ACCESS)); assertFalse(authorizationResult.isPermissionGranted(Permissions.CREATE)); }
Example 2
Source File: AuthorizationServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
public void testIsUserAuthorizedWithValidResourceImpl() { // given ResourceImpl resource = new ResourceImpl("application", 0); Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); String userId = "userId"; authorization.setUserId(userId); authorization.addPermission(Permissions.ACCESS); authorization.setResource(Resources.APPLICATION); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); // then assertEquals(true, authorizationService.isUserAuthorized(userId, null, Permissions.ACCESS, resource)); }
Example 3
Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
public void testIsPermissionGrantedAccess() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); String userId = "userId"; authorization.setUserId(userId); authorization.addPermission(Permissions.ACCESS); authorization.setResource(Resources.APPLICATION); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult(); assertTrue(authorizationResult.isPermissionGranted(Permissions.ACCESS)); assertFalse(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertFalse(authorizationResult.isPermissionGranted(ProcessInstancePermissions.RETRY_JOB)); assertFalse(authorizationResult.isPermissionGranted(ProcessDefinitionPermissions.RETRY_JOB)); }
Example 4
Source File: AuthorizationQueryAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
@Test public void testQueryCorrectAndIncorrectPersmission() throws Exception { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId("userId"); authorization.setResource(Resources.PROCESS_DEFINITION); authorization.addPermission(Permissions.READ); authorization.addPermission(ProcessDefinitionPermissions.RETRY_JOB); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); // assume Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.PROCESS_DEFINITION).singleResult(); assertNotNull(authResult); // then assertEquals(0, authorizationService.createAuthorizationQuery() .hasPermission(Permissions.READ) .hasPermission(Permissions.ACCESS) .count()); }
Example 5
Source File: IdentityServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
public void testTenanGroupMembershipDeleteAuthorizations() { Group group1 = identityService.newGroup("group1"); identityService.saveGroup(group1); Tenant tenant1 = identityService.newTenant("tenant1"); identityService.saveTenant(tenant1); // add base permission which allows nobody to delete memberships Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); basePerms.setResource(TENANT_MEMBERSHIP); basePerms.setResourceId(ANY); basePerms.addPermission(ALL); // add all then remove 'delete' basePerms.removePermission(DELETE); authorizationService.saveAuthorization(basePerms); processEngineConfiguration.setAuthorizationEnabled(true); identityService.setAuthenticatedUserId(jonny2); try { identityService.deleteTenantGroupMembership("tenant1", "group1"); fail("exception expected"); } catch (AuthorizationException e) { assertEquals(1, e.getMissingAuthorizations().size()); MissingAuthorization info = e.getMissingAuthorizations().get(0); assertEquals(jonny2, e.getUserId()); assertExceptionInfo(DELETE.getName(), TENANT_MEMBERSHIP.resourceName(), "tenant1", info); } }
Example 6
Source File: IdentityServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
public void testTenantUserMembershipDeleteAuthorizations() { User jonny1 = identityService.newUser("jonny1"); identityService.saveUser(jonny1); Tenant tenant1 = identityService.newTenant("tenant1"); identityService.saveTenant(tenant1); // add base permission which allows nobody to delete memberships Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); basePerms.setResource(TENANT_MEMBERSHIP); basePerms.setResourceId(ANY); basePerms.addPermission(ALL); // add all then remove 'delete' basePerms.removePermission(DELETE); authorizationService.saveAuthorization(basePerms); processEngineConfiguration.setAuthorizationEnabled(true); identityService.setAuthenticatedUserId(jonny2); try { identityService.deleteTenantUserMembership("tenant1", "jonny1"); fail("exception expected"); } catch (AuthorizationException e) { assertEquals(1, e.getMissingAuthorizations().size()); MissingAuthorization info = e.getMissingAuthorizations().get(0); assertEquals(jonny2, e.getUserId()); assertExceptionInfo(DELETE.getName(), TENANT_MEMBERSHIP.resourceName(), "tenant1", info); } }
Example 7
Source File: AuthorizationQueryTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
protected void createAuthorization(String userId, String groupId, Resource resourceType, String resourceId, Permission... permissions) { Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.setGroupId(groupId); authorization.setResource(resourceType); authorization.setResourceId(resourceId); for (Permission permission : permissions) { authorization.addPermission(permission); } authorizationService.saveAuthorization(authorization); }
Example 8
Source File: AuthorizationScenario.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
protected static Authorization createAuthorization(AuthorizationService authorizationService, Permission permission, Resources resource, String userId) { Authorization auth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); auth.addPermission(permission); auth.setResource(resource); auth.setResourceId(Authorization.ANY); auth.setUserId(userId); return auth; }
Example 9
Source File: AuthorizationTestBaseRule.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
public void createGrantAuthorization(Resource resource, String resourceId, String userId, Permission... permissions) { Authorization authorization = createAuthorization(Authorization.AUTH_TYPE_GRANT, resource, resourceId); authorization.setUserId(userId); for (Permission permission : permissions) { authorization.addPermission(permission); } engineRule.getAuthorizationService().saveAuthorization(authorization); manageAuthorization(authorization); }
Example 10
Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
public void testReportResourceAuthorization() { Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.addPermission(ALL); authorization.setResource(REPORT); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); assertEquals(true, authorizationService.isUserAuthorized(userId, Arrays.asList(groupId), ALL, REPORT)); processEngineConfiguration.setAuthorizationEnabled(false); }
Example 11
Source File: FilterAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
protected User createTestUser(String userId) { User user = identityService.newUser(userId); identityService.saveUser(user); // give user all permission to manipulate authorisations Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT); authorization.setUserId(user.getId()); authorization.setResource(Resources.AUTHORIZATION); authorization.setResourceId(Authorization.ANY); authorization.addPermission(Permissions.ALL); authorizationService.saveAuthorization(authorization); // give user all permission to manipulate users authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT); authorization.setUserId(user.getId()); authorization.setResource(Resources.USER); authorization.setResourceId(Authorization.ANY); authorization.addPermission(Permissions.ALL); authorizationService.saveAuthorization(authorization); authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT); authorization.setUserId(user.getId()); authorization.setResource(Resources.TASK); authorization.setResourceId(Authorization.ANY); authorization.addPermission(Permissions.ALL); authorizationService.saveAuthorization(authorization); return user; }
Example 12
Source File: IdentityServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
public void testMembershipDeleteAuthorizations() { User jonny1 = identityService.newUser("jonny1"); identityService.saveUser(jonny1); Group group1 = identityService.newGroup("group1"); identityService.saveGroup(group1); // add base permission which allows nobody to add users to groups Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); basePerms.setResource(GROUP_MEMBERSHIP); basePerms.setResourceId(ANY); basePerms.addPermission(ALL); // add all then remove 'delete' basePerms.removePermission(DELETE); authorizationService.saveAuthorization(basePerms); processEngineConfiguration.setAuthorizationEnabled(true); identityService.setAuthenticatedUserId(jonny2); try { identityService.deleteMembership("jonny1", "group1"); fail("exception expected"); } catch (AuthorizationException e) { assertEquals(1, e.getMissingAuthorizations().size()); MissingAuthorization info = e.getMissingAuthorizations().get(0); assertEquals(jonny2, e.getUserId()); assertExceptionInfo(DELETE.getName(), GROUP_MEMBERSHIP.resourceName(), "group1", info); } }
Example 13
Source File: GroupAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
protected void createGroupGrantAuthorization(Resource resource, String resourceId, String groupId, Permission... permissions) { Authorization authorization = createGrantAuthorization(resource, resourceId); authorization.setGroupId(groupId); for (Permission permission : permissions) { authorization.addPermission(permission); } saveAuthorization(authorization); }
Example 14
Source File: KeycloakGroupQueryTest.java From camunda-bpm-identity-keycloak with Apache License 2.0 | 5 votes |
protected void createGrantAuthorization(Resource resource, String resourceId, String userId, Permission... permissions) { Authorization authorization = createAuthorization(AUTH_TYPE_GRANT, resource, resourceId); authorization.setUserId(userId); for (Permission permission : permissions) { authorization.addPermission(permission); } authorizationService.saveAuthorization(authorization); }
Example 15
Source File: IdentityServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
public void testTenantUpdateAuthorizations() { // create tenant Tenant tenant = new TenantEntity("tenant"); identityService.saveTenant(tenant); // create global auth Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); basePerms.setResource(TENANT); basePerms.setResourceId(ANY); basePerms.addPermission(ALL); basePerms.removePermission(UPDATE); // revoke update authorizationService.saveAuthorization(basePerms); // turn on authorization processEngineConfiguration.setAuthorizationEnabled(true); identityService.setAuthenticatedUserId(jonny2); // fetch user: tenant = identityService.createTenantQuery().singleResult(); tenant.setName("newName"); try { identityService.saveTenant(tenant); fail("exception expected"); } catch (AuthorizationException e) { assertEquals(1, e.getMissingAuthorizations().size()); MissingAuthorization info = e.getMissingAuthorizations().get(0); assertEquals(jonny2, e.getUserId()); assertExceptionInfo(UPDATE.getName(), TENANT.resourceName(), "tenant", info); } // but I can create a new tenant: Tenant newTenant = identityService.newTenant("newTenant"); identityService.saveTenant(newTenant); }
Example 16
Source File: AuthorizationServiceWithEnabledAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
public void testUserOverrideGroupOverrideGlobalAuthorizationCheck() { Resource resource1 = TestResource.RESOURCE1; // create global authorization which grants all permissions to all users (on resource1): Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); globalGrant.setResource(resource1); globalGrant.setResourceId(ANY); globalGrant.addPermission(ALL); authorizationService.saveAuthorization(globalGrant); // revoke READ for group "sales" Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE); groupRevoke.setGroupId("sales"); groupRevoke.setResource(resource1); groupRevoke.setResourceId(ANY); groupRevoke.removePermission(READ); authorizationService.saveAuthorization(groupRevoke); // add READ for jonny Authorization userGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); userGrant.setUserId("jonny"); userGrant.setResource(resource1); userGrant.setResourceId(ANY); userGrant.addPermission(READ); authorizationService.saveAuthorization(userGrant); List<String> jonnysGroups = Arrays.asList("sales", "marketing"); List<String> someOneElsesGroups = Collections.singletonList("marketing"); // jonny can read assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1)); assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1)); // someone else in the same groups cannot assertFalse(authorizationService.isUserAuthorized("someone else", jonnysGroups, READ, resource1)); // someone else in different groups can assertTrue(authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1)); }
Example 17
Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
public void testDashboardResourceAuthorization() { Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId(userId); authorization.addPermission(ALL); authorization.setResource(DASHBOARD); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); assertEquals(true, authorizationService.isUserAuthorized(userId, Arrays.asList(groupId), ALL, DASHBOARD)); processEngineConfiguration.setAuthorizationEnabled(false); }
Example 18
Source File: DefaultUserLifecycleBean.java From Showcase with Apache License 2.0 | 5 votes |
private void grantAuthorizationWithPermissions(Group adminGroup) { Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT); authorization.setGroupId(adminGroup.getId()); authorization.setResource(Resources.USER); authorization.addPermission(org.camunda.bpm.engine.authorization.Permissions.ALL); authorizationService.saveAuthorization(authorization); }
Example 19
Source File: AuthorizationPerformanceTestCase.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
protected void userGrant(String userId, Resource resource, Permission... perms) { AuthorizationService authorizationService = engine.getAuthorizationService(); Authorization groupGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); groupGrant.setResource(resource); groupGrant.setResourceId(ANY); for (Permission permission : perms) { groupGrant.addPermission(permission); } groupGrant.setUserId(userId); authorizationService.saveAuthorization(groupGrant); }
Example 20
Source File: IdentityServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 4 votes |
public void testUserQueryAuthorizations() { // we are jonny2 String authUserId = "jonny2"; identityService.setAuthenticatedUserId(authUserId); // create new user jonny1 User jonny1 = identityService.newUser("jonny1"); identityService.saveUser(jonny1); // set base permission for all users (no-one has any permissions on users) Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); basePerms.setResource(USER); basePerms.setResourceId(ANY); authorizationService.saveAuthorization(basePerms); // now enable checks processEngineConfiguration.setAuthorizationEnabled(true); // we cannot fetch the user assertNull(identityService.createUserQuery().singleResult()); assertEquals(0, identityService.createUserQuery().count()); processEngineConfiguration.setAuthorizationEnabled(false); // now we add permission for jonny2 to read the user: Authorization ourPerms = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); ourPerms.setUserId(authUserId); ourPerms.setResource(USER); ourPerms.setResourceId(ANY); ourPerms.addPermission(READ); authorizationService.saveAuthorization(ourPerms); processEngineConfiguration.setAuthorizationEnabled(true); // now we can fetch the user assertNotNull(identityService.createUserQuery().singleResult()); assertEquals(1, identityService.createUserQuery().count()); // change the base permission: processEngineConfiguration.setAuthorizationEnabled(false); basePerms = authorizationService.createAuthorizationQuery().resourceType(USER).userIdIn("*").singleResult(); basePerms.addPermission(READ); authorizationService.saveAuthorization(basePerms); processEngineConfiguration.setAuthorizationEnabled(true); // we can still fetch the user assertNotNull(identityService.createUserQuery().singleResult()); assertEquals(1, identityService.createUserQuery().count()); // revoke permission for jonny2: processEngineConfiguration.setAuthorizationEnabled(false); ourPerms = authorizationService.createAuthorizationQuery().resourceType(USER).userIdIn(authUserId).singleResult(); ourPerms.removePermission(READ); authorizationService.saveAuthorization(ourPerms); Authorization revoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE); revoke.setUserId(authUserId); revoke.setResource(USER); revoke.setResourceId(ANY); revoke.removePermission(READ); authorizationService.saveAuthorization(revoke); processEngineConfiguration.setAuthorizationEnabled(true); // now we cannot fetch the user assertNull(identityService.createUserQuery().singleResult()); assertEquals(0, identityService.createUserQuery().count()); // delete our perms processEngineConfiguration.setAuthorizationEnabled(false); authorizationService.deleteAuthorization(ourPerms.getId()); authorizationService.deleteAuthorization(revoke.getId()); processEngineConfiguration.setAuthorizationEnabled(true); // now the base permission applies and grants us read access assertNotNull(identityService.createUserQuery().singleResult()); assertEquals(1, identityService.createUserQuery().count()); }