Java Code Examples for org.camunda.bpm.engine.authorization.Authorization#setGroupId()
The following examples show how to use
org.camunda.bpm.engine.authorization.Authorization#setGroupId() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ProcessDefinitionAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testQueryWithGroupAuthorizationRevokedReadPermission() {
// given
// given user gets all permissions on any process definition
Authorization authorization = createGrantAuthorization(PROCESS_DEFINITION, ANY);
authorization.setGroupId(groupId);
authorization.addPermission(ALL);
saveAuthorization(authorization);
authorization = createRevokeAuthorization(PROCESS_DEFINITION, ONE_TASK_PROCESS_KEY);
authorization.setGroupId(groupId);
authorization.removePermission(READ);
saveAuthorization(authorization);
// when
ProcessDefinitionQuery query = repositoryService.createProcessDefinitionQuery();
// then
verifyQueryResults(query, 1);
ProcessDefinition definition = query.singleResult();
assertNotNull(definition);
assertEquals(TWO_TASKS_PROCESS_KEY, definition.getKey());
}
Example 2
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testCreateAuthorizationWithGroupId() {
Resource resource1 = TestResource.RESOURCE1;
// initially, no authorization exists:
assertEquals(0, authorizationService.createAuthorizationQuery().count());
// simple create / delete with userId
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
authorization.setGroupId("aGroupId");
authorization.setResource(resource1);
// save the authorization
authorizationService.saveAuthorization(authorization);
// authorization exists
assertEquals(1, authorizationService.createAuthorizationQuery().count());
// delete the authorization
authorizationService.deleteAuthorization(authorization.getId());
// it's gone
assertEquals(0, authorizationService.createAuthorizationQuery().count());
}
Example 3
| Source File: AuthorizationDto.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public static void update(AuthorizationDto dto, Authorization dbAuthorization, ProcessEngineConfiguration engineConfiguration) {
dbAuthorization.setGroupId(dto.getGroupId());
dbAuthorization.setUserId(dto.getUserId());
dbAuthorization.setResourceId(dto.getResourceId());
// update optional fields
if(dto.getResourceType() != null) {
dbAuthorization.setResourceType(dto.getResourceType());
}
if(dto.getPermissions() != null) {
dbAuthorization.setPermissions(PermissionConverter.getPermissionsForNames(dto.getPermissions(), dto.getResourceType(), engineConfiguration));
}
}
Example 4
| Source File: DefaultUserLifecycleBean.java From Showcase with Apache License 2.0 | 5 votes |
|
private void grantAuthorizationWithPermissions(Group adminGroup) {
Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
authorization.setGroupId(adminGroup.getId());
authorization.setResource(Resources.USER);
authorization.addPermission(org.camunda.bpm.engine.authorization.Permissions.ALL);
authorizationService.saveAuthorization(authorization);
}
Example 5
| Source File: GroupAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected void createGroupGrantAuthorization(Resource resource, String resourceId, String groupId, Permission... permissions) {
Authorization authorization = createGrantAuthorization(resource, resourceId);
authorization.setGroupId(groupId);
for (Permission permission : permissions) {
authorization.addPermission(permission);
}
saveAuthorization(authorization);
}
Example 6
| Source File: AuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected void createGrantAuthorizationGroup(Resource resource, String resourceId, String groupId, Permission... permissions) {
Authorization authorization = createGrantAuthorization(resource, resourceId);
authorization.setGroupId(groupId);
for (Permission permission : permissions) {
authorization.addPermission(permission);
}
saveAuthorization(authorization);
}
Example 7
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testGrantAuthorizationType() {
Authorization grantAuthorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
// I can set userId = null
grantAuthorization.setUserId(null);
// I can set userId = ANY
grantAuthorization.setUserId(ANY);
// I can set anything else:
grantAuthorization.setUserId("something");
// I can set groupId = null
grantAuthorization.setGroupId(null);
// I can set anything else:
grantAuthorization.setGroupId("something");
}
Example 8
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testRevokeAuthorizationType() {
Authorization revokeAuthorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
// I can set userId = null
revokeAuthorization.setUserId(null);
// I can set userId = ANY
revokeAuthorization.setUserId(ANY);
// I can set anything else:
revokeAuthorization.setUserId("something");
// I can set groupId = null
revokeAuthorization.setGroupId(null);
// I can set anything else:
revokeAuthorization.setGroupId("something");
}
Example 9
| Source File: AuthorizationServiceWithEnabledAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testUserOverrideGroupOverrideGlobalAuthorizationCheck() {
Resource resource1 = TestResource.RESOURCE1;
// create global authorization which grants all permissions to all users (on resource1):
Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
globalGrant.setResource(resource1);
globalGrant.setResourceId(ANY);
globalGrant.addPermission(ALL);
authorizationService.saveAuthorization(globalGrant);
// revoke READ for group "sales"
Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
groupRevoke.setGroupId("sales");
groupRevoke.setResource(resource1);
groupRevoke.setResourceId(ANY);
groupRevoke.removePermission(READ);
authorizationService.saveAuthorization(groupRevoke);
// add READ for jonny
Authorization userGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
userGrant.setUserId("jonny");
userGrant.setResource(resource1);
userGrant.setResourceId(ANY);
userGrant.addPermission(READ);
authorizationService.saveAuthorization(userGrant);
List<String> jonnysGroups = Arrays.asList("sales", "marketing");
List<String> someOneElsesGroups = Collections.singletonList("marketing");
// jonny can read
assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1));
assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1));
// someone else in the same groups cannot
assertFalse(authorizationService.isUserAuthorized("someone else", jonnysGroups, READ, resource1));
// someone else in different groups can
assertTrue(authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
}
Example 10
| Source File: AuthorizationQueryTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected void createAuthorization(String userId, String groupId, Resource resourceType, String resourceId, Permission... permissions) {
Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
authorization.setUserId(userId);
authorization.setGroupId(groupId);
authorization.setResource(resourceType);
authorization.setResourceId(resourceId);
for (Permission permission : permissions) {
authorization.addPermission(permission);
}
authorizationService.saveAuthorization(authorization);
}
Example 11
| Source File: AuthorizationCreateDto.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public static void update(AuthorizationCreateDto dto, Authorization dbAuthorization, ProcessEngineConfiguration engineConfiguration) {
dbAuthorization.setGroupId(dto.getGroupId());
dbAuthorization.setUserId(dto.getUserId());
dbAuthorization.setResourceType(dto.getResourceType());
dbAuthorization.setResourceId(dto.getResourceId());
dbAuthorization.setPermissions(PermissionConverter.getPermissionsForNames(dto.getPermissions(), dto.getResourceType(), engineConfiguration));
}
Example 12
| Source File: AuthorizationPerformanceTestCase.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected void grouptGrant(String groupId, Resource resource, Permission... perms) {
AuthorizationService authorizationService = engine.getAuthorizationService();
Authorization groupGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
groupGrant.setResource(resource);
groupGrant.setResourceId(ANY);
for (Permission permission : perms) {
groupGrant.addPermission(permission);
}
groupGrant.setGroupId(groupId);
authorizationService.saveAuthorization(groupGrant);
}
Example 13
| Source File: Application.java From camunda-spring-boot-amqp-microservice-cloud-example with Apache License 2.0 | 4 votes |
|
public static void createDefaultUser(ProcessEngine engine) {
// and add default user to Camunda to be ready-to-go
if (engine.getIdentityService().createUserQuery().userId("demo").count() == 0) {
User user = engine.getIdentityService().newUser("demo");
user.setFirstName("Demo");
user.setLastName("Demo");
user.setPassword("demo");
user.setEmail("[email protected]");
engine.getIdentityService().saveUser(user);
Group group = engine.getIdentityService().newGroup(Groups.CAMUNDA_ADMIN);
group.setName("Administrators");
group.setType(Groups.GROUP_TYPE_SYSTEM);
engine.getIdentityService().saveGroup(group);
for (Resource resource : Resources.values()) {
Authorization auth = engine.getAuthorizationService().createNewAuthorization(AUTH_TYPE_GRANT);
auth.setGroupId(Groups.CAMUNDA_ADMIN);
auth.addPermission(ALL);
auth.setResourceId(ANY);
auth.setResource(resource);
engine.getAuthorizationService().saveAuthorization(auth);
}
engine.getIdentityService().createMembership("demo", Groups.CAMUNDA_ADMIN);
}
// create default "all tasks" filter
if (engine.getFilterService().createFilterQuery().filterName("Alle").count() == 0) {
Map<String, Object> filterProperties = new HashMap<String, Object>();
filterProperties.put("description", "Alle Aufgaben");
filterProperties.put("priority", 10);
Filter filter = engine.getFilterService().newTaskFilter() //
.setName("Alle") //
.setProperties(filterProperties)//
.setOwner("demo")//
.setQuery(engine.getTaskService().createTaskQuery());
engine.getFilterService().saveFilter(filter);
// and authorize demo user for it
if (engine.getAuthorizationService().createAuthorizationQuery().resourceType(FILTER).resourceId(filter.getId()) //
.userIdIn("demo").count() == 0) {
Authorization managementGroupFilterRead = engine.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
managementGroupFilterRead.setResource(FILTER);
managementGroupFilterRead.setResourceId(filter.getId());
managementGroupFilterRead.addPermission(ALL);
managementGroupFilterRead.setUserId("demo");
engine.getAuthorizationService().saveAuthorization(managementGroupFilterRead);
}
}
}
Example 14
| Source File: AuthorizationUserOperationLogTest.java From camunda-bpm-platform with Apache License 2.0 | 4 votes |
|
public void testLogCreatedOnAuthorizationUpdate() {
// given
UserOperationLogQuery query = historyService.createUserOperationLogQuery();
Authorization authorization = createGrantAuthorizationWithoutAuthentication(Resources.PROCESS_DEFINITION, Authorization.ANY, "testUserId",
Permissions.DELETE);
createGrantAuthorizationWithoutAuthentication(OPERATION_LOG_CATEGORY, CATEGORY_ADMIN, userId, READ);
assertEquals(0, query.count());
// when
authorization.addPermission(Permissions.READ);
authorization.setResource(Resources.PROCESS_INSTANCE);
authorization.setResourceId("abc123");
authorization.setGroupId("testGroupId");
authorization.setUserId(null);
saveAuthorization(authorization);
// then
assertEquals(7, query.count());
UserOperationLogEntry entry = query.property("permissionBits").singleResult();
assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType());
assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
assertEquals(String.valueOf(Permissions.DELETE.getValue() | Permissions.READ.getValue()), entry.getNewValue());
assertEquals(String.valueOf(Permissions.DELETE.getValue()), entry.getOrgValue());
entry = query.property("permissions").singleResult();
assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType());
assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
assertEquals(Permissions.READ.getName() + ", " + Permissions.DELETE.getName(), entry.getNewValue());
assertEquals(Permissions.DELETE.getName(), entry.getOrgValue());
entry = query.property("type").singleResult();
assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType());
assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
assertEquals(String.valueOf(Authorization.AUTH_TYPE_GRANT), entry.getNewValue());
assertEquals(String.valueOf(Authorization.AUTH_TYPE_GRANT), entry.getOrgValue());
entry = query.property("resource").singleResult();
assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType());
assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
assertEquals(Resources.PROCESS_INSTANCE.resourceName(), entry.getNewValue());
assertEquals(Resources.PROCESS_DEFINITION.resourceName(), entry.getOrgValue());
entry = query.property("resourceId").singleResult();
assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType());
assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
assertEquals("abc123", entry.getNewValue());
assertEquals(Authorization.ANY, entry.getOrgValue());
entry = query.property("userId").singleResult();
assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType());
assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
assertNull(entry.getNewValue());
assertEquals("testUserId", entry.getOrgValue());
entry = query.property("groupId").singleResult();
assertEquals(UserOperationLogEntry.OPERATION_TYPE_UPDATE, entry.getOperationType());
assertEquals(UserOperationLogEntry.CATEGORY_ADMIN, entry.getCategory());
assertEquals(EntityTypes.AUTHORIZATION, entry.getEntityType());
assertEquals("testGroupId", entry.getNewValue());
assertNull(entry.getOrgValue());
}
Example 15
| Source File: AuthorizationServiceWithEnabledAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 4 votes |
|
public void testGroupOverrideGlobalGrantAuthorizationCheck() {
Resource resource1 = TestResource.RESOURCE1;
// create global authorization which grants all permissions to all users (on resource1):
Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
globalGrant.setResource(resource1);
globalGrant.setResourceId(ANY);
globalGrant.addPermission(ALL);
authorizationService.saveAuthorization(globalGrant);
// revoke READ for group "sales"
Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
groupRevoke.setGroupId("sales");
groupRevoke.setResource(resource1);
groupRevoke.setResourceId(ANY);
groupRevoke.removePermission(READ);
authorizationService.saveAuthorization(groupRevoke);
List<String> jonnysGroups = Arrays.asList("sales", "marketing");
List<String> someOneElsesGroups = Collections.singletonList("marketing");
// jonny does not have ALL permissions if queried with groups
assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, ALL, resource1));
// if queried without groups he has
assertTrue(authorizationService.isUserAuthorized("jonny", null, ALL, resource1));
// jonny can't read if queried with groups
assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1));
// if queried without groups he has
assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1));
// someone else who is in group "marketing" but but not "sales" can
assertTrue(authorizationService.isUserAuthorized("someone else", someOneElsesGroups, ALL, resource1));
assertTrue(authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
assertTrue(authorizationService.isUserAuthorized("someone else", null, ALL, resource1));
assertTrue(authorizationService.isUserAuthorized("someone else", null, READ, resource1));
// he could'nt if he were in jonny's groups
assertFalse(authorizationService.isUserAuthorized("someone else", jonnysGroups, ALL, resource1));
assertFalse(authorizationService.isUserAuthorized("someone else", jonnysGroups, READ, resource1));
// jonny can still delete
assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, DELETE, resource1));
assertTrue(authorizationService.isUserAuthorized("jonny", null, DELETE, resource1));
}
