Java Code Examples for org.camunda.bpm.engine.authorization.Authorization#setPermissions()

The following examples show how to use org.camunda.bpm.engine.authorization.Authorization#setPermissions() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AuthorizationSpec.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public Authorization instantiate(AuthorizationService authorizationService, Map<String, String> replacements) {
  Authorization authorization = authorizationService.createNewAuthorization(type);

  // TODO: group id is missing
  authorization.setResource(resource);

  if (replacements.containsKey(resourceId)) {
    authorization.setResourceId(replacements.get(resourceId));
  }
  else {
    authorization.setResourceId(resourceId);
  }
  authorization.setUserId(userId);
  authorization.setPermissions(permissions);

  return authorization;
}
 
Example 2
Source File: AuthorizationServiceAuthorizationsTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testSaveAuthorizationSetPermissionsWithValidResource() throws Exception {
  // given
  Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  authorization.setUserId("userId");
  authorization.addPermission(Permissions.ACCESS);
  // 'ACCESS' is not allowed for Batches
  // however, it will be reset by next line, so saveAuthorization will be successful
  authorization.setPermissions(
      new BatchPermissions[] { BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES });
  authorization.setResource(Resources.BATCH);
  authorization.setResourceId(ANY);

  processEngineConfiguration.setAuthorizationEnabled(true);

  // when
  authorizationService.saveAuthorization(authorization);

  // then
  Authorization authorizationResult = authorizationService.createAuthorizationQuery().resourceType(Resources.BATCH).singleResult();
  assertNotNull(authorizationResult);
  assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
  assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES));
}
 
Example 3
Source File: AuthorizationDto.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public static void update(AuthorizationDto dto, Authorization dbAuthorization, ProcessEngineConfiguration engineConfiguration) {

    dbAuthorization.setGroupId(dto.getGroupId());
    dbAuthorization.setUserId(dto.getUserId());
    dbAuthorization.setResourceId(dto.getResourceId());

    // update optional fields

    if(dto.getResourceType() != null) {
      dbAuthorization.setResourceType(dto.getResourceType());
    }

    if(dto.getPermissions() != null) {
      dbAuthorization.setPermissions(PermissionConverter.getPermissionsForNames(dto.getPermissions(), dto.getResourceType(), engineConfiguration));
    }

  }
 
Example 4
Source File: CreateStandaloneTaskAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testWithReadHistoryPermissionOnAnyProcessDefinition() {
  // given
  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  auth.setUserId(USER_ID);
  auth.setPermissions(new Permissions[] {Permissions.READ_HISTORY});
  auth.setResource(Resources.PROCESS_DEFINITION);
  auth.setResourceId("*");

  authorizationService.saveAuthorization(auth);
  engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);
  // when
  UserOperationLogQuery query = historyService.createUserOperationLogQuery().taskId("myTaskForUserOperationLog");

  // then
  assertEquals(1, query.count());
}
 
Example 5
Source File: CreateStandaloneTaskAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testWithReadHistoryPermissionOnProcessDefinition() {
  // given
  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  auth.setUserId(USER_ID);
  auth.setPermissions(new Permissions[] {Permissions.READ_HISTORY});
  auth.setResource(Resources.PROCESS_DEFINITION);
  auth.setResourceId("something");

  authorizationService.saveAuthorization(auth);
  engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);
  // when
  UserOperationLogQuery query = historyService.createUserOperationLogQuery().taskId("myTaskForUserOperationLog");
  
  // then
  assertEquals(1, query.count());
}
 
Example 6
Source File: CreateStandaloneTaskDeleteAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testWithDeleteHistoryPermissionOnAnyProcessDefinition() {
  // given
  UserOperationLogQuery query = historyService.createUserOperationLogQuery().taskId("myTaskForUserOperationLogDel");
  
  // assume
  assertEquals(1, query.count());

  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  auth.setUserId(USER_ID);
  auth.setPermissions(new Permissions[] {Permissions.DELETE_HISTORY});
  auth.setResource(Resources.PROCESS_DEFINITION);
  auth.setResourceId("*");

  authorizationService.saveAuthorization(auth);
  engineConfiguration.setAuthorizationEnabled(true);
  
  // when
  historyService.deleteUserOperationLogEntry(query.singleResult().getId());

  // then
  assertNull(historyService.createUserOperationLogQuery().taskId("myTaskForUserOperationLogDel").singleResult());
}
 
Example 7
Source File: SetAssigneeProcessInstanceTaskAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testWithReadHistoryPermissionOnAnyProcessDefinition() {
  // given
  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  auth.setUserId(USER_ID);
  auth.setPermissions(new Permissions[] {Permissions.READ_HISTORY});
  auth.setResource(Resources.PROCESS_DEFINITION);
  auth.setResourceId("*");

  authorizationService.saveAuthorization(auth);
  engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);
  // when
  UserOperationLogQuery query = historyService.createUserOperationLogQuery().processDefinitionKey("oneTaskProcess_userOpLog");

  // then
  assertEquals(1, query.count());
}
 
Example 8
Source File: SetAssigneeProcessInstanceTaskAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testWithReadHistoryPermissionOnProcessDefinition() {
  // given
  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  auth.setUserId(USER_ID);
  auth.setPermissions(new Permissions[] {Permissions.READ_HISTORY});
  auth.setResource(Resources.PROCESS_DEFINITION);
  auth.setResourceId("oneTaskProcess_userOpLog");

  authorizationService.saveAuthorization(auth);
  engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);
  // when
  UserOperationLogQuery query = historyService.createUserOperationLogQuery().processDefinitionKey("oneTaskProcess_userOpLog");

  // then
  assertEquals(1, query.count());
}
 
Example 9
Source File: CdiBeanResolutionTwoEnginesTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
private void createAuthorizations(ProcessEngine processEngine1) {
  Authorization newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
  newAuthorization.setResource(Resources.PROCESS_INSTANCE);
  newAuthorization.setResourceId("*");
  newAuthorization.setPermissions(new Permission[] { Permissions.CREATE });
  processEngine1.getAuthorizationService().saveAuthorization(newAuthorization);

  newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
  newAuthorization.setResource(Resources.PROCESS_DEFINITION);
  newAuthorization.setResourceId("*");
  newAuthorization.setPermissions(new Permission[] { Permissions.CREATE_INSTANCE });
  processEngine1.getAuthorizationService().saveAuthorization(newAuthorization);

  newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
  newAuthorization.setResource(Resources.TASK);
  newAuthorization.setResourceId("*");
  newAuthorization.setPermissions(new Permission[] { Permissions.READ, Permissions.TASK_WORK });
  processEngine1.getAuthorizationService().saveAuthorization(newAuthorization);
}
 
Example 10
Source File: AuthorizationCreateDto.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public static void update(AuthorizationCreateDto dto, Authorization dbAuthorization, ProcessEngineConfiguration engineConfiguration) {
  
  dbAuthorization.setGroupId(dto.getGroupId());
  dbAuthorization.setUserId(dto.getUserId());
  dbAuthorization.setResourceType(dto.getResourceType());
  dbAuthorization.setResourceId(dto.getResourceId());
  dbAuthorization.setPermissions(PermissionConverter.getPermissionsForNames(dto.getPermissions(), dto.getResourceType(), engineConfiguration));
  
}
 
Example 11
Source File: SetAnnotationAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldFallbackToProcessDefinitionAuthorizationCheckWhenOperationLogCategoryIsNull() {
  // given
  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);

  auth.setUserId("demo");
  auth.setPermissions(new ProcessDefinitionPermissions[] {ProcessDefinitionPermissions.UPDATE_HISTORY});
  auth.setResource(Resources.PROCESS_DEFINITION);
  auth.setResourceId("oneTaskProcess_userOpLog_annotation");

  authorizationService.saveAuthorization(auth);

  processEngineConfiguration.setAuthorizationEnabled(false);

  UserOperationLogEntry userOperationLogEntry = historyService.createUserOperationLogQuery()
      .processDefinitionKey("oneTaskProcess_userOpLog_annotation")
      .entityType("Task")
      .singleResult();

  // assume
  assertThat(userOperationLogEntry.getCategory(), nullValue());

  processEngineConfiguration.setAuthorizationEnabled(true);

  // when
  historyService.setAnnotationForOperationLogById(userOperationLogEntry.getOperationId(), "anAnnotation");

  processEngineConfiguration.setAuthorizationEnabled(false);

  userOperationLogEntry = historyService.createUserOperationLogQuery()
      .processDefinitionKey("oneTaskProcess_userOpLog_annotation")
      .entityType("Task")
      .singleResult();

  // then
  assertThat(userOperationLogEntry.getAnnotation(), is("anAnnotation"));

  // cleanup
  authorizationService.deleteAuthorization(auth.getId());
}
 
Example 12
Source File: SuspendProcessDefinitionDeleteAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testWithDeleteHistoryPermissionOnAnyProcessDefinition() {
  // given
  UserOperationLogQuery query = historyService.createUserOperationLogQuery()
      .processDefinitionKey("timerBoundaryProcess")
      .beforeTimestamp(new Date(1549110000000l));

  // assume
  assertTrue(query.count() == 1 || query.count() == 2);

  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  auth.setUserId(USER_ID);
  auth.setPermissions(new Permissions[] {Permissions.DELETE_HISTORY});
  auth.setResource(Resources.PROCESS_DEFINITION);
  auth.setResourceId("*");

  authorizationService.saveAuthorization(auth);
  String logId = query.list().get(0).getId();
  String processInstanceId = query.list().get(0).getProcessInstanceId();
  engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);

  // when
  historyService.deleteUserOperationLogEntry(logId);

  // then
  assertEquals(0, query.processInstanceId(processInstanceId).count());
}
 
Example 13
Source File: SuspendProcessDefinitionDeleteAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testWithDeleteHistoryPermissionOnProcessDefinition() {
  // given
  UserOperationLogQuery query = historyService.createUserOperationLogQuery()
      .processDefinitionKey("timerBoundaryProcess")
      .beforeTimestamp(new Date(1549110000000l));

  // assume
  assertTrue(query.count() == 1 || query.count() == 2);

  String logId = query.list().get(0).getId();
  String processInstanceId = query.list().get(0).getProcessInstanceId();
  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  auth.setUserId(USER_ID);
  auth.setPermissions(new Permissions[] {Permissions.DELETE_HISTORY});
  auth.setResource(Resources.PROCESS_DEFINITION);
  auth.setResourceId("timerBoundaryProcess");
  
  authorizationService.saveAuthorization(auth);

  engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);

  // when
  historyService.deleteUserOperationLogEntry(logId);

  // then
  assertEquals(0, query.processInstanceId(processInstanceId).count());
}
 
Example 14
Source File: HistoricInstancePermissionsAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
@Test
public void shouldSkipAuthorizationChecksForOperationLogQuery() {
  // given
  engineConfiguration.setEnableHistoricInstancePermissions(true);

  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  auth.setUserId(USER_ID);
  auth.setPermissions(new HistoricProcessInstancePermissions[] {
      HistoricProcessInstancePermissions.READ });
  auth.setResource(Resources.HISTORIC_PROCESS_INSTANCE);

  HistoricProcessInstance historicProcessInstance =
      historyService.createHistoricProcessInstanceQuery()
          .processInstanceBusinessKey(BUSINESS_KEY + "0")
          .singleResult();

  String processInstanceId = historicProcessInstance.getId();

  auth.setResourceId(processInstanceId);

  authorizationService.saveAuthorization(auth);

  engineConfiguration.setAuthorizationEnabled(true);

  // when
  String processDefinitionId = historicProcessInstance.getProcessDefinitionId();

  UserOperationLogQuery query = historyService.createUserOperationLogQuery()
      .processDefinitionId(processDefinitionId);

  // then
  assertThat(query.list())
      .extracting("processDefinitionId")
      .containsExactly(
          processDefinitionId,
          processDefinitionId,
          processDefinitionId,
          processDefinitionId,
          processDefinitionId
      );
}
 
Example 15
Source File: HistoricInstancePermissionsAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
@Test
public void shouldSkipAuthorizationChecksForHistoricProcessInstanceQuery() {
  // given
  engineConfiguration.setEnableHistoricInstancePermissions(true);

  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  auth.setUserId(USER_ID);
  auth.setPermissions(new HistoricProcessInstancePermissions[] {
      HistoricProcessInstancePermissions.READ });
  auth.setResource(Resources.HISTORIC_PROCESS_INSTANCE);

  HistoricProcessInstance historicProcessInstance =
      historyService.createHistoricProcessInstanceQuery()
          .processInstanceBusinessKey(BUSINESS_KEY + "0")
          .singleResult();

  String processInstanceId = historicProcessInstance.getId();

  auth.setResourceId(processInstanceId);

  authorizationService.saveAuthorization(auth);

  engineConfiguration.setAuthorizationEnabled(true);

  // when
  String processDefinitionId = historicProcessInstance.getProcessDefinitionId();

  HistoricProcessInstanceQuery query = historyService.createHistoricProcessInstanceQuery()
      .processDefinitionId(processDefinitionId);

  // then
  assertThat(query.list())
      .extracting("businessKey")
      .containsExactly(
          BUSINESS_KEY + "0",
          BUSINESS_KEY + "1",
          BUSINESS_KEY + "2",
          BUSINESS_KEY + "3",
          BUSINESS_KEY + "4"
      );
}