org.camunda.bpm.engine.authorization.AuthorizationQuery Java Examples

The following examples show how to use org.camunda.bpm.engine.authorization.AuthorizationQuery. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AuthorizationQueryMockTest.java    From camunda-bpm-mockito with Apache License 2.0 6 votes vote down vote up
@Test
public void mock_authorizationQuery() {
  final AuthorizationQuery query = null; //QueryMocks1.mockAuthorizationQuery(serviceMock).singleResult(authorization);

  // @formatter:off
  final Authorization result = serviceMock.createAuthorizationQuery()
    .authorizationId("foo")
    .authorizationType(1)
    .userIdIn("user")
    .singleResult();
  // @formatter:on

  assertThat(result).isEqualTo(authorization);

  verify(query).userIdIn("user");
  verify(query).authorizationId("foo");
  verify(query).authorizationType(1);
}
 
Example #2
Source File: AuthorizationRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testGetNonExistingAuthorizationById() {

  AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
  when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
  when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
  when(authorizationQuery.singleResult()).thenReturn(null);

  given()
      .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
  .then().expect()
      .statusCode(Status.NOT_FOUND.getStatusCode()).contentType(ContentType.JSON)
      .body("message", equalTo("Authorization with id "+MockProvider.EXAMPLE_AUTHORIZATION_ID+" does not exist."))
  .when()
      .get(AUTH_RESOURCE_PATH);

}
 
Example #3
Source File: AuthorizationRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testUpdateAuthorizationThrowsAuthorizationException() {
  Authorization authorization = MockProvider.createMockGlobalAuthorization();
  AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization, processEngineConfigurationMock);

  AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
  when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
  when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
  when(authorizationQuery.singleResult()).thenReturn(authorization);

  String message = "expected authorization exception";
  when(authorizationServiceMock.saveAuthorization(any(Authorization.class))).thenThrow(new AuthorizationException(message));

  given()
    .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
    .body(dto).contentType(ContentType.JSON)
  .then().expect()
      .statusCode(Status.FORBIDDEN.getStatusCode())
      .contentType(ContentType.JSON)
      .body("type", equalTo(AuthorizationException.class.getSimpleName()))
      .body("message", equalTo(message))
  .when()
      .put(AUTH_RESOURCE_PATH);
}
 
Example #4
Source File: AuthorizationRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testUpdateNonExistingAuthorization() {

  Authorization authorization = MockProvider.createMockGlobalAuthorization();

  AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
  when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
  when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
  when(authorizationQuery.singleResult()).thenReturn(null);

  AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization, processEngineConfigurationMock);

  given()
      .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
      .body(dto).contentType(ContentType.JSON)
  .then().expect()
      .statusCode(Status.NOT_FOUND.getStatusCode()).contentType(ContentType.JSON)
      .body("message", equalTo("Authorization with id "+MockProvider.EXAMPLE_AUTHORIZATION_ID+" does not exist."))
  .when()
      .put(AUTH_RESOURCE_PATH);

  verify(authorizationServiceMock, never()).saveAuthorization(authorization);

}
 
Example #5
Source File: AuthorizationRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testDeleteAuthorizationThrowsAuthorizationException() {
  Authorization authorization = MockProvider.createMockGlobalAuthorization();

  AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
  when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
  when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
  when(authorizationQuery.singleResult()).thenReturn(authorization);

  String message = "expected authorization exception";
  doThrow(new AuthorizationException(message)).when(authorizationServiceMock).deleteAuthorization(MockProvider.EXAMPLE_AUTHORIZATION_ID);

  given()
      .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
  .then().expect()
      .statusCode(Status.FORBIDDEN.getStatusCode())
      .contentType(ContentType.JSON)
      .body("type", equalTo(AuthorizationException.class.getSimpleName()))
      .body("message", equalTo(message))
  .when()
      .delete(AUTH_RESOURCE_PATH);
}
 
Example #6
Source File: AuthorizationRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testDeleteNonExistingAuthorization() {

  AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
  when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
  when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
  when(authorizationQuery.singleResult()).thenReturn(null);

  given()
      .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
  .then().expect()
      .statusCode(Status.NOT_FOUND.getStatusCode()).contentType(ContentType.JSON)
      .body("message", equalTo("Authorization with id "+MockProvider.EXAMPLE_AUTHORIZATION_ID+" does not exist."))
  .when()
      .delete(AUTH_RESOURCE_PATH);

  verify(authorizationServiceMock, never()).deleteAuthorization(MockProvider.EXAMPLE_AUTHORIZATION_ID);

}
 
Example #7
Source File: AuthorizationRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testDeleteAuthorization() {

  Authorization authorization = MockProvider.createMockGlobalAuthorization();

  AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
  when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
  when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
  when(authorizationQuery.singleResult()).thenReturn(authorization);

  given()
      .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
  .then().expect()
      .statusCode(Status.NO_CONTENT.getStatusCode())
  .when()
      .delete(AUTH_RESOURCE_PATH);

  verify(authorizationQuery).authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID);
  verify(authorizationServiceMock).deleteAuthorization(MockProvider.EXAMPLE_AUTHORIZATION_ID);

}
 
Example #8
Source File: AuthorizationRestServiceQueryTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testCompleteGetParameters() {

  List<Authorization> mockAuthorizations = MockProvider.createMockGlobalAuthorizations();
  AuthorizationQuery mockQuery = setUpMockQuery(mockAuthorizations);

  Map<String, String> queryParameters = getCompleteStringQueryParameters();

  RequestSpecification requestSpecification = given().contentType(POST_JSON_CONTENT_TYPE);
  for (Entry<String, String> paramEntry : queryParameters.entrySet()) {
    requestSpecification.parameter(paramEntry.getKey(), paramEntry.getValue());
  }

  requestSpecification.expect().statusCode(Status.OK.getStatusCode())
    .when().get(SERVICE_PATH);

  verify(mockQuery).authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID);
  verify(mockQuery).authorizationType(MockProvider.EXAMPLE_AUTHORIZATION_TYPE);
  verify(mockQuery).userIdIn(new String[]{MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_ID2});
  verify(mockQuery).groupIdIn(new String[]{MockProvider.EXAMPLE_GROUP_ID, MockProvider.EXAMPLE_GROUP_ID2});
  verify(mockQuery).resourceType(MockProvider.EXAMPLE_RESOURCE_TYPE_ID);
  verify(mockQuery).resourceId(MockProvider.EXAMPLE_RESOURCE_ID);

  verify(mockQuery).list();

}
 
Example #9
Source File: AuthorizationQueryDto.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
protected void applyFilters(AuthorizationQuery query) {

    if (id != null) {
      query.authorizationId(id);
    }
    if (type != null) {
      query.authorizationType(type);
    }
    if (userIdIn != null) {
      query.userIdIn(userIdIn);
    }
    if (groupIdIn != null) {
      query.groupIdIn(groupIdIn);
    }
    if (resourceType != null) {
      query.resourceType(resourceType);
    }
    if (resourceId != null) {
      query.resourceId(resourceId);
    }
  }
 
Example #10
Source File: DeploymentAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testClearAuthorizationOnDeleteDeployment() {
  // given
  createGrantAuthorization(DEPLOYMENT, ANY, userId, CREATE);
  Deployment deployment = repositoryService
    .createDeployment()
    .addClasspathResource(FIRST_RESOURCE)
    .deploy();

  String deploymentId = deployment.getId();

  AuthorizationQuery query = authorizationService
    .createAuthorizationQuery()
    .userIdIn(userId)
    .resourceId(deploymentId);

  Authorization authorization = query.singleResult();
  assertNotNull(authorization);

  // when
  repositoryService.deleteDeployment(deploymentId);

  authorization = query.singleResult();
  assertNull(authorization);

  deleteDeployment(deploymentId);
}
 
Example #11
Source File: AuthorizationRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testUpdateAuthorization() {

  Authorization authorization = MockProvider.createMockGlobalAuthorization();

  AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
  when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
  when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
  when(authorizationQuery.singleResult()).thenReturn(authorization);

  AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization, processEngineConfigurationMock);

  given()
      .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
      .body(dto).contentType(ContentType.JSON)
  .then().expect()
      .statusCode(Status.NO_CONTENT.getStatusCode())
  .when()
      .put(AUTH_RESOURCE_PATH);

  verify(authorizationQuery).authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID);

  verify(authorization).setGroupId(dto.getGroupId());
  verify(authorization).setUserId(dto.getUserId());
  verify(authorization).setResourceId(dto.getResourceId());
  verify(authorization).setResourceType(dto.getResourceType());

  verify(authorizationServiceMock).saveAuthorization(authorization);

}
 
Example #12
Source File: AuthorizationRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testCreateGlobalAuthorization() {

  Authorization authorization = MockProvider.createMockGlobalAuthorization();
  when(authorizationServiceMock.createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL)).thenReturn(authorization);
  when(authorizationServiceMock.saveAuthorization(authorization)).thenReturn(authorization);

  AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
  when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
  when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
  when(authorizationQuery.singleResult()).thenReturn(authorization);

  AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization, processEngineConfigurationMock);

  given()
      .body(dto).contentType(ContentType.JSON)
  .then().expect()
      .statusCode(Status.OK.getStatusCode())
  .when()
      .post(AUTH_CREATE_PATH);

  verify(authorizationServiceMock).createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
  verify(authorization).setUserId(Authorization.ANY);
  verify(authorization, times(4)).setResourceType(authorization.getAuthorizationType());
  verify(authorization, times(2)).setResourceId(authorization.getResourceId());
  verify(authorization, times(2)).setPermissions(authorization.getPermissions(Permissions.values()));
  verify(authorizationServiceMock).saveAuthorization(authorization);
}
 
Example #13
Source File: AuthorizationRestServiceImpl.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public List<AuthorizationDto> queryAuthorizations(AuthorizationQueryDto queryDto, Integer firstResult, Integer maxResults) {

    queryDto.setObjectMapper(getObjectMapper());
    AuthorizationQuery query = queryDto.toQuery(getProcessEngine());

    List<Authorization> resultList;
    if(firstResult != null || maxResults != null) {
      resultList = executePaginatedQuery(query, firstResult, maxResults);
    } else {
      resultList = query.list();
    }

    return AuthorizationDto.fromAuthorizationList(resultList, processEngine.getProcessEngineConfiguration());
  }
 
Example #14
Source File: AuthorizationQueryDto.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Override
protected void applySortBy(AuthorizationQuery query, String sortBy, Map<String, Object> parameters, ProcessEngine engine) {
  if (sortBy.equals(SORT_BY_RESOURCE_ID)) {
    query.orderByResourceId();
  } else if (sortBy.equals(SORT_BY_RESOURCE_TYPE)) {
    query.orderByResourceType();
  }
}
 
Example #15
Source File: AuthorizationRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testCreateGrantAuthorization() {

  Authorization authorization = MockProvider.createMockGrantAuthorization();
  when(authorizationServiceMock.createNewAuthorization(Authorization.AUTH_TYPE_GRANT)).thenReturn(authorization);
  when(authorizationServiceMock.saveAuthorization(authorization)).thenReturn(authorization);

  AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
  when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
  when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
  when(authorizationQuery.singleResult()).thenReturn(authorization);

  AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization, processEngineConfigurationMock);

  given()
      .body(dto).contentType(ContentType.JSON)
  .then().expect()
      .statusCode(Status.OK.getStatusCode())
  .when()
      .post(AUTH_CREATE_PATH);

  verify(authorizationServiceMock).createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  verify(authorization, times(2)).setUserId(authorization.getUserId());
  verify(authorization, times(4)).setResourceType(authorization.getAuthorizationType());
  verify(authorization, times(2)).setResourceId(authorization.getResourceId());
  verify(authorization, times(2)).setPermissions(authorization.getPermissions(Permissions.values()));
  verify(authorizationServiceMock).saveAuthorization(authorization);
}
 
Example #16
Source File: AuthorizationRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testCreateRevokeAuthorization() {

  Authorization authorization = MockProvider.createMockRevokeAuthorization();
  when(authorizationServiceMock.createNewAuthorization(Authorization.AUTH_TYPE_REVOKE)).thenReturn(authorization);
  when(authorizationServiceMock.saveAuthorization(authorization)).thenReturn(authorization);

  AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
  when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
  when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
  when(authorizationQuery.singleResult()).thenReturn(authorization);

  AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization, processEngineConfigurationMock);

  given()
      .body(dto).contentType(ContentType.JSON)
  .then().expect()
      .statusCode(Status.OK.getStatusCode())
  .when()
      .post(AUTH_CREATE_PATH);

  verify(authorizationServiceMock).createNewAuthorization(Authorization.AUTH_TYPE_REVOKE);
  verify(authorization, times(2)).setUserId(authorization.getUserId());
  verify(authorization, times(4)).setResourceType(authorization.getAuthorizationType());
  verify(authorization, times(2)).setResourceId(authorization.getResourceId());
  verify(authorization, times(2)).setPermissions(authorization.getPermissions(Permissions.values()));
  verify(authorizationServiceMock).saveAuthorization(authorization);
}
 
Example #17
Source File: AuthorizationRestServiceImpl.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected List<Authorization> executePaginatedQuery(AuthorizationQuery query, Integer firstResult, Integer maxResults) {
  if (firstResult == null) {
    firstResult = 0;
  }
  if (maxResults == null) {
    maxResults = Integer.MAX_VALUE;
  }
  return query.listPage(firstResult, maxResults);
}
 
Example #18
Source File: AuthorizationRestServiceQueryTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
private AuthorizationQuery setUpMockQuery(List<Authorization> list) {
  AuthorizationQuery query = mock(AuthorizationQuery.class);
  when(query.list()).thenReturn(list);
  when(query.count()).thenReturn((long) list.size());

  when(processEngine.getAuthorizationService().createAuthorizationQuery()).thenReturn(query);

  return query;
}
 
Example #19
Source File: RemovalTimeStrategyStartTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldResolveHistoricTaskAuthorization_HistoricProcessInstance() {
  // given
  processEngineConfiguration.setEnableHistoricInstancePermissions(true);

  testRule.deploy(CALLING_PROCESS);

  testRule.deploy(CALLED_PROCESS);

  ClockUtil.setCurrentTime(START_DATE);

  ProcessInstance rootProcessInstance = runtimeService.startProcessInstanceByKey(CALLING_PROCESS_KEY);

  // when
  Authorization authorization =
      authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);

  authorization.setUserId("myUserId");
  authorization.setResource(Resources.HISTORIC_PROCESS_INSTANCE);

  String processInstanceId = historyService.createHistoricProcessInstanceQuery()
      .activeActivityIdIn("userTask")
      .singleResult()
      .getId();

  authorization.setResourceId(processInstanceId);

  authorizationService.saveAuthorization(authorization);

  // then
  AuthorizationQuery authQuery = authorizationService.createAuthorizationQuery()
      .resourceType(Resources.HISTORIC_PROCESS_INSTANCE);

  String rootProcessInstanceId = rootProcessInstance.getRootProcessInstanceId();
  Date removalTime = addDays(START_DATE, 5);
  Assertions.assertThat(authQuery.list())
      .extracting("removalTime", "resourceId", "rootProcessInstanceId")
      .containsExactly(tuple(removalTime, processInstanceId, rootProcessInstanceId));
}
 
Example #20
Source File: AuthorizationRestServiceQueryTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testSuccessfulPagination() {

  AuthorizationQuery mockQuery = setUpMockQuery(MockProvider.createMockAuthorizations());

  int firstResult = 0;
  int maxResults = 10;
  given().queryParam("firstResult", firstResult).queryParam("maxResults", maxResults)
    .then().expect().statusCode(Status.OK.getStatusCode())
    .when().get(SERVICE_PATH);

  verify(mockQuery).listPage(firstResult, maxResults);
}
 
Example #21
Source File: AuthorizationRestServiceQueryTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testSimpleAuthorizationQuery() {

  List<Authorization> mockAuthorizations = MockProvider.createMockGlobalAuthorizations();
  AuthorizationQuery mockQuery = setUpMockQuery(mockAuthorizations);

  Response response = given().queryParam("type", Authorization.AUTH_TYPE_GLOBAL)
    .then().expect().statusCode(Status.OK.getStatusCode())
    .when().get(SERVICE_PATH);

  InOrder inOrder = inOrder(mockQuery);
  inOrder.verify(mockQuery).authorizationType(Authorization.AUTH_TYPE_GLOBAL);
  inOrder.verify(mockQuery).list();

  String content = response.asString();
  List<String> instances = from(content).getList("");
  Assert.assertEquals("There should be one authorization returned.", 1, instances.size());
  Assert.assertNotNull("The returned authorization should not be null.", instances.get(0));

  Authorization mockAuthorization = mockAuthorizations.get(0);

  Assert.assertEquals(mockAuthorization.getId(), from(content).getString("[0].id"));
  Assert.assertEquals(mockAuthorization.getAuthorizationType(), from(content).getInt("[0].type"));
  Assert.assertEquals(Permissions.READ.getName(), from(content).getString("[0].permissions[0]"));
  Assert.assertEquals(Permissions.UPDATE.getName(), from(content).getString("[0].permissions[1]"));
  Assert.assertEquals(mockAuthorization.getUserId(), from(content).getString("[0].userId"));
  Assert.assertEquals(mockAuthorization.getGroupId(), from(content).getString("[0].groupId"));
  Assert.assertEquals(mockAuthorization.getResourceType(), from(content).getInt("[0].resourceType"));
  Assert.assertEquals(mockAuthorization.getResourceId(), from(content).getString("[0].resourceId"));
  Assert.assertEquals(mockAuthorization.getRemovalTime(),
      DateTimeUtil.parseDate(from(content).getString("[0].removalTime")));
  Assert.assertEquals(mockAuthorization.getRootProcessInstanceId(),
      from(content).getString("[0].rootProcessInstanceId"));

}
 
Example #22
Source File: AuthorizationRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testUpdateAuthorizationNotValidPermission() {
  Authorization authorization = MockProvider.createMockGlobalAuthorization();
  AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
  when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
  when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
  when(authorizationQuery.singleResult()).thenReturn(authorization);

  Map<String, Object> jsonBody = new HashMap<String, Object>();

  jsonBody.put("permissions", Arrays.asList(Permissions.TASK_WORK.name()));
  jsonBody.put("userId", MockProvider.EXAMPLE_USER_ID + ","+MockProvider.EXAMPLE_USER_ID2);
  jsonBody.put("groupId", MockProvider.EXAMPLE_GROUP_ID+","+MockProvider.EXAMPLE_GROUP_ID2);
  jsonBody.put("resourceType", Resources.PROCESS_INSTANCE.resourceType());
  jsonBody.put("resourceId", MockProvider.EXAMPLE_RESOURCE_ID);

  // READ_INSTANCE permission is not valid for TASK

  given()
      .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
      .body(jsonBody).contentType(ContentType.JSON)
  .then().expect()
      .statusCode(Status.BAD_REQUEST.getStatusCode())
      .contentType(ContentType.JSON)
      .body("type", equalTo(BadUserRequestException.class.getSimpleName()))
      .body("message", equalTo("The permission 'TASK_WORK' is not valid for 'PROCESS_INSTANCE' resource type."))
  .when()
      .put(AUTH_RESOURCE_PATH);

  verify(authorizationServiceMock, never()).saveAuthorization(authorization);
}
 
Example #23
Source File: AuthorizationRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testGetAuthorizationById() {

  Authorization authorization = MockProvider.createMockGlobalAuthorization();

  AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
  when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
  when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
  when(authorizationQuery.singleResult()).thenReturn(authorization);

  given()
      .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
  .then().expect()
      .statusCode(Status.OK.getStatusCode()).contentType(ContentType.JSON)
      .body("id", equalTo(authorization.getId()))
      .body("type", equalTo(authorization.getAuthorizationType()))
      .body("permissions[0]", equalTo(Permissions.READ.getName()))
      .body("permissions[1]", equalTo(Permissions.UPDATE.getName()))
      .body("userId", equalTo(authorization.getUserId()))
      .body("groupId", equalTo(authorization.getGroupId()))
      .body("resourceType", equalTo(authorization.getResourceType()))
      .body("resourceId", equalTo(authorization.getResourceId()))
      .body("removalTime", equalTo(MockProvider.EXAMPLE_AUTH_REMOVAL_TIME))
      .body("rootProcessInstanceId", equalTo(authorization.getRootProcessInstanceId()))
  .when()
      .get(AUTH_RESOURCE_PATH);

}
 
Example #24
Source File: AuthorizationQueryImpl.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public AuthorizationQuery hasPermission(Permission p) {
  queryByPermission = true;

  if (resourcesIntersection.size() == 0) {
    resourcesIntersection.addAll(Arrays.asList(p.getTypes()));
  } else {
    resourcesIntersection.retainAll(new HashSet<Resource>(Arrays.asList(p.getTypes())));
  }

  this.permission |= p.getValue();
  return this;
}
 
Example #25
Source File: AuthorizationRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testAuthorizationResourceOptions() {
  String fullAuthorizationUrl = "http://localhost:" + PORT + TEST_RESOURCE_ROOT_PATH + AuthorizationRestService.PATH + "/" + MockProvider.EXAMPLE_AUTHORIZATION_ID;

  Authorization authorization = MockProvider.createMockGlobalAuthorization();

  AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
  when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
  when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
  when(authorizationQuery.singleResult()).thenReturn(authorization);
  when(identityServiceMock.getCurrentAuthentication()).thenReturn(null);

  when(processEngineConfigurationMock.isAuthorizationEnabled()).thenReturn(true);

  given()
      .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
  .then()
      .statusCode(Status.OK.getStatusCode())

      .body("links[0].href", equalTo(fullAuthorizationUrl))
      .body("links[0].method", equalTo(HttpMethod.GET))
      .body("links[0].rel", equalTo("self"))

      .body("links[1].href", equalTo(fullAuthorizationUrl))
      .body("links[1].method", equalTo(HttpMethod.DELETE))
      .body("links[1].rel", equalTo("delete"))

      .body("links[2].href", equalTo(fullAuthorizationUrl))
      .body("links[2].method", equalTo(HttpMethod.PUT))
      .body("links[2].rel", equalTo("update"))

  .when()
      .options(AUTH_RESOURCE_PATH);

  verify(identityServiceMock, times(2)).getCurrentAuthentication();

}
 
Example #26
Source File: AuthorizationRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testAuthorizationResourceOptionsUnauthorized() {
  String fullAuthorizationUrl = "http://localhost:" + PORT + TEST_RESOURCE_ROOT_PATH + AuthorizationRestService.PATH + "/" + MockProvider.EXAMPLE_AUTHORIZATION_ID;

  Authorization authorization = MockProvider.createMockGlobalAuthorization();

  AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
  when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
  when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
  when(authorizationQuery.singleResult()).thenReturn(authorization);

  Authentication authentication = new Authentication(MockProvider.EXAMPLE_USER_ID, null);
  when(identityServiceMock.getCurrentAuthentication()).thenReturn(authentication);
  when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(false);
  when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, UPDATE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(false);

  when(processEngine.getProcessEngineConfiguration().isAuthorizationEnabled()).thenReturn(true);

  given()
    .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID)
  .then()
    .statusCode(Status.OK.getStatusCode())

    .body("links[0].href", equalTo(fullAuthorizationUrl))
    .body("links[0].method", equalTo(HttpMethod.GET))
    .body("links[0].rel", equalTo("self"))

    .body("links[1]", nullValue())
    .body("links[2]", nullValue())

  .when()
      .options(AUTH_RESOURCE_PATH);

  verify(identityServiceMock, times(2)).getCurrentAuthentication();
  verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID);
  verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, UPDATE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID);

}
 
Example #27
Source File: HistoricProcessInstanceAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testDeleteHistoricAuthorizationRelatedToHistoricProcessInstance() {
  // given
  String processInstanceId = startProcessInstanceByKey(PROCESS_KEY).getId();

  String taskId = selectSingleTask().getId();

  disableAuthorization();
  taskService.complete(taskId);
  enableAuthorization();

  createGrantAuthorization(PROCESS_DEFINITION, PROCESS_KEY, userId, DELETE_HISTORY);

  createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, processInstanceId, userId,
      HistoricProcessInstancePermissions.READ);

  // assume
  AuthorizationQuery authorizationQuery = authorizationService.createAuthorizationQuery()
      .resourceType(Resources.HISTORIC_PROCESS_INSTANCE)
      .resourceId(processInstanceId);

  assertThat(authorizationQuery.list())
      .extracting("resourceId")
      .containsExactly(processInstanceId);

  // when
  historyService.deleteHistoricProcessInstance(processInstanceId);

  // then
  authorizationQuery = authorizationService.createAuthorizationQuery()
      .resourceType(Resources.HISTORIC_PROCESS_INSTANCE)
      .resourceId(processInstanceId);

  assertThat(authorizationQuery.list()).isEmpty();
}
 
Example #28
Source File: AuthorizationRestServiceQueryTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testQueryCount() {

  AuthorizationQuery mockQuery = setUpMockQuery(MockProvider.createMockAuthorizations());

  expect().statusCode(Status.OK.getStatusCode())
    .body("count", equalTo(3))
    .when().get(SERVICE_COUNT_PATH);

  verify(mockQuery).count();
}
 
Example #29
Source File: AuthorizationQueryImpl.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
public AuthorizationQuery authorizationId(String id) {
  this.id = id;
  return this;
}
 
Example #30
Source File: AuthorizationQueryImpl.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
public AuthorizationQuery resourceType(Resource resource) {
  return resourceType(resource.resourceType());
}