org.camunda.bpm.engine.authorization.Resources Java Examples

The following examples show how to use org.camunda.bpm.engine.authorization.Resources. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: HistoricIncidentAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testCheckReadOnHistoricProcessInstanceAndNonePermissionOnProcessDefinition() {
  // given
  processEngineConfiguration.setEnableHistoricInstancePermissions(true);

  String processInstanceId = startProcessAndExecuteJob(ONE_INCIDENT_PROCESS_KEY)
      .getProcessInstanceId();

  createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, processInstanceId, userId,
      HistoricProcessInstancePermissions.READ);
  createGrantAuthorization(PROCESS_DEFINITION, ONE_INCIDENT_PROCESS_KEY, userId,
      ProcessDefinitionPermissions.NONE);

  // when
  HistoricIncidentQuery query = historyService.createHistoricIncidentQuery();

  // then
  assertThat(query.list())
      .extracting("processInstanceId")
      .containsExactly(processInstanceId);
}
 
Example #2
Source File: CdiBeanResolutionTwoEnginesTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
private void createAuthorizations(ProcessEngine processEngine1) {
  Authorization newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
  newAuthorization.setResource(Resources.PROCESS_INSTANCE);
  newAuthorization.setResourceId("*");
  newAuthorization.setPermissions(new Permission[] { Permissions.CREATE });
  processEngine1.getAuthorizationService().saveAuthorization(newAuthorization);

  newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
  newAuthorization.setResource(Resources.PROCESS_DEFINITION);
  newAuthorization.setResourceId("*");
  newAuthorization.setPermissions(new Permission[] { Permissions.CREATE_INSTANCE });
  processEngine1.getAuthorizationService().saveAuthorization(newAuthorization);

  newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
  newAuthorization.setResource(Resources.TASK);
  newAuthorization.setResourceId("*");
  newAuthorization.setPermissions(new Permission[] { Permissions.READ, Permissions.TASK_WORK });
  processEngine1.getAuthorizationService().saveAuthorization(newAuthorization);
}
 
Example #3
Source File: DefaultPermissionForTenantMemberTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testCreateAndDeleteTenantUserMembershipForMultipleTenants() {

  createTenant(TENANT_TWO);

  identityService.createTenantUserMembership(TENANT_ONE, USER_ID);
  identityService.createTenantUserMembership(TENANT_TWO, USER_ID);

  assertEquals(2, authorizationService.createAuthorizationQuery()
    .userIdIn(USER_ID)
    .resourceType(Resources.TENANT)
    .hasPermission(Permissions.READ).count());

  identityService.deleteTenantUserMembership(TENANT_ONE, USER_ID);

  assertEquals(1, authorizationService.createAuthorizationQuery()
    .userIdIn(USER_ID)
    .resourceType(Resources.TENANT)
    .hasPermission(Permissions.READ).count());
}
 
Example #4
Source File: DefaultUserPermissionsForTaskTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testShouldGrantTaskWorkOnSetCandidateUser() {

    // given
    processEngineConfiguration.setDefaultUserPermissionForTask(TASK_WORK);

    String taskId = "myTask";
    createTask(taskId);
    createGrantAuthorization(TASK, taskId, userId, UPDATE);

    // when
    processEngine.getTaskService().addCandidateUser(taskId, userId2);

    // then
    assertEquals(true,authorizationService.isUserAuthorized(userId2, null, Permissions.READ, Resources.TASK, taskId));
    assertEquals(true, authorizationService.isUserAuthorized(userId2, null,Permissions.TASK_WORK, Resources.TASK, taskId));
    assertEquals(false, authorizationService.isUserAuthorized(userId2, null,Permissions.UPDATE, Resources.TASK, taskId));

    deleteTask(taskId, true);
  }
 
Example #5
Source File: SetAssigneeProcessInstanceTaskAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testWithReadHistoryPermissionOnAnyProcessDefinition() {
  // given
  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  auth.setUserId(USER_ID);
  auth.setPermissions(new Permissions[] {Permissions.READ_HISTORY});
  auth.setResource(Resources.PROCESS_DEFINITION);
  auth.setResourceId("*");

  authorizationService.saveAuthorization(auth);
  engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);
  // when
  UserOperationLogQuery query = historyService.createUserOperationLogQuery().processDefinitionKey("oneTaskProcess_userOpLog");

  // then
  assertEquals(1, query.count());
}
 
Example #6
Source File: SetJobRetriesBatchAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Parameterized.Parameters(name = "Scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
  return AuthorizationTestRule.asParameters(
      scenario()
          .withoutAuthorizations()
          .failsDueToRequired(
              grant(Resources.BATCH, "batchId", "userId", Permissions.CREATE),
              grant(Resources.BATCH, "batchId", "userId", BatchPermissions.CREATE_BATCH_SET_JOB_RETRIES)
          ),
      scenario()
          .withAuthorizations(
              grant(Resources.BATCH, "batchId", "userId", Permissions.CREATE)
          ),
      scenario()
          .withAuthorizations(
              grant(Resources.BATCH, "batchId", "userId", BatchPermissions.CREATE_BATCH_SET_JOB_RETRIES)
          ).succeeds()
  );
}
 
Example #7
Source File: DefaultUserPermissionsForTaskTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testShouldGrantUpdateOnAssign() {

    // given
    processEngineConfiguration.setDefaultUserPermissionForTask(UPDATE);

    String taskId = "myTask";
    createTask(taskId);
    createGrantAuthorization(TASK, taskId, userId, UPDATE);

    // when
    processEngine.getTaskService().setAssignee(taskId, userId2);

    // then
    assertEquals(true,authorizationService.isUserAuthorized(userId2, null, Permissions.READ, Resources.TASK, taskId));
    assertEquals(true, authorizationService.isUserAuthorized(userId2, null,Permissions.UPDATE, Resources.TASK, taskId));

    deleteTask(taskId, true);
  }
 
Example #8
Source File: SetExternalTaskPriorityAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Parameterized.Parameters(name = "Scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
  return AuthorizationTestRule.asParameters(
    scenario()
      .withoutAuthorizations()
      .failsDueToRequired(
        grant(Resources.PROCESS_INSTANCE, "processInstanceId", "userId", Permissions.UPDATE),
        grant(Resources.PROCESS_DEFINITION, "oneExternalTaskProcess", "userId", Permissions.UPDATE_INSTANCE)),
    scenario()
      .withAuthorizations(
        grant(Resources.PROCESS_INSTANCE, "processInstanceId", "userId", Permissions.UPDATE))
      .succeeds(),
    scenario()
      .withAuthorizations(
        grant(Resources.PROCESS_INSTANCE, "*", "userId", Permissions.UPDATE))
      .succeeds(),
    scenario()
      .withAuthorizations(
        grant(Resources.PROCESS_DEFINITION, "processDefinitionKey", "userId", Permissions.UPDATE_INSTANCE))
      .succeeds(),
    scenario()
      .withAuthorizations(
        grant(Resources.PROCESS_DEFINITION, "*", "userId", Permissions.UPDATE_INSTANCE))
      .succeeds()
    );
}
 
Example #9
Source File: DefaultUserPermissionsForTaskTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testShouldGrantTaskWorkOnAssign() {

    // given
    processEngineConfiguration.setDefaultUserPermissionForTask(TASK_WORK);

    String taskId = "myTask";
    createTask(taskId);
    createGrantAuthorization(TASK, taskId, userId, UPDATE);

    // when
    processEngine.getTaskService().setAssignee(taskId, userId2);

    // then
    assertEquals(true,authorizationService.isUserAuthorized(userId2, null, Permissions.READ, Resources.TASK, taskId));
    assertEquals(true, authorizationService.isUserAuthorized(userId2, null,Permissions.TASK_WORK, Resources.TASK, taskId));
    assertEquals(false, authorizationService.isUserAuthorized(userId2, null,Permissions.UPDATE, Resources.TASK, taskId));

    deleteTask(taskId, true);
  }
 
Example #10
Source File: BatchStatisticsQueryAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testBatchStatisticsAndCreateUserId() {
  // given
  ProcessInstance pi = createMigrationPlan();

  // when
  authRule.createGrantAuthorization(Resources.BATCH, "*", "userId", Permissions.CREATE);
  authRule.createGrantAuthorization(Resources.PROCESS_DEFINITION, "*", "userId", Permissions.MIGRATE_INSTANCE);

  authRule.enableAuthorization("userId");
  batch3 = engineRule.getRuntimeService()
    .newMigration(migrationPlan)
    .processInstanceIds(Arrays.asList(pi.getId()))
    .executeAsync();
  authRule.disableAuthorization();

  // then
  BatchStatistics batchStatistics = engineRule.getManagementService().createBatchStatisticsQuery().batchId(batch3.getId()).singleResult();
  assertEquals("userId", batchStatistics.getCreateUserId());
}
 
Example #11
Source File: RestartAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Parameterized.Parameters(name = "Scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
  return AuthorizationTestRule.asParameters(
    scenario()
      .withoutAuthorizations()
      .failsDueToRequired(
        grant(Resources.PROCESS_DEFINITION, "Process", "userId", Permissions.READ_HISTORY)
      ),
    scenario()
      .withAuthorizations(
        grant(Resources.PROCESS_DEFINITION, "Process", "userId", Permissions.READ_HISTORY)
      )
      .failsDueToRequired(
        grant(Resources.PROCESS_INSTANCE, "*", "userId", Permissions.CREATE)
      ),
    scenario()
      .withAuthorizations(
        grant(Resources.PROCESS_DEFINITION, "Process", "userId", Permissions.READ_HISTORY, Permissions.CREATE_INSTANCE),
        grant(Resources.PROCESS_INSTANCE, "*", "userId", Permissions.CREATE)
      )
      .succeeds()
  );
}
 
Example #12
Source File: AuthorizationQueryAuthorizationsTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testQueryPermissionWithMixedResource() throws Exception {
  // given
  Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  authorization.setUserId("userId");
  authorization.setResource(Resources.APPLICATION);
  authorization.addPermission(Permissions.ACCESS);
  authorization.setResourceId(ANY);
  authorizationService.saveAuthorization(authorization);

  processEngineConfiguration.setAuthorizationEnabled(true);

  // assume
  Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.APPLICATION).singleResult();
  assertNotNull(authResult);

  // then
  assertEquals(0, authorizationService.createAuthorizationQuery()
      .resourceType(Resources.BATCH)
      .hasPermission(Permissions.ACCESS)
      .count());
}
 
Example #13
Source File: DeleteHistoricProcessInstancesAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Parameterized.Parameters(name = "Scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
  return AuthorizationTestRule.asParameters(
      scenario()
          .withAuthorizations(
              grant(Resources.PROCESS_DEFINITION, "Process", "userId", Permissions.READ_HISTORY)
          )
          .failsDueToRequired(
              grant(Resources.PROCESS_DEFINITION, "Process", "userId", Permissions.DELETE_HISTORY)
          ),
      scenario()
          .withAuthorizations(
              grant(Resources.PROCESS_DEFINITION, "Process", "userId", Permissions.READ_HISTORY, Permissions.DELETE_HISTORY)
          ).succeeds()
  );
}
 
Example #14
Source File: SetAssigneeProcessInstanceTaskAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testWithReadHistoryPermissionOnProcessDefinition() {
  // given
  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  auth.setUserId(USER_ID);
  auth.setPermissions(new Permissions[] {Permissions.READ_HISTORY});
  auth.setResource(Resources.PROCESS_DEFINITION);
  auth.setResourceId("oneTaskProcess_userOpLog");

  authorizationService.saveAuthorization(auth);
  engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);
  // when
  UserOperationLogQuery query = historyService.createUserOperationLogQuery().processDefinitionKey("oneTaskProcess_userOpLog");

  // then
  assertEquals(1, query.count());
}
 
Example #15
Source File: GetErrorDetailsAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Parameterized.Parameters(name = "Scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
  return AuthorizationTestRule.asParameters(
      scenario()
          .withoutAuthorizations()
          .failsDueToRequired(
              grant(Resources.PROCESS_INSTANCE, "processInstanceId", "userId", Permissions.READ),
              grant(Resources.PROCESS_DEFINITION, "oneExternalTaskProcess", "userId", Permissions.READ_INSTANCE)),
      scenario()
          .withAuthorizations(
              grant(Resources.PROCESS_INSTANCE, "processInstanceId", "userId", Permissions.READ))
          .succeeds(),
      scenario()
          .withAuthorizations(
              grant(Resources.PROCESS_INSTANCE, "*", "userId", Permissions.READ))
          .succeeds(),
      scenario()
          .withAuthorizations(
              grant(Resources.PROCESS_DEFINITION, "processDefinitionKey", "userId", Permissions.READ_INSTANCE))
          .succeeds(),
      scenario()
          .withAuthorizations(
              grant(Resources.PROCESS_DEFINITION, "*", "userId", Permissions.READ_INSTANCE))
          .succeeds()
  );
}
 
Example #16
Source File: AuthorizationServiceAuthorizationsTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testSaveAuthorizationSetPermissionsWithValidResource() throws Exception {
  // given
  Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  authorization.setUserId("userId");
  authorization.addPermission(Permissions.ACCESS);
  // 'ACCESS' is not allowed for Batches
  // however, it will be reset by next line, so saveAuthorization will be successful
  authorization.setPermissions(
      new BatchPermissions[] { BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES });
  authorization.setResource(Resources.BATCH);
  authorization.setResourceId(ANY);

  processEngineConfiguration.setAuthorizationEnabled(true);

  // when
  authorizationService.saveAuthorization(authorization);

  // then
  Authorization authorizationResult = authorizationService.createAuthorizationQuery().resourceType(Resources.BATCH).singleResult();
  assertNotNull(authorizationResult);
  assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
  assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES));
}
 
Example #17
Source File: UserOperationLogAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testCheckNoneOnHistoricProcessInstanceAndTaskWorkerCategory() {
  // given
  processEngineConfiguration.setEnableHistoricInstancePermissions(true);

  String processInstanceId = startProcessInstanceByKey(ONE_TASK_PROCESS_KEY)
      .getProcessInstanceId();

  String taskId = selectSingleTask().getId();
  setAssignee(taskId, "demo");

  createGrantAuthorizationWithoutAuthentication(Resources.HISTORIC_PROCESS_INSTANCE,
      processInstanceId, userId, HistoricProcessInstancePermissions.NONE);
  createGrantAuthorizationWithoutAuthentication(OPERATION_LOG_CATEGORY, CATEGORY_TASK_WORKER,
      userId, READ);

  // when
  UserOperationLogQuery query = historyService.createUserOperationLogQuery();

  // then
  assertThat(query.list())
      .extracting("processInstanceId")
      .containsExactly(processInstanceId);
}
 
Example #18
Source File: HistoricProcessInstanceAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testCheckReadHistoricProcessInstancePermissions() {
  // given
  processEngineConfiguration.setEnableHistoricInstancePermissions(true);

  // when
  createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, ANY, userId,
      HistoricProcessInstancePermissions.READ);

  // then
  assertThat(authorizationService.isUserAuthorized(userId, null,
      HistoricProcessInstancePermissions.NONE, Resources.HISTORIC_PROCESS_INSTANCE)).isTrue();

  assertThat(authorizationService.isUserAuthorized(userId, null,
      HistoricProcessInstancePermissions.READ, Resources.HISTORIC_PROCESS_INSTANCE)).isTrue();

  assertThat(authorizationService.isUserAuthorized(userId, null,
      HistoricProcessInstancePermissions.ALL, Resources.HISTORIC_PROCESS_INSTANCE)).isFalse();
}
 
Example #19
Source File: EvaluateDecisionAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Parameters(name = "scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
  return AuthorizationTestRule.asParameters(
    scenario()
      .withoutAuthorizations()
      .failsDueToRequired(
        grant(Resources.DECISION_DEFINITION, DECISION_DEFINITION_KEY, "userId", Permissions.CREATE_INSTANCE)),
    scenario()
      .withAuthorizations(
        grant(Resources.DECISION_DEFINITION, DECISION_DEFINITION_KEY, "userId", Permissions.CREATE_INSTANCE))
      .succeeds(),
    scenario()
      .withAuthorizations(
        grant(Resources.DECISION_DEFINITION, "*", "userId", Permissions.CREATE_INSTANCE))
      .succeeds()
    );
}
 
Example #20
Source File: TaskReadVariablePermissionAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Before
public void init() {
  processEngineConfiguration = engineRule.getProcessEngineConfiguration();
  identityService = engineRule.getIdentityService();
  authorizationService = engineRule.getAuthorizationService();
  taskService = engineRule.getTaskService();
  runtimeService = engineRule.getRuntimeService();

  enforceSpecificVariablePermission = processEngineConfiguration.isEnforceSpecificVariablePermission();
  processEngineConfiguration.setEnforceSpecificVariablePermission(true);
  processEngineConfiguration.setEnableHistoricInstancePermissions(true);

  User user = identityService.newUser(userId);
  identityService.saveUser(user);
  identityService.setAuthenticatedUserId(userId);
  authRule.createGrantAuthorization(Resources.AUTHORIZATION, "*", userId, Permissions.CREATE);
}
 
Example #21
Source File: HistoricActivityInstanceAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testCheckNonePermissionOnHistoricProcessInstance() {
  // given
  processEngineConfiguration.setEnableHistoricInstancePermissions(true);

  String processInstanceId = startProcessInstanceByKey(PROCESS_KEY).getId();

  createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, processInstanceId, userId,
      HistoricProcessInstancePermissions.NONE);

  // when
  HistoricActivityInstanceQuery query = historyService.createHistoricActivityInstanceQuery()
      .processInstanceId(processInstanceId);

  // then
  assertThat(query.list()).isEmpty();
}
 
Example #22
Source File: SetRemovalTimeForHistoricBatchesBatchAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Parameterized.Parameters(name = "Scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
  return AuthorizationTestRule.asParameters(
      scenario()
          .withAuthorizations(
            grant(Resources.BATCH, "batchId", "userId", Permissions.READ_HISTORY)
          )
          .failsDueToRequired(
              grant(Resources.BATCH, "batchId", "userId", Permissions.CREATE),
              grant(Resources.BATCH, "batchId", "userId", BatchPermissions.CREATE_BATCH_SET_REMOVAL_TIME)
          ),
      scenario()
          .withAuthorizations(
              grant(Resources.BATCH, "batchId", "userId", Permissions.READ_HISTORY, Permissions.CREATE)
          ),
      scenario()
          .withAuthorizations(
              grant(Resources.BATCH, "batchId", "userId", Permissions.READ_HISTORY, BatchPermissions.CREATE_BATCH_SET_REMOVAL_TIME)
          ).succeeds()
  );
}
 
Example #23
Source File: DefaultPermissionForTenantMemberTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testCreateTenantGroupMembership() {

  identityService.createTenantGroupMembership(TENANT_ONE, GROUP_ID);

  assertEquals(1, authorizationService.createAuthorizationQuery()
    .groupIdIn(GROUP_ID)
    .resourceType(Resources.TENANT)
    .resourceId(TENANT_ONE)
    .hasPermission(Permissions.READ).count());

  identityService.setAuthentication(USER_ID, Collections.singletonList(GROUP_ID));

  assertEquals(TENANT_ONE,identityService.createTenantQuery()
    .singleResult()
    .getId());
}
 
Example #24
Source File: BulkHistoryDeleteProcessInstancesAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Parameterized.Parameters(name = "Scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
  return AuthorizationTestRule.asParameters(
      scenario()
          .failsDueToRequired(
              grant(Resources.PROCESS_DEFINITION, "processDefinition", "demo", Permissions.DELETE_HISTORY)
          )
              ,
      scenario()
          .withAuthorizations(
              grant(Resources.PROCESS_DEFINITION, "processDefinition", "demo", Permissions.DELETE_HISTORY)
          )
          .succeeds(),
      scenario()
          .withAuthorizations(
              grant(Resources.PROCESS_DEFINITION, "*", "demo", Permissions.DELETE_HISTORY)
          )
          .succeeds()
  );
}
 
Example #25
Source File: UserOperationLogAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testCheckNonePermissionOnHistoricProcessInstance() {
  // given
  processEngineConfiguration.setEnableHistoricInstancePermissions(true);

  String processInstanceId = startProcessInstanceByKey(ONE_TASK_PROCESS_KEY)
      .getProcessInstanceId();

  String taskId = selectSingleTask().getId();
  setAssignee(taskId, "demo");

  createGrantAuthorizationWithoutAuthentication(Resources.HISTORIC_PROCESS_INSTANCE, processInstanceId, userId,
      HistoricProcessInstancePermissions.NONE);

  // when
  UserOperationLogQuery query = historyService.createUserOperationLogQuery();

  // then
  assertThat(query.list()).isEmpty();
}
 
Example #26
Source File: DbIdentityServiceProvider.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public IdentityOperationResult deleteTenantGroupMembership(String tenantId, String groupId) {
  checkAuthorization(Permissions.DELETE, Resources.TENANT_MEMBERSHIP, tenantId);
  
  if (existsTenantMembership(tenantId, null, groupId)) {
    deleteAuthorizations(Resources.TENANT_MEMBERSHIP, groupId);

    deleteAuthorizationsForGroup(Resources.TENANT, tenantId, groupId);

    Map<String, Object> parameters = new HashMap<String, Object>();
    parameters.put("tenantId", tenantId);
    parameters.put("groupId", groupId);
    getDbEntityManager().delete(TenantMembershipEntity.class, "deleteTenantMembership", parameters);
    return new IdentityOperationResult(null, IdentityOperationResult.OPERATION_DELETE);
  }
  return new IdentityOperationResult(null, IdentityOperationResult.OPERATION_NONE);
}
 
Example #27
Source File: UserOperationLogAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testCheckReadOnHistoricProcessInstanceAndAdminCategory() {
  // given
  processEngineConfiguration.setEnableHistoricInstancePermissions(true);

  String processInstanceId = startProcessInstanceByKey(ONE_TASK_PROCESS_KEY)
      .getProcessInstanceId();

  String taskId = selectSingleTask().getId();
  setAssignee(taskId, "demo");

  createGrantAuthorizationWithoutAuthentication(Resources.HISTORIC_PROCESS_INSTANCE, processInstanceId, userId,
      HistoricProcessInstancePermissions.READ);
  createGrantAuthorizationWithoutAuthentication(OPERATION_LOG_CATEGORY, CATEGORY_ADMIN, userId, READ);

  // when
  UserOperationLogQuery query = historyService.createUserOperationLogQuery();

  // then
  assertThat(query.list())
      .extracting("processInstanceId")
      .containsExactly(processInstanceId, processInstanceId);
}
 
Example #28
Source File: AuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testDefaultAuthorizationQueryForCamundaAdminOnUpgrade() {

  processEngineConfiguration.setAuthorizationEnabled(true);

  assertEquals(1, authorizationService.createAuthorizationQuery()
    .resourceType(Resources.TENANT)
    .groupIdIn(Groups.CAMUNDA_ADMIN)
    .hasPermission(Permissions.ALL).count());

  assertEquals(1, authorizationService.createAuthorizationQuery()
    .resourceType(Resources.TENANT_MEMBERSHIP)
    .groupIdIn(Groups.CAMUNDA_ADMIN)
    .hasPermission(Permissions.ALL).count());

  assertEquals(1, authorizationService.createAuthorizationQuery()
    .resourceType(Resources.BATCH)
    .groupIdIn(Groups.CAMUNDA_ADMIN)
    .hasPermission(Permissions.ALL).count());

}
 
Example #29
Source File: DbIdentityServiceProvider.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public IdentityOperationResult createTenantUserMembership(String tenantId, String userId) {
  checkAuthorization(Permissions.CREATE, Resources.TENANT_MEMBERSHIP, tenantId);

  TenantEntity tenant = findTenantById(tenantId);
  UserEntity user = findUserById(userId);

  ensureNotNull("No tenant found with id '" + tenantId + "'.", "tenant", tenant);
  ensureNotNull("No user found with id '" + userId + "'.", "user", user);

  TenantMembershipEntity membership = new TenantMembershipEntity();
  membership.setTenant(tenant);
  membership.setUser(user);

  getDbEntityManager().insert(membership);

  createDefaultTenantMembershipAuthorizations(tenant, user);
  return new IdentityOperationResult(null, IdentityOperationResult.OPERATION_CREATE);
}
 
Example #30
Source File: CreateStandaloneTaskDeleteAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testWithDeleteHistoryPermissionOnAnyProcessDefinition() {
  // given
  UserOperationLogQuery query = historyService.createUserOperationLogQuery().taskId("myTaskForUserOperationLogDel");
  
  // assume
  assertEquals(1, query.count());

  Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
  auth.setUserId(USER_ID);
  auth.setPermissions(new Permissions[] {Permissions.DELETE_HISTORY});
  auth.setResource(Resources.PROCESS_DEFINITION);
  auth.setResourceId("*");

  authorizationService.saveAuthorization(auth);
  engineConfiguration.setAuthorizationEnabled(true);
  
  // when
  historyService.deleteUserOperationLogEntry(query.singleResult().getId());

  // then
  assertNull(historyService.createUserOperationLogQuery().taskId("myTaskForUserOperationLogDel").singleResult());
}