org.camunda.bpm.engine.authorization.Resources Java Examples
The following examples show how to use
org.camunda.bpm.engine.authorization.Resources.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: HistoricIncidentAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testCheckReadOnHistoricProcessInstanceAndNonePermissionOnProcessDefinition() {
// given
processEngineConfiguration.setEnableHistoricInstancePermissions(true);
String processInstanceId = startProcessAndExecuteJob(ONE_INCIDENT_PROCESS_KEY)
.getProcessInstanceId();
createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, processInstanceId, userId,
HistoricProcessInstancePermissions.READ);
createGrantAuthorization(PROCESS_DEFINITION, ONE_INCIDENT_PROCESS_KEY, userId,
ProcessDefinitionPermissions.NONE);
// when
HistoricIncidentQuery query = historyService.createHistoricIncidentQuery();
// then
assertThat(query.list())
.extracting("processInstanceId")
.containsExactly(processInstanceId);
}
Example #2
| Source File: CdiBeanResolutionTwoEnginesTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
private void createAuthorizations(ProcessEngine processEngine1) {
Authorization newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
newAuthorization.setResource(Resources.PROCESS_INSTANCE);
newAuthorization.setResourceId("*");
newAuthorization.setPermissions(new Permission[] { Permissions.CREATE });
processEngine1.getAuthorizationService().saveAuthorization(newAuthorization);
newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
newAuthorization.setResource(Resources.PROCESS_DEFINITION);
newAuthorization.setResourceId("*");
newAuthorization.setPermissions(new Permission[] { Permissions.CREATE_INSTANCE });
processEngine1.getAuthorizationService().saveAuthorization(newAuthorization);
newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
newAuthorization.setResource(Resources.TASK);
newAuthorization.setResourceId("*");
newAuthorization.setPermissions(new Permission[] { Permissions.READ, Permissions.TASK_WORK });
processEngine1.getAuthorizationService().saveAuthorization(newAuthorization);
}
Example #3
| Source File: DefaultPermissionForTenantMemberTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testCreateAndDeleteTenantUserMembershipForMultipleTenants() {
createTenant(TENANT_TWO);
identityService.createTenantUserMembership(TENANT_ONE, USER_ID);
identityService.createTenantUserMembership(TENANT_TWO, USER_ID);
assertEquals(2, authorizationService.createAuthorizationQuery()
.userIdIn(USER_ID)
.resourceType(Resources.TENANT)
.hasPermission(Permissions.READ).count());
identityService.deleteTenantUserMembership(TENANT_ONE, USER_ID);
assertEquals(1, authorizationService.createAuthorizationQuery()
.userIdIn(USER_ID)
.resourceType(Resources.TENANT)
.hasPermission(Permissions.READ).count());
}
Example #4
| Source File: DefaultUserPermissionsForTaskTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testShouldGrantTaskWorkOnSetCandidateUser() {
// given
processEngineConfiguration.setDefaultUserPermissionForTask(TASK_WORK);
String taskId = "myTask";
createTask(taskId);
createGrantAuthorization(TASK, taskId, userId, UPDATE);
// when
processEngine.getTaskService().addCandidateUser(taskId, userId2);
// then
assertEquals(true,authorizationService.isUserAuthorized(userId2, null, Permissions.READ, Resources.TASK, taskId));
assertEquals(true, authorizationService.isUserAuthorized(userId2, null,Permissions.TASK_WORK, Resources.TASK, taskId));
assertEquals(false, authorizationService.isUserAuthorized(userId2, null,Permissions.UPDATE, Resources.TASK, taskId));
deleteTask(taskId, true);
}
Example #5
| Source File: SetAssigneeProcessInstanceTaskAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testWithReadHistoryPermissionOnAnyProcessDefinition() {
// given
Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
auth.setUserId(USER_ID);
auth.setPermissions(new Permissions[] {Permissions.READ_HISTORY});
auth.setResource(Resources.PROCESS_DEFINITION);
auth.setResourceId("*");
authorizationService.saveAuthorization(auth);
engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);
// when
UserOperationLogQuery query = historyService.createUserOperationLogQuery().processDefinitionKey("oneTaskProcess_userOpLog");
// then
assertEquals(1, query.count());
}
Example #6
| Source File: SetJobRetriesBatchAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Parameterized.Parameters(name = "Scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
return AuthorizationTestRule.asParameters(
scenario()
.withoutAuthorizations()
.failsDueToRequired(
grant(Resources.BATCH, "batchId", "userId", Permissions.CREATE),
grant(Resources.BATCH, "batchId", "userId", BatchPermissions.CREATE_BATCH_SET_JOB_RETRIES)
),
scenario()
.withAuthorizations(
grant(Resources.BATCH, "batchId", "userId", Permissions.CREATE)
),
scenario()
.withAuthorizations(
grant(Resources.BATCH, "batchId", "userId", BatchPermissions.CREATE_BATCH_SET_JOB_RETRIES)
).succeeds()
);
}
Example #7
| Source File: DefaultUserPermissionsForTaskTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testShouldGrantUpdateOnAssign() {
// given
processEngineConfiguration.setDefaultUserPermissionForTask(UPDATE);
String taskId = "myTask";
createTask(taskId);
createGrantAuthorization(TASK, taskId, userId, UPDATE);
// when
processEngine.getTaskService().setAssignee(taskId, userId2);
// then
assertEquals(true,authorizationService.isUserAuthorized(userId2, null, Permissions.READ, Resources.TASK, taskId));
assertEquals(true, authorizationService.isUserAuthorized(userId2, null,Permissions.UPDATE, Resources.TASK, taskId));
deleteTask(taskId, true);
}
Example #8
| Source File: SetExternalTaskPriorityAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Parameterized.Parameters(name = "Scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
return AuthorizationTestRule.asParameters(
scenario()
.withoutAuthorizations()
.failsDueToRequired(
grant(Resources.PROCESS_INSTANCE, "processInstanceId", "userId", Permissions.UPDATE),
grant(Resources.PROCESS_DEFINITION, "oneExternalTaskProcess", "userId", Permissions.UPDATE_INSTANCE)),
scenario()
.withAuthorizations(
grant(Resources.PROCESS_INSTANCE, "processInstanceId", "userId", Permissions.UPDATE))
.succeeds(),
scenario()
.withAuthorizations(
grant(Resources.PROCESS_INSTANCE, "*", "userId", Permissions.UPDATE))
.succeeds(),
scenario()
.withAuthorizations(
grant(Resources.PROCESS_DEFINITION, "processDefinitionKey", "userId", Permissions.UPDATE_INSTANCE))
.succeeds(),
scenario()
.withAuthorizations(
grant(Resources.PROCESS_DEFINITION, "*", "userId", Permissions.UPDATE_INSTANCE))
.succeeds()
);
}
Example #9
| Source File: DefaultUserPermissionsForTaskTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testShouldGrantTaskWorkOnAssign() {
// given
processEngineConfiguration.setDefaultUserPermissionForTask(TASK_WORK);
String taskId = "myTask";
createTask(taskId);
createGrantAuthorization(TASK, taskId, userId, UPDATE);
// when
processEngine.getTaskService().setAssignee(taskId, userId2);
// then
assertEquals(true,authorizationService.isUserAuthorized(userId2, null, Permissions.READ, Resources.TASK, taskId));
assertEquals(true, authorizationService.isUserAuthorized(userId2, null,Permissions.TASK_WORK, Resources.TASK, taskId));
assertEquals(false, authorizationService.isUserAuthorized(userId2, null,Permissions.UPDATE, Resources.TASK, taskId));
deleteTask(taskId, true);
}
Example #10
| Source File: BatchStatisticsQueryAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testBatchStatisticsAndCreateUserId() {
// given
ProcessInstance pi = createMigrationPlan();
// when
authRule.createGrantAuthorization(Resources.BATCH, "*", "userId", Permissions.CREATE);
authRule.createGrantAuthorization(Resources.PROCESS_DEFINITION, "*", "userId", Permissions.MIGRATE_INSTANCE);
authRule.enableAuthorization("userId");
batch3 = engineRule.getRuntimeService()
.newMigration(migrationPlan)
.processInstanceIds(Arrays.asList(pi.getId()))
.executeAsync();
authRule.disableAuthorization();
// then
BatchStatistics batchStatistics = engineRule.getManagementService().createBatchStatisticsQuery().batchId(batch3.getId()).singleResult();
assertEquals("userId", batchStatistics.getCreateUserId());
}
Example #11
| Source File: RestartAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Parameterized.Parameters(name = "Scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
return AuthorizationTestRule.asParameters(
scenario()
.withoutAuthorizations()
.failsDueToRequired(
grant(Resources.PROCESS_DEFINITION, "Process", "userId", Permissions.READ_HISTORY)
),
scenario()
.withAuthorizations(
grant(Resources.PROCESS_DEFINITION, "Process", "userId", Permissions.READ_HISTORY)
)
.failsDueToRequired(
grant(Resources.PROCESS_INSTANCE, "*", "userId", Permissions.CREATE)
),
scenario()
.withAuthorizations(
grant(Resources.PROCESS_DEFINITION, "Process", "userId", Permissions.READ_HISTORY, Permissions.CREATE_INSTANCE),
grant(Resources.PROCESS_INSTANCE, "*", "userId", Permissions.CREATE)
)
.succeeds()
);
}
Example #12
| Source File: AuthorizationQueryAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testQueryPermissionWithMixedResource() throws Exception {
// given
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
authorization.setUserId("userId");
authorization.setResource(Resources.APPLICATION);
authorization.addPermission(Permissions.ACCESS);
authorization.setResourceId(ANY);
authorizationService.saveAuthorization(authorization);
processEngineConfiguration.setAuthorizationEnabled(true);
// assume
Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.APPLICATION).singleResult();
assertNotNull(authResult);
// then
assertEquals(0, authorizationService.createAuthorizationQuery()
.resourceType(Resources.BATCH)
.hasPermission(Permissions.ACCESS)
.count());
}
Example #13
| Source File: DeleteHistoricProcessInstancesAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Parameterized.Parameters(name = "Scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
return AuthorizationTestRule.asParameters(
scenario()
.withAuthorizations(
grant(Resources.PROCESS_DEFINITION, "Process", "userId", Permissions.READ_HISTORY)
)
.failsDueToRequired(
grant(Resources.PROCESS_DEFINITION, "Process", "userId", Permissions.DELETE_HISTORY)
),
scenario()
.withAuthorizations(
grant(Resources.PROCESS_DEFINITION, "Process", "userId", Permissions.READ_HISTORY, Permissions.DELETE_HISTORY)
).succeeds()
);
}
Example #14
| Source File: SetAssigneeProcessInstanceTaskAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testWithReadHistoryPermissionOnProcessDefinition() {
// given
Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
auth.setUserId(USER_ID);
auth.setPermissions(new Permissions[] {Permissions.READ_HISTORY});
auth.setResource(Resources.PROCESS_DEFINITION);
auth.setResourceId("oneTaskProcess_userOpLog");
authorizationService.saveAuthorization(auth);
engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);
// when
UserOperationLogQuery query = historyService.createUserOperationLogQuery().processDefinitionKey("oneTaskProcess_userOpLog");
// then
assertEquals(1, query.count());
}
Example #15
| Source File: GetErrorDetailsAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Parameterized.Parameters(name = "Scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
return AuthorizationTestRule.asParameters(
scenario()
.withoutAuthorizations()
.failsDueToRequired(
grant(Resources.PROCESS_INSTANCE, "processInstanceId", "userId", Permissions.READ),
grant(Resources.PROCESS_DEFINITION, "oneExternalTaskProcess", "userId", Permissions.READ_INSTANCE)),
scenario()
.withAuthorizations(
grant(Resources.PROCESS_INSTANCE, "processInstanceId", "userId", Permissions.READ))
.succeeds(),
scenario()
.withAuthorizations(
grant(Resources.PROCESS_INSTANCE, "*", "userId", Permissions.READ))
.succeeds(),
scenario()
.withAuthorizations(
grant(Resources.PROCESS_DEFINITION, "processDefinitionKey", "userId", Permissions.READ_INSTANCE))
.succeeds(),
scenario()
.withAuthorizations(
grant(Resources.PROCESS_DEFINITION, "*", "userId", Permissions.READ_INSTANCE))
.succeeds()
);
}
Example #16
| Source File: AuthorizationServiceAuthorizationsTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testSaveAuthorizationSetPermissionsWithValidResource() throws Exception {
// given
Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
authorization.setUserId("userId");
authorization.addPermission(Permissions.ACCESS);
// 'ACCESS' is not allowed for Batches
// however, it will be reset by next line, so saveAuthorization will be successful
authorization.setPermissions(
new BatchPermissions[] { BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES });
authorization.setResource(Resources.BATCH);
authorization.setResourceId(ANY);
processEngineConfiguration.setAuthorizationEnabled(true);
// when
authorizationService.saveAuthorization(authorization);
// then
Authorization authorizationResult = authorizationService.createAuthorizationQuery().resourceType(Resources.BATCH).singleResult();
assertNotNull(authorizationResult);
assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES));
}
Example #17
| Source File: UserOperationLogAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testCheckNoneOnHistoricProcessInstanceAndTaskWorkerCategory() {
// given
processEngineConfiguration.setEnableHistoricInstancePermissions(true);
String processInstanceId = startProcessInstanceByKey(ONE_TASK_PROCESS_KEY)
.getProcessInstanceId();
String taskId = selectSingleTask().getId();
setAssignee(taskId, "demo");
createGrantAuthorizationWithoutAuthentication(Resources.HISTORIC_PROCESS_INSTANCE,
processInstanceId, userId, HistoricProcessInstancePermissions.NONE);
createGrantAuthorizationWithoutAuthentication(OPERATION_LOG_CATEGORY, CATEGORY_TASK_WORKER,
userId, READ);
// when
UserOperationLogQuery query = historyService.createUserOperationLogQuery();
// then
assertThat(query.list())
.extracting("processInstanceId")
.containsExactly(processInstanceId);
}
Example #18
| Source File: HistoricProcessInstanceAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testCheckReadHistoricProcessInstancePermissions() {
// given
processEngineConfiguration.setEnableHistoricInstancePermissions(true);
// when
createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, ANY, userId,
HistoricProcessInstancePermissions.READ);
// then
assertThat(authorizationService.isUserAuthorized(userId, null,
HistoricProcessInstancePermissions.NONE, Resources.HISTORIC_PROCESS_INSTANCE)).isTrue();
assertThat(authorizationService.isUserAuthorized(userId, null,
HistoricProcessInstancePermissions.READ, Resources.HISTORIC_PROCESS_INSTANCE)).isTrue();
assertThat(authorizationService.isUserAuthorized(userId, null,
HistoricProcessInstancePermissions.ALL, Resources.HISTORIC_PROCESS_INSTANCE)).isFalse();
}
Example #19
| Source File: EvaluateDecisionAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Parameters(name = "scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
return AuthorizationTestRule.asParameters(
scenario()
.withoutAuthorizations()
.failsDueToRequired(
grant(Resources.DECISION_DEFINITION, DECISION_DEFINITION_KEY, "userId", Permissions.CREATE_INSTANCE)),
scenario()
.withAuthorizations(
grant(Resources.DECISION_DEFINITION, DECISION_DEFINITION_KEY, "userId", Permissions.CREATE_INSTANCE))
.succeeds(),
scenario()
.withAuthorizations(
grant(Resources.DECISION_DEFINITION, "*", "userId", Permissions.CREATE_INSTANCE))
.succeeds()
);
}
Example #20
| Source File: TaskReadVariablePermissionAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Before
public void init() {
processEngineConfiguration = engineRule.getProcessEngineConfiguration();
identityService = engineRule.getIdentityService();
authorizationService = engineRule.getAuthorizationService();
taskService = engineRule.getTaskService();
runtimeService = engineRule.getRuntimeService();
enforceSpecificVariablePermission = processEngineConfiguration.isEnforceSpecificVariablePermission();
processEngineConfiguration.setEnforceSpecificVariablePermission(true);
processEngineConfiguration.setEnableHistoricInstancePermissions(true);
User user = identityService.newUser(userId);
identityService.saveUser(user);
identityService.setAuthenticatedUserId(userId);
authRule.createGrantAuthorization(Resources.AUTHORIZATION, "*", userId, Permissions.CREATE);
}
Example #21
| Source File: HistoricActivityInstanceAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testCheckNonePermissionOnHistoricProcessInstance() {
// given
processEngineConfiguration.setEnableHistoricInstancePermissions(true);
String processInstanceId = startProcessInstanceByKey(PROCESS_KEY).getId();
createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, processInstanceId, userId,
HistoricProcessInstancePermissions.NONE);
// when
HistoricActivityInstanceQuery query = historyService.createHistoricActivityInstanceQuery()
.processInstanceId(processInstanceId);
// then
assertThat(query.list()).isEmpty();
}
Example #22
| Source File: SetRemovalTimeForHistoricBatchesBatchAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Parameterized.Parameters(name = "Scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
return AuthorizationTestRule.asParameters(
scenario()
.withAuthorizations(
grant(Resources.BATCH, "batchId", "userId", Permissions.READ_HISTORY)
)
.failsDueToRequired(
grant(Resources.BATCH, "batchId", "userId", Permissions.CREATE),
grant(Resources.BATCH, "batchId", "userId", BatchPermissions.CREATE_BATCH_SET_REMOVAL_TIME)
),
scenario()
.withAuthorizations(
grant(Resources.BATCH, "batchId", "userId", Permissions.READ_HISTORY, Permissions.CREATE)
),
scenario()
.withAuthorizations(
grant(Resources.BATCH, "batchId", "userId", Permissions.READ_HISTORY, BatchPermissions.CREATE_BATCH_SET_REMOVAL_TIME)
).succeeds()
);
}
Example #23
| Source File: DefaultPermissionForTenantMemberTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testCreateTenantGroupMembership() {
identityService.createTenantGroupMembership(TENANT_ONE, GROUP_ID);
assertEquals(1, authorizationService.createAuthorizationQuery()
.groupIdIn(GROUP_ID)
.resourceType(Resources.TENANT)
.resourceId(TENANT_ONE)
.hasPermission(Permissions.READ).count());
identityService.setAuthentication(USER_ID, Collections.singletonList(GROUP_ID));
assertEquals(TENANT_ONE,identityService.createTenantQuery()
.singleResult()
.getId());
}
Example #24
| Source File: BulkHistoryDeleteProcessInstancesAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Parameterized.Parameters(name = "Scenario {index}")
public static Collection<AuthorizationScenario[]> scenarios() {
return AuthorizationTestRule.asParameters(
scenario()
.failsDueToRequired(
grant(Resources.PROCESS_DEFINITION, "processDefinition", "demo", Permissions.DELETE_HISTORY)
)
,
scenario()
.withAuthorizations(
grant(Resources.PROCESS_DEFINITION, "processDefinition", "demo", Permissions.DELETE_HISTORY)
)
.succeeds(),
scenario()
.withAuthorizations(
grant(Resources.PROCESS_DEFINITION, "*", "demo", Permissions.DELETE_HISTORY)
)
.succeeds()
);
}
Example #25
| Source File: UserOperationLogAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testCheckNonePermissionOnHistoricProcessInstance() {
// given
processEngineConfiguration.setEnableHistoricInstancePermissions(true);
String processInstanceId = startProcessInstanceByKey(ONE_TASK_PROCESS_KEY)
.getProcessInstanceId();
String taskId = selectSingleTask().getId();
setAssignee(taskId, "demo");
createGrantAuthorizationWithoutAuthentication(Resources.HISTORIC_PROCESS_INSTANCE, processInstanceId, userId,
HistoricProcessInstancePermissions.NONE);
// when
UserOperationLogQuery query = historyService.createUserOperationLogQuery();
// then
assertThat(query.list()).isEmpty();
}
Example #26
| Source File: DbIdentityServiceProvider.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public IdentityOperationResult deleteTenantGroupMembership(String tenantId, String groupId) {
checkAuthorization(Permissions.DELETE, Resources.TENANT_MEMBERSHIP, tenantId);
if (existsTenantMembership(tenantId, null, groupId)) {
deleteAuthorizations(Resources.TENANT_MEMBERSHIP, groupId);
deleteAuthorizationsForGroup(Resources.TENANT, tenantId, groupId);
Map<String, Object> parameters = new HashMap<String, Object>();
parameters.put("tenantId", tenantId);
parameters.put("groupId", groupId);
getDbEntityManager().delete(TenantMembershipEntity.class, "deleteTenantMembership", parameters);
return new IdentityOperationResult(null, IdentityOperationResult.OPERATION_DELETE);
}
return new IdentityOperationResult(null, IdentityOperationResult.OPERATION_NONE);
}
Example #27
| Source File: UserOperationLogAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testCheckReadOnHistoricProcessInstanceAndAdminCategory() {
// given
processEngineConfiguration.setEnableHistoricInstancePermissions(true);
String processInstanceId = startProcessInstanceByKey(ONE_TASK_PROCESS_KEY)
.getProcessInstanceId();
String taskId = selectSingleTask().getId();
setAssignee(taskId, "demo");
createGrantAuthorizationWithoutAuthentication(Resources.HISTORIC_PROCESS_INSTANCE, processInstanceId, userId,
HistoricProcessInstancePermissions.READ);
createGrantAuthorizationWithoutAuthentication(OPERATION_LOG_CATEGORY, CATEGORY_ADMIN, userId, READ);
// when
UserOperationLogQuery query = historyService.createUserOperationLogQuery();
// then
assertThat(query.list())
.extracting("processInstanceId")
.containsExactly(processInstanceId, processInstanceId);
}
Example #28
| Source File: AuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testDefaultAuthorizationQueryForCamundaAdminOnUpgrade() {
processEngineConfiguration.setAuthorizationEnabled(true);
assertEquals(1, authorizationService.createAuthorizationQuery()
.resourceType(Resources.TENANT)
.groupIdIn(Groups.CAMUNDA_ADMIN)
.hasPermission(Permissions.ALL).count());
assertEquals(1, authorizationService.createAuthorizationQuery()
.resourceType(Resources.TENANT_MEMBERSHIP)
.groupIdIn(Groups.CAMUNDA_ADMIN)
.hasPermission(Permissions.ALL).count());
assertEquals(1, authorizationService.createAuthorizationQuery()
.resourceType(Resources.BATCH)
.groupIdIn(Groups.CAMUNDA_ADMIN)
.hasPermission(Permissions.ALL).count());
}
Example #29
| Source File: DbIdentityServiceProvider.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public IdentityOperationResult createTenantUserMembership(String tenantId, String userId) {
checkAuthorization(Permissions.CREATE, Resources.TENANT_MEMBERSHIP, tenantId);
TenantEntity tenant = findTenantById(tenantId);
UserEntity user = findUserById(userId);
ensureNotNull("No tenant found with id '" + tenantId + "'.", "tenant", tenant);
ensureNotNull("No user found with id '" + userId + "'.", "user", user);
TenantMembershipEntity membership = new TenantMembershipEntity();
membership.setTenant(tenant);
membership.setUser(user);
getDbEntityManager().insert(membership);
createDefaultTenantMembershipAuthorizations(tenant, user);
return new IdentityOperationResult(null, IdentityOperationResult.OPERATION_CREATE);
}
Example #30
| Source File: CreateStandaloneTaskDeleteAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testWithDeleteHistoryPermissionOnAnyProcessDefinition() {
// given
UserOperationLogQuery query = historyService.createUserOperationLogQuery().taskId("myTaskForUserOperationLogDel");
// assume
assertEquals(1, query.count());
Authorization auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
auth.setUserId(USER_ID);
auth.setPermissions(new Permissions[] {Permissions.DELETE_HISTORY});
auth.setResource(Resources.PROCESS_DEFINITION);
auth.setResourceId("*");
authorizationService.saveAuthorization(auth);
engineConfiguration.setAuthorizationEnabled(true);
// when
historyService.deleteUserOperationLogEntry(query.singleResult().getId());
// then
assertNull(historyService.createUserOperationLogQuery().taskId("myTaskForUserOperationLogDel").singleResult());
}
