use of eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto in project CzechIdMng by bcvsolutions.
the class RoleTransitiveEvaluatorsIntegrationTest method testUpdateAuthorizationPolicy.
@Test(expected = ForbiddenEntityException.class)
public void testUpdateAuthorizationPolicy() {
IdmIdentityDto identity = createIdentityWithRole(true);
//
try {
loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
//
IdmAuthorizationPolicyDto policy = authorizationPolicyService.find(null, IdmBasePermission.READ).getContent().get(0);
policy.setDisabled(true);
authorizationPolicyService.save(policy, IdmBasePermission.UPDATE);
} finally {
logout();
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto in project CzechIdMng by bcvsolutions.
the class RoleTransitiveEvaluatorsIntegrationTest method testDisabledPolicy.
@Test
public void testDisabledPolicy() {
IdmIdentityDto identity = createIdentityWithRole(true);
IdmRoleDto role = null;
// before disbale
try {
loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
//
role = roleService.get(TEST_ROLE_ID, IdmBasePermission.READ);
assertEquals(TEST_ROLE_ID, role.getId());
assertEquals(1, roleService.find(null, IdmBasePermission.READ).getTotalElements());
assertEquals(1, roleTreeNodeService.find(null, IdmBasePermission.READ).getTotalElements());
assertEquals(3, authorizationPolicyService.find(null, IdmBasePermission.READ).getTotalElements());
} finally {
logout();
}
//
// disable policy
loginAsAdmin(InitTestData.TEST_ADMIN_USERNAME);
IdmAuthorizationPolicyFilter filter = new IdmAuthorizationPolicyFilter();
filter.setRoleId(role.getId());
filter.setAuthorizableType(IdmRole.class.getCanonicalName());
IdmAuthorizationPolicyDto policy = authorizationPolicyService.find(filter, null).getContent().get(0);
policy.setDisabled(true);
authorizationPolicyService.save(policy);
logout();
// after disable
try {
loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
//
assertEquals(0, roleService.find(null, IdmBasePermission.READ).getTotalElements());
assertEquals(0, roleTreeNodeService.find(null, IdmBasePermission.READ).getTotalElements());
assertEquals(0, authorizationPolicyService.find(null, IdmBasePermission.READ).getTotalElements());
} finally {
logout();
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto in project CzechIdMng by bcvsolutions.
the class RoleTransitiveEvaluatorsIntegrationTest method createIdentityWithRole.
private IdmIdentityDto createIdentityWithRole(boolean transitive) {
TEST_ROLE_ID = UUID.randomUUID();
loginAsAdmin(InitTestData.TEST_ADMIN_USERNAME);
IdmRoleDto role = helper.createRole(TEST_ROLE_ID, null);
IdmTreeNodeDto treeNode = helper.createTreeNode();
helper.createRoleTreeNode(role, treeNode, true);
// self policy
IdmAuthorizationPolicyDto readRolePolicy = new IdmAuthorizationPolicyDto();
readRolePolicy.setPermissions(IdmBasePermission.READ);
readRolePolicy.setRole(role.getId());
readRolePolicy.setGroupPermission(CoreGroupPermission.ROLE.getName());
readRolePolicy.setAuthorizableType(IdmRole.class.getCanonicalName());
readRolePolicy.setEvaluator(CodeableEvaluator.class);
readRolePolicy.getEvaluatorProperties().put(CodeableEvaluator.PARAMETER_IDENTIFIER, role.getId());
authorizationPolicyService.save(readRolePolicy);
if (transitive) {
// create transitive policies
IdmAuthorizationPolicyDto readRoleTreeNodePolicy = new IdmAuthorizationPolicyDto();
readRoleTreeNodePolicy.setRole(role.getId());
readRoleTreeNodePolicy.setGroupPermission(CoreGroupPermission.ROLETREENODE.getName());
readRoleTreeNodePolicy.setAuthorizableType(IdmRoleTreeNode.class.getCanonicalName());
readRoleTreeNodePolicy.setEvaluator(RoleTreeNodeByRoleEvaluator.class);
authorizationPolicyService.save(readRoleTreeNodePolicy);
//
IdmAuthorizationPolicyDto readAuthoritiesPolicy = new IdmAuthorizationPolicyDto();
readAuthoritiesPolicy.setRole(role.getId());
readAuthoritiesPolicy.setGroupPermission(CoreGroupPermission.AUTHORIZATIONPOLICY.getName());
readAuthoritiesPolicy.setAuthorizableType(IdmAuthorizationPolicy.class.getCanonicalName());
readAuthoritiesPolicy.setEvaluator(AuthorizationPolicyByRoleEvaluator.class);
authorizationPolicyService.save(readAuthoritiesPolicy);
}
// prepare identity
IdmIdentityDto identity = helper.createIdentity();
identity.setPassword(new GuardedString("heslo"));
identity = identityService.save(identity);
// assign role
helper.createIdentityRole(identity, role);
logout();
//
return identity;
}
use of eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto in project CzechIdMng by bcvsolutions.
the class DefaultAuthorizationManagerIntegrationTest method testFindValidPoliciesWithInvalidIdentityContractByDates.
@Test
@Transactional
public void testFindValidPoliciesWithInvalidIdentityContractByDates() {
try {
loginAsAdmin(InitTestData.TEST_USER_1);
// prepare role
IdmRoleDto role = helper.createRole();
IdmRoleDto role2 = helper.createRole();
helper.createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.READ);
helper.createBasePolicy(role2.getId(), IdmBasePermission.AUTOCOMPLETE);
// prepare identity
IdmIdentityDto identity = helper.createIdentity();
// assign role
helper.createIdentityRole(identity, role);
IdmIdentityContractDto contract = new IdmIdentityContractDto();
contract.setIdentity(identity.getId());
contract.setPosition("position-" + System.currentTimeMillis());
contract.setValidFrom(new LocalDate().plusDays(1));
contract = identityContractService.save(contract);
helper.createIdentityRole(contract, role2);
//
List<IdmAuthorizationPolicyDto> policies = service.getEnabledPolicies(identity.getId(), IdmRole.class);
assertEquals(1, policies.size());
assertEquals(role.getId(), policies.get(0).getRole());
} finally {
logout();
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto in project CzechIdMng by bcvsolutions.
the class DefaultAuthorizationManagerIntegrationTest method testFindValidPoliciesWithInvalidRole.
@Test
@Transactional
public void testFindValidPoliciesWithInvalidRole() {
try {
loginAsAdmin(InitTestData.TEST_USER_1);
// prepare role
IdmRoleDto role = helper.createRole();
IdmRoleDto role2 = helper.createRole();
role2.setDisabled(true);
roleService.save(role2);
helper.createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.READ);
helper.createBasePolicy(role2.getId(), IdmBasePermission.AUTOCOMPLETE);
// prepare identity
IdmIdentityDto identity = helper.createIdentity();
// assign role
helper.createIdentityRole(identity, role);
helper.createIdentityRole(identity, role2);
//
List<IdmAuthorizationPolicyDto> policies = service.getEnabledPolicies(identity.getId(), IdmRole.class);
assertEquals(1, policies.size());
assertEquals(role.getId(), policies.get(0).getRole());
} finally {
logout();
}
}
Aggregations