use of eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto in project CzechIdMng by bcvsolutions.
the class ChangeIdentityPermissionTest method addSuperAdminRoleWithSubprocessSecurityTest.
@Test
@Transactional
public void addSuperAdminRoleWithSubprocessSecurityTest() {
loginAsAdmin(InitTestData.TEST_USER_2);
IdmIdentityDto test1 = identityService.getByUsername(InitTestData.TEST_USER_1);
IdmIdentityDto test2 = identityService.getByUsername(InitTestData.TEST_USER_2);
// Guarantee
int priority = 500;
IdmRoleDto adminRole = roleService.getByCode(InitTestData.TEST_ADMIN_ROLE);
adminRole.setPriority(priority);
IdmRoleGuaranteeDto guarantee = new IdmRoleGuaranteeDto();
guarantee.setRole(adminRole.getId());
guarantee.setGuarantee(test2.getId());
adminRole.getGuarantees().add(guarantee);
adminRole = roleService.save(adminRole);
configurationService.setValue(IdmRoleService.WF_BY_ROLE_PRIORITY_PREFIX + priority, APPROVE_ROLE_BY_SECURITY_KEY);
configurationService.setValue("idm.sec.core.wf.approval.security.enabled", "true");
IdmIdentityContractDto contract = identityContractService.getPrimeContract(test1.getId());
IdmRoleRequestDto request = createRoleRequest(test1);
request = roleRequestService.save(request);
IdmConceptRoleRequestDto concept = createRoleConcept(adminRole, contract, request);
concept = conceptRoleRequestService.save(concept);
roleRequestService.startRequestInternal(request.getId(), true);
request = roleRequestService.get(request.getId());
assertEquals(RoleRequestState.IN_PROGRESS, request.getState());
WorkflowFilterDto taskFilter = new WorkflowFilterDto();
taskFilter.setCandidateOrAssigned(securityService.getCurrentUsername());
List<WorkflowTaskInstanceDto> tasks = workflowTaskInstanceService.find(taskFilter, null).getContent();
assertEquals(0, tasks.size());
// Help Desk
request = roleRequestService.get(request.getId());
loginAsAdmin(InitTestData.TEST_ADMIN_USERNAME);
taskFilter.setCandidateOrAssigned(InitTestData.TEST_ADMIN_USERNAME);
checkAndCompleteOneTask(taskFilter, InitTestData.TEST_USER_1, "approve");
// Manager
request = roleRequestService.get(request.getId());
loginAsAdmin(InitTestData.TEST_USER_2);
taskFilter.setCandidateOrAssigned(InitTestData.TEST_USER_2);
checkAndCompleteOneTask(taskFilter, InitTestData.TEST_USER_1, "approve");
// User Manager
request = roleRequestService.get(request.getId());
loginAsAdmin(InitTestData.TEST_ADMIN_USERNAME);
taskFilter.setCandidateOrAssigned(InitTestData.TEST_ADMIN_USERNAME);
checkAndCompleteOneTask(taskFilter, InitTestData.TEST_USER_1, "approve");
// Role Guarantee - subprocess
request = roleRequestService.get(request.getId());
loginAsAdmin(InitTestData.TEST_USER_2);
taskFilter.setCandidateOrAssigned(InitTestData.TEST_USER_2);
checkAndCompleteOneTask(taskFilter, InitTestData.TEST_USER_1, "approve");
// Security - subprocess
request = roleRequestService.get(request.getId());
loginAsAdmin(InitTestData.TEST_ADMIN_USERNAME);
taskFilter.setCandidateOrAssigned(InitTestData.TEST_ADMIN_USERNAME);
checkAndCompleteOneTask(taskFilter, InitTestData.TEST_USER_1, "approve");
// Security
request = roleRequestService.get(request.getId());
loginAsAdmin(InitTestData.TEST_ADMIN_USERNAME);
taskFilter.setCandidateOrAssigned(InitTestData.TEST_ADMIN_USERNAME);
checkAndCompleteOneTask(taskFilter, InitTestData.TEST_USER_1, "approve");
request = roleRequestService.get(request.getId());
assertEquals(RoleRequestState.EXECUTED, request.getState());
assertNotNull(request.getWfProcessId());
concept = conceptRoleRequestService.get(concept.getId());
assertNotNull(concept.getWfProcessId());
}
use of eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto in project CzechIdMng by bcvsolutions.
the class ChangeIdentityPermissionTest method testGetTaskByAnotherUser.
@Test
@Transactional
public void testGetTaskByAnotherUser() {
configurationService.setValue(APPROVE_BY_SECURITY_ENABLE, "false");
configurationService.setValue(APPROVE_BY_MANAGER_ENABLE, "false");
configurationService.setValue(APPROVE_BY_HELPDESK_ENABLE, "true");
configurationService.setValue(APPROVE_BY_USERMANAGER_ENABLE, "false");
//
loginAsAdmin(InitTestData.TEST_ADMIN_USERNAME);
IdmIdentityDto test1 = helper.createIdentity();
IdmIdentityDto anotherUser = helper.createIdentity();
IdmRoleDto role = helper.createRole();
// helpdesk role and identity
IdmRoleDto helpdeskRole = helper.createRole();
IdmIdentityDto helpdeskIdentity = helper.createIdentity();
// add role directly
helper.createIdentityRole(helpdeskIdentity, helpdeskRole);
configurationService.setValue(APPROVE_BY_HELPDESK_ROLE, helpdeskRole.getCode());
IdmIdentityContractDto contract = helper.getPrimeContract(test1.getId());
// check task before create request
loginAsAdmin(test1.getUsername());
IdmRoleRequestDto request = createRoleRequest(test1);
request = roleRequestService.save(request);
IdmConceptRoleRequestDto concept = createRoleConcept(role, contract, request);
concept = conceptRoleRequestService.save(concept);
roleRequestService.startRequestInternal(request.getId(), true);
request = roleRequestService.get(request.getId());
assertEquals(RoleRequestState.IN_PROGRESS, request.getState());
WorkflowFilterDto taskFilter = new WorkflowFilterDto();
taskFilter.setCandidateOrAssigned(securityService.getCurrentUsername());
List<WorkflowTaskInstanceDto> tasks = workflowTaskInstanceService.find(taskFilter, null).getContent();
assertEquals(0, tasks.size());
// HELPDESK login
loginAsAdmin(helpdeskIdentity.getUsername());
taskFilter.setCandidateOrAssigned(helpdeskIdentity.getUsername());
tasks = workflowTaskInstanceService.find(taskFilter, null).getContent();
assertEquals(1, tasks.size());
WorkflowTaskInstanceDto taskInstanceDto = tasks.get(0);
String id = taskInstanceDto.getId();
WorkflowTaskInstanceDto workflowTaskInstanceDto = workflowTaskInstanceService.get(id);
assertNotNull(workflowTaskInstanceDto);
// check task get by id
loginWithout(test1.getUsername(), IdmGroupPermission.APP_ADMIN, CoreGroupPermission.WORKFLOW_TASK_ADMIN);
workflowTaskInstanceDto = workflowTaskInstanceService.get(id);
assertNull(workflowTaskInstanceDto);
loginWithout(anotherUser.getUsername(), IdmGroupPermission.APP_ADMIN, CoreGroupPermission.WORKFLOW_TASK_ADMIN);
workflowTaskInstanceDto = workflowTaskInstanceService.get(id);
assertNull(workflowTaskInstanceDto);
// candidate
loginWithout(helpdeskIdentity.getUsername(), IdmGroupPermission.APP_ADMIN, CoreGroupPermission.WORKFLOW_TASK_ADMIN);
workflowTaskInstanceDto = workflowTaskInstanceService.get(id);
assertNotNull(workflowTaskInstanceDto);
// WF admin
loginWithout(InitTestData.TEST_ADMIN_USERNAME, IdmGroupPermission.APP_ADMIN);
workflowTaskInstanceDto = workflowTaskInstanceService.get(id);
assertNotNull(workflowTaskInstanceDto);
// Attacker
loginWithout(anotherUser.getUsername(), IdmGroupPermission.APP_ADMIN, CoreGroupPermission.WORKFLOW_TASK_ADMIN);
taskFilter.setCandidateOrAssigned(helpdeskIdentity.getUsername());
try {
tasks = workflowTaskInstanceService.find(taskFilter, null).getContent();
fail();
} catch (ResultCodeException ex) {
assertEquals(HttpStatus.FORBIDDEN, ex.getStatus());
} catch (Exception e) {
fail();
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto in project CzechIdMng by bcvsolutions.
the class ChangeIdentityPermissionTest method testCompleteTaskByPreviosApprover.
@Test
public void testCompleteTaskByPreviosApprover() {
// approve only by help desk
configurationService.setValue(APPROVE_BY_SECURITY_ENABLE, "false");
configurationService.setValue(APPROVE_BY_MANAGER_ENABLE, "false");
configurationService.setValue(APPROVE_BY_HELPDESK_ENABLE, "true");
configurationService.setValue(APPROVE_BY_USERMANAGER_ENABLE, "false");
//
loginAsAdmin(InitTestData.TEST_ADMIN_USERNAME);
IdmIdentityDto test1 = helper.createIdentity();
IdmIdentityDto guarantee = helper.createIdentity();
// Guarantee
int priority = 500;
IdmRoleDto role = helper.createRole();
role.setPriority(priority);
IdmRoleGuaranteeDto roleGuarantee = new IdmRoleGuaranteeDto();
roleGuarantee.setRole(role.getId());
roleGuarantee.setGuarantee(guarantee.getId());
role.getGuarantees().add(roleGuarantee);
role = roleService.save(role);
// set approve by guarantee
configurationService.setValue(IdmRoleService.WF_BY_ROLE_PRIORITY_PREFIX + priority, APPROVE_ROLE_BY_GUARANTEE_KEY);
//
// helpdesk role and identity
IdmRoleDto helpdeskRole = helper.createRole();
IdmIdentityDto helpdeskIdentity = helper.createIdentity();
// add role directly
helper.createIdentityRole(helpdeskIdentity, helpdeskRole);
configurationService.setValue(APPROVE_BY_HELPDESK_ROLE, helpdeskRole.getCode());
IdmIdentityContractDto contract = helper.getPrimeContract(test1.getId());
loginAsNoAdmin(test1.getUsername());
IdmRoleRequestDto request = createRoleRequest(test1);
request = roleRequestService.save(request);
IdmConceptRoleRequestDto concept = createRoleConcept(role, contract, request);
concept = conceptRoleRequestService.save(concept);
roleRequestService.startRequestInternal(request.getId(), true);
request = roleRequestService.get(request.getId());
assertEquals(RoleRequestState.IN_PROGRESS, request.getState());
try {
completeTasksFromUsers(helpdeskIdentity.getUsername(), "approve");
fail("This user: " + test1.getUsername() + " can't approve task.");
} catch (ResultCodeException ex) {
assertTrue(CoreResultCode.FORBIDDEN.name().equals(ex.getError().getError().getStatusEnum()));
} catch (Exception e) {
fail("Some problem: " + e.getLocalizedMessage());
}
loginAsNoAdmin(helpdeskIdentity.getUsername());
try {
completeTasksFromUsers(helpdeskIdentity.getUsername(), "approve");
} catch (ResultCodeException ex) {
fail("User has permission to approve task. Error message: " + ex.getLocalizedMessage());
} catch (Exception e) {
fail("Some problem: " + e.getLocalizedMessage());
}
loginAsNoAdmin(helpdeskIdentity.getUsername());
try {
completeTasksFromUsers(guarantee.getUsername(), "approve");
fail("This user: " + helpdeskIdentity.getUsername() + " can't approve task.");
} catch (ResultCodeException ex) {
assertTrue(CoreResultCode.FORBIDDEN.name().equals(ex.getError().getError().getStatusEnum()));
} catch (Exception e) {
fail("Some problem: " + e.getLocalizedMessage());
}
loginAsNoAdmin(test1.getUsername());
try {
completeTasksFromUsers(guarantee.getUsername(), "approve");
fail("This user: " + test1.getUsername() + " can't approve task.");
} catch (ResultCodeException ex) {
assertTrue(CoreResultCode.FORBIDDEN.name().equals(ex.getError().getError().getStatusEnum()));
} catch (Exception e) {
fail("Some problem: " + e.getLocalizedMessage());
}
loginAsNoAdmin(guarantee.getUsername());
try {
completeTasksFromUsers(guarantee.getUsername(), "approve");
} catch (ResultCodeException ex) {
fail("User has permission to approve task. Error message: " + ex.getLocalizedMessage());
} catch (Exception e) {
fail("Some problem: " + e.getLocalizedMessage());
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto in project CzechIdMng by bcvsolutions.
the class ChangeIdentityPermissionTest method addSuperAdminRoleWithSubprocessDisapproveTest.
@Test
@Transactional
public void addSuperAdminRoleWithSubprocessDisapproveTest() {
loginAsAdmin(InitTestData.TEST_ADMIN_USERNAME);
IdmIdentityDto test1 = identityService.getByUsername(InitTestData.TEST_USER_1);
IdmIdentityDto test2 = identityService.getByUsername(InitTestData.TEST_USER_2);
// Guarantee
int priority = 500;
IdmRoleDto adminRole = roleService.getByCode(InitTestData.TEST_ADMIN_ROLE);
adminRole.setPriority(priority);
IdmRoleGuaranteeDto guarantee = new IdmRoleGuaranteeDto();
guarantee.setRole(adminRole.getId());
guarantee.setGuarantee(test2.getId());
adminRole.getGuarantees().add(guarantee);
adminRole = roleService.save(adminRole);
configurationService.setValue(IdmRoleService.WF_BY_ROLE_PRIORITY_PREFIX + priority, APPROVE_ROLE_BY_GUARANTEE_KEY);
IdmIdentityContractDto contract = identityContractService.getPrimeContract(test1.getId());
IdmRoleRequestDto request = createRoleRequest(test1);
request = roleRequestService.save(request);
IdmConceptRoleRequestDto concept = createRoleConcept(adminRole, contract, request);
concept = conceptRoleRequestService.save(concept);
roleRequestService.startRequestInternal(request.getId(), true);
request = roleRequestService.get(request.getId());
assertEquals(RoleRequestState.IN_PROGRESS, request.getState());
WorkflowFilterDto taskFilter = new WorkflowFilterDto();
taskFilter.setCandidateOrAssigned(securityService.getCurrentUsername());
List<WorkflowTaskInstanceDto> tasks = workflowTaskInstanceService.find(taskFilter, null).getContent();
assertEquals(0, tasks.size());
// HELPDESK - must be skipped
// MANAGER
loginAsAdmin(InitTestData.TEST_USER_2);
taskFilter.setCandidateOrAssigned(InitTestData.TEST_USER_2);
checkAndCompleteOneTask(taskFilter, InitTestData.TEST_USER_1, "approve");
// USER MANAGER
loginAsAdmin(InitTestData.TEST_ADMIN_USERNAME);
taskFilter.setCandidateOrAssigned(InitTestData.TEST_ADMIN_USERNAME);
checkAndCompleteOneTask(taskFilter, InitTestData.TEST_USER_1, "approve");
// Subprocess - approve by GUARANTEE
loginAsAdmin(InitTestData.TEST_USER_2);
taskFilter.setCandidateOrAssigned(InitTestData.TEST_USER_2);
checkAndCompleteOneTask(taskFilter, InitTestData.TEST_USER_1, "disapprove");
// SECURITY
request = roleRequestService.get(request.getId());
loginAsAdmin(InitTestData.TEST_ADMIN_USERNAME);
taskFilter.setCandidateOrAssigned(InitTestData.TEST_ADMIN_USERNAME);
checkAndCompleteOneTask(taskFilter, InitTestData.TEST_USER_1, "approve");
request = roleRequestService.get(request.getId());
assertEquals(RoleRequestState.EXECUTED, request.getState());
assertNotNull(request.getWfProcessId());
concept = conceptRoleRequestService.get(concept.getId());
assertNotNull(concept.getWfProcessId());
IdmIdentityRoleFilter filter = new IdmIdentityRoleFilter();
filter.setIdentityId(test1.getId());
Page<IdmIdentityRoleDto> page = identityRoleService.find(filter, null);
assertEquals(0, page.getSize());
}
use of eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto in project CzechIdMng by bcvsolutions.
the class ChangeIdentityPermissionTest method createRoleConcept.
private IdmConceptRoleRequestDto createRoleConcept(IdmRoleDto adminRole, IdmIdentityContractDto contract, IdmRoleRequestDto request) {
IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
concept.setRoleRequest(request.getId());
concept.setOperation(ConceptRoleRequestOperation.ADD);
concept.setRole(adminRole.getId());
concept.setIdentityContract(contract.getId());
return concept;
}
Aggregations