Search in sources :

Example 91 with AuthorizationException

use of org.camunda.bpm.engine.AuthorizationException in project camunda-bpm-platform by camunda.

the class HistoricProcessInstanceAuthorizationTest method testReportWithoutQueryCriteriaAndNoReadHistoryPermission.

public void testReportWithoutQueryCriteriaAndNoReadHistoryPermission() {
    // given
    ProcessInstance processInstance1 = startProcessInstanceByKey(PROCESS_KEY);
    ProcessInstance processInstance2 = startProcessInstanceByKey(MESSAGE_START_PROCESS_KEY);
    disableAuthorization();
    runtimeService.deleteProcessInstance(processInstance1.getProcessInstanceId(), "");
    runtimeService.deleteProcessInstance(processInstance2.getProcessInstanceId(), "");
    enableAuthorization();
    // when
    try {
        historyService.createHistoricProcessInstanceReport().duration(PeriodUnit.MONTH);
        // then
        fail("Exception expected: It should not be possible to create a historic process instance report");
    } catch (AuthorizationException e) {
    }
}
Also used : AuthorizationException(org.camunda.bpm.engine.AuthorizationException) HistoricProcessInstance(org.camunda.bpm.engine.history.HistoricProcessInstance) ProcessInstance(org.camunda.bpm.engine.runtime.ProcessInstance)

Example 92 with AuthorizationException

use of org.camunda.bpm.engine.AuthorizationException in project camunda-bpm-platform by camunda.

the class HistoricProcessInstanceAuthorizationTest method testReportWithMixedQueryCriteriaAndMissingReadHistoryPermission.

public void testReportWithMixedQueryCriteriaAndMissingReadHistoryPermission() {
    // given
    ProcessInstance processInstance1 = startProcessInstanceByKey(PROCESS_KEY);
    ProcessInstance processInstance2 = startProcessInstanceByKey(MESSAGE_START_PROCESS_KEY);
    disableAuthorization();
    runtimeService.deleteProcessInstance(processInstance1.getProcessInstanceId(), "");
    runtimeService.deleteProcessInstance(processInstance2.getProcessInstanceId(), "");
    enableAuthorization();
    createGrantAuthorization(PROCESS_DEFINITION, PROCESS_KEY, userId, READ_HISTORY);
    // when
    try {
        historyService.createHistoricProcessInstanceReport().processDefinitionKeyIn(PROCESS_KEY).processDefinitionIdIn(processInstance2.getProcessDefinitionId()).duration(PeriodUnit.MONTH);
        // then
        fail("Exception expected: It should not be possible to create a historic process instance report");
    } catch (AuthorizationException e) {
    }
}
Also used : AuthorizationException(org.camunda.bpm.engine.AuthorizationException) HistoricProcessInstance(org.camunda.bpm.engine.history.HistoricProcessInstance) ProcessInstance(org.camunda.bpm.engine.runtime.ProcessInstance)

Example 93 with AuthorizationException

use of org.camunda.bpm.engine.AuthorizationException in project camunda-bpm-platform by camunda.

the class HistoricProcessInstanceAuthorizationTest method testReportWithQueryCriterionProcessDefinitionIdInAndMissingReadHistoryPermission.

public void testReportWithQueryCriterionProcessDefinitionIdInAndMissingReadHistoryPermission() {
    // given
    ProcessInstance processInstance1 = startProcessInstanceByKey(PROCESS_KEY);
    ProcessInstance processInstance2 = startProcessInstanceByKey(MESSAGE_START_PROCESS_KEY);
    disableAuthorization();
    runtimeService.deleteProcessInstance(processInstance1.getProcessInstanceId(), "");
    runtimeService.deleteProcessInstance(processInstance2.getProcessInstanceId(), "");
    enableAuthorization();
    createGrantAuthorization(PROCESS_DEFINITION, PROCESS_KEY, userId, READ_HISTORY);
    // when
    try {
        historyService.createHistoricProcessInstanceReport().processDefinitionIdIn(processInstance1.getProcessDefinitionId(), processInstance2.getProcessDefinitionId()).duration(PeriodUnit.MONTH);
        // then
        fail("Exception expected: It should not be possible to create a historic process instance report");
    } catch (AuthorizationException e) {
    }
}
Also used : AuthorizationException(org.camunda.bpm.engine.AuthorizationException) HistoricProcessInstance(org.camunda.bpm.engine.history.HistoricProcessInstance) ProcessInstance(org.camunda.bpm.engine.runtime.ProcessInstance)

Example 94 with AuthorizationException

use of org.camunda.bpm.engine.AuthorizationException in project camunda-bpm-platform by camunda.

the class ProcessInstanceAuthorizationTest method testActivateProcessInstanceByProcessDefinitionIdWithUpdatePermissionOnProcessInstance.

public void testActivateProcessInstanceByProcessDefinitionIdWithUpdatePermissionOnProcessInstance() {
    // given
    ProcessInstance instance = startProcessInstanceByKey(PROCESS_KEY);
    String processInstanceId = instance.getId();
    String processDefinitionId = instance.getProcessDefinitionId();
    suspendProcessInstanceById(processInstanceId);
    createGrantAuthorization(PROCESS_INSTANCE, processInstanceId, userId, UPDATE);
    try {
        // when
        runtimeService.activateProcessInstanceByProcessDefinitionId(processDefinitionId);
        fail("Exception expected: It should not be posssible to suspend a process instance.");
    } catch (AuthorizationException e) {
        // then
        String message = e.getMessage();
        assertTextPresent(userId, message);
        assertTextPresent(UPDATE_INSTANCE.getName(), message);
        assertTextPresent(PROCESS_KEY, message);
        assertTextPresent(PROCESS_DEFINITION.resourceName(), message);
    }
}
Also used : AuthorizationException(org.camunda.bpm.engine.AuthorizationException) ProcessInstance(org.camunda.bpm.engine.runtime.ProcessInstance)

Example 95 with AuthorizationException

use of org.camunda.bpm.engine.AuthorizationException in project camunda-bpm-platform by camunda.

the class ProcessInstanceAuthorizationTest method testActivateProcessInstanceByProcessDefinitionKeyWithoutAuthorization.

// activate process instance by process definition key /////////////////////////////
public void testActivateProcessInstanceByProcessDefinitionKeyWithoutAuthorization() {
    // given
    ProcessInstance instance = startProcessInstanceByKey(PROCESS_KEY);
    String processInstanceId = instance.getId();
    suspendProcessInstanceById(processInstanceId);
    try {
        // when
        runtimeService.activateProcessInstanceByProcessDefinitionKey(PROCESS_KEY);
        fail("Exception expected: It should not be posssible to suspend a process instance.");
    } catch (AuthorizationException e) {
        // then
        String message = e.getMessage();
        assertTextPresent(userId, message);
        assertTextPresent(UPDATE_INSTANCE.getName(), message);
        assertTextPresent(PROCESS_KEY, message);
        assertTextPresent(PROCESS_DEFINITION.resourceName(), message);
    }
}
Also used : AuthorizationException(org.camunda.bpm.engine.AuthorizationException) ProcessInstance(org.camunda.bpm.engine.runtime.ProcessInstance)

Aggregations

AuthorizationException (org.camunda.bpm.engine.AuthorizationException)213 Test (org.junit.Test)142 Matchers.anyString (org.mockito.Matchers.anyString)116 Matchers.containsString (org.hamcrest.Matchers.containsString)55 HashMap (java.util.HashMap)50 Authorization (org.camunda.bpm.engine.authorization.Authorization)22 ProcessEngineException (org.camunda.bpm.engine.ProcessEngineException)21 MissingAuthorization (org.camunda.bpm.engine.authorization.MissingAuthorization)21 InvalidRequestException (org.camunda.bpm.engine.rest.exception.InvalidRequestException)20 RestException (org.camunda.bpm.engine.rest.exception.RestException)14 AbstractRestServiceTest (org.camunda.bpm.engine.rest.AbstractRestServiceTest)13 User (org.camunda.bpm.engine.identity.User)12 Group (org.camunda.bpm.engine.identity.Group)10 Tenant (org.camunda.bpm.engine.identity.Tenant)10 ProcessInstance (org.camunda.bpm.engine.runtime.ProcessInstance)10 ArrayList (java.util.ArrayList)8 LinkedHashMap (java.util.LinkedHashMap)7 Map (java.util.Map)7 ExampleVariableObject (org.camunda.bpm.engine.rest.helper.ExampleVariableObject)7 ManagementService (org.camunda.bpm.engine.ManagementService)6