Search in sources :

Example 46 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testGroupUpdateAuthorizations.

public void testGroupUpdateAuthorizations() {
    // crate group while still in god-mode:
    Group group1 = identityService.newGroup("group1");
    identityService.saveGroup(group1);
    // create global auth
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(GROUP);
    basePerms.setResourceId(ANY);
    basePerms.addPermission(ALL);
    // revoke update
    basePerms.removePermission(UPDATE);
    authorizationService.saveAuthorization(basePerms);
    // turn on authorization
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);
    // fetch user:
    group1 = identityService.createGroupQuery().singleResult();
    group1.setName("Group 1");
    try {
        identityService.saveGroup(group1);
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(UPDATE.getName(), GROUP.resourceName(), "group1", info);
    }
    // but I can create a new group:
    Group group2 = identityService.newGroup("group2");
    identityService.saveGroup(group2);
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) Group(org.camunda.bpm.engine.identity.Group) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) AuthorizationException(org.camunda.bpm.engine.AuthorizationException)

Example 47 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testTenantCreateAuthorizations.

public void testTenantCreateAuthorizations() {
    // add base permission which allows nobody to create tenants:
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(TENANT);
    basePerms.setResourceId(ANY);
    // add all then remove 'create'
    basePerms.addPermission(ALL);
    basePerms.removePermission(CREATE);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);
    try {
        identityService.newTenant("tenant");
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(CREATE.getName(), TENANT.resourceName(), null, info);
    }
    // circumvent auth check to get new transient userobject
    Tenant tenant = new TenantEntity("tenant");
    try {
        identityService.saveTenant(tenant);
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(CREATE.getName(), TENANT.resourceName(), null, info);
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) Tenant(org.camunda.bpm.engine.identity.Tenant) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) AuthorizationException(org.camunda.bpm.engine.AuthorizationException) TenantEntity(org.camunda.bpm.engine.impl.persistence.entity.TenantEntity)

Example 48 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testTenantDeleteAuthorizations.

public void testTenantDeleteAuthorizations() {
    // create tenant
    Tenant tenant = new TenantEntity("tenant");
    identityService.saveTenant(tenant);
    // create global auth
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(TENANT);
    basePerms.setResourceId(ANY);
    basePerms.addPermission(ALL);
    // revoke delete
    basePerms.removePermission(DELETE);
    authorizationService.saveAuthorization(basePerms);
    // turn on authorization
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);
    try {
        identityService.deleteTenant("tenant");
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(DELETE.getName(), TENANT.resourceName(), "tenant", info);
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) Tenant(org.camunda.bpm.engine.identity.Tenant) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) TenantEntity(org.camunda.bpm.engine.impl.persistence.entity.TenantEntity) AuthorizationException(org.camunda.bpm.engine.AuthorizationException)

Example 49 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testMembershipDeleteAuthorizations.

public void testMembershipDeleteAuthorizations() {
    User jonny1 = identityService.newUser("jonny1");
    identityService.saveUser(jonny1);
    Group group1 = identityService.newGroup("group1");
    identityService.saveGroup(group1);
    // add base permission which allows nobody to add users to groups
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(GROUP_MEMBERSHIP);
    basePerms.setResourceId(ANY);
    // add all then remove 'delete'
    basePerms.addPermission(ALL);
    basePerms.removePermission(DELETE);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);
    try {
        identityService.deleteMembership("jonny1", "group1");
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(DELETE.getName(), GROUP_MEMBERSHIP.resourceName(), "group1", info);
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) Group(org.camunda.bpm.engine.identity.Group) User(org.camunda.bpm.engine.identity.User) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) AuthorizationException(org.camunda.bpm.engine.AuthorizationException)

Example 50 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testUserCreateAuthorizations.

public void testUserCreateAuthorizations() {
    // add base permission which allows nobody to create users:
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(USER);
    basePerms.setResourceId(ANY);
    // add all then remove 'create'
    basePerms.addPermission(ALL);
    basePerms.removePermission(CREATE);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);
    try {
        identityService.newUser("jonny1");
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(CREATE.getName(), USER.resourceName(), null, info);
    }
    // circumvent auth check to get new transient userobject
    User newUser = new UserEntity("jonny1");
    try {
        identityService.saveUser(newUser);
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(CREATE.getName(), USER.resourceName(), null, info);
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) User(org.camunda.bpm.engine.identity.User) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) AuthorizationException(org.camunda.bpm.engine.AuthorizationException) UserEntity(org.camunda.bpm.engine.impl.persistence.entity.UserEntity)

Aggregations

Authorization (org.camunda.bpm.engine.authorization.Authorization)117 MissingAuthorization (org.camunda.bpm.engine.authorization.MissingAuthorization)26 AuthorizationException (org.camunda.bpm.engine.AuthorizationException)22 User (org.camunda.bpm.engine.identity.User)20 Test (org.junit.Test)17 AuthorizationQuery (org.camunda.bpm.engine.authorization.AuthorizationQuery)16 Group (org.camunda.bpm.engine.identity.Group)13 Permission (org.camunda.bpm.engine.authorization.Permission)12 AuthorizationService (org.camunda.bpm.engine.AuthorizationService)9 Tenant (org.camunda.bpm.engine.identity.Tenant)9 AuthorizationDto (org.camunda.bpm.engine.rest.dto.authorization.AuthorizationDto)8 Matchers.anyString (org.mockito.Matchers.anyString)7 ProcessEngineException (org.camunda.bpm.engine.ProcessEngineException)5 IdentityService (org.camunda.bpm.engine.IdentityService)3 Resource (org.camunda.bpm.engine.authorization.Resource)3 TenantEntity (org.camunda.bpm.engine.impl.persistence.entity.TenantEntity)3 Before (org.junit.Before)3 ArrayList (java.util.ArrayList)2 HashSet (java.util.HashSet)2 Filter (org.camunda.bpm.engine.filter.Filter)2