Search in sources :

Example 21 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class AuthorizationRestServiceInteractionTest method testUpdateNonExistingAuthorization.

@Test
public void testUpdateNonExistingAuthorization() {
    Authorization authorization = MockProvider.createMockGlobalAuthorization();
    AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
    when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
    when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
    when(authorizationQuery.singleResult()).thenReturn(null);
    AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization);
    given().pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID).body(dto).contentType(ContentType.JSON).then().expect().statusCode(Status.NOT_FOUND.getStatusCode()).contentType(ContentType.JSON).body("message", equalTo("Authorization with id " + MockProvider.EXAMPLE_AUTHORIZATION_ID + " does not exist.")).when().put(AUTH_RESOURCE_PATH);
    verify(authorizationServiceMock, never()).saveAuthorization(authorization);
}
Also used : Authorization(org.camunda.bpm.engine.authorization.Authorization) AuthorizationDto(org.camunda.bpm.engine.rest.dto.authorization.AuthorizationDto) AuthorizationQuery(org.camunda.bpm.engine.authorization.AuthorizationQuery) Test(org.junit.Test)

Example 22 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class AuthorizationRestServiceInteractionTest method testSaveAuthorizationThrowsAuthorizationException.

@Test
public void testSaveAuthorizationThrowsAuthorizationException() {
    String message = "expected authorization exception";
    when(authorizationServiceMock.saveAuthorization(any(Authorization.class))).thenThrow(new AuthorizationException(message));
    Authorization authorization = MockProvider.createMockGrantAuthorization();
    when(authorizationServiceMock.createNewAuthorization(Authorization.AUTH_TYPE_GRANT)).thenReturn(authorization);
    AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization);
    given().body(dto).contentType(ContentType.JSON).then().expect().statusCode(Status.FORBIDDEN.getStatusCode()).contentType(ContentType.JSON).body("type", equalTo(AuthorizationException.class.getSimpleName())).body("message", equalTo(message)).when().post(AUTH_CREATE_PATH);
}
Also used : Authorization(org.camunda.bpm.engine.authorization.Authorization) AuthorizationDto(org.camunda.bpm.engine.rest.dto.authorization.AuthorizationDto) AuthorizationException(org.camunda.bpm.engine.AuthorizationException) Matchers.anyString(org.mockito.Matchers.anyString) Test(org.junit.Test)

Example 23 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class AuthorizationRestServiceInteractionTest method testAuthorizationResourceOptionsUpdateUnauthorized.

@Test
public void testAuthorizationResourceOptionsUpdateUnauthorized() {
    String fullAuthorizationUrl = "http://localhost:" + PORT + TEST_RESOURCE_ROOT_PATH + AuthorizationRestService.PATH + "/" + MockProvider.EXAMPLE_AUTHORIZATION_ID;
    Authorization authorization = MockProvider.createMockGlobalAuthorization();
    AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
    when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
    when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
    when(authorizationQuery.singleResult()).thenReturn(authorization);
    Authentication authentication = new Authentication(MockProvider.EXAMPLE_USER_ID, null);
    when(identityServiceMock.getCurrentAuthentication()).thenReturn(authentication);
    when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(true);
    when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, UPDATE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(false);
    when(processEngine.getProcessEngineConfiguration().isAuthorizationEnabled()).thenReturn(true);
    given().pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID).then().statusCode(Status.OK.getStatusCode()).body("links[0].href", equalTo(fullAuthorizationUrl)).body("links[0].method", equalTo(HttpMethod.GET)).body("links[0].rel", equalTo("self")).body("links[1].href", equalTo(fullAuthorizationUrl)).body("links[1].method", equalTo(HttpMethod.DELETE)).body("links[1].rel", equalTo("delete")).body("links[2]", nullValue()).when().options(AUTH_RESOURCE_PATH);
    verify(identityServiceMock, times(2)).getCurrentAuthentication();
    verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID);
    verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, UPDATE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID);
}
Also used : Authorization(org.camunda.bpm.engine.authorization.Authorization) AuthorizationQuery(org.camunda.bpm.engine.authorization.AuthorizationQuery) Authentication(org.camunda.bpm.engine.impl.identity.Authentication) Matchers.anyString(org.mockito.Matchers.anyString) Test(org.junit.Test)

Example 24 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class AuthorizationRestServiceInteractionTest method testDeleteAuthorization.

@Test
public void testDeleteAuthorization() {
    Authorization authorization = MockProvider.createMockGlobalAuthorization();
    AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
    when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
    when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
    when(authorizationQuery.singleResult()).thenReturn(authorization);
    given().pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID).then().expect().statusCode(Status.NO_CONTENT.getStatusCode()).when().delete(AUTH_RESOURCE_PATH);
    verify(authorizationQuery).authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID);
    verify(authorizationServiceMock).deleteAuthorization(MockProvider.EXAMPLE_AUTHORIZATION_ID);
}
Also used : Authorization(org.camunda.bpm.engine.authorization.Authorization) AuthorizationQuery(org.camunda.bpm.engine.authorization.AuthorizationQuery) Test(org.junit.Test)

Example 25 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class AuthorizationRestServiceInteractionTest method testCreateRevokeAuthorization.

@Test
public void testCreateRevokeAuthorization() {
    Authorization authorization = MockProvider.createMockRevokeAuthorization();
    when(authorizationServiceMock.createNewAuthorization(Authorization.AUTH_TYPE_REVOKE)).thenReturn(authorization);
    when(authorizationServiceMock.saveAuthorization(authorization)).thenReturn(authorization);
    AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
    when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
    when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
    when(authorizationQuery.singleResult()).thenReturn(authorization);
    AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization);
    given().body(dto).contentType(ContentType.JSON).then().expect().statusCode(Status.OK.getStatusCode()).when().post(AUTH_CREATE_PATH);
    verify(authorizationServiceMock).createNewAuthorization(Authorization.AUTH_TYPE_REVOKE);
    verify(authorization, times(2)).setUserId(authorization.getUserId());
    verify(authorization, times(4)).setResourceType(authorization.getAuthorizationType());
    verify(authorization, times(2)).setResourceId(authorization.getResourceId());
    verify(authorization, times(2)).setPermissions(authorization.getPermissions(Permissions.values()));
    verify(authorizationServiceMock).saveAuthorization(authorization);
}
Also used : Authorization(org.camunda.bpm.engine.authorization.Authorization) AuthorizationDto(org.camunda.bpm.engine.rest.dto.authorization.AuthorizationDto) AuthorizationQuery(org.camunda.bpm.engine.authorization.AuthorizationQuery) Test(org.junit.Test)

Aggregations

Authorization (org.camunda.bpm.engine.authorization.Authorization)117 MissingAuthorization (org.camunda.bpm.engine.authorization.MissingAuthorization)26 AuthorizationException (org.camunda.bpm.engine.AuthorizationException)22 User (org.camunda.bpm.engine.identity.User)20 Test (org.junit.Test)17 AuthorizationQuery (org.camunda.bpm.engine.authorization.AuthorizationQuery)16 Group (org.camunda.bpm.engine.identity.Group)13 Permission (org.camunda.bpm.engine.authorization.Permission)12 AuthorizationService (org.camunda.bpm.engine.AuthorizationService)9 Tenant (org.camunda.bpm.engine.identity.Tenant)9 AuthorizationDto (org.camunda.bpm.engine.rest.dto.authorization.AuthorizationDto)8 Matchers.anyString (org.mockito.Matchers.anyString)7 ProcessEngineException (org.camunda.bpm.engine.ProcessEngineException)5 IdentityService (org.camunda.bpm.engine.IdentityService)3 Resource (org.camunda.bpm.engine.authorization.Resource)3 TenantEntity (org.camunda.bpm.engine.impl.persistence.entity.TenantEntity)3 Before (org.junit.Before)3 ArrayList (java.util.ArrayList)2 HashSet (java.util.HashSet)2 Filter (org.camunda.bpm.engine.filter.Filter)2