use of org.camunda.bpm.engine.authorization.MissingAuthorization in project camunda-bpm-platform by camunda.
the class AuthorizationException method generateExceptionMessage.
/**
* Generate exception message from the missing authorizations.
*
* @param userId to use
* @param missingAuthorizations to use
* @return The prepared exception message
*/
private static String generateExceptionMessage(String userId, List<MissingAuthorization> missingAuthorizations) {
StringBuilder sBuilder = new StringBuilder();
sBuilder.append("The user with id '");
sBuilder.append(userId);
sBuilder.append("' does not have one of the following permissions: ");
boolean first = true;
for (MissingAuthorization missingAuthorization : missingAuthorizations) {
if (!first) {
sBuilder.append(" or ");
} else {
first = false;
}
sBuilder.append(generateMissingAuthorizationMessage(missingAuthorization));
}
return sBuilder.toString();
}
use of org.camunda.bpm.engine.authorization.MissingAuthorization in project camunda-bpm-platform by camunda.
the class AuthorizationManager method checkAuthorization.
public void checkAuthorization(List<PermissionCheck> permissionChecks) {
if (isAuthCheckExecuted()) {
Authentication currentAuthentication = getCurrentAuthentication();
String userId = currentAuthentication.getUserId();
boolean isAuthorized = isAuthorized(userId, currentAuthentication.getGroupIds(), permissionChecks);
if (!isAuthorized) {
List<MissingAuthorization> missingAuthorizations = new ArrayList<MissingAuthorization>();
for (PermissionCheck check : permissionChecks) {
missingAuthorizations.add(new MissingAuthorization(check.getPermission().getName(), check.getResource().resourceName(), check.getResourceId()));
}
throw new AuthorizationException(userId, missingAuthorizations);
}
}
}
use of org.camunda.bpm.engine.authorization.MissingAuthorization in project camunda-bpm-platform by camunda.
the class AuthorizationManager method checkAuthorization.
public void checkAuthorization(CompositePermissionCheck compositePermissionCheck) {
if (isAuthCheckExecuted()) {
Authentication currentAuthentication = getCurrentAuthentication();
String userId = currentAuthentication.getUserId();
boolean isAuthorized = isAuthorized(compositePermissionCheck);
if (!isAuthorized) {
List<MissingAuthorization> missingAuthorizations = new ArrayList<MissingAuthorization>();
for (PermissionCheck check : compositePermissionCheck.getAllPermissionChecks()) {
missingAuthorizations.add(new MissingAuthorization(check.getPermission().getName(), check.getResource().resourceName(), check.getResourceId()));
}
throw new AuthorizationException(userId, missingAuthorizations);
}
}
}
use of org.camunda.bpm.engine.authorization.MissingAuthorization in project camunda-bpm-platform by camunda.
the class MissingAuthorizationMatcher method asMissingAuthorization.
protected static MissingAuthorization asMissingAuthorization(Authorization authorization) {
String permissionName = null;
String resourceId = null;
String resourceName = null;
for (Permission permission : authorization.getPermissions(Permissions.values())) {
if (permission != Permissions.NONE) {
permissionName = permission.getName();
break;
}
}
if (!Authorization.ANY.equals(authorization.getResourceId())) {
// missing ANY authorizations are not explicitly represented in the error message
resourceId = authorization.getResourceId();
}
Resource resource = AuthorizationTestUtil.getResourceByType(authorization.getResourceType());
resourceName = resource.resourceName();
return new MissingAuthorization(permissionName, resourceName, resourceId);
}
use of org.camunda.bpm.engine.authorization.MissingAuthorization in project camunda-bpm-platform by camunda.
the class IdentityServiceAuthorizationsTest method testTenantUserMembershipCreateAuthorizations.
public void testTenantUserMembershipCreateAuthorizations() {
User jonny1 = identityService.newUser("jonny1");
identityService.saveUser(jonny1);
Tenant tenant1 = identityService.newTenant("tenant1");
identityService.saveTenant(tenant1);
// add base permission which allows nobody to create memberships
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(TENANT_MEMBERSHIP);
basePerms.setResourceId(ANY);
// add all then remove 'create'
basePerms.addPermission(ALL);
basePerms.removePermission(CREATE);
authorizationService.saveAuthorization(basePerms);
processEngineConfiguration.setAuthorizationEnabled(true);
identityService.setAuthenticatedUserId(jonny2);
try {
identityService.createTenantUserMembership("tenant1", "jonny1");
fail("exception expected");
} catch (AuthorizationException e) {
assertEquals(1, e.getMissingAuthorizations().size());
MissingAuthorization info = e.getMissingAuthorizations().get(0);
assertEquals(jonny2, e.getUserId());
assertExceptionInfo(CREATE.getName(), TENANT_MEMBERSHIP.resourceName(), "tenant1", info);
}
}
Aggregations