use of org.camunda.bpm.engine.identity.Group in project camunda-bpm-platform by camunda.
the class IdentityServiceAuthorizationsTest method testMembershipCreateAuthorizations.
public void testMembershipCreateAuthorizations() {
User jonny1 = identityService.newUser("jonny1");
identityService.saveUser(jonny1);
Group group1 = identityService.newGroup("group1");
identityService.saveGroup(group1);
// add base permission which allows nobody to add users to groups
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(GROUP_MEMBERSHIP);
basePerms.setResourceId(ANY);
// add all then remove 'crate'
basePerms.addPermission(ALL);
basePerms.removePermission(CREATE);
authorizationService.saveAuthorization(basePerms);
processEngineConfiguration.setAuthorizationEnabled(true);
identityService.setAuthenticatedUserId(jonny2);
try {
identityService.createMembership("jonny1", "group1");
fail("exception expected");
} catch (AuthorizationException e) {
assertEquals(1, e.getMissingAuthorizations().size());
MissingAuthorization info = e.getMissingAuthorizations().get(0);
assertEquals(jonny2, e.getUserId());
assertExceptionInfo(CREATE.getName(), GROUP_MEMBERSHIP.resourceName(), "group1", info);
}
}
use of org.camunda.bpm.engine.identity.Group in project camunda-bpm-platform by camunda.
the class IdentityServiceAuthorizationsTest method testGroupCreateAuthorizations.
public void testGroupCreateAuthorizations() {
// add base permission which allows nobody to create groups:
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(GROUP);
basePerms.setResourceId(ANY);
// add all then remove 'create'
basePerms.addPermission(ALL);
basePerms.removePermission(CREATE);
authorizationService.saveAuthorization(basePerms);
processEngineConfiguration.setAuthorizationEnabled(true);
identityService.setAuthenticatedUserId(jonny2);
try {
identityService.newGroup("group1");
fail("exception expected");
} catch (AuthorizationException e) {
assertEquals(1, e.getMissingAuthorizations().size());
MissingAuthorization info = e.getMissingAuthorizations().get(0);
assertEquals(jonny2, e.getUserId());
assertExceptionInfo(CREATE.getName(), GROUP.resourceName(), null, info);
}
// circumvent auth check to get new transient userobject
Group group = new GroupEntity("group1");
try {
identityService.saveGroup(group);
fail("exception expected");
} catch (AuthorizationException e) {
assertEquals(1, e.getMissingAuthorizations().size());
MissingAuthorization info = e.getMissingAuthorizations().get(0);
assertEquals(jonny2, e.getUserId());
assertExceptionInfo(CREATE.getName(), GROUP.resourceName(), null, info);
}
}
use of org.camunda.bpm.engine.identity.Group in project camunda-bpm-platform by camunda.
the class IdentityServiceAuthorizationsTest method testTenantGroupMembershipCreateAuthorizations.
public void testTenantGroupMembershipCreateAuthorizations() {
Group group1 = identityService.newGroup("group1");
identityService.saveGroup(group1);
Tenant tenant1 = identityService.newTenant("tenant1");
identityService.saveTenant(tenant1);
// add base permission which allows nobody to create memberships
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(TENANT_MEMBERSHIP);
basePerms.setResourceId(ANY);
// add all then remove 'create'
basePerms.addPermission(ALL);
basePerms.removePermission(CREATE);
authorizationService.saveAuthorization(basePerms);
processEngineConfiguration.setAuthorizationEnabled(true);
identityService.setAuthenticatedUserId(jonny2);
try {
identityService.createTenantGroupMembership("tenant1", "group1");
fail("exception expected");
} catch (AuthorizationException e) {
assertEquals(1, e.getMissingAuthorizations().size());
MissingAuthorization info = e.getMissingAuthorizations().get(0);
assertEquals(jonny2, e.getUserId());
assertExceptionInfo(CREATE.getName(), TENANT_MEMBERSHIP.resourceName(), "tenant1", info);
}
}
use of org.camunda.bpm.engine.identity.Group in project camunda-bpm-platform by camunda.
the class IdentityServiceAuthorizationsTest method testGroupQueryAuthorizations.
public void testGroupQueryAuthorizations() {
// we are jonny2
String authUserId = "jonny2";
identityService.setAuthenticatedUserId(authUserId);
// create new user jonny1
User jonny1 = identityService.newUser("jonny1");
identityService.saveUser(jonny1);
// create new group
Group group1 = identityService.newGroup("group1");
identityService.saveGroup(group1);
// set base permission for all users (no-one has any permissions on groups)
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(GROUP);
basePerms.setResourceId(ANY);
authorizationService.saveAuthorization(basePerms);
// now enable checks
processEngineConfiguration.setAuthorizationEnabled(true);
// we cannot fetch the group
assertNull(identityService.createGroupQuery().singleResult());
assertEquals(0, identityService.createGroupQuery().count());
// now we add permission for jonny2 to read the group:
processEngineConfiguration.setAuthorizationEnabled(false);
Authorization ourPerms = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
ourPerms.setUserId(authUserId);
ourPerms.setResource(GROUP);
ourPerms.setResourceId(ANY);
ourPerms.addPermission(READ);
authorizationService.saveAuthorization(ourPerms);
processEngineConfiguration.setAuthorizationEnabled(true);
// now we can fetch the group
assertNotNull(identityService.createGroupQuery().singleResult());
assertEquals(1, identityService.createGroupQuery().count());
// change the base permission:
processEngineConfiguration.setAuthorizationEnabled(false);
basePerms = authorizationService.createAuthorizationQuery().resourceType(GROUP).userIdIn("*").singleResult();
basePerms.addPermission(READ);
authorizationService.saveAuthorization(basePerms);
processEngineConfiguration.setAuthorizationEnabled(true);
// we can still fetch the group
assertNotNull(identityService.createGroupQuery().singleResult());
assertEquals(1, identityService.createGroupQuery().count());
// revoke permission for jonny2:
processEngineConfiguration.setAuthorizationEnabled(false);
ourPerms = authorizationService.createAuthorizationQuery().resourceType(GROUP).userIdIn(authUserId).singleResult();
ourPerms.removePermission(READ);
authorizationService.saveAuthorization(ourPerms);
Authorization revoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
revoke.setUserId(authUserId);
revoke.setResource(GROUP);
revoke.setResourceId(ANY);
revoke.removePermission(READ);
authorizationService.saveAuthorization(revoke);
processEngineConfiguration.setAuthorizationEnabled(true);
// now we cannot fetch the group
assertNull(identityService.createGroupQuery().singleResult());
assertEquals(0, identityService.createGroupQuery().count());
// delete our perms
processEngineConfiguration.setAuthorizationEnabled(false);
authorizationService.deleteAuthorization(ourPerms.getId());
authorizationService.deleteAuthorization(revoke.getId());
processEngineConfiguration.setAuthorizationEnabled(true);
// now the base permission applies and grants us read access
assertNotNull(identityService.createGroupQuery().singleResult());
assertEquals(1, identityService.createGroupQuery().count());
}
use of org.camunda.bpm.engine.identity.Group in project camunda-bpm-platform by camunda.
the class TaskQueryExpressionTest method setCurrentUser.
protected void setCurrentUser(User user) {
List<Group> groups = identityService.createGroupQuery().groupMember(user.getId()).list();
List<String> groupIds = new ArrayList<String>();
for (Group group : groups) {
groupIds.add(group.getId());
}
identityService.setAuthentication(user.getId(), groupIds);
}
Aggregations