Examples with Group org.camunda.bpm.engine.identity.Group used on opensource projects

Search in sources :

Example 76 with Group

use of org.camunda.bpm.engine.identity.Group in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testMembershipCreateAuthorizations.

public void testMembershipCreateAuthorizations() {
    User jonny1 = identityService.newUser("jonny1");
    identityService.saveUser(jonny1);
    Group group1 = identityService.newGroup("group1");
    identityService.saveGroup(group1);
    // add base permission which allows nobody to add users to groups
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(GROUP_MEMBERSHIP);
    basePerms.setResourceId(ANY);
    // add all then remove 'crate'
    basePerms.addPermission(ALL);
    basePerms.removePermission(CREATE);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);
    try {
        identityService.createMembership("jonny1", "group1");
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(CREATE.getName(), GROUP_MEMBERSHIP.resourceName(), "group1", info);
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) Group(org.camunda.bpm.engine.identity.Group) User(org.camunda.bpm.engine.identity.User) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) AuthorizationException(org.camunda.bpm.engine.AuthorizationException)

Example 77 with Group

use of org.camunda.bpm.engine.identity.Group in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testGroupCreateAuthorizations.

public void testGroupCreateAuthorizations() {
    // add base permission which allows nobody to create groups:
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(GROUP);
    basePerms.setResourceId(ANY);
    // add all then remove 'create'
    basePerms.addPermission(ALL);
    basePerms.removePermission(CREATE);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);
    try {
        identityService.newGroup("group1");
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(CREATE.getName(), GROUP.resourceName(), null, info);
    }
    // circumvent auth check to get new transient userobject
    Group group = new GroupEntity("group1");
    try {
        identityService.saveGroup(group);
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(CREATE.getName(), GROUP.resourceName(), null, info);
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) Group(org.camunda.bpm.engine.identity.Group) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) AuthorizationException(org.camunda.bpm.engine.AuthorizationException) GroupEntity(org.camunda.bpm.engine.impl.persistence.entity.GroupEntity)

Example 78 with Group

use of org.camunda.bpm.engine.identity.Group in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testTenantGroupMembershipCreateAuthorizations.

public void testTenantGroupMembershipCreateAuthorizations() {
    Group group1 = identityService.newGroup("group1");
    identityService.saveGroup(group1);
    Tenant tenant1 = identityService.newTenant("tenant1");
    identityService.saveTenant(tenant1);
    // add base permission which allows nobody to create memberships
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(TENANT_MEMBERSHIP);
    basePerms.setResourceId(ANY);
    // add all then remove 'create'
    basePerms.addPermission(ALL);
    basePerms.removePermission(CREATE);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);
    try {
        identityService.createTenantGroupMembership("tenant1", "group1");
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(CREATE.getName(), TENANT_MEMBERSHIP.resourceName(), "tenant1", info);
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) Group(org.camunda.bpm.engine.identity.Group) Tenant(org.camunda.bpm.engine.identity.Tenant) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) AuthorizationException(org.camunda.bpm.engine.AuthorizationException)

Example 79 with Group

use of org.camunda.bpm.engine.identity.Group in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testGroupQueryAuthorizations.

public void testGroupQueryAuthorizations() {
    // we are jonny2
    String authUserId = "jonny2";
    identityService.setAuthenticatedUserId(authUserId);
    // create new user jonny1
    User jonny1 = identityService.newUser("jonny1");
    identityService.saveUser(jonny1);
    // create new group
    Group group1 = identityService.newGroup("group1");
    identityService.saveGroup(group1);
    // set base permission for all users (no-one has any permissions on groups)
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(GROUP);
    basePerms.setResourceId(ANY);
    authorizationService.saveAuthorization(basePerms);
    // now enable checks
    processEngineConfiguration.setAuthorizationEnabled(true);
    // we cannot fetch the group
    assertNull(identityService.createGroupQuery().singleResult());
    assertEquals(0, identityService.createGroupQuery().count());
    // now we add permission for jonny2 to read the group:
    processEngineConfiguration.setAuthorizationEnabled(false);
    Authorization ourPerms = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    ourPerms.setUserId(authUserId);
    ourPerms.setResource(GROUP);
    ourPerms.setResourceId(ANY);
    ourPerms.addPermission(READ);
    authorizationService.saveAuthorization(ourPerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    // now we can fetch the group
    assertNotNull(identityService.createGroupQuery().singleResult());
    assertEquals(1, identityService.createGroupQuery().count());
    // change the base permission:
    processEngineConfiguration.setAuthorizationEnabled(false);
    basePerms = authorizationService.createAuthorizationQuery().resourceType(GROUP).userIdIn("*").singleResult();
    basePerms.addPermission(READ);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    // we can still fetch the group
    assertNotNull(identityService.createGroupQuery().singleResult());
    assertEquals(1, identityService.createGroupQuery().count());
    // revoke permission for jonny2:
    processEngineConfiguration.setAuthorizationEnabled(false);
    ourPerms = authorizationService.createAuthorizationQuery().resourceType(GROUP).userIdIn(authUserId).singleResult();
    ourPerms.removePermission(READ);
    authorizationService.saveAuthorization(ourPerms);
    Authorization revoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
    revoke.setUserId(authUserId);
    revoke.setResource(GROUP);
    revoke.setResourceId(ANY);
    revoke.removePermission(READ);
    authorizationService.saveAuthorization(revoke);
    processEngineConfiguration.setAuthorizationEnabled(true);
    // now we cannot fetch the group
    assertNull(identityService.createGroupQuery().singleResult());
    assertEquals(0, identityService.createGroupQuery().count());
    // delete our perms
    processEngineConfiguration.setAuthorizationEnabled(false);
    authorizationService.deleteAuthorization(ourPerms.getId());
    authorizationService.deleteAuthorization(revoke.getId());
    processEngineConfiguration.setAuthorizationEnabled(true);
    // now the base permission applies and grants us read access
    assertNotNull(identityService.createGroupQuery().singleResult());
    assertEquals(1, identityService.createGroupQuery().count());
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) Group(org.camunda.bpm.engine.identity.Group) User(org.camunda.bpm.engine.identity.User)

Example 80 with Group

use of org.camunda.bpm.engine.identity.Group in project camunda-bpm-platform by camunda.

the class TaskQueryExpressionTest method setCurrentUser.

protected void setCurrentUser(User user) {
    List<Group> groups = identityService.createGroupQuery().groupMember(user.getId()).list();
    List<String> groupIds = new ArrayList<String>();
    for (Group group : groups) {
        groupIds.add(group.getId());
    }
    identityService.setAuthentication(user.getId(), groupIds);
}
Also used : Group(org.camunda.bpm.engine.identity.Group) ArrayList(java.util.ArrayList)

Aggregations

Group (org.camunda.bpm.engine.identity.Group)92 Test (org.junit.Test)34 User (org.camunda.bpm.engine.identity.User)29 GroupQuery (org.camunda.bpm.engine.identity.GroupQuery)22 Authorization (org.camunda.bpm.engine.authorization.Authorization)13 ArrayList (java.util.ArrayList)12 Matchers.anyString (org.mockito.Matchers.anyString)12 AuthorizationException (org.camunda.bpm.engine.AuthorizationException)10 MissingAuthorization (org.camunda.bpm.engine.authorization.MissingAuthorization)9 Tenant (org.camunda.bpm.engine.identity.Tenant)9 IdentityService (org.camunda.bpm.engine.IdentityService)7 InvalidRequestException (org.camunda.bpm.engine.rest.exception.InvalidRequestException)7 UserQuery (org.camunda.bpm.engine.identity.UserQuery)4 Authentication (org.camunda.bpm.engine.impl.identity.Authentication)4 Before (org.junit.Before)4 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 AuthorizationService (org.camunda.bpm.engine.AuthorizationService)3 ProcessDefinition (org.camunda.bpm.engine.repository.ProcessDefinition)3 ProcessEngine (org.camunda.bpm.engine.ProcessEngine)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial