use of org.camunda.bpm.engine.identity.User in project camunda-bpm-platform by camunda.
the class LdapIdentityProviderSession method findUsersByGroupId.
protected List<User> findUsersByGroupId(LdapUserQueryImpl query) {
String baseDn = getDnForGroup(query.getGroupId());
// compose group search filter
String groupSearchFilter = "(& " + ldapConfiguration.getGroupSearchFilter() + ")";
NamingEnumeration<SearchResult> enumeration = null;
try {
enumeration = initialContext.search(baseDn, groupSearchFilter, ldapConfiguration.getSearchControls());
List<String> groupMemberList = new ArrayList<String>();
// first find group
while (enumeration.hasMoreElements()) {
SearchResult result = enumeration.nextElement();
Attribute memberAttribute = result.getAttributes().get(ldapConfiguration.getGroupMemberAttribute());
if (null != memberAttribute) {
NamingEnumeration<?> allMembers = memberAttribute.getAll();
// iterate group members
while (allMembers.hasMoreElements()) {
groupMemberList.add((String) allMembers.nextElement());
}
}
}
List<User> userList = new ArrayList<User>();
String userBaseDn = composeDn(ldapConfiguration.getUserSearchBase(), ldapConfiguration.getBaseDn());
int memberCount = 0;
for (String memberId : groupMemberList) {
if (userList.size() < query.getMaxResults() && memberCount >= query.getFirstResult()) {
if (ldapConfiguration.isUsePosixGroups()) {
query.userId(memberId);
}
List<User> users = ldapConfiguration.isUsePosixGroups() ? findUsersWithoutGroupId(query, userBaseDn, true) : findUsersWithoutGroupId(query, memberId, true);
if (users.size() > 0) {
userList.add(users.get(0));
}
}
memberCount++;
}
return userList;
} catch (NamingException e) {
throw new IdentityProviderException("Could not query for users", e);
} finally {
try {
if (enumeration != null) {
enumeration.close();
}
} catch (Exception e) {
// ignore silently
}
}
}
use of org.camunda.bpm.engine.identity.User in project camunda-bpm-platform by camunda.
the class IdentityRestServiceQueryTest method createMockIdentityQueries.
private void createMockIdentityQueries() {
UserQuery sampleUserQuery = mock(UserQuery.class);
List<User> mockUsers = new ArrayList<User>();
mockUser = MockProvider.createMockUser();
mockUsers.add(mockUser);
when(sampleUserQuery.list()).thenReturn(mockUsers);
when(sampleUserQuery.memberOfGroup(anyString())).thenReturn(sampleUserQuery);
when(sampleUserQuery.count()).thenReturn((long) mockUsers.size());
GroupQuery sampleGroupQuery = mock(GroupQuery.class);
List<Group> mockGroups = MockProvider.createMockGroups();
when(sampleGroupQuery.list()).thenReturn(mockGroups);
when(sampleGroupQuery.groupMember(anyString())).thenReturn(sampleGroupQuery);
when(sampleGroupQuery.orderByGroupName()).thenReturn(sampleGroupQuery);
when(sampleGroupQuery.orderByGroupId()).thenReturn(sampleGroupQuery);
when(sampleGroupQuery.orderByGroupType()).thenReturn(sampleGroupQuery);
when(sampleGroupQuery.asc()).thenReturn(sampleGroupQuery);
when(sampleGroupQuery.desc()).thenReturn(sampleGroupQuery);
when(processEngine.getIdentityService().createGroupQuery()).thenReturn(sampleGroupQuery);
when(processEngine.getIdentityService().createUserQuery()).thenReturn(sampleUserQuery);
}
use of org.camunda.bpm.engine.identity.User in project camunda-bpm-platform by camunda.
the class AuthorizationTest method createUser.
// user ////////////////////////////////////////////////////////////////
protected User createUser(String userId) {
User user = identityService.newUser(userId);
identityService.saveUser(user);
// give user all permission to manipulate authorizations
Authorization authorization = createGrantAuthorization(AUTHORIZATION, ANY);
authorization.setUserId(userId);
authorization.addPermission(ALL);
saveAuthorization(authorization);
// give user all permission to manipulate users
authorization = createGrantAuthorization(USER, ANY);
authorization.setUserId(userId);
authorization.addPermission(Permissions.ALL);
saveAuthorization(authorization);
return user;
}
use of org.camunda.bpm.engine.identity.User in project camunda-bpm-platform by camunda.
the class FilterTaskQueryTest method tearDown.
@Override
public void tearDown() {
processEngineConfiguration.setEnableExpressionsInAdhocQueries(false);
Mocks.reset();
for (Filter filter : filterService.createTaskFilterQuery().list()) {
filterService.deleteFilter(filter.getId());
}
for (Group group : identityService.createGroupQuery().list()) {
identityService.deleteGroup(group.getId());
}
for (User user : identityService.createUserQuery().list()) {
identityService.deleteUser(user.getId());
}
for (Task task : taskService.createTaskQuery().list()) {
if (task.getProcessInstanceId() == null) {
taskService.deleteTask(task.getId(), true);
}
}
}
use of org.camunda.bpm.engine.identity.User in project camunda-bpm-platform by camunda.
the class StartAuthorizationTest method testProcessDefinitionList.
// this test checks the list without user constraint
@Deployment
public void testProcessDefinitionList() throws Exception {
setUpUsersAndGroups();
try {
// Process 1 has no potential starters
ProcessDefinition latestProcessDef = repositoryService.createProcessDefinitionQuery().processDefinitionKey("process1").singleResult();
List<User> authorizedUsers = identityService.createUserQuery().potentialStarter(latestProcessDef.getId()).list();
assertEquals(0, authorizedUsers.size());
// user1 and user2 are potential Startes of Process2
latestProcessDef = repositoryService.createProcessDefinitionQuery().processDefinitionKey("process2").singleResult();
authorizedUsers = identityService.createUserQuery().potentialStarter(latestProcessDef.getId()).orderByUserId().asc().list();
assertEquals(2, authorizedUsers.size());
assertEquals("user1", authorizedUsers.get(0).getId());
assertEquals("user2", authorizedUsers.get(1).getId());
// Process 2 has no potential starter groups
latestProcessDef = repositoryService.createProcessDefinitionQuery().processDefinitionKey("process2").singleResult();
List<Group> authorizedGroups = identityService.createGroupQuery().potentialStarter(latestProcessDef.getId()).list();
assertEquals(0, authorizedGroups.size());
// Process 3 has 3 groups as authorized starter groups
latestProcessDef = repositoryService.createProcessDefinitionQuery().processDefinitionKey("process4").singleResult();
authorizedGroups = identityService.createGroupQuery().potentialStarter(latestProcessDef.getId()).orderByGroupId().asc().list();
assertEquals(3, authorizedGroups.size());
assertEquals("group1", authorizedGroups.get(0).getId());
assertEquals("group2", authorizedGroups.get(1).getId());
assertEquals("group3", authorizedGroups.get(2).getId());
// do not mention user, all processes should be selected
List<ProcessDefinition> processDefinitions = repositoryService.createProcessDefinitionQuery().orderByProcessDefinitionName().asc().list();
assertEquals(4, processDefinitions.size());
assertEquals("process1", processDefinitions.get(0).getKey());
assertEquals("process2", processDefinitions.get(1).getKey());
assertEquals("process3", processDefinitions.get(2).getKey());
assertEquals("process4", processDefinitions.get(3).getKey());
// check user1, process3 has "user1" as only authorized starter, and
// process2 has two authorized starters, of which one is "user1"
processDefinitions = repositoryService.createProcessDefinitionQuery().orderByProcessDefinitionName().asc().startableByUser("user1").list();
assertEquals(2, processDefinitions.size());
assertEquals("process2", processDefinitions.get(0).getKey());
assertEquals("process3", processDefinitions.get(1).getKey());
// "user2" can only start process2
processDefinitions = repositoryService.createProcessDefinitionQuery().startableByUser("user2").list();
assertEquals(1, processDefinitions.size());
assertEquals("process2", processDefinitions.get(0).getKey());
// no process could be started with "user4"
processDefinitions = repositoryService.createProcessDefinitionQuery().startableByUser("user4").list();
assertEquals(0, processDefinitions.size());
// "userInGroup3" is in "group3" and can start only process4 via group authorization
processDefinitions = repositoryService.createProcessDefinitionQuery().startableByUser("userInGroup3").list();
assertEquals(1, processDefinitions.size());
assertEquals("process4", processDefinitions.get(0).getKey());
// "userInGroup2" can start process4, via both user and group authorizations
// but we have to be sure that process4 appears only once
processDefinitions = repositoryService.createProcessDefinitionQuery().startableByUser("userInGroup2").list();
assertEquals(1, processDefinitions.size());
assertEquals("process4", processDefinitions.get(0).getKey());
} finally {
tearDownUsersAndGroups();
}
}
Aggregations