protected void applyFilters(AuthorizationQuery query) { if (id != null) { query.authorizationId(id); } if (type != null) { query.authorizationType(type); } if (userIdIn != null) { query.userIdIn(userIdIn); } if (groupIdIn != null) { query.groupIdIn(groupIdIn); } if (resourceType != null) { query.resourceType(resourceType); } if (resourceId != null) { query.resourceId(resourceId); } }
protected void applyFilters(AuthorizationQuery query) { if (id != null) { query.authorizationId(id); } if (type != null) { query.authorizationType(type); } if (userIdIn != null) { query.userIdIn(userIdIn); } if (groupIdIn != null) { query.groupIdIn(groupIdIn); } if (resourceType != null) { query.resourceType(resourceType); } if (resourceId != null) { query.resourceId(resourceId); } }
@Test public void testCompleteGetParameters() { List<Authorization> mockAuthorizations = MockProvider.createMockGlobalAuthorizations(); AuthorizationQuery mockQuery = setUpMockQuery(mockAuthorizations); Map<String, String> queryParameters = getCompleteStringQueryParameters(); RequestSpecification requestSpecification = given().contentType(POST_JSON_CONTENT_TYPE); for (Entry<String, String> paramEntry : queryParameters.entrySet()) { requestSpecification.parameter(paramEntry.getKey(), paramEntry.getValue()); } requestSpecification.expect().statusCode(Status.OK.getStatusCode()) .when().get(SERVICE_PATH); verify(mockQuery).authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID); verify(mockQuery).authorizationType(MockProvider.EXAMPLE_AUTHORIZATION_TYPE); verify(mockQuery).userIdIn(new String[]{MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_ID2}); verify(mockQuery).groupIdIn(new String[]{MockProvider.EXAMPLE_GROUP_ID, MockProvider.EXAMPLE_GROUP_ID2}); verify(mockQuery).resourceType(MockProvider.EXAMPLE_RESOURCE_TYPE_ID); verify(mockQuery).resourceId(MockProvider.EXAMPLE_RESOURCE_ID); verify(mockQuery).list(); }
if(authorizationService.createAuthorizationQuery().groupIdIn(administratorGroupName).resourceType(resource).resourceId(ANY).count() == 0) { AuthorizationEntity adminGroupAuth = new AuthorizationEntity(AUTH_TYPE_GRANT); adminGroupAuth.setGroupId(administratorGroupName); if(authorizationService.createAuthorizationQuery().userIdIn(administratorUserName).resourceType(resource).resourceId(ANY).count() == 0) { AuthorizationEntity adminUserAuth = new AuthorizationEntity(AUTH_TYPE_GRANT); adminUserAuth.setUserId(administratorUserName);
if(authorizationService.createAuthorizationQuery().groupIdIn(administratorGroupName).resourceType(resource).resourceId(ANY).count() == 0) { AuthorizationEntity adminGroupAuth = new AuthorizationEntity(AUTH_TYPE_GRANT); adminGroupAuth.setGroupId(administratorGroupName); if(authorizationService.createAuthorizationQuery().userIdIn(administratorUserName).resourceType(resource).resourceId(ANY).count() == 0) { AuthorizationEntity adminUserAuth = new AuthorizationEntity(AUTH_TYPE_GRANT); adminUserAuth.setUserId(administratorUserName);
@Test public void testCreateAndDeleteTenantGroupMembership() { identityService.createTenantGroupMembership(TENANT_ONE, GROUP_ID); identityService.deleteTenantGroupMembership(TENANT_ONE, GROUP_ID); assertEquals(0, authorizationService.createAuthorizationQuery() .groupIdIn(GROUP_ID) .resourceType(Resources.TENANT) .hasPermission(Permissions.READ).count()); identityService.setAuthentication(USER_ID, Collections.singletonList(GROUP_ID)); assertEquals(0,identityService.createTenantQuery() .count()); }
@Test public void testCreateAndDeleteTenantUserMembershipForMultipleTenants() { createTenant(TENANT_TWO); identityService.createTenantUserMembership(TENANT_ONE, USER_ID); identityService.createTenantUserMembership(TENANT_TWO, USER_ID); assertEquals(2, authorizationService.createAuthorizationQuery() .userIdIn(USER_ID) .resourceType(Resources.TENANT) .hasPermission(Permissions.READ).count()); identityService.deleteTenantUserMembership(TENANT_ONE, USER_ID); assertEquals(1, authorizationService.createAuthorizationQuery() .userIdIn(USER_ID) .resourceType(Resources.TENANT) .hasPermission(Permissions.READ).count()); }
@Test public void testCreateAndDeleteTenantGroupMembershipForMultipleTenants() { createTenant(TENANT_TWO); identityService.createTenantGroupMembership(TENANT_ONE, GROUP_ID); identityService.createTenantGroupMembership(TENANT_TWO, GROUP_ID); assertEquals(2, authorizationService.createAuthorizationQuery() .groupIdIn(GROUP_ID) .resourceType(Resources.TENANT) .hasPermission(Permissions.READ).count()); identityService.deleteTenantGroupMembership(TENANT_ONE, GROUP_ID); assertEquals(1, authorizationService.createAuthorizationQuery() .groupIdIn(GROUP_ID) .resourceType(Resources.TENANT) .hasPermission(Permissions.READ).count()); }
@Test public void testCreateTenantGroupMembership() { identityService.createTenantGroupMembership(TENANT_ONE, GROUP_ID); assertEquals(1, authorizationService.createAuthorizationQuery() .groupIdIn(GROUP_ID) .resourceType(Resources.TENANT) .resourceId(TENANT_ONE) .hasPermission(Permissions.READ).count()); identityService.setAuthentication(USER_ID, Collections.singletonList(GROUP_ID)); assertEquals(TENANT_ONE,identityService.createTenantQuery() .singleResult() .getId()); }
@Test public void testQueryPermissionsWithMixedResource() throws Exception { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId("userId"); authorization.setResource(Resources.PROCESS_DEFINITION); authorization.addPermission(Permissions.READ); authorization.addPermission(ProcessDefinitionPermissions.RETRY_JOB); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); // assume Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.PROCESS_DEFINITION).singleResult(); assertNotNull(authResult); assertEquals(1, authorizationService.createAuthorizationQuery() .resourceType(Resources.PROCESS_DEFINITION) .hasPermission(ProcessDefinitionPermissions.READ) .hasPermission(ProcessDefinitionPermissions.RETRY_JOB) .count()); assertEquals(1, authorizationService.createAuthorizationQuery() .resourceType(Resources.PROCESS_DEFINITION) .hasPermission(ProcessDefinitionPermissions.READ) .count()); // then assertEquals(0, authorizationService.createAuthorizationQuery() .resourceType(Resources.PROCESS_DEFINITION) .hasPermission(Permissions.READ) .hasPermission(Permissions.ACCESS) .count()); }
@Test public void testQueryPermissionWithMixedResource() throws Exception { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId("userId"); authorization.setResource(Resources.APPLICATION); authorization.addPermission(Permissions.ACCESS); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); // assume Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.APPLICATION).singleResult(); assertNotNull(authResult); // then assertEquals(0, authorizationService.createAuthorizationQuery() .resourceType(Resources.BATCH) .hasPermission(Permissions.ACCESS) .count()); }
@Test public void testCreateAndDeleteTenantUserMembership() { identityService.createTenantUserMembership(TENANT_ONE, USER_ID); identityService.deleteTenantUserMembership(TENANT_ONE, USER_ID); assertEquals(0, authorizationService.createAuthorizationQuery() .userIdIn(USER_ID) .resourceType(Resources.TENANT) .hasPermission(Permissions.READ).count()); identityService.setAuthenticatedUserId(USER_ID); assertEquals(0,identityService.createTenantQuery() .count()); }
@Test public void testCreateTenantUserMembership() { identityService.createTenantUserMembership(TENANT_ONE, USER_ID); assertEquals(1, authorizationService.createAuthorizationQuery() .userIdIn(USER_ID) .resourceType(Resources.TENANT) .resourceId(TENANT_ONE) .hasPermission(Permissions.READ).count()); identityService.setAuthenticatedUserId(USER_ID); assertEquals(TENANT_ONE,identityService.createTenantQuery() .singleResult() .getId()); }
public void testTenantAuthorizationAfterDeleteGroup() { // given jonny2 who is allowed to do group operations User jonny = identityService.newUser(jonny2); identityService.saveUser(jonny); grantPermissions(); // turn on authorization processEngineConfiguration.setAuthorizationEnabled(true); identityService.setAuthenticatedUserId(jonny2); // create group Group group1 = identityService.newGroup("group1"); identityService.saveGroup(group1); // and tenant String tenant1 = "tenant1"; Tenant tenant = identityService.newTenant(tenant1); identityService.saveTenant(tenant); identityService.createTenantGroupMembership(tenant1, "group1"); // assume TenantQuery query = identityService.createTenantQuery().groupMember("group1"); assertThat(query.count(), is(1L)); // when identityService.deleteGroup("group1"); // turn off authorization processEngineConfiguration.setAuthorizationEnabled(false); // then assertThat(query.count(), is(0L)); assertThat(authorizationService.createAuthorizationQuery().resourceType(TENANT).groupIdIn("group1").count(), is(0L)); }
public void testTenantAuthorizationAfterDeleteUser() { // given jonny2 who is allowed to do user operations User jonny = identityService.newUser(jonny2); identityService.saveUser(jonny); grantPermissions(); // turn on authorization processEngineConfiguration.setAuthorizationEnabled(true); identityService.setAuthenticatedUserId(jonny2); // create user User jonny1 = identityService.newUser("jonny1"); identityService.saveUser(jonny1); String jonny1Id = jonny1.getId(); // and tenant String tenant1 = "tenant1"; Tenant tenant = identityService.newTenant(tenant1); identityService.saveTenant(tenant); identityService.createTenantUserMembership(tenant1, jonny1Id); // assume TenantQuery query = identityService.createTenantQuery().userMember(jonny1Id); assertThat(query.count(), is(1L)); // when identityService.deleteUser(jonny1Id); // turn off authorization processEngineConfiguration.setAuthorizationEnabled(false); // then assertThat(query.count(), is(0L)); assertThat(authorizationService.createAuthorizationQuery().resourceType(TENANT).userIdIn(jonny1Id).count(), is(0L)); }
@Test public void testQuerySingleCorrectPermission() throws Exception { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId("userId"); authorization.setResource(Resources.PROCESS_DEFINITION); authorization.addPermission(Permissions.READ); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); // assume Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.PROCESS_DEFINITION).singleResult(); assertNotNull(authResult); // then assertEquals(1, authorizationService.createAuthorizationQuery().hasPermission(Permissions.READ).count()); }
@Test public void testQuerySingleIncorrectPermission() throws Exception { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId("userId"); authorization.setResource(Resources.BATCH); authorization.addPermission(BatchPermissions.CREATE_BATCH_DELETE_RUNNING_PROCESS_INSTANCES); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); // assume Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.BATCH).singleResult(); assertNotNull(authResult); // then assertEquals(0, authorizationService.createAuthorizationQuery().hasPermission(Permissions.CREATE_INSTANCE).count()); }
public void testSaveAuthorizationSetPermissionsWithValidResource() throws Exception { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId("userId"); authorization.addPermission(Permissions.ACCESS); // 'ACCESS' is not allowed for Batches // however, it will be reset by next line, so saveAuthorization will be successful authorization.setPermissions( new BatchPermissions[] { BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES }); authorization.setResource(Resources.BATCH); authorization.setResourceId(ANY); processEngineConfiguration.setAuthorizationEnabled(true); // when authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().resourceType(Resources.BATCH).singleResult(); assertNotNull(authorizationResult); assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES)); }
@Test public void testQueryCorrectAndIncorrectPersmission() throws Exception { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.setUserId("userId"); authorization.setResource(Resources.PROCESS_DEFINITION); authorization.addPermission(Permissions.READ); authorization.addPermission(ProcessDefinitionPermissions.RETRY_JOB); authorization.setResourceId(ANY); authorizationService.saveAuthorization(authorization); processEngineConfiguration.setAuthorizationEnabled(true); // assume Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.PROCESS_DEFINITION).singleResult(); assertNotNull(authResult); // then assertEquals(0, authorizationService.createAuthorizationQuery() .hasPermission(Permissions.READ) .hasPermission(Permissions.ACCESS) .count()); }
Authorization authResult = authorizationService.createAuthorizationQuery().userIdIn("userId").resourceType(Resources.APPLICATION).singleResult(); assertNotNull(authResult);