@Test public void shouldCheckDbForCfgValue_auto() { final ListQueryParameterObject query = new ListQueryParameterObject(); final AuthorizationCheck authCheck = query.getAuthCheck(); final HashMap<String, Object> expectedQueryParams = new HashMap<String, Object>(); expectedQueryParams.put("userId", AUTHENTICATED_USER_ID); expectedQueryParams.put("authGroupIds", AUTHENTICATED_GROUPS); // given when(mockedConfiguration.getAuthorizationCheckRevokes()).thenReturn(ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_AUTO); when(mockedEntityManager.selectBoolean(eq("selectRevokeAuthorization"), eq(expectedQueryParams))).thenReturn(true); // if authorizationManager.configureQuery(query); // then assertEquals(true, authCheck.isRevokeAuthorizationCheckEnabled()); verify(mockedEntityManager, times(1)).selectBoolean(eq("selectRevokeAuthorization"), eq(expectedQueryParams)); }
@Test public void shouldUseCfgValue_never() { final ListQueryParameterObject query = new ListQueryParameterObject(); final AuthorizationCheck authCheck = query.getAuthCheck(); // given when(mockedConfiguration.getAuthorizationCheckRevokes()).thenReturn(ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_NEVER); // if authorizationManager.configureQuery(query); // then assertEquals(false, authCheck.isRevokeAuthorizationCheckEnabled()); verify(mockedEntityManager, never()).selectBoolean(eq("selectRevokeAuthorization"), any()); verifyNoMoreInteractions(mockedEntityManager); }
@Test public void shouldCheckDbForCfgValueWithNoRevokes_auto() { final ListQueryParameterObject query = new ListQueryParameterObject(); final AuthorizationCheck authCheck = query.getAuthCheck(); final HashMap<String, Object> expectedQueryParams = new HashMap<String, Object>(); expectedQueryParams.put("userId", AUTHENTICATED_USER_ID); expectedQueryParams.put("authGroupIds", AUTHENTICATED_GROUPS); // given when(mockedConfiguration.getAuthorizationCheckRevokes()).thenReturn(ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_AUTO); when(mockedEntityManager.selectBoolean(eq("selectRevokeAuthorization"), eq(expectedQueryParams))).thenReturn(false); // if authorizationManager.configureQuery(query); // then assertEquals(false, authCheck.isRevokeAuthorizationCheckEnabled()); verify(mockedEntityManager, times(1)).selectBoolean(eq("selectRevokeAuthorization"), eq(expectedQueryParams)); }
@Test public void shouldCheckDbForCfgCaseInsensitive() { final ListQueryParameterObject query = new ListQueryParameterObject(); final AuthorizationCheck authCheck = query.getAuthCheck(); final HashMap<String, Object> expectedQueryParams = new HashMap<String, Object>(); expectedQueryParams.put("userId", AUTHENTICATED_USER_ID); expectedQueryParams.put("authGroupIds", AUTHENTICATED_GROUPS); // given when(mockedConfiguration.getAuthorizationCheckRevokes()).thenReturn("AuTo"); when(mockedEntityManager.selectBoolean(eq("selectRevokeAuthorization"), eq(expectedQueryParams))).thenReturn(true); // if authorizationManager.configureQuery(query); // then assertEquals(true, authCheck.isRevokeAuthorizationCheckEnabled()); verify(mockedEntityManager, times(1)).selectBoolean(eq("selectRevokeAuthorization"), eq(expectedQueryParams)); }
@Test public void shouldCacheCheck() { final ListQueryParameterObject query = new ListQueryParameterObject(); final AuthorizationCheck authCheck = query.getAuthCheck(); final HashMap<String, Object> expectedQueryParams = new HashMap<String, Object>(); expectedQueryParams.put("userId", AUTHENTICATED_USER_ID); expectedQueryParams.put("authGroupIds", AUTHENTICATED_GROUPS); // given when(mockedConfiguration.getAuthorizationCheckRevokes()).thenReturn(ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_AUTO); when(mockedEntityManager.selectBoolean(eq("selectRevokeAuthorization"), eq(expectedQueryParams))).thenReturn(true); // if authorizationManager.configureQuery(query); authorizationManager.configureQuery(query); // then assertEquals(true, authCheck.isRevokeAuthorizationCheckEnabled()); verify(mockedEntityManager, times(1)).selectBoolean(eq("selectRevokeAuthorization"), eq(expectedQueryParams)); }
public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource) { configureQuery(query); CompositePermissionCheck compositePermissionCheck = new PermissionCheckBuilder() .conjunctive() .atomicCheck(resource, "RES.KEY_", READ) .atomicCheck(resource, "RES.KEY_", READ_HISTORY) .build(); query.getAuthCheck().setPermissionChecks(compositePermissionCheck); }
@Test public void shouldUseCfgValue_always() { final ListQueryParameterObject query = new ListQueryParameterObject(); final AuthorizationCheck authCheck = query.getAuthCheck(); // given when(mockedConfiguration.getAuthorizationCheckRevokes()).thenReturn(ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_ALWAYS); // if authorizationManager.configureQuery(query); // then assertEquals(true, authCheck.isRevokeAuthorizationCheckEnabled()); verifyNoMoreInteractions(mockedEntityManager); }
public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource) { configureQuery(query); CompositePermissionCheck compositePermissionCheck = new PermissionCheckBuilder() .conjunctive() .atomicCheck(resource, "RES.KEY_", READ) .atomicCheck(resource, "RES.KEY_", READ_HISTORY) .build(); query.getAuthCheck().setPermissionChecks(compositePermissionCheck); }
protected void addPermissionCheck(ListQueryParameterObject query, Resource resource, String queryParam, Permission permission) { CommandContext commandContext = getCommandContext(); if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setResource(resource); permCheck.setResourceIdQueryParam(queryParam); permCheck.setPermission(permission); query.getAuthCheck().addAtomicPermissionCheck(permCheck); } }
protected void addPermissionCheck(ListQueryParameterObject query, Resource resource, String queryParam, Permission permission) { CommandContext commandContext = getCommandContext(); if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setResource(resource); permCheck.setResourceIdQueryParam(queryParam); permCheck.setPermission(permission); query.getAuthCheck().addAtomicPermissionCheck(permCheck); } }
public void configureQuery(ListQueryParameterObject query) { AuthorizationCheck authCheck = query.getAuthCheck(); authCheck.getPermissionChecks().clear(); if(isAuthCheckExecuted()) { Authentication currentAuthentication = getCurrentAuthentication(); authCheck.setAuthUserId(currentAuthentication.getUserId()); authCheck.setAuthGroupIds(currentAuthentication.getGroupIds()); enableQueryAuthCheck(authCheck); } else { authCheck.setAuthorizationCheckEnabled(false); authCheck.setAuthUserId(null); authCheck.setAuthGroupIds(null); } }
public void configureQuery(ListQueryParameterObject query) { AuthorizationCheck authCheck = query.getAuthCheck(); authCheck.getPermissionChecks().clear(); if(isAuthCheckExecuted()) { Authentication currentAuthentication = getCurrentAuthentication(); authCheck.setAuthUserId(currentAuthentication.getUserId()); authCheck.setAuthGroupIds(currentAuthentication.getGroupIds()); enableQueryAuthCheck(authCheck); } else { authCheck.setAuthorizationCheckEnabled(false); authCheck.setAuthUserId(null); authCheck.setAuthGroupIds(null); } }
public void configureExternalTaskFetch(ListQueryParameterObject parameter) { configureQuery(parameter); CompositePermissionCheck permissionCheck = newPermissionCheckBuilder() .conjunctive() .composite() .disjunctive() .atomicCheck(PROCESS_INSTANCE, "RES.PROC_INST_ID_", READ) .atomicCheck(PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", READ_INSTANCE) .done() .composite() .disjunctive() .atomicCheck(PROCESS_INSTANCE, "RES.PROC_INST_ID_", UPDATE) .atomicCheck(PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", UPDATE_INSTANCE) .done() .build(); addPermissionCheck(parameter.getAuthCheck(), permissionCheck); }
public void configureExternalTaskFetch(ListQueryParameterObject parameter) { configureQuery(parameter); CompositePermissionCheck permissionCheck = newPermissionCheckBuilder() .conjunctive() .composite() .disjunctive() .atomicCheck(PROCESS_INSTANCE, "RES.PROC_INST_ID_", READ) .atomicCheck(PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", READ_INSTANCE) .done() .composite() .disjunctive() .atomicCheck(PROCESS_INSTANCE, "RES.PROC_INST_ID_", UPDATE) .atomicCheck(PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", UPDATE_INSTANCE) .done() .build(); addPermissionCheck(parameter.getAuthCheck(), permissionCheck); }
@Test public void shouldCheckDbForCfgValue_auto() { final ListQueryParameterObject query = new ListQueryParameterObject(); final AuthorizationCheck authCheck = query.getAuthCheck(); final HashMap<String, Object> expectedQueryParams = new HashMap<String, Object>(); expectedQueryParams.put("userId", AUTHENTICATED_USER_ID); expectedQueryParams.put("authGroupIds", AUTHENTICATED_GROUPS); // given when(mockedConfiguration.getAuthorizationCheckRevokes()).thenReturn(ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_AUTO); when(mockedEntityManager.selectBoolean(eq("selectRevokeAuthorization"), eq(expectedQueryParams))).thenReturn(true); // if authorizationManager.configureQuery(query); // then assertEquals(true, authCheck.isRevokeAuthorizationCheckEnabled()); verify(mockedEntityManager, times(1)).selectBoolean(eq("selectRevokeAuthorization"), eq(expectedQueryParams)); }
@Test public void shouldUseCfgValue_never() { final ListQueryParameterObject query = new ListQueryParameterObject(); final AuthorizationCheck authCheck = query.getAuthCheck(); // given when(mockedConfiguration.getAuthorizationCheckRevokes()).thenReturn(ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_NEVER); // if authorizationManager.configureQuery(query); // then assertEquals(false, authCheck.isRevokeAuthorizationCheckEnabled()); verify(mockedEntityManager, never()).selectBoolean(eq("selectRevokeAuthorization"), any()); verifyNoMoreInteractions(mockedEntityManager); }
@Test public void shouldUseCfgValue_always() { final ListQueryParameterObject query = new ListQueryParameterObject(); final AuthorizationCheck authCheck = query.getAuthCheck(); // given when(mockedConfiguration.getAuthorizationCheckRevokes()).thenReturn(ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_ALWAYS); // if authorizationManager.configureQuery(query); // then assertEquals(true, authCheck.isRevokeAuthorizationCheckEnabled()); verifyNoMoreInteractions(mockedEntityManager); }
public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource) { configureQuery(query); CompositePermissionCheck compositePermissionCheck = new PermissionCheckBuilder() .conjunctive() .atomicCheck(resource, "RES.KEY_", READ) .atomicCheck(resource, "RES.KEY_", READ_HISTORY) .build(); query.getAuthCheck().setPermissionChecks(compositePermissionCheck); }
protected void addPermissionCheck(ListQueryParameterObject query, Resource resource, String queryParam, Permission permission) { CommandContext commandContext = getCommandContext(); if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setResource(resource); permCheck.setResourceIdQueryParam(queryParam); permCheck.setPermission(permission); query.getAuthCheck().addAtomicPermissionCheck(permCheck); } }
public void configureQuery(ListQueryParameterObject query) { AuthorizationCheck authCheck = query.getAuthCheck(); authCheck.getPermissionChecks().clear(); if(isAuthCheckExecuted()) { Authentication currentAuthentication = getCurrentAuthentication(); authCheck.setAuthUserId(currentAuthentication.getUserId()); authCheck.setAuthGroupIds(currentAuthentication.getGroupIds()); enableQueryAuthCheck(authCheck); } else { authCheck.setAuthorizationCheckEnabled(false); authCheck.setAuthUserId(null); authCheck.setAuthGroupIds(null); } }