Package org.camunda.bpm.engine.authorization

Examples of org.camunda.bpm.engine.authorization.Authorization


  protected User createTestUser(String userId) {
    User user = identityService.newUser(userId);
    identityService.saveUser(user);

    // give user all permission to manipulate authorisations
    Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
    authorization.setUserId(user.getId());
    authorization.setResource(Resources.AUTHORIZATION);
    authorization.setResourceId(Authorization.ANY);
    authorization.addPermission(Permissions.ALL);
    authorizationService.saveAuthorization(authorization);

    // give user all permission to manipulate users
    authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
    authorization.setUserId(user.getId());
    authorization.setResource(Resources.USER);
    authorization.setResourceId(Authorization.ANY);
    authorization.addPermission(Permissions.ALL);
    authorizationService.saveAuthorization(authorization);

    return user;
  }
View Full Code Here


    Filter filter = filterService.newTaskFilter("testFilter");
    return filterService.saveFilter(filter);
  }

  protected Authorization createAuthorization(Permission permission, String resourceId) {
    Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
    authorization.setUserId(testUser.getId());
    authorization.setResource(Resources.FILTER);
    authorization.addPermission(permission);
    if (resourceId != null) {
      authorization.setResourceId(resourceId);
    }
    return authorization;
  }
View Full Code Here

    authorizationService = processEngine.getAuthorizationService();
  }

  public AuthorizationDto getAuthorization(UriInfo context) {

    Authorization dbAuthorization = getDbAuthorization();

    return AuthorizationDto.fromAuthorization(dbAuthorization);

  }
View Full Code Here

    return AuthorizationDto.fromAuthorization(dbAuthorization);

  }

  public void deleteAuthorization() {
    Authorization dbAuthorization = getDbAuthorization();
    authorizationService.deleteAuthorization(dbAuthorization.getId());
  }
View Full Code Here

    authorizationService.deleteAuthorization(dbAuthorization.getId());
  }

  public void updateAuthorization(AuthorizationDto dto) {
    // get db auth
    Authorization dbAuthorization = getDbAuthorization();
    // copy values from dto
    AuthorizationDto.update(dto, dbAuthorization);
    // save
    authorizationService.saveAuthorization(dbAuthorization);
  }
View Full Code Here

  }

  // utils //////////////////////////////////////////////////

  protected Authorization getDbAuthorization() {
    Authorization dbAuthorization = authorizationService.createAuthorizationQuery()
      .authorizationId(resourceId)
      .singleResult();

    if (dbAuthorization == null) {
      throw new InvalidRequestException(Status.NOT_FOUND, "Authorization with id " + resourceId + " does not exist.");
View Full Code Here

      identityService.createMembership("peter", "management");


      // authorize groups for tasklist only:

      Authorization salesTasklistAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      salesTasklistAuth.setGroupId("sales");
      salesTasklistAuth.addPermission(ACCESS);
      salesTasklistAuth.setResourceId("tasklist");
      salesTasklistAuth.setResource(APPLICATION);
      authorizationService.saveAuthorization(salesTasklistAuth);

      Authorization accountingTasklistAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      accountingTasklistAuth.setGroupId("accounting");
      accountingTasklistAuth.addPermission(ACCESS);
      accountingTasklistAuth.setResourceId("tasklist");
      accountingTasklistAuth.setResource(APPLICATION);
      authorizationService.saveAuthorization(accountingTasklistAuth);

      Authorization managementTasklistAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      managementTasklistAuth.setGroupId("management");
      managementTasklistAuth.addPermission(ACCESS);
      managementTasklistAuth.setResourceId("tasklist");
      managementTasklistAuth.setResource(APPLICATION);
      authorizationService.saveAuthorization(managementTasklistAuth);

      Authorization salesDemoAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      salesDemoAuth.setGroupId("sales");
      salesDemoAuth.setResource(USER);
      salesDemoAuth.setResourceId("demo");
      salesDemoAuth.addPermission(READ);
      authorizationService.saveAuthorization(salesDemoAuth);

      Authorization salesJohnAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      salesJohnAuth.setGroupId("sales");
      salesJohnAuth.setResource(USER);
      salesJohnAuth.setResourceId("john");
      salesJohnAuth.addPermission(READ);
      authorizationService.saveAuthorization(salesJohnAuth);

      Authorization manDemoAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      manDemoAuth.setGroupId("management");
      manDemoAuth.setResource(USER);
      manDemoAuth.setResourceId("demo");
      manDemoAuth.addPermission(READ);
      authorizationService.saveAuthorization(manDemoAuth);

      Authorization manPeterAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      manPeterAuth.setGroupId("management");
      manPeterAuth.setResource(USER);
      manPeterAuth.setResourceId("peter");
      manPeterAuth.addPermission(READ);
      authorizationService.saveAuthorization(manPeterAuth);

      Authorization accDemoAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      accDemoAuth.setGroupId("accounting");
      accDemoAuth.setResource(USER);
      accDemoAuth.setResourceId("demo");
      accDemoAuth.addPermission(READ);
      authorizationService.saveAuthorization(accDemoAuth);

      Authorization accMaryAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      accMaryAuth.setGroupId("accounting");
      accMaryAuth.setResource(USER);
      accMaryAuth.setResourceId("mary");
      accMaryAuth.addPermission(READ);
      authorizationService.saveAuthorization(accMaryAuth);

      // create default filters

      FilterService filterService = engine.getFilterService();

      Map<String, Object> filterProperties = new HashMap<String, Object>();
      filterProperties.put("description", "Tasks assigned to me");
      filterProperties.put("priority", -10);
      addVariables(filterProperties);
      TaskService taskService = engine.getTaskService();
      TaskQuery query = taskService.createTaskQuery().taskAssigneeExpression("${currentUser()}");
      Filter myTasksFilter = filterService.newTaskFilter().setName("My Tasks").setProperties(filterProperties).setOwner("demo").setQuery(query);
      filterService.saveFilter(myTasksFilter);

      filterProperties.clear();
      filterProperties.put("description", "Tasks assigned to my Groups");
      filterProperties.put("priority", -5);
      addVariables(filterProperties);
      query = taskService.createTaskQuery().taskCandidateGroupInExpression("${currentUserGroups()}").taskUnassigned();
      Filter groupTasksFilter = filterService.newTaskFilter().setName("My Group Tasks").setProperties(filterProperties).setOwner("demo").setQuery(query);
      filterService.saveFilter(groupTasksFilter);

      // global read authorizations for these filters

      Authorization globalMyTaskFilterRead = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
      globalMyTaskFilterRead.setResource(FILTER);
      globalMyTaskFilterRead.setResourceId(myTasksFilter.getId());
      globalMyTaskFilterRead.addPermission(READ);
      authorizationService.saveAuthorization(globalMyTaskFilterRead);

      Authorization globalGroupFilterRead = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
      globalGroupFilterRead.setResource(FILTER);
      globalGroupFilterRead.setResourceId(groupTasksFilter.getId());
      globalGroupFilterRead.addPermission(READ);
      authorizationService.saveAuthorization(globalGroupFilterRead);

      // management filter

      filterProperties.clear();
      filterProperties.put("description", "Tasks for Group Accounting");
      filterProperties.put("priority", -5);
      addVariables(filterProperties);
      query = taskService.createTaskQuery().taskCandidateGroupIn(Arrays.asList("accounting")).taskUnassigned();
      Filter candidateGroupTasksFilter = filterService.newTaskFilter().setName("Accounting").setProperties(filterProperties).setOwner("demo").setQuery(query);
      filterService.saveFilter(candidateGroupTasksFilter);

      Authorization managementGroupFilterRead = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
      managementGroupFilterRead.setResource(FILTER);
      managementGroupFilterRead.setResourceId(candidateGroupTasksFilter.getId());
      managementGroupFilterRead.addPermission(READ);
      managementGroupFilterRead.setGroupId("accounting");
      authorizationService.saveAuthorization(managementGroupFilterRead);

      // john's tasks

      filterProperties.clear();
View Full Code Here

    cleanupAfterTest();
    super.tearDown();
  }

  public void testGlobalAuthorizationType() {
    Authorization globalAuthorization = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    // I can set userId = null
    globalAuthorization.setUserId(null);
    // I can set userId = ANY
    globalAuthorization.setUserId(ANY);

    try {
      // I cannot set anything else:
      globalAuthorization.setUserId("something");
      fail("exception expected");

    } catch (Exception e) {
      assertTextPresent("Illegal value something for userId for GLOBAL authorization. must be '*'", e.getMessage());

    }

    // I can set groupId = null
    globalAuthorization.setGroupId(null);

    try {
      // I cannot set anything else:
      globalAuthorization.setGroupId("something");
      fail("exception expected");

    } catch (Exception e) {
      assertTextPresent("Cannot use groupId for GLOBAL authorization", e.getMessage());
    }
View Full Code Here

      assertTextPresent("Cannot use groupId for GLOBAL authorization", e.getMessage());
    }
  }

  public void testGrantAuthorizationType() {
    Authorization grantAuthorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    // I can set userId = null
    grantAuthorization.setUserId(null);
    // I can set userId = ANY
    grantAuthorization.setUserId(ANY);
    // I can set anything else:
    grantAuthorization.setUserId("something");
    // I can set groupId = null
    grantAuthorization.setGroupId(null);
    // I can set anything else:
    grantAuthorization.setGroupId("something");
  }
View Full Code Here

    // I can set anything else:
    grantAuthorization.setGroupId("something");
  }

  public void testRevokeAuthorizationType() {
    Authorization revokeAuthorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
    // I can set userId = null
    revokeAuthorization.setUserId(null);
    // I can set userId = ANY
    revokeAuthorization.setUserId(ANY);
    // I can set anything else:
    revokeAuthorization.setUserId("something");
    // I can set groupId = null
    revokeAuthorization.setGroupId(null);
    // I can set anything else:
    revokeAuthorization.setGroupId("something");
  }
View Full Code Here

TOP

Related Classes of org.camunda.bpm.engine.authorization.Authorization

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.