Package org.camunda.bpm.engine.authorization

Examples of org.camunda.bpm.engine.authorization.Authorization

592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
  public void testUserOverrideGlobalGrantAuthorizationCheck() {
    TestResource resource1 = new TestResource("resource1",100);

    // create global authorization which grants all permissions to all users  (on resource1):
    Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    globalGrant.setResource(resource1);
    globalGrant.setResourceId(ANY);
    globalGrant.addPermission(ALL);
    authorizationService.saveAuthorization(globalGrant);

    // revoke READ for jonny
    Authorization localRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
    localRevoke.setUserId("jonny");
    localRevoke.setResource(resource1);
    localRevoke.setResourceId(ANY);
    localRevoke.removePermission(READ);
    authorizationService.saveAuthorization(localRevoke);

    List<String> jonnysGroups = Arrays.asList(new String[]{"sales", "marketing"});
    List<String> someOneElsesGroups = Arrays.asList(new String[]{"marketing"});
View Full Code Here
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
  public void testGroupOverrideGlobalGrantAuthorizationCheck() {
    TestResource resource1 = new TestResource("resource1",100);

    // create global authorization which grants all permissions to all users  (on resource1):
    Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    globalGrant.setResource(resource1);
    globalGrant.setResourceId(ANY);
    globalGrant.addPermission(ALL);
    authorizationService.saveAuthorization(globalGrant);

    // revoke READ for group "sales"
    Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
    groupRevoke.setGroupId("sales");
    groupRevoke.setResource(resource1);
    groupRevoke.setResourceId(ANY);
    groupRevoke.removePermission(READ);
    authorizationService.saveAuthorization(groupRevoke);

    List<String> jonnysGroups = Arrays.asList(new String[]{"sales", "marketing"});
    List<String> someOneElsesGroups = Arrays.asList(new String[]{"marketing"});
View Full Code Here
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
  public void testUserOverrideGroupOverrideGlobalAuthorizationCheck() {
    TestResource resource1 = new TestResource("resource1",100);

    // create global authorization which grants all permissions to all users  (on resource1):
    Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    globalGrant.setResource(resource1);
    globalGrant.setResourceId(ANY);
    globalGrant.addPermission(ALL);
    authorizationService.saveAuthorization(globalGrant);

    // revoke READ for group "sales"
    Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
    groupRevoke.setGroupId("sales");
    groupRevoke.setResource(resource1);
    groupRevoke.setResourceId(ANY);
    groupRevoke.removePermission(READ);
    authorizationService.saveAuthorization(groupRevoke);

    // add READ for jonny
    Authorization userGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    userGrant.setUserId("jonny");
    userGrant.setResource(resource1);
    userGrant.setResourceId(ANY);
    userGrant.addPermission(READ);
    authorizationService.saveAuthorization(userGrant);

    List<String> jonnysGroups = Arrays.asList(new String[]{"sales", "marketing"});
    List<String> someOneElsesGroups = Arrays.asList(new String[]{"marketing"});
View Full Code Here
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
  protected void setUp() throws Exception {
    // we are jonny
    identityService.setAuthenticatedUserId("jonny");
    // make sure we can do stuff:
    Authorization jonnyIsGod = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    jonnyIsGod.setUserId("jonny");
    jonnyIsGod.setResource(USER);
    jonnyIsGod.setResourceId(ANY);
    jonnyIsGod.addPermission(ALL);
    authorizationService.saveAuthorization(jonnyIsGod);       
   
    jonnyIsGod = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    jonnyIsGod.setUserId("jonny");
    jonnyIsGod.setResource(GROUP);
    jonnyIsGod.setResourceId(ANY);
    jonnyIsGod.addPermission(ALL);
    authorizationService.saveAuthorization(jonnyIsGod);
   
    jonnyIsGod = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    jonnyIsGod.setUserId("jonny");
    jonnyIsGod.setResource(AUTHORIZATION);
    jonnyIsGod.setResourceId(ANY);
    jonnyIsGod.addPermission(ALL);
    authorizationService.saveAuthorization(jonnyIsGod);
       
    // enable authorizations
    processEngineConfiguration.setAuthorizationEnabled(true);   
    super.setUp();
View Full Code Here
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
   
    // create new user
    identityService.saveUser(identityService.newUser("jonny2"));
   
    // now there is an authorization for jonny2 which grants him ALL permissions on himself
    Authorization authorization = authorizationService.createAuthorizationQuery().userIdIn("jonny2").singleResult();
    assertNotNull(authorization);
    assertEquals(AUTH_TYPE_GRANT, authorization.getAuthorizationType());
    assertEquals(USER.resourceType(), authorization.getResourceType());
    assertEquals("jonny2", authorization.getResourceId());
    assertTrue(authorization.isPermissionGranted(ALL));
   
    // delete the user
    identityService.deleteUser("jonny2");
   
    // the authorization is deleted as well:
View Full Code Here
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
   
    // create new group
    identityService.saveGroup(identityService.newGroup("sales"));
   
    // now there is an authorization for sales which grants all members READ permissions
    Authorization authorization = authorizationService.createAuthorizationQuery().groupIdIn("sales").singleResult();
    assertNotNull(authorization);
    assertEquals(AUTH_TYPE_GRANT, authorization.getAuthorizationType());
    assertEquals(GROUP.resourceType(), authorization.getResourceType());
    assertEquals("sales", authorization.getResourceId());
    assertTrue(authorization.isPermissionGranted(READ));
   
    // delete the group
    identityService.deleteGroup("sales");
   
    // the authorization is deleted as well:
View Full Code Here
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
  protected void setUp() throws Exception {
    // we are jonny
    identityService.setAuthenticatedUserId("jonny");
    // make sure we can do stuff:
    Authorization jonnyIsGod = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    jonnyIsGod.setUserId("jonny");
    jonnyIsGod.setResource(USER);
    jonnyIsGod.setResourceId(ANY);
    jonnyIsGod.addPermission(ALL);
    authorizationService.saveAuthorization(jonnyIsGod);       
   
    jonnyIsGod = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    jonnyIsGod.setUserId("jonny");
    jonnyIsGod.setResource(GROUP);
    jonnyIsGod.setResourceId(ANY);
    jonnyIsGod.addPermission(ALL);
    authorizationService.saveAuthorization(jonnyIsGod);
   
    jonnyIsGod = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    jonnyIsGod.setUserId("jonny");
    jonnyIsGod.setResource(AUTHORIZATION);
    jonnyIsGod.setResourceId(ANY);
    jonnyIsGod.addPermission(ALL);
    authorizationService.saveAuthorization(jonnyIsGod);
       
    // enable authorizations
    processEngineConfiguration.setAuthorizationEnabled(true);   
    super.setUp();
View Full Code Here
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
   
    // create new user
    identityService.saveUser(identityService.newUser("jonny2"));
   
    // now there is an authorization for jonny2 which grants him ALL permissions on himself
    Authorization authorization = authorizationService.createAuthorizationQuery().userIdIn("jonny2").singleResult();
    assertNotNull(authorization);
    assertEquals(AUTH_TYPE_GRANT, authorization.getAuthorizationType());
    assertEquals(USER.resourceType(), authorization.getResourceType());
    assertEquals("jonny2", authorization.getResourceId());
    assertTrue(authorization.isPermissionGranted(ALL));
   
    // delete the user
    identityService.deleteUser("jonny2");
   
    // the authorization is deleted as well:
View Full Code Here
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
   
    // create new group
    identityService.saveGroup(identityService.newGroup("sales"));
   
    // now there is an authorization for sales which grants all members READ permissions
    Authorization authorization = authorizationService.createAuthorizationQuery().groupIdIn("sales").singleResult();
    assertNotNull(authorization);
    assertEquals(AUTH_TYPE_GRANT, authorization.getAuthorizationType());
    assertEquals(GROUP.resourceType(), authorization.getResourceType());
    assertEquals("sales", authorization.getResourceId());
    assertTrue(authorization.isPermissionGranted(READ));
   
    // delete the group
    identityService.deleteGroup("sales");
   
    // the authorization is deleted as well:
View Full Code Here
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
    // create new group
    Group group1 = identityService.newGroup("group1");
    identityService.saveGroup(group1);

    // set base permission for all users (no-one has any permissions on groups)
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(GROUP);
    basePerms.setResourceId(ANY);
    authorizationService.saveAuthorization(basePerms);

    // now enable checks
    processEngineConfiguration.setAuthorizationEnabled(true);

    // we cannot fetch the group
    assertNull(identityService.createGroupQuery().singleResult());
    assertEquals(0, identityService.createGroupQuery().count());

    // now we add permission for jonny2 to read the group:
    processEngineConfiguration.setAuthorizationEnabled(false);
    Authorization ourPerms = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    ourPerms.setUserId(authUserId);
    ourPerms.setResource(GROUP);
    ourPerms.setResourceId(ANY);
    ourPerms.addPermission(READ);
    authorizationService.saveAuthorization(ourPerms);
    processEngineConfiguration.setAuthorizationEnabled(true);

    // now we can fetch the group
    assertNotNull(identityService.createGroupQuery().singleResult());
    assertEquals(1, identityService.createGroupQuery().count());

    // change the base permission:
    processEngineConfiguration.setAuthorizationEnabled(false);
    basePerms = authorizationService.createAuthorizationQuery().resourceType(GROUP).userIdIn("*").singleResult();
    basePerms.addPermission(READ);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);

    // we can still fetch the group
    assertNotNull(identityService.createGroupQuery().singleResult());
    assertEquals(1, identityService.createGroupQuery().count());

    // revoke permission for jonny2:
    processEngineConfiguration.setAuthorizationEnabled(false);
    ourPerms = authorizationService.createAuthorizationQuery().resourceType(GROUP).userIdIn(authUserId).singleResult();
    ourPerms.removePermission(READ);
    authorizationService.saveAuthorization(ourPerms);

    Authorization revoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
    revoke.setUserId(authUserId);
    revoke.setResource(GROUP);
    revoke.setResourceId(ANY);
    revoke.removePermission(READ);
    authorizationService.saveAuthorization(revoke);
    processEngineConfiguration.setAuthorizationEnabled(true);

    // now we cannot fetch the group
    assertNull(identityService.createGroupQuery().singleResult());
    assertEquals(0, identityService.createGroupQuery().count());

    // delete our perms
    processEngineConfiguration.setAuthorizationEnabled(false);
    authorizationService.deleteAuthorization(ourPerms.getId());
    authorizationService.deleteAuthorization(revoke.getId());
    processEngineConfiguration.setAuthorizationEnabled(true);

    // now the base permission applies and grants us read access
    assertNotNull(identityService.createGroupQuery().singleResult());
    assertEquals(1, identityService.createGroupQuery().count());
View Full Code Here
TOP

Related Classes of org.camunda.bpm.engine.authorization.Authorization

  • org.camunda.bpm.engine.rest.AbstractAuthorizationRestServiceInteractionTest
  • org.camunda.bpm.engine.rest.AbstractAuthorizationRestServiceQueryTest
  • org.camunda.bpm.engine.rest.helper.MockProvider
  • org.camunda.bpm.engine.rest.impl.AuthorizationRestServiceImpl
  • org.camunda.bpm.engine.rest.sub.authorization.impl.AuthorizationResourceImpl
  • org.camunda.bpm.engine.test.api.filter.FilterAuthorizationsTest
  • org.camunda.bpm.engine.test.api.identity.AuthorizationQueryTest
  • org.camunda.bpm.engine.test.api.identity.AuthorizationServiceAuthorizationsTest
  • org.camunda.bpm.engine.test.api.identity.AuthorizationServiceTest
  • org.camunda.bpm.engine.test.api.identity.DefaultAuthorizationProviderTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.