Ejemplo n.º 1
0
        public virtual void testHistoricTaskInstanceReportWithoutAuthorization()
        {
            // given
            startProcessInstanceByKey(PROCESS_KEY);
            string taskId = selectSingleTask().Id;

            disableAuthorization();
            taskService.complete(taskId);
            enableAuthorization();

            try
            {
                // when
                historyService.createHistoricTaskInstanceReport().duration(PeriodUnit.MONTH);
                fail("Exception expected: It should not be possible to create a historic task instance report");
            }
            catch (AuthorizationException e)
            {
                // then
                IList <MissingAuthorization> missingAuthorizations = e.MissingAuthorizations;
                assertEquals(1, missingAuthorizations.Count);

                MissingAuthorization missingAuthorization = missingAuthorizations[0];
                assertEquals(READ_HISTORY.ToString(), missingAuthorization.ViolatedPermissionName);
                assertEquals(PROCESS_DEFINITION.resourceName(), missingAuthorization.ResourceType);
                assertEquals(ANY, missingAuthorization.ResourceId);
            }
        }
        // create historic process instance report

        public virtual void testHistoricProcessInstanceReportWithoutAuthorization()
        {
            // given
            StartProcessInstanceByKey(PROCESS_KEY);
            string taskId = selectSingleTask().Id;

            disableAuthorization();
            taskService.Complete(taskId);
            enableAuthorization();

            try
            {
                // when
                historyService.CreateHistoricProcessInstanceReport().Duration(PeriodUnit.Month);
                Assert.Fail("Exception expected: It should not be possible to create a historic process instance report");
            }
            catch (AuthorizationException e)
            {
                // then
                IList <MissingAuthorization> missingAuthorizations = e.MissingAuthorizations;
                Assert.AreEqual(1, missingAuthorizations.Count);

                MissingAuthorization missingAuthorization = missingAuthorizations[0];
                Assert.AreEqual(Permissions.ReadHistory.ToString(), missingAuthorization.ViolatedPermissionName);
                Assert.AreEqual(Resources.ProcessDefinition.ToString() /*.ResourceName()*/, missingAuthorization.ResourceType);
                Assert.AreEqual(AuthorizationFields.Any, missingAuthorization.ResourceId);
            }
        }
        public virtual void testDeleteAuthorization()
        {
            // create global auth
            IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);

            basePerms.Resource   = Resources.Authorization;
            basePerms.ResourceId = AuthorizationFields.Any;
            basePerms.AddPermission(Permissions.All);
            basePerms.RemovePermission(Permissions.Delete);     // revoke Delete
            authorizationService.SaveAuthorization(basePerms);

            // turn on authorization
            processEngineConfiguration.SetAuthorizationEnabled(true);
            identityService.AuthenticatedUserId = jonny2;

            try
            {
                // try to Delete authorization
                authorizationService.DeleteAuthorization(basePerms.Id);
                Assert.Fail("exception expected");
            }
            catch (AuthorizationException e)
            {
                Assert.AreEqual(1, e.MissingAuthorizations.Count);
                MissingAuthorization info = e.MissingAuthorizations[0];
                Assert.AreEqual(jonny2, e.UserId);
                AuthorizationTestUtil.AssertExceptionInfo(Permissions.Delete.ToString(), Resources.Authorization.ToString() /*.ResourceName()*/, basePerms.Id, info);
            }
        }
Ejemplo n.º 4
0
        [Test]  public virtual void testTenanGroupMembershipDeleteAuthorizations()
        {
            IGroup group1 = identityService.NewGroup("group1");

            identityService.SaveGroup(group1);

            ITenant tenant1 = identityService.NewTenant("tenant1");

            identityService.SaveTenant(tenant1);

            // add base permission which allows nobody to Delete memberships
            IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);

            basePerms.Resource   = Resources.TenantMembership;
            basePerms.ResourceId = AuthorizationFields.Any;
            basePerms.AddPermission(Permissions.All);     // add all then remove 'Delete'
            basePerms.RemovePermission(Permissions.Delete);
            authorizationService.SaveAuthorization(basePerms);

            processEngineConfiguration.SetAuthorizationEnabled(true);
            identityService.AuthenticatedUserId = jonny2;

            try
            {
                identityService.DeleteTenantGroupMembership("tenant1", "group1");
                Assert.Fail("exception expected");
            }
            catch (AuthorizationException e)
            {
                Assert.AreEqual(1, e.MissingAuthorizations.Count);
                MissingAuthorization info = e.MissingAuthorizations[0];
                Assert.AreEqual(jonny2, e.UserId);
                AuthorizationTestUtil.AssertExceptionInfo(Permissions.Delete.ToString(), Resources.TenantMembership.ToString() /*.ResourceName()*/, "tenant1", info);
            }
        }
Ejemplo n.º 5
0
        public AuthorizationException(string userId, MissingAuthorization exceptionInfo) : base("The user with id '" + userId + "' does not have " + generateMissingAuthorizationMessage(exceptionInfo) + ".")
        {
            this.userId           = userId;
            missingAuthorizations = new List <MissingAuthorization>();
            missingAuthorizations.Add(exceptionInfo);

            this.resourceType   = exceptionInfo.ResourceType;
            this.permissionName = exceptionInfo.ViolatedPermissionName;
            this.resourceId     = exceptionInfo.ResourceId;
        }
Ejemplo n.º 6
0
        // transformer /////////////////////////////

        public static MissingAuthorizationDto fromInfo(MissingAuthorization info)
        {
            MissingAuthorizationDto dto = new MissingAuthorizationDto();

            dto.PermissionName = info.ViolatedPermissionName;
            dto.ResourceId     = info.ResourceId;
            dto.ResourceName   = info.ResourceType;

            return(dto);
        }
        public virtual void testCreateAuthorization()
        {
            // add base permission which allows nobody to create authorizations
            IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);

            basePerms.Resource   = Resources.Authorization;
            basePerms.ResourceId = AuthorizationFields.Any;
            basePerms.AddPermission(Permissions.All);     // add all then remove 'create'
            basePerms.RemovePermission(Permissions.Create);
            authorizationService.SaveAuthorization(basePerms);

            // now enable authorizations:
            processEngineConfiguration.SetAuthorizationEnabled(true);
            identityService.AuthenticatedUserId = jonny2;

            try
            {
                // we cannot create another authorization
                authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);
                Assert.Fail("exception expected");
            }
            catch (AuthorizationException e)
            {
                Assert.AreEqual(1, e.MissingAuthorizations.Count);
                MissingAuthorization info = e.MissingAuthorizations[0];
                Assert.AreEqual(jonny2, e.UserId);
                AuthorizationTestUtil.AssertExceptionInfo(Permissions.Create.ToString(), Resources.Authorization.ToString() /*.ResourceName()*/, null, info);
            }

            // circumvent auth check to get new transient object
            IAuthorization authorization = new AuthorizationEntity(AuthorizationFields.AuthTypeRevoke);

            authorization.UserId   = "someUserId";
            authorization.Resource = Resources.Application;

            try
            {
                authorizationService.SaveAuthorization(authorization);
                Assert.Fail("exception expected");
            }
            catch (AuthorizationException e)
            {
                Assert.AreEqual(1, e.MissingAuthorizations.Count);
                MissingAuthorization info = e.MissingAuthorizations[0];
                Assert.AreEqual(jonny2, e.UserId);
                AuthorizationTestUtil.AssertExceptionInfo(Permissions.Create.ToString(), Resources.Authorization.ToString() /*.ResourceName()*/, null, info);
            }
        }
Ejemplo n.º 8
0
        /// <summary>
        /// Generated exception message for the missing authorization.
        /// </summary>
        /// <param name="exceptionInfo"> to use </param>
        private static string generateMissingAuthorizationMessage(MissingAuthorization exceptionInfo)
        {
            StringBuilder builder        = new StringBuilder();
            string        permissionName = exceptionInfo.ViolatedPermissionName;
            string        resourceType   = exceptionInfo.ResourceType;
            string        resourceId     = exceptionInfo.ResourceId;

            builder.Append("'");
            builder.Append(permissionName);
            builder.Append("' permission on resource '");
            builder.Append((!string.ReferenceEquals(resourceId, null) ? (resourceId + "' of type '") : ""));
            builder.Append(resourceType);
            builder.Append("'");

            return(builder.ToString());
        }
Ejemplo n.º 9
0
        [Test]  public virtual void testTenantCreateAuthorizations()
        {
            // add base permission which allows nobody to create tenants:
            IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);

            basePerms.Resource   = Resources.Tenant;
            basePerms.ResourceId = AuthorizationFields.Any;
            basePerms.AddPermission(Permissions.All);     // add all then remove 'create'
            basePerms.RemovePermission(Permissions.Create);
            authorizationService.SaveAuthorization(basePerms);

            processEngineConfiguration.SetAuthorizationEnabled(true);
            identityService.AuthenticatedUserId = jonny2;

            try
            {
                identityService.NewTenant("tenant");

                Assert.Fail("exception expected");
            }
            catch (AuthorizationException e)
            {
                Assert.AreEqual(1, e.MissingAuthorizations.Count);
                MissingAuthorization info = e.MissingAuthorizations[0];
                Assert.AreEqual(jonny2, e.UserId);
                AuthorizationTestUtil.AssertExceptionInfo(Permissions.Create.ToString(), Resources.Tenant.ToString() /*.ResourceName()*/, null, info);
            }

            // circumvent auth check to get new transient userobject
            ITenant tenant = new TenantEntity("tenant");

            try
            {
                identityService.SaveTenant(tenant);
                Assert.Fail("exception expected");
            }
            catch (AuthorizationException e)
            {
                Assert.AreEqual(1, e.MissingAuthorizations.Count);
                MissingAuthorization info = e.MissingAuthorizations[0];
                Assert.AreEqual(jonny2, e.UserId);
                AuthorizationTestUtil.AssertExceptionInfo(Permissions.Create.ToString(), Resources.Tenant.ToString() /*.ResourceName()*/, null, info);
            }
        }
Ejemplo n.º 10
0
        [Test]  public virtual void testTenantUpdateAuthorizations()
        {
            // create tenant
            ITenant tenant = new TenantEntity("tenant");

            identityService.SaveTenant(tenant);

            // create global auth
            IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);

            basePerms.Resource   = Resources.Tenant;
            basePerms.ResourceId = AuthorizationFields.Any;
            basePerms.AddPermission(Permissions.All);
            basePerms.RemovePermission(Permissions.Update);     // revoke update
            authorizationService.SaveAuthorization(basePerms);

            // turn on authorization
            processEngineConfiguration.SetAuthorizationEnabled(true);
            identityService.AuthenticatedUserId = jonny2;

            // fetch user:
            tenant      = identityService.CreateTenantQuery().First();
            tenant.Name = "newName";

            try
            {
                identityService.SaveTenant(tenant);

                Assert.Fail("exception expected");
            }
            catch (AuthorizationException e)
            {
                Assert.AreEqual(1, e.MissingAuthorizations.Count);
                MissingAuthorization info = e.MissingAuthorizations[0];
                Assert.AreEqual(jonny2, e.UserId);
                AuthorizationTestUtil.AssertExceptionInfo(Permissions.Update.ToString(), Resources.Tenant.ToString() /*.ResourceName()*/, "tenant", info);
            }

            // but I can create a new tenant:
            ITenant newTenant = identityService.NewTenant("newTenant");

            identityService.SaveTenant(newTenant);
        }
        public virtual void testUserUpdateAuthorizations()
        {
            // create global auth
            IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);

            basePerms.Resource   = Resources.Authorization;
            basePerms.ResourceId = AuthorizationFields.Any;
            basePerms.AddPermission(Permissions.All);
            basePerms.RemovePermission(Permissions.Update);     // revoke update
            authorizationService.SaveAuthorization(basePerms);

            // turn on authorization
            processEngineConfiguration.SetAuthorizationEnabled(true);
            identityService.AuthenticatedUserId = jonny2;

            // fetch authhorization
            basePerms = authorizationService.CreateAuthorizationQuery().First();
            // make some change to the perms
            basePerms.AddPermission(Permissions.All);

            try
            {
                authorizationService.SaveAuthorization(basePerms);
                Assert.Fail("exception expected");
            }
            catch (AuthorizationException e)
            {
                Assert.AreEqual(1, e.MissingAuthorizations.Count);
                MissingAuthorization info = e.MissingAuthorizations[0];
                Assert.AreEqual(jonny2, e.UserId);
                AuthorizationTestUtil.AssertExceptionInfo(Permissions.Update.ToString(), Resources.Authorization.ToString() /*.ResourceName()*/, basePerms.Id, info);
            }

            // but we can create a new auth
            IAuthorization newAuth = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGrant);

            newAuth.UserId     = "jonny2";
            newAuth.Resource   = Resources.Authorization;
            newAuth.ResourceId = AuthorizationFields.Any;
            newAuth.AddPermission(Permissions.All);
            authorizationService.SaveAuthorization(newAuth);
        }
Ejemplo n.º 12
0
        [Test]  public virtual void testGroupUpdateAuthorizations()
        {
            // crate group while still in god-mode:
            IGroup group1 = identityService.NewGroup("group1");

            identityService.SaveGroup(group1);

            // create global auth
            IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);

            basePerms.Resource   = Resources.Group;
            basePerms.ResourceId = AuthorizationFields.Any;
            basePerms.AddPermission(Permissions.All);
            basePerms.RemovePermission(Permissions.Update);     // revoke update
            authorizationService.SaveAuthorization(basePerms);

            // turn on authorization
            processEngineConfiguration.SetAuthorizationEnabled(true);
            identityService.AuthenticatedUserId = jonny2;

            // fetch user:
            group1 = identityService.CreateGroupQuery().First();
            //group1.ToString() = "IGroup 1";

            try
            {
                identityService.SaveGroup(group1);
                Assert.Fail("exception expected");
            }
            catch (AuthorizationException e)
            {
                Assert.AreEqual(1, e.MissingAuthorizations.Count);
                MissingAuthorization info = e.MissingAuthorizations[0];
                Assert.AreEqual(jonny2, e.UserId);
                AuthorizationTestUtil.AssertExceptionInfo(Permissions.Update.ToString(), Resources.Group.ToString() /*.ResourceName()*/, "group1", info);
            }

            // but I can create a new group:
            IGroup group2 = identityService.NewGroup("group2");

            identityService.SaveGroup(group2);
        }
Ejemplo n.º 13
0
        [Test]  public virtual void testUserUpdateAuthorizations()
        {
            // crate user while still in god-mode:
            IUser jonny1 = identityService.NewUser("jonny1");

            identityService.SaveUser(jonny1);

            // create global auth
            IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);

            basePerms.Resource   = Resources.User;
            basePerms.ResourceId = AuthorizationFields.Any;
            basePerms.AddPermission(Permissions.All);
            basePerms.RemovePermission(Permissions.Update);     // revoke update
            authorizationService.SaveAuthorization(basePerms);

            // turn on authorization
            processEngineConfiguration.SetAuthorizationEnabled(true);
            identityService.AuthenticatedUserId = jonny2;

            // fetch user:
            jonny1           = identityService.CreateUserQuery().First();
            jonny1.FirstName = "Jonny";

            try
            {
                identityService.SaveUser(jonny1);
                Assert.Fail("exception expected");
            }
            catch (AuthorizationException e)
            {
                Assert.AreEqual(1, e.MissingAuthorizations.Count);
                MissingAuthorization info = e.MissingAuthorizations[0];
                Assert.AreEqual(jonny2, e.UserId);
                AuthorizationTestUtil.AssertExceptionInfo(Permissions.Update.ToString(), Resources.User.ToString() /*.ResourceName()*/, "jonny1", info);
            }

            // but I can create a new user:
            IUser jonny3 = identityService.NewUser("jonny3");

            identityService.SaveUser(jonny3);
        }
Ejemplo n.º 14
0
 /// <summary>
 /// Checks if the info has the expected parameters.
 /// </summary>
 /// <param name="expectedPermissionName"> to use </param>
 /// <param name="expectedResourceName"> to use </param>
 /// <param name="expectedResourceId"> to use </param>
 /// <param name="info"> to check </param>
 public static void assertExceptionInfo(string expectedPermissionName, string expectedResourceName, string expectedResourceId, MissingAuthorization info)
 {
     assertEquals(expectedPermissionName, info.ViolatedPermissionName);
     assertEquals(expectedResourceName, info.ResourceType);
     assertEquals(expectedResourceId, info.ResourceId);
 }