Example #1
0
        public virtual void testIsUserAuthorizedWithInvalidResourceMultiplePermissions()
        {
            // given
            Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
            string        userId        = "userId";

            authorization.UserId = userId;
            authorization.addPermission(ProcessInstancePermissions.READ);
            authorization.addPermission(ProcessInstancePermissions.RETRY_JOB);
            authorization.Resource   = Resources.PROCESS_INSTANCE;
            authorization.ResourceId = ANY;
            authorizationService.saveAuthorization(authorization);

            processEngineConfiguration.AuthorizationEnabled = true;

            // then
            assertEquals(true, authorizationService.isUserAuthorized(userId, null, Permissions.READ, Resources.PROCESS_INSTANCE));
            assertEquals(true, authorizationService.isUserAuthorized(userId, null, ProcessInstancePermissions.RETRY_JOB, Resources.PROCESS_INSTANCE));
            assertEquals(false, authorizationService.isUserAuthorized(userId, null, BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, Resources.BATCH));
            assertEquals(false, authorizationService.isUserAuthorized(userId, null, ProcessDefinitionPermissions.RETRY_JOB, Resources.PROCESS_DEFINITION));
            assertEquals(false, authorizationService.isUserAuthorized(userId, null, Permissions.ACCESS, Resources.APPLICATION));
            try
            {
                authorizationService.isUserAuthorized(userId, null, ProcessDefinitionPermissions.RETRY_JOB, Resources.PROCESS_INSTANCE);
                fail("expected exception");
            }
            catch (BadUserRequestException e)
            {
                assertTrue(e.Message.contains("The resource type 'ProcessInstance' is not valid"));
                assertTrue(e.Message.contains(ProcessDefinitionPermissions.RETRY_JOB.Name));
            }
        }
Example #2
0
        public virtual void testDeleteAuthorization()
        {
            // create global auth
            Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);

            basePerms.Resource   = AUTHORIZATION;
            basePerms.ResourceId = ANY;
            basePerms.addPermission(ALL);
            basePerms.removePermission(DELETE);     // revoke delete
            authorizationService.saveAuthorization(basePerms);

            // turn on authorization
            processEngineConfiguration.AuthorizationEnabled = true;
            identityService.AuthenticatedUserId             = jonny2;

            try
            {
                // try to delete authorization
                authorizationService.deleteAuthorization(basePerms.Id);
                fail("exception expected");
            }
            catch (AuthorizationException e)
            {
                assertEquals(1, e.MissingAuthorizations.Count);
                MissingAuthorization info = e.MissingAuthorizations[0];
                assertEquals(jonny2, e.UserId);
                assertExceptionInfo(DELETE.Name, AUTHORIZATION.resourceName(), basePerms.Id, info);
            }
        }
Example #3
0
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: public void testSaveAuthorizationSetPermissionsWithValidResource() throws Exception
        public virtual void testSaveAuthorizationSetPermissionsWithValidResource()
        {
            // given
            Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);

            authorization.UserId = "userId";
            authorization.addPermission(Permissions.ACCESS);
            // 'ACCESS' is not allowed for Batches
            // however, it will be reset by next line, so saveAuthorization will be successful
            authorization.Permissions = new BatchPermissions[] { BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES };
            authorization.Resource    = Resources.BATCH;
            authorization.ResourceId  = ANY;

            processEngineConfiguration.AuthorizationEnabled = true;

            // when
            authorizationService.saveAuthorization(authorization);

            // then
            Authorization authorizationResult = authorizationService.createAuthorizationQuery().resourceType(Resources.BATCH).singleResult();

            assertNotNull(authorizationResult);
            assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
            assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES));
        }
Example #4
0
        // authorization ///////////////////////////////////////////////////////

        protected internal virtual void createGrantAuthorization(Resource resource, string resourceId, Permission permission, string userId)
        {
            Authorization authorization = createGrantAuthorization(resource, resourceId);

            authorization.UserId = userId;
            authorization.addPermission(permission);
            saveAuthorization(authorization);
        }
Example #5
0
        protected internal static Authorization createAuthorization(AuthorizationService authorizationService, Permission permission, Resources resource, string userId)
        {
            Authorization auth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);

            auth.addPermission(permission);
            auth.Resource   = resource;
            auth.ResourceId = org.camunda.bpm.engine.authorization.Authorization_Fields.ANY;
            auth.UserId     = userId;
            return(auth);
        }
Example #6
0
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: public void testSaveAuthorizationAddPermissionWithInvalidResource() throws Exception
        public virtual void testSaveAuthorizationAddPermissionWithInvalidResource()
        {
            // given
            Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);

            authorization.UserId = "userId";
            authorization.addPermission(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES);
            authorization.Resource   = Resources.APPLICATION;
            authorization.ResourceId = ANY;

            processEngineConfiguration.AuthorizationEnabled = true;

            try
            {
                // when
                authorizationService.saveAuthorization(authorization);
                fail("expected exception");
            }
            catch (BadUserRequestException e)
            {
                // then
                assertTrue(e.Message.contains("The resource type with id:'0' is not valid for 'CREATE_BATCH_MIGRATE_PROCESS_INSTANCES' permission."));
            }

            // given
            authorization        = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
            authorization.UserId = "userId";
            authorization.addPermission(Permissions.ACCESS);
            authorization.Resource = Resources.BATCH;

            try
            {
                // when
                authorizationService.saveAuthorization(authorization);
                fail("expected exception");
            }
            catch (BadUserRequestException e)
            {
                // then
                assertTrue(e.Message.contains("The resource type with id:'13' is not valid for 'ACCESS' permission."));
            }
        }
Example #7
0
        public virtual void testUserUpdateAuthorizations()
        {
            // create global auth
            Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);

            basePerms.Resource   = AUTHORIZATION;
            basePerms.ResourceId = ANY;
            basePerms.addPermission(ALL);
            basePerms.removePermission(UPDATE);     // revoke update
            authorizationService.saveAuthorization(basePerms);

            // turn on authorization
            processEngineConfiguration.AuthorizationEnabled = true;
            identityService.AuthenticatedUserId             = jonny2;

            // fetch authhorization
            basePerms = authorizationService.createAuthorizationQuery().singleResult();
            // make some change to the perms
            basePerms.addPermission(ALL);

            try
            {
                authorizationService.saveAuthorization(basePerms);
                fail("exception expected");
            }
            catch (AuthorizationException e)
            {
                assertEquals(1, e.MissingAuthorizations.Count);
                MissingAuthorization info = e.MissingAuthorizations[0];
                assertEquals(jonny2, e.UserId);
                assertExceptionInfo(UPDATE.Name, AUTHORIZATION.resourceName(), basePerms.Id, info);
            }

            // but we can create a new auth
            Authorization newAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);

            newAuth.UserId     = "jonny2";
            newAuth.Resource   = AUTHORIZATION;
            newAuth.ResourceId = ANY;
            newAuth.addPermission(ALL);
            authorizationService.saveAuthorization(newAuth);
        }
Example #8
0
        protected internal virtual void createGrantAuthorization(Resource resource, string resourceId, string userId, params Permission[] permissions)
        {
            Authorization authorization = createAuthorization(AUTH_TYPE_GRANT, resource, resourceId);

            authorization.UserId = userId;
            foreach (Permission permission in permissions)
            {
                authorization.addPermission(permission);
            }
            authorizationService.saveAuthorization(authorization);
        }
Example #9
0
        // user ////////////////////////////////////////////////////////////////

        protected internal virtual User createUser(string userId)
        {
            User user = identityService.newUser(userId);

            identityService.saveUser(user);

            // give user all permission to manipulate authorizations
            Authorization authorization = createGrantAuthorization(AUTHORIZATION, ANY);

            authorization.UserId = userId;
            authorization.addPermission(ALL);
            saveAuthorization(authorization);

            // give user all permission to manipulate users
            authorization        = createGrantAuthorization(USER, ANY);
            authorization.UserId = userId;
            authorization.addPermission(Permissions.ALL);
            saveAuthorization(authorization);

            return(user);
        }
Example #10
0
        protected internal virtual void grouptGrant(string groupId, Resource resource, params Permission[] perms)
        {
            AuthorizationService authorizationService = engine.AuthorizationService;
            Authorization        groupGrant           = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);

            groupGrant.Resource   = resource;
            groupGrant.ResourceId = ANY;
            foreach (Permission permission in perms)
            {
                groupGrant.addPermission(permission);
            }
            groupGrant.GroupId = groupId;
            authorizationService.saveAuthorization(groupGrant);
        }
Example #11
0
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: public void testSaveAuthorizationMultipleResourcesIncludingInvalidResource() throws Exception
        public virtual void testSaveAuthorizationMultipleResourcesIncludingInvalidResource()
        {
            // given
            Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);

            authorization.UserId = "userId";
            authorization.addPermission(Permissions.READ_HISTORY);
            authorization.addPermission(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES);
            authorization.Resource = Resources.PROCESS_DEFINITION;

            processEngineConfiguration.AuthorizationEnabled = true;

            try
            {
                // when
                authorizationService.saveAuthorization(authorization);
                fail("expected exception");
            }
            catch (BadUserRequestException e)
            {
                // then
                assertTrue(e.Message.contains("The resource type with id:'6' is not valid for 'CREATE_BATCH_MIGRATE_PROCESS_INSTANCES' permission."));
            }
        }
Example #12
0
        public virtual void testCreateAuthorization()
        {
            // add base permission which allows nobody to create authorizations
            Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);

            basePerms.Resource   = AUTHORIZATION;
            basePerms.ResourceId = ANY;
            basePerms.addPermission(ALL);     // add all then remove 'create'
            basePerms.removePermission(CREATE);
            authorizationService.saveAuthorization(basePerms);

            // now enable authorizations:
            processEngineConfiguration.AuthorizationEnabled = true;
            identityService.AuthenticatedUserId             = jonny2;

            try
            {
                // we cannot create another authorization
                authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
                fail("exception expected");
            }
            catch (AuthorizationException e)
            {
                assertEquals(1, e.MissingAuthorizations.Count);
                MissingAuthorization info = e.MissingAuthorizations[0];
                assertEquals(jonny2, e.UserId);
                assertExceptionInfo(CREATE.Name, AUTHORIZATION.resourceName(), null, info);
            }

            // circumvent auth check to get new transient object
            Authorization authorization = new AuthorizationEntity(AUTH_TYPE_REVOKE);

            authorization.UserId   = "someUserId";
            authorization.Resource = Resources.APPLICATION;

            try
            {
                authorizationService.saveAuthorization(authorization);
                fail("exception expected");
            }
            catch (AuthorizationException e)
            {
                assertEquals(1, e.MissingAuthorizations.Count);
                MissingAuthorization info = e.MissingAuthorizations[0];
                assertEquals(jonny2, e.UserId);
                assertExceptionInfo(CREATE.Name, AUTHORIZATION.resourceName(), null, info);
            }
        }
Example #13
0
        public virtual void testIsUserAuthorizedWithValidResourceImpl()
        {
            // given
            ResourceImpl  resource      = new ResourceImpl(this, "application", 0);
            Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
            string        userId        = "userId";

            authorization.UserId = userId;
            authorization.addPermission(Permissions.ACCESS);
            authorization.Resource   = Resources.APPLICATION;
            authorization.ResourceId = ANY;
            authorizationService.saveAuthorization(authorization);

            processEngineConfiguration.AuthorizationEnabled = true;

            // then
            assertEquals(true, authorizationService.isUserAuthorized(userId, null, Permissions.ACCESS, resource));
        }
Example #14
0
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void testWithAdminUser()
        public virtual void testWithAdminUser()
        {
            processEngineConfiguration.AdminUsers.Add("adminUser");

            processEngineConfiguration.AuthorizationEnabled = false;

            identityService.setAuthentication("adminUser", null, null);
            Authorization userAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);

            userAuth.UserId     = "adminUser";
            userAuth.Resource   = USER;
            userAuth.ResourceId = ANY;
            userAuth.addPermission(READ);
            authorizationService.saveAuthorization(userAuth);
            processEngineConfiguration.AuthorizationEnabled = true;

            // when
            managementService.Properties;

            // then no exception
        }
Example #15
0
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void testWithoutAdminUser()
        public virtual void testWithoutAdminUser()
        {
            processEngineConfiguration.AuthorizationEnabled = false;

            identityService.setAuthentication("adminUser", null, null);
            Authorization userAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);

            userAuth.UserId     = "adminUser";
            userAuth.Resource   = USER;
            userAuth.ResourceId = ANY;
            userAuth.addPermission(READ);
            authorizationService.saveAuthorization(userAuth);
            processEngineConfiguration.AuthorizationEnabled = true;

            // then
            thrown.expect(typeof(AuthorizationException));
            thrown.expectMessage("Required admin authenticated group or user.");

            // when
            managementService.Properties;
        }
Example #16
0
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void testWithAdminGroup()
        public virtual void testWithAdminGroup()
        {
            processEngineConfiguration.AdminGroups.Add("adminGroup");

            processEngineConfiguration.AuthorizationEnabled = false;

            identityService.setAuthentication("admin", Collections.singletonList("adminGroup"), null);
            Authorization userAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);

            userAuth.UserId     = "admin";
            userAuth.Resource   = USER;
            userAuth.ResourceId = ANY;
            userAuth.addPermission(READ);
            authorizationService.saveAuthorization(userAuth);
            processEngineConfiguration.AuthorizationEnabled = true;

            // when
            identityService.unlockUser("jonny1");

            // then no exception
        }