Example #1
0
        protected internal static MissingAuthorization asMissingAuthorization(Authorization authorization)
        {
            string permissionName = null;
            string resourceId     = null;
            string resourceName   = null;

            Permission[] permissions = AuthorizationTestUtil.getPermissions(authorization);
            foreach (Permission permission in permissions)
            {
                if (permission.Value != Permissions.NONE.Value)
                {
                    permissionName = permission.Name;
                    break;
                }
            }

            if (!org.camunda.bpm.engine.authorization.Authorization_Fields.ANY.Equals(authorization.ResourceId))
            {
                // missing ANY authorizations are not explicitly represented in the error message
                resourceId = authorization.ResourceId;
            }

            Resource resource = AuthorizationTestUtil.getResourceByType(authorization.ResourceType);

            resourceName = resource.resourceName();
            return(new MissingAuthorization(permissionName, resourceName, resourceId));
        }
Example #2
0
        public virtual void assertAuthorizationException(AuthorizationException e)
        {
            if (missingAuthorizations.Count > 0 && e != null)
            {
                string message = e.Message;
                string assertionFailureMessage = describeScenarioFailure("Expected an authorization exception but the message was wrong: " + e.Message);

                IList <MissingAuthorization> actualMissingAuthorizations   = new List <MissingAuthorization>(e.MissingAuthorizations);
                IList <MissingAuthorization> expectedMissingAuthorizations = MissingAuthorizationMatcher.asMissingAuthorizations(missingAuthorizations);

                Assert.assertThat(actualMissingAuthorizations, containsInAnyOrder(MissingAuthorizationMatcher.asMatchers(expectedMissingAuthorizations)));

                foreach (Authorization missingAuthorization in missingAuthorizations)
                {
                    Assert.assertTrue(assertionFailureMessage, message.Contains(missingAuthorization.UserId));
                    Assert.assertEquals(missingAuthorization.UserId, e.UserId);

                    Permission[] permissions = AuthorizationTestUtil.getPermissions(missingAuthorization);
                    foreach (Permission permission in permissions)
                    {
                        if (permission.Value != Permissions.NONE.Value)
                        {
                            Assert.assertTrue(assertionFailureMessage, message.Contains(permission.Name));
                            break;
                        }
                    }

                    if (!org.camunda.bpm.engine.authorization.Authorization_Fields.ANY.Equals(missingAuthorization.ResourceId))
                    {
                        // missing ANY authorizations are not explicitly represented in the error message
                        Assert.assertTrue(assertionFailureMessage, message.Contains(missingAuthorization.ResourceId));
                    }

                    Resource resource = AuthorizationTestUtil.getResourceByType(missingAuthorization.ResourceType);
                    Assert.assertTrue(assertionFailureMessage, message.Contains(resource.resourceName()));
                }
            }
            else if (missingAuthorizations.Count == 0 && e == null)
            {
                // nothing to do
            }
            else
            {
                if (e != null)
                {
                    Assert.fail(describeScenarioFailure("Expected no authorization exception but got one: " + e.Message));
                }
                else
                {
                    Assert.fail(describeScenarioFailure("Expected failure due to missing authorizations but code under test was successful"));
                }
            }
        }