public virtual void testHistoricTaskInstanceReportWithoutAuthorization()
{
// given
startProcessInstanceByKey(PROCESS_KEY);
string taskId = selectSingleTask().Id;
disableAuthorization();
taskService.complete(taskId);
enableAuthorization();
try
{
// when
historyService.createHistoricTaskInstanceReport().duration(PeriodUnit.MONTH);
fail("Exception expected: It should not be possible to create a historic task instance report");
}
catch (AuthorizationException e)
{
// then
IList <MissingAuthorization> missingAuthorizations = e.MissingAuthorizations;
assertEquals(1, missingAuthorizations.Count);
MissingAuthorization missingAuthorization = missingAuthorizations[0];
assertEquals(READ_HISTORY.ToString(), missingAuthorization.ViolatedPermissionName);
assertEquals(PROCESS_DEFINITION.resourceName(), missingAuthorization.ResourceType);
assertEquals(ANY, missingAuthorization.ResourceId);
}
}
// submit task form (process task) ////////////////////////////////
public virtual void testProcessTaskSubmitTaskFormWithoutAuthorization()
{
// given
startProcessInstanceByKey(FORM_PROCESS_KEY);
string taskId = selectSingleTask().Id;
try
{
// when
formService.submitTaskForm(taskId, null);
fail("Exception expected: It should not possible to submit a task form");
}
catch (AuthorizationException e)
{
// then
string message = e.Message;
assertTextPresent(userId, message);
assertTextPresent(UPDATE.Name, message);
assertTextPresent(taskId, message);
assertTextPresent(TASK.resourceName(), message);
assertTextPresent(UPDATE_TASK.Name, message);
assertTextPresent(FORM_PROCESS_KEY, message);
assertTextPresent(PROCESS_DEFINITION.resourceName(), message);
}
}
public virtual void testGetErrorDetailsWithoutAuthorization()
{
// given
startThreeProcessInstancesDeleteOneAndCompleteTwoWithFailure();
disableAuthorization();
string failedHistoricExternalTaskLogId = historyService.createHistoricExternalTaskLogQuery().failureLog().list().get(0).Id;
enableAuthorization();
try
{
// when
string stacktrace = historyService.getHistoricExternalTaskLogErrorDetails(failedHistoricExternalTaskLogId);
fail("Exception expected: It should not be possible to retrieve the error details");
}
catch (AuthorizationException e)
{
// then
string exceptionMessage = e.Message;
assertTextPresent(userId, exceptionMessage);
assertTextPresent(READ_HISTORY.Name, exceptionMessage);
assertTextPresent(DEFAULT_PROCESS_KEY, exceptionMessage);
assertTextPresent(PROCESS_DEFINITION.resourceName(), exceptionMessage);
}
}
// delete historic process instance //////////////////////////////
public virtual void testDeleteHistoricProcessInstanceWithoutAuthorization()
{
// given
string processInstanceId = startProcessInstanceByKey(PROCESS_KEY).Id;
string taskId = selectSingleTask().Id;
disableAuthorization();
taskService.complete(taskId);
enableAuthorization();
try
{
// when
historyService.deleteHistoricProcessInstance(processInstanceId);
fail("Exception expected: It should not be possible to delete the historic process instance");
}
catch (AuthorizationException e)
{
// then
string message = e.Message;
assertTextPresent(userId, message);
assertTextPresent(DELETE_HISTORY.Name, message);
assertTextPresent(PROCESS_KEY, message);
assertTextPresent(PROCESS_DEFINITION.resourceName(), message);
}
}
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void testWithoutAuthorization()
public virtual void testWithoutAuthorization()
{
// given
UserOperationLogQuery query = historyService.createUserOperationLogQuery().processDefinitionKey("timerBoundaryProcess").afterTimestamp(new DateTime(1549110000000l));
// assume
assertEquals(1L, query.count());
UserOperationLogEntry entry = query.singleResult();
engineRule.ProcessEngineConfiguration.AuthorizationEnabled = true;
try
{
// when
historyService.deleteUserOperationLogEntry(entry.Id);
fail("Exception expected: It should not be possible to delete the user operation log");
}
catch (AuthorizationException e)
{
// then
string message = e.Message;
assertTrue(message.Contains(USER_ID));
assertTrue(message.Contains(DELETE_HISTORY.Name));
assertTrue(message.Contains(PROCESS_DEFINITION.resourceName()));
assertTrue(message.Contains("timerBoundaryProcess"));
}
}
// get historic job log exception stacktrace /////////////////////
public virtual void testGetHistoricJobLogExceptionStacktraceWithoutAuthorization()
{
// given
startProcessAndExecuteJob(ONE_INCIDENT_PROCESS_KEY);
disableAuthorization();
string jobLogId = historyService.createHistoricJobLogQuery().failureLog().listPage(0, 1).get(0).Id;
enableAuthorization();
try
{
// when
historyService.getHistoricJobLogExceptionStacktrace(jobLogId);
fail("Exception expected: It should not be possible to get the historic job log exception stacktrace");
}
catch (AuthorizationException e)
{
// then
string message = e.Message;
assertTextPresent(userId, message);
assertTextPresent(READ_HISTORY.Name, message);
assertTextPresent(ONE_INCIDENT_PROCESS_KEY, message);
assertTextPresent(PROCESS_DEFINITION.resourceName(), message);
}
}
// delete historic variable instance (process variables) /////////////////////////////////////////////
public virtual void testDeleteHistoricProcessVariableInstanceWithoutAuthorization()
{
// given
startProcessInstanceByKey(PROCESS_KEY, Variables);
disableAuthorization();
string variableInstanceId = historyService.createHistoricVariableInstanceQuery().singleResult().Id;
assertEquals(1L, historyService.createHistoricDetailQuery().count());
enableAuthorization();
try
{
// when
historyService.deleteHistoricVariableInstance(variableInstanceId);
fail("Exception expected: It should not be possible to delete the historic variable instance");
}
catch (AuthorizationException e)
{
// then
string message = e.Message;
assertTextPresent(userId, message);
assertTextPresent(DELETE_HISTORY.Name, message);
assertTextPresent(PROCESS_KEY, message);
assertTextPresent(PROCESS_DEFINITION.resourceName(), message);
}
}
// get task form variables (process task) /////////////////////////////////
public virtual void testProcessTaskGetTaskFormVariablesWithoutAuthorization()
{
// given
startProcessInstanceByKey(RENDERED_FORM_PROCESS_KEY);
string taskId = selectSingleTask().Id;
try
{
// when
formService.getTaskFormVariables(taskId);
fail("Exception expected: It should not possible to get task form variables");
}
catch (AuthorizationException e)
{
// then
string message = e.Message;
assertTextPresent(userId, message);
assertTextPresent(READ.Name, message);
assertTextPresent(taskId, message);
assertTextPresent(TASK.resourceName(), message);
assertTextPresent(READ_TASK.Name, message);
assertTextPresent(RENDERED_FORM_PROCESS_KEY, message);
assertTextPresent(PROCESS_DEFINITION.resourceName(), message);
}
// given (2)
processEngineConfiguration.EnforceSpecificVariablePermission = true;
try
{
// when (2)
formService.getTaskFormVariables(taskId);
fail("Exception expected: It should not possible to get task form variables");
}
catch (AuthorizationException e)
{
// then (2)
string message = e.Message;
assertTextPresent(userId, message);
assertTextPresent(READ_VARIABLE.Name, message);
assertTextPresent(taskId, message);
assertTextPresent(TASK.resourceName(), message);
assertTextPresent(READ_TASK_VARIABLE.Name, message);
assertTextPresent(RENDERED_FORM_PROCESS_KEY, message);
assertTextPresent(PROCESS_DEFINITION.resourceName(), message);
}
}
// get rendered task form (process task) /////////////////////////////////
public virtual void testProcessTaskGetRenderedTaskFormWithoutAuthorization()
{
// given
startProcessInstanceByKey(RENDERED_FORM_PROCESS_KEY);
string taskId = selectSingleTask().Id;
try
{
// when
formService.getRenderedTaskForm(taskId);
fail("Exception expected: It should not possible to get rendered task form");
}
catch (AuthorizationException e)
{
// then
string message = e.Message;
assertTextPresent(userId, message);
assertTextPresent(READ.Name, message);
assertTextPresent(taskId, message);
assertTextPresent(TASK.resourceName(), message);
assertTextPresent(READ_TASK.Name, message);
assertTextPresent(RENDERED_FORM_PROCESS_KEY, message);
assertTextPresent(PROCESS_DEFINITION.resourceName(), message);
}
// given (2)
setReadVariableAsDefaultReadVariablePermission();
try
{
// when (2)
formService.getRenderedTaskForm(taskId);
fail("Exception expected: It should not possible to get rendered task form");
}
catch (AuthorizationException e)
{
// then (2)
string message = e.Message;
assertTextPresent(userId, message);
assertTextPresent(READ_VARIABLE.Name, message);
assertTextPresent(taskId, message);
assertTextPresent(TASK.resourceName(), message);
assertTextPresent(READ_TASK_VARIABLE.Name, message);
assertTextPresent(RENDERED_FORM_PROCESS_KEY, message);
assertTextPresent(PROCESS_DEFINITION.resourceName(), message);
}
}
public virtual void testGetCompletedActivitiesWithoutAuthorization()
{
// given
startProcessInstanceByKey("process");
try
{
// when
optimizeService.getCompletedHistoricActivityInstances(new DateTime(0L), null, 10);
fail("Exception expected: It should not be possible to retrieve the activities");
}
catch (AuthorizationException e)
{
// then
string exceptionMessage = e.Message;
assertTextPresent(userId, exceptionMessage);
assertTextPresent(READ_HISTORY.Name, exceptionMessage);
assertTextPresent(PROCESS_DEFINITION.resourceName(), exceptionMessage);
}
}
// get start form data ///////////////////////////////////////////
public virtual void testGetStartFormDataWithoutAuthorizations()
{
// given
string processDefinitionId = selectProcessDefinitionByKey(FORM_PROCESS_KEY).Id;
try
{
// when
formService.getStartFormData(processDefinitionId);
fail("Exception expected: It should not be possible to get start form data");
}
catch (AuthorizationException e)
{
// then
string message = e.Message;
assertTextPresent(userId, message);
assertTextPresent(READ.Name, message);
assertTextPresent(FORM_PROCESS_KEY, message);
assertTextPresent(PROCESS_DEFINITION.resourceName(), message);
}
}
// without any authorization
public virtual void testQueryWithoutAuthorizations()
{
// given
string processDefinitionId = selectProcessDefinitionByKey(ONE_INCIDENT_PROCESS_KEY).Id;
try
{
// when
managementService.createActivityStatisticsQuery(processDefinitionId).list();
fail("Exception expected: It should not be possible to execute the activity statistics query");
}
catch (AuthorizationException e)
{
// then
string message = e.Message;
assertTextPresent(userId, message);
assertTextPresent(READ.Name, message);
assertTextPresent(ONE_INCIDENT_PROCESS_KEY, message);
assertTextPresent(PROCESS_DEFINITION.resourceName(), message);
}
}
public virtual void testSubmitStartFormWithCreatePermissionOnProcessInstance()
{
// given
string processDefinitionId = selectProcessDefinitionByKey(FORM_PROCESS_KEY).Id;
createGrantAuthorization(PROCESS_INSTANCE, ANY, userId, CREATE);
try
{
// when
formService.submitStartForm(processDefinitionId, null);
fail("Exception expected: It should not possible to submit a start form");
}
catch (AuthorizationException e)
{
// then
string message = e.Message;
assertTextPresent(userId, message);
assertTextPresent(CREATE_INSTANCE.Name, message);
assertTextPresent(FORM_PROCESS_KEY, message);
assertTextPresent(PROCESS_DEFINITION.resourceName(), message);
}
}
// delete historic variable instances (process variables) /////////////////////////////////////////////
public virtual void testDeleteHistoricProcessVariableInstancesWithoutAuthorization()
{
// given
ProcessInstance instance = startProcessInstanceByKey(PROCESS_KEY, Variables);
verifyVariablesCreated();
try
{
// when
historyService.deleteHistoricVariableInstancesByProcessInstanceId(instance.Id);
fail("Exception expected: It should not be possible to delete the historic variable instance");
}
catch (AuthorizationException e)
{
// then
string message = e.Message;
assertTextPresent(userId, message);
assertTextPresent(DELETE_HISTORY.Name, message);
assertTextPresent(PROCESS_KEY, message);
assertTextPresent(PROCESS_DEFINITION.resourceName(), message);
}
}
