public virtual void testDeleteAuthorization() { // create global auth Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); basePerms.Resource = AUTHORIZATION; basePerms.ResourceId = ANY; basePerms.addPermission(ALL); basePerms.removePermission(DELETE); // revoke delete authorizationService.saveAuthorization(basePerms); // turn on authorization processEngineConfiguration.AuthorizationEnabled = true; identityService.AuthenticatedUserId = jonny2; try { // try to delete authorization authorizationService.deleteAuthorization(basePerms.Id); fail("exception expected"); } catch (AuthorizationException e) { assertEquals(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; assertEquals(jonny2, e.UserId); assertExceptionInfo(DELETE.Name, AUTHORIZATION.resourceName(), basePerms.Id, info); } }
public virtual void testCreateAuthorization() { // add base permission which allows nobody to create authorizations Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); basePerms.Resource = AUTHORIZATION; basePerms.ResourceId = ANY; basePerms.addPermission(ALL); // add all then remove 'create' basePerms.removePermission(CREATE); authorizationService.saveAuthorization(basePerms); // now enable authorizations: processEngineConfiguration.AuthorizationEnabled = true; identityService.AuthenticatedUserId = jonny2; try { // we cannot create another authorization authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); fail("exception expected"); } catch (AuthorizationException e) { assertEquals(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; assertEquals(jonny2, e.UserId); assertExceptionInfo(CREATE.Name, AUTHORIZATION.resourceName(), null, info); } // circumvent auth check to get new transient object Authorization authorization = new AuthorizationEntity(AUTH_TYPE_REVOKE); authorization.UserId = "someUserId"; authorization.Resource = Resources.APPLICATION; try { authorizationService.saveAuthorization(authorization); fail("exception expected"); } catch (AuthorizationException e) { assertEquals(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; assertEquals(jonny2, e.UserId); assertExceptionInfo(CREATE.Name, AUTHORIZATION.resourceName(), null, info); } }
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET: //ORIGINAL LINE: public void testSaveAuthorizationRemovePermissionWithInvalidResource() throws Exception public virtual void testSaveAuthorizationRemovePermissionWithInvalidResource() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE); authorization.UserId = "userId"; authorization.removePermission(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES); authorization.Resource = Resources.PROCESS_DEFINITION; authorization.ResourceId = ANY; processEngineConfiguration.AuthorizationEnabled = true; try { // when authorizationService.saveAuthorization(authorization); fail("expected exception"); } catch (BadUserRequestException e) { // then assertTrue(e.Message.contains("The resource type with id:'6' is not valid for 'CREATE_BATCH_MIGRATE_PROCESS_INSTANCES' permission.")); } // given authorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE); authorization.UserId = "userId"; authorization.addPermission(Permissions.ACCESS); authorization.Resource = Resources.PROCESS_DEFINITION; try { // when authorizationService.saveAuthorization(authorization); fail("expected exception"); } catch (BadUserRequestException e) { // then assertTrue(e.Message.contains("The resource type with id:'6' is not valid for 'ACCESS' permission.")); } }
public virtual void testUserUpdateAuthorizations() { // create global auth Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); basePerms.Resource = AUTHORIZATION; basePerms.ResourceId = ANY; basePerms.addPermission(ALL); basePerms.removePermission(UPDATE); // revoke update authorizationService.saveAuthorization(basePerms); // turn on authorization processEngineConfiguration.AuthorizationEnabled = true; identityService.AuthenticatedUserId = jonny2; // fetch authhorization basePerms = authorizationService.createAuthorizationQuery().singleResult(); // make some change to the perms basePerms.addPermission(ALL); try { authorizationService.saveAuthorization(basePerms); fail("exception expected"); } catch (AuthorizationException e) { assertEquals(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; assertEquals(jonny2, e.UserId); assertExceptionInfo(UPDATE.Name, AUTHORIZATION.resourceName(), basePerms.Id, info); } // but we can create a new auth Authorization newAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); newAuth.UserId = "jonny2"; newAuth.Resource = AUTHORIZATION; newAuth.ResourceId = ANY; newAuth.addPermission(ALL); authorizationService.saveAuthorization(newAuth); }