public virtual void testDeleteAuthorization()
{
// create global auth
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.Resource = AUTHORIZATION;
basePerms.ResourceId = ANY;
basePerms.addPermission(ALL);
basePerms.removePermission(DELETE); // revoke delete
authorizationService.saveAuthorization(basePerms);
// turn on authorization
processEngineConfiguration.AuthorizationEnabled = true;
identityService.AuthenticatedUserId = jonny2;
try
{
// try to delete authorization
authorizationService.deleteAuthorization(basePerms.Id);
fail("exception expected");
}
catch (AuthorizationException e)
{
assertEquals(1, e.MissingAuthorizations.Count);
MissingAuthorization info = e.MissingAuthorizations[0];
assertEquals(jonny2, e.UserId);
assertExceptionInfo(DELETE.Name, AUTHORIZATION.resourceName(), basePerms.Id, info);
}
}
public virtual void testCreateAuthorization()
{
// add base permission which allows nobody to create authorizations
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.Resource = AUTHORIZATION;
basePerms.ResourceId = ANY;
basePerms.addPermission(ALL); // add all then remove 'create'
basePerms.removePermission(CREATE);
authorizationService.saveAuthorization(basePerms);
// now enable authorizations:
processEngineConfiguration.AuthorizationEnabled = true;
identityService.AuthenticatedUserId = jonny2;
try
{
// we cannot create another authorization
authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
fail("exception expected");
}
catch (AuthorizationException e)
{
assertEquals(1, e.MissingAuthorizations.Count);
MissingAuthorization info = e.MissingAuthorizations[0];
assertEquals(jonny2, e.UserId);
assertExceptionInfo(CREATE.Name, AUTHORIZATION.resourceName(), null, info);
}
// circumvent auth check to get new transient object
Authorization authorization = new AuthorizationEntity(AUTH_TYPE_REVOKE);
authorization.UserId = "someUserId";
authorization.Resource = Resources.APPLICATION;
try
{
authorizationService.saveAuthorization(authorization);
fail("exception expected");
}
catch (AuthorizationException e)
{
assertEquals(1, e.MissingAuthorizations.Count);
MissingAuthorization info = e.MissingAuthorizations[0];
assertEquals(jonny2, e.UserId);
assertExceptionInfo(CREATE.Name, AUTHORIZATION.resourceName(), null, info);
}
}
public virtual void testUserUpdateAuthorizations()
{
// create global auth
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.Resource = AUTHORIZATION;
basePerms.ResourceId = ANY;
basePerms.addPermission(ALL);
basePerms.removePermission(UPDATE); // revoke update
authorizationService.saveAuthorization(basePerms);
// turn on authorization
processEngineConfiguration.AuthorizationEnabled = true;
identityService.AuthenticatedUserId = jonny2;
// fetch authhorization
basePerms = authorizationService.createAuthorizationQuery().singleResult();
// make some change to the perms
basePerms.addPermission(ALL);
try
{
authorizationService.saveAuthorization(basePerms);
fail("exception expected");
}
catch (AuthorizationException e)
{
assertEquals(1, e.MissingAuthorizations.Count);
MissingAuthorization info = e.MissingAuthorizations[0];
assertEquals(jonny2, e.UserId);
assertExceptionInfo(UPDATE.Name, AUTHORIZATION.resourceName(), basePerms.Id, info);
}
// but we can create a new auth
Authorization newAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
newAuth.UserId = "jonny2";
newAuth.Resource = AUTHORIZATION;
newAuth.ResourceId = ANY;
newAuth.addPermission(ALL);
authorizationService.saveAuthorization(newAuth);
}
