public virtual void testGlobalAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AuthorizationFields.AuthTypeGrant); Assert.IsFalse(authorization.IsPermissionGranted(Permissions.All)); Assert.True(authorization.IsPermissionGranted(Permissions.None)); IList <Permissions> perms = (authorization.GetPermissions(new Permissions[] { })); Assert.True(perms.Contains(Permissions.None)); Assert.AreEqual(1, perms.Count); authorization.AddPermission(Permissions.Read); perms = (authorization.GetPermissions(new Permissions[] { })); Assert.True(perms.Contains(Permissions.None)); Assert.True(perms.Contains(Permissions.Read)); Assert.AreEqual(2, perms.Count); Assert.True(authorization.IsPermissionGranted(Permissions.Read)); Assert.True(authorization.IsPermissionGranted(Permissions.None)); // (none is always granted => you are always authorized to do nothing) try { authorization.IsPermissionRevoked(Permissions.Read); Assert.Fail("Exception expected"); } catch (System.InvalidOperationException e) { AssertTextPresent("ENGINE-03026 Method 'isPermissionRevoked' cannot be used for authorization with type 'GRANT'.", e.Message); } }
public async Task <TAuthorizationToken> GetAsync <TAuthorizationToken>(DeploymentScope deploymentScope) where TAuthorizationToken : AuthorizationToken, new() { if (deploymentScope is null) { throw new ArgumentNullException(nameof(deploymentScope)); } var client = await tableClient.ConfigureAwait(false); var rowKey = AuthorizationEntity.GetEntityId(deploymentScope); var partitionKey = string.Join(",", typeof(TAuthorizationToken).AssemblyQualifiedName.Split(',').Take(2)); try { var response = await client .GetEntityAsync <TAuthorizationToken>(partitionKey, rowKey) .ConfigureAwait(false); return(response.Value); } catch (RequestFailedException ex) when(ex.Status == 404) { // doesn't exist return(null); } }
public virtual void testRevokeAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AuthorizationFields.AuthTypeRevoke); Assert.IsFalse(authorization.IsPermissionRevoked(Permissions.All)); IList <Permissions> perms = (authorization.GetPermissions(new Permissions[] { })); Assert.AreEqual(0, perms.Count); authorization.RemovePermission(Permissions.Read); perms = (authorization.GetPermissions(new Permissions[] { })); Assert.True(perms.Contains(Permissions.Read)); Assert.True(perms.Contains(Permissions.All)); Assert.AreEqual(2, perms.Count); try { authorization.IsPermissionGranted(Permissions.Read); Assert.Fail("Exception expected"); } catch (System.InvalidOperationException e) { AssertTextPresent("ENGINE-03026 Method 'isPermissionGranted' cannot be used for authorization with type 'REVOKE'.", e.Message); } }
public virtual void testRevokeAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_REVOKE); authorization.setResource(Resources.DEPLOYMENT); assertFalse(authorization.isPermissionRevoked(ALL)); IList <Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertEquals(0, perms.Count); authorization.removePermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.Contains(READ)); assertTrue(perms.Contains(ALL)); assertEquals(2, perms.Count); try { authorization.isPermissionGranted(READ); fail("Exception expected"); } catch (System.InvalidOperationException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionGranted' cannot be used for authorization with type 'REVOKE'.", e.Message); } }
public virtual void testGlobalAuthPermissions() { AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.setResource(Resources.DEPLOYMENT); assertFalse(authorization.isPermissionGranted(ALL)); assertTrue(authorization.isPermissionGranted(NONE)); IList <Permission> perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.Contains(NONE)); assertEquals(1, perms.Count); authorization.addPermission(READ); perms = Arrays.asList(authorization.getPermissions(Permissions.values())); assertTrue(perms.Contains(NONE)); assertTrue(perms.Contains(READ)); assertEquals(2, perms.Count); assertTrue(authorization.isPermissionGranted(READ)); assertTrue(authorization.isPermissionGranted(NONE)); // (none is always granted => you are always authorized to do nothing) try { authorization.isPermissionRevoked(READ); fail("Exception expected"); } catch (System.InvalidOperationException e) { assertTextPresent("ENGINE-03026 Method 'isPermissionRevoked' cannot be used for authorization with type 'GRANT'.", e.Message); } }
protected internal virtual AuthorizationEntity createGrantAuthorization(string userId, string groupId, Resource resource, string resourceId, params Permission[] permissions) { // assuming that there are no default authorizations for * if (!string.ReferenceEquals(userId, null)) { ensureValidIndividualResourceId("Cannot create authorization for user " + userId, userId); } if (!string.ReferenceEquals(groupId, null)) { ensureValidIndividualResourceId("Cannot create authorization for group " + groupId, groupId); } AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT); authorization.UserId = userId; authorization.GroupId = groupId; authorization.setResource(resource); authorization.ResourceId = resourceId; if (permissions != null) { foreach (Permission permission in permissions) { authorization.addPermission(permission); } } return(authorization); }
public virtual AuthorizationEntity[] newTaskAssignee(Task task, string oldAssignee, string newAssignee) { if (!string.ReferenceEquals(newAssignee, null)) { ensureValidIndividualResourceId("Cannot create default authorization for assignee " + newAssignee, newAssignee); // create (or update) an authorization for the new assignee. string taskId = task.Id; // fetch existing authorization AuthorizationEntity authorization = getGrantAuthorizationByUserId(newAssignee, TASK, taskId); // update authorization: // (1) fetched authorization == null -> create a new authorization (with READ, (UPDATE/TASK_WORK) permission, and READ_VARIABLE if enabled) // (2) fetched authorization != null -> add READ, (UPDATE/TASK_WORK) permission, and READ_VARIABLE if enabled // Update or TASK_WORK permission is configurable in camunda.cfg.xml and by default, UPDATE permission is provided authorization = updateAuthorization(authorization, newAssignee, null, TASK, taskId, READ, DefaultUserPermissionForTask, SpecificReadVariablePermission); // return always created or updated authorization return(new AuthorizationEntity[] { authorization }); } return(null); }
protected String processList(String url, AuthorizationEntity authorization) { WebRequestUtil wrUtil = new WebRequestUtil(authorization); Dictionary <string, string> post_data = new Dictionary <string, string>(); String response = wrUtil.getRequest(url, post_data); return(response); }
public static LoginModel ToLoginModel(this AuthorizationEntity authorisationEntity) { return(new LoginModel() { Email = authorisationEntity.Email, Password = authorisationEntity.Password }); }
public virtual AuthorizationEntity[] newUser(User user) { // create an authorization which gives the user all permissions on himself: string userId = user.Id; ensureValidIndividualResourceId("Cannot create default authorization for user " + userId, userId); AuthorizationEntity resourceOwnerAuthorization = createGrantAuthorization(userId, null, USER, userId, ALL); return(new AuthorizationEntity[] { resourceOwnerAuthorization }); }
protected internal virtual bool hasEntitySameAuthorizationRights(AuthorizationEntity authEntity, string userId, string groupId, Resource resource, string resourceId) { bool sameUserId = areIdsEqual(authEntity.UserId, userId); bool sameGroupId = areIdsEqual(authEntity.GroupId, groupId); bool sameResourceId = areIdsEqual(authEntity.ResourceId, (resourceId)); bool sameResourceType = authEntity.ResourceType == resource.resourceType(); bool sameAuthorizationType = authEntity.AuthorizationType == AUTH_TYPE_GRANT; return(sameUserId && sameGroupId && sameResourceType && sameResourceId && sameAuthorizationType); }
public bool CheckForm(AuthorizationEntity authorization) { var auth = unitOfWork.AuthorizationRepository.Get(x => x.Email == authorization.Email); if (auth != null && auth.Password == authorization.Password && auth.Confirm == true) { return(true); } return(false); }
public static Authorization ToAuthorization(this AuthorizationEntity authorisationEntity) { return(new Authorization() { Id = authorisationEntity.Id, Email = authorisationEntity.Email, Password = authorisationEntity.Password, UserId = authorisationEntity.UserId, Confirm = authorisationEntity.Confirm }); }
public bool InsertAuthorization(AuthorizationEntity auth) { try { var table = _tableClient.GetTableReference(Tables.Authorizaiton); var insertOperation = TableOperation.Insert(auth); table.Execute(insertOperation); return(true); } catch (Exception e) { return(false); } }
public void UpdateAuthorization(AuthorizationEntity teamAuth) { try { var table = _tableClient.GetTableReference(Tables.Authorizaiton); var replaceOperation = TableOperation.Replace(teamAuth); table.Execute(replaceOperation); } catch (Exception e) { Console.WriteLine(e); throw; } }
public virtual void testCreateAuthorization() { // add base permission which allows nobody to create authorizations IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); basePerms.Resource = Resources.Authorization; basePerms.ResourceId = AuthorizationFields.Any; basePerms.AddPermission(Permissions.All); // add all then remove 'create' basePerms.RemovePermission(Permissions.Create); authorizationService.SaveAuthorization(basePerms); // now enable authorizations: processEngineConfiguration.SetAuthorizationEnabled(true); identityService.AuthenticatedUserId = jonny2; try { // we cannot create another authorization authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal); Assert.Fail("exception expected"); } catch (AuthorizationException e) { Assert.AreEqual(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; Assert.AreEqual(jonny2, e.UserId); AuthorizationTestUtil.AssertExceptionInfo(Permissions.Create.ToString(), Resources.Authorization.ToString() /*.ResourceName()*/, null, info); } // circumvent auth check to get new transient object IAuthorization authorization = new AuthorizationEntity(AuthorizationFields.AuthTypeRevoke); authorization.UserId = "someUserId"; authorization.Resource = Resources.Application; try { authorizationService.SaveAuthorization(authorization); Assert.Fail("exception expected"); } catch (AuthorizationException e) { Assert.AreEqual(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; Assert.AreEqual(jonny2, e.UserId); AuthorizationTestUtil.AssertExceptionInfo(Permissions.Create.ToString(), Resources.Authorization.ToString() /*.ResourceName()*/, null, info); } }
public static int Update(AuthorizationEntity entity, DbConnection connection, DbTransaction transaction) { var command = KandaTableDataGateway._factory.CreateCommand(connection, transaction); command.CommandText = @"usp_UpdateAuthorizations"; KandaDbDataMapper.MapToParameters(command, entity); var result = KandaTableDataGateway._factory.CreateParameter(@"Result", DbType.Int32, sizeof(int), ParameterDirection.ReturnValue, DBNull.Value); command.Parameters.Add(result); command.ExecuteNonQuery(); return((int)result.Value); }
// Deployment /////////////////////////////////////////////// public virtual AuthorizationEntity[] newDeployment(Deployment deployment) { ProcessEngineConfigurationImpl processEngineConfiguration = Context.ProcessEngineConfiguration; IdentityService identityService = processEngineConfiguration.IdentityService; Authentication currentAuthentication = identityService.CurrentAuthentication; if (currentAuthentication != null && !string.ReferenceEquals(currentAuthentication.UserId, null)) { string userId = currentAuthentication.UserId; string deploymentId = deployment.Id; AuthorizationEntity authorization = createGrantAuthorization(userId, null, DEPLOYMENT, deploymentId, READ, DELETE); return(new AuthorizationEntity[] { authorization }); } return(null); }
public virtual AuthorizationEntity[] newGroup(Group group) { IList <AuthorizationEntity> authorizations = new List <AuthorizationEntity>(); // whenever a new group is created, all users part of the // group are granted READ permissions on the group string groupId = group.Id; ensureValidIndividualResourceId("Cannot create default authorization for group " + groupId, groupId); AuthorizationEntity groupMemberAuthorization = createGrantAuthorization(null, groupId, GROUP, groupId, READ); authorizations.Add(groupMemberAuthorization); return(authorizations.ToArray()); }
private void DeserializeSerializeCompare(string jsonRep) { // convert the JSON to objects. Convert the objects to JSON. AuthorizationEntity hydrated = JsonConvert.DeserializeObject <AuthorizationEntity>(jsonRep); Assert.NotNull(hydrated); string serialized = JsonConvert.SerializeObject(hydrated, Formatting.Indented); output.WriteLine(serialized); // compare original JSON with results of deserialize / serialize var nodeSet1 = JsonConvert.DeserializeObject <JObject>(jsonRep); var nodeSet2 = JsonConvert.DeserializeObject <JObject>(serialized); Assert.True(JToken.DeepEquals(nodeSet1, nodeSet2), "Original JSON and results of deserialize,serialize are different token graphs"); }
/// <summary> /// Searches through the cache, if there is already an authorization with same rights. If that's the case /// update the given authorization with the permissions and remove the old one from the cache. /// </summary> protected internal virtual void updateAuthorizationBasedOnCacheEntries(AuthorizationEntity authorization, string userId, string groupId, Resource resource, string resourceId) { DbEntityManager dbManager = Context.CommandContext.DbEntityManager; IList <AuthorizationEntity> list = dbManager.getCachedEntitiesByType(typeof(AuthorizationEntity)); foreach (AuthorizationEntity authEntity in list) { bool hasSameAuthRights = hasEntitySameAuthorizationRights(authEntity, userId, groupId, resource, resourceId); if (hasSameAuthRights) { int previousPermissions = authEntity.getPermissions(); authorization.setPermissions(previousPermissions); dbManager.DbEntityCache.remove(authEntity); return; } } }
public virtual AuthorizationEntity[] newFilter(Filter filter) { string owner = filter.Owner; if (!string.ReferenceEquals(owner, null)) { // create an authorization which gives the owner of the filter all permissions on the filter string filterId = filter.Id; ensureValidIndividualResourceId("Cannot create default authorization for filter owner " + owner, owner); AuthorizationEntity filterOwnerAuthorization = createGrantAuthorization(owner, null, FILTER, filterId, ALL); return(new AuthorizationEntity[] { filterOwnerAuthorization }); } else { return(null); } }
public virtual AuthorizationEntity[] newTaskGroupIdentityLink(Task task, string groupId, string type) { ensureValidIndividualResourceId("Cannot grant default authorization for identity link to group " + groupId, groupId); // create (or update) an authorization for the given group // whenever a new user identity link will be added string taskId = task.Id; // fetch existing authorization AuthorizationEntity authorization = getGrantAuthorizationByGroupId(groupId, TASK, taskId); // update authorization: // (1) fetched authorization == null -> create a new authorization (with READ, (UPDATE/TASK_WORK) permission, and READ_VARIABLE if enabled) // (2) fetched authorization != null -> add READ, (UPDATE/TASK_WORK) permission, and READ_VARIABLE if enabled // Update or TASK_WORK permission is configurable in camunda.cfg.xml and by default, UPDATE permission is provided authorization = updateAuthorization(authorization, null, groupId, TASK, taskId, READ, DefaultUserPermissionForTask, SpecificReadVariablePermission); // return always created or updated authorization return(new AuthorizationEntity[] { authorization }); }
protected internal virtual AuthorizationEntity updateAuthorization(AuthorizationEntity authorization, string userId, string groupId, Resource resource, string resourceId, params Permission[] permissions) { if (authorization == null) { authorization = createGrantAuthorization(userId, groupId, resource, resourceId); updateAuthorizationBasedOnCacheEntries(authorization, userId, groupId, resource, resourceId); } if (permissions != null) { foreach (Permission permission in permissions) { if (permission != null) { authorization.addPermission(permission); } } } return(authorization); }
/// <summary> /// Create a new authorization. /// </summary> /// <param name="identifier">The identifier to be authorized.</param> /// <returns>The authorization created.</returns> /// <exception cref="InvalidOperationException">If the account key is missing.</exception> public async Task <AcmeResult <AuthorizationEntity> > NewAuthorization(AuthorizationIdentifier identifier) { if (this.key == null) { throw new InvalidOperationException(); } var auth = new AuthorizationEntity { Identifier = identifier, Resource = ResourceTypes.NewAuthorization }; var uri = await handler.GetResourceUri(ResourceTypes.NewAuthorization); var result = await handler.Post(uri, auth, key); ThrowIfError(result); if (result.HttpStatus == HttpStatusCode.SeeOther) // An authentication with the same identifier exists. { result = await handler.Get <AuthorizationEntity>(result.Location); ThrowIfError(result); } return(new AcmeResult <AuthorizationEntity> { Data = result.Data, Json = result.Json, Raw = result.Raw, Links = result.Links, Location = result.Location, ContentType = result.ContentType }); }
public SaveAuthorizationCmd(IAuthorization authorization) { this.Authorization = (AuthorizationEntity)authorization; Validate(); }
/// <summary> /// /// </summary> /// <param name="entity"></param> /// <param name="connection"></param> /// <param name="transaction"></param> /// <returns></returns> public bool Update(AuthorizationEntity entity, DbConnection connection, DbTransaction transaction) { var updated = AuthorizationsGateway.Update(entity, connection, transaction); return(updated == 1); }
/// <summary> /// /// </summary> /// <param name="entity"></param> /// <param name="connection"></param> /// <param name="transaction"></param> /// <returns></returns> public bool Create(AuthorizationEntity entity, DbConnection connection, DbTransaction transaction) { var created = AuthorizationsGateway.Insert(entity, connection, transaction); return(created == 1); }
public AuthorizationAttribute(ClaimScope claimScope, AuthorizationAction action, AuthorizationEntity entity) { ClaimScope = claimScope; Name = AuthorizationName.Generate(action, entity); }
public virtual AuthorizationEntity[] tenantMembershipCreated(Tenant tenant, Group group) { AuthorizationEntity userAuthorization = createGrantAuthorization(null, group.Id, TENANT, tenant.Id, READ); return(new AuthorizationEntity[] { userAuthorization }); }