public virtual void testDeleteAuthorization()
{
// create global auth
IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);
basePerms.Resource = Resources.Authorization;
basePerms.ResourceId = AuthorizationFields.Any;
basePerms.AddPermission(Permissions.All);
basePerms.RemovePermission(Permissions.Delete); // revoke Delete
authorizationService.SaveAuthorization(basePerms);
// turn on authorization
processEngineConfiguration.SetAuthorizationEnabled(true);
identityService.AuthenticatedUserId = jonny2;
try
{
// try to Delete authorization
authorizationService.DeleteAuthorization(basePerms.Id);
Assert.Fail("exception expected");
}
catch (AuthorizationException e)
{
Assert.AreEqual(1, e.MissingAuthorizations.Count);
MissingAuthorization info = e.MissingAuthorizations[0];
Assert.AreEqual(jonny2, e.UserId);
AuthorizationTestUtil.AssertExceptionInfo(Permissions.Delete.ToString(), Resources.Authorization.ToString() /*.ResourceName()*/, basePerms.Id, info);
}
}
[Test] public virtual void testTenanGroupMembershipDeleteAuthorizations()
{
IGroup group1 = identityService.NewGroup("group1");
identityService.SaveGroup(group1);
ITenant tenant1 = identityService.NewTenant("tenant1");
identityService.SaveTenant(tenant1);
// add base permission which allows nobody to Delete memberships
IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);
basePerms.Resource = Resources.TenantMembership;
basePerms.ResourceId = AuthorizationFields.Any;
basePerms.AddPermission(Permissions.All); // add all then remove 'Delete'
basePerms.RemovePermission(Permissions.Delete);
authorizationService.SaveAuthorization(basePerms);
processEngineConfiguration.SetAuthorizationEnabled(true);
identityService.AuthenticatedUserId = jonny2;
try
{
identityService.DeleteTenantGroupMembership("tenant1", "group1");
Assert.Fail("exception expected");
}
catch (AuthorizationException e)
{
Assert.AreEqual(1, e.MissingAuthorizations.Count);
MissingAuthorization info = e.MissingAuthorizations[0];
Assert.AreEqual(jonny2, e.UserId);
AuthorizationTestUtil.AssertExceptionInfo(Permissions.Delete.ToString(), Resources.TenantMembership.ToString() /*.ResourceName()*/, "tenant1", info);
}
}
public virtual void testCreateAuthorization()
{
// add base permission which allows nobody to create authorizations
IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);
basePerms.Resource = Resources.Authorization;
basePerms.ResourceId = AuthorizationFields.Any;
basePerms.AddPermission(Permissions.All); // add all then remove 'create'
basePerms.RemovePermission(Permissions.Create);
authorizationService.SaveAuthorization(basePerms);
// now enable authorizations:
processEngineConfiguration.SetAuthorizationEnabled(true);
identityService.AuthenticatedUserId = jonny2;
try
{
// we cannot create another authorization
authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);
Assert.Fail("exception expected");
}
catch (AuthorizationException e)
{
Assert.AreEqual(1, e.MissingAuthorizations.Count);
MissingAuthorization info = e.MissingAuthorizations[0];
Assert.AreEqual(jonny2, e.UserId);
AuthorizationTestUtil.AssertExceptionInfo(Permissions.Create.ToString(), Resources.Authorization.ToString() /*.ResourceName()*/, null, info);
}
// circumvent auth check to get new transient object
IAuthorization authorization = new AuthorizationEntity(AuthorizationFields.AuthTypeRevoke);
authorization.UserId = "someUserId";
authorization.Resource = Resources.Application;
try
{
authorizationService.SaveAuthorization(authorization);
Assert.Fail("exception expected");
}
catch (AuthorizationException e)
{
Assert.AreEqual(1, e.MissingAuthorizations.Count);
MissingAuthorization info = e.MissingAuthorizations[0];
Assert.AreEqual(jonny2, e.UserId);
AuthorizationTestUtil.AssertExceptionInfo(Permissions.Create.ToString(), Resources.Authorization.ToString() /*.ResourceName()*/, null, info);
}
}
[Test] public virtual void testTenantCreateAuthorizations()
{
// add base permission which allows nobody to create tenants:
IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);
basePerms.Resource = Resources.Tenant;
basePerms.ResourceId = AuthorizationFields.Any;
basePerms.AddPermission(Permissions.All); // add all then remove 'create'
basePerms.RemovePermission(Permissions.Create);
authorizationService.SaveAuthorization(basePerms);
processEngineConfiguration.SetAuthorizationEnabled(true);
identityService.AuthenticatedUserId = jonny2;
try
{
identityService.NewTenant("tenant");
Assert.Fail("exception expected");
}
catch (AuthorizationException e)
{
Assert.AreEqual(1, e.MissingAuthorizations.Count);
MissingAuthorization info = e.MissingAuthorizations[0];
Assert.AreEqual(jonny2, e.UserId);
AuthorizationTestUtil.AssertExceptionInfo(Permissions.Create.ToString(), Resources.Tenant.ToString() /*.ResourceName()*/, null, info);
}
// circumvent auth check to get new transient userobject
ITenant tenant = new TenantEntity("tenant");
try
{
identityService.SaveTenant(tenant);
Assert.Fail("exception expected");
}
catch (AuthorizationException e)
{
Assert.AreEqual(1, e.MissingAuthorizations.Count);
MissingAuthorization info = e.MissingAuthorizations[0];
Assert.AreEqual(jonny2, e.UserId);
AuthorizationTestUtil.AssertExceptionInfo(Permissions.Create.ToString(), Resources.Tenant.ToString() /*.ResourceName()*/, null, info);
}
}
[Test] public virtual void testTenantUpdateAuthorizations()
{
// create tenant
ITenant tenant = new TenantEntity("tenant");
identityService.SaveTenant(tenant);
// create global auth
IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);
basePerms.Resource = Resources.Tenant;
basePerms.ResourceId = AuthorizationFields.Any;
basePerms.AddPermission(Permissions.All);
basePerms.RemovePermission(Permissions.Update); // revoke update
authorizationService.SaveAuthorization(basePerms);
// turn on authorization
processEngineConfiguration.SetAuthorizationEnabled(true);
identityService.AuthenticatedUserId = jonny2;
// fetch user:
tenant = identityService.CreateTenantQuery().First();
tenant.Name = "newName";
try
{
identityService.SaveTenant(tenant);
Assert.Fail("exception expected");
}
catch (AuthorizationException e)
{
Assert.AreEqual(1, e.MissingAuthorizations.Count);
MissingAuthorization info = e.MissingAuthorizations[0];
Assert.AreEqual(jonny2, e.UserId);
AuthorizationTestUtil.AssertExceptionInfo(Permissions.Update.ToString(), Resources.Tenant.ToString() /*.ResourceName()*/, "tenant", info);
}
// but I can create a new tenant:
ITenant newTenant = identityService.NewTenant("newTenant");
identityService.SaveTenant(newTenant);
}
public virtual void testUserUpdateAuthorizations()
{
// create global auth
IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);
basePerms.Resource = Resources.Authorization;
basePerms.ResourceId = AuthorizationFields.Any;
basePerms.AddPermission(Permissions.All);
basePerms.RemovePermission(Permissions.Update); // revoke update
authorizationService.SaveAuthorization(basePerms);
// turn on authorization
processEngineConfiguration.SetAuthorizationEnabled(true);
identityService.AuthenticatedUserId = jonny2;
// fetch authhorization
basePerms = authorizationService.CreateAuthorizationQuery().First();
// make some change to the perms
basePerms.AddPermission(Permissions.All);
try
{
authorizationService.SaveAuthorization(basePerms);
Assert.Fail("exception expected");
}
catch (AuthorizationException e)
{
Assert.AreEqual(1, e.MissingAuthorizations.Count);
MissingAuthorization info = e.MissingAuthorizations[0];
Assert.AreEqual(jonny2, e.UserId);
AuthorizationTestUtil.AssertExceptionInfo(Permissions.Update.ToString(), Resources.Authorization.ToString() /*.ResourceName()*/, basePerms.Id, info);
}
// but we can create a new auth
IAuthorization newAuth = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGrant);
newAuth.UserId = "jonny2";
newAuth.Resource = Resources.Authorization;
newAuth.ResourceId = AuthorizationFields.Any;
newAuth.AddPermission(Permissions.All);
authorizationService.SaveAuthorization(newAuth);
}
[Test] public virtual void testGroupUpdateAuthorizations()
{
// crate group while still in god-mode:
IGroup group1 = identityService.NewGroup("group1");
identityService.SaveGroup(group1);
// create global auth
IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);
basePerms.Resource = Resources.Group;
basePerms.ResourceId = AuthorizationFields.Any;
basePerms.AddPermission(Permissions.All);
basePerms.RemovePermission(Permissions.Update); // revoke update
authorizationService.SaveAuthorization(basePerms);
// turn on authorization
processEngineConfiguration.SetAuthorizationEnabled(true);
identityService.AuthenticatedUserId = jonny2;
// fetch user:
group1 = identityService.CreateGroupQuery().First();
//group1.ToString() = "IGroup 1";
try
{
identityService.SaveGroup(group1);
Assert.Fail("exception expected");
}
catch (AuthorizationException e)
{
Assert.AreEqual(1, e.MissingAuthorizations.Count);
MissingAuthorization info = e.MissingAuthorizations[0];
Assert.AreEqual(jonny2, e.UserId);
AuthorizationTestUtil.AssertExceptionInfo(Permissions.Update.ToString(), Resources.Group.ToString() /*.ResourceName()*/, "group1", info);
}
// but I can create a new group:
IGroup group2 = identityService.NewGroup("group2");
identityService.SaveGroup(group2);
}
[Test] public virtual void testUserUpdateAuthorizations()
{
// crate user while still in god-mode:
IUser jonny1 = identityService.NewUser("jonny1");
identityService.SaveUser(jonny1);
// create global auth
IAuthorization basePerms = authorizationService.CreateNewAuthorization(AuthorizationFields.AuthTypeGlobal);
basePerms.Resource = Resources.User;
basePerms.ResourceId = AuthorizationFields.Any;
basePerms.AddPermission(Permissions.All);
basePerms.RemovePermission(Permissions.Update); // revoke update
authorizationService.SaveAuthorization(basePerms);
// turn on authorization
processEngineConfiguration.SetAuthorizationEnabled(true);
identityService.AuthenticatedUserId = jonny2;
// fetch user:
jonny1 = identityService.CreateUserQuery().First();
jonny1.FirstName = "Jonny";
try
{
identityService.SaveUser(jonny1);
Assert.Fail("exception expected");
}
catch (AuthorizationException e)
{
Assert.AreEqual(1, e.MissingAuthorizations.Count);
MissingAuthorization info = e.MissingAuthorizations[0];
Assert.AreEqual(jonny2, e.UserId);
AuthorizationTestUtil.AssertExceptionInfo(Permissions.Update.ToString(), Resources.User.ToString() /*.ResourceName()*/, "jonny1", info);
}
// but I can create a new user:
IUser jonny3 = identityService.NewUser("jonny3");
identityService.SaveUser(jonny3);
}
