public virtual void testDeleteAuthorization() { // create global auth Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); basePerms.Resource = AUTHORIZATION; basePerms.ResourceId = ANY; basePerms.addPermission(ALL); basePerms.removePermission(DELETE); // revoke delete authorizationService.saveAuthorization(basePerms); // turn on authorization processEngineConfiguration.AuthorizationEnabled = true; identityService.AuthenticatedUserId = jonny2; try { // try to delete authorization authorizationService.deleteAuthorization(basePerms.Id); fail("exception expected"); } catch (AuthorizationException e) { assertEquals(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; assertEquals(jonny2, e.UserId); assertExceptionInfo(DELETE.Name, AUTHORIZATION.resourceName(), basePerms.Id, info); } }
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET: //ORIGINAL LINE: public void testSaveAuthorizationSetPermissionsWithValidResource() throws Exception public virtual void testSaveAuthorizationSetPermissionsWithValidResource() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.UserId = "userId"; authorization.addPermission(Permissions.ACCESS); // 'ACCESS' is not allowed for Batches // however, it will be reset by next line, so saveAuthorization will be successful authorization.Permissions = new BatchPermissions[] { BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES }; authorization.Resource = Resources.BATCH; authorization.ResourceId = ANY; processEngineConfiguration.AuthorizationEnabled = true; // when authorizationService.saveAuthorization(authorization); // then Authorization authorizationResult = authorizationService.createAuthorizationQuery().resourceType(Resources.BATCH).singleResult(); assertNotNull(authorizationResult); assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES)); assertTrue(authorizationResult.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES)); }
public virtual void testIsUserAuthorizedWithInvalidResourceMultiplePermissions() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); string userId = "userId"; authorization.UserId = userId; authorization.addPermission(ProcessInstancePermissions.READ); authorization.addPermission(ProcessInstancePermissions.RETRY_JOB); authorization.Resource = Resources.PROCESS_INSTANCE; authorization.ResourceId = ANY; authorizationService.saveAuthorization(authorization); processEngineConfiguration.AuthorizationEnabled = true; // then assertEquals(true, authorizationService.isUserAuthorized(userId, null, Permissions.READ, Resources.PROCESS_INSTANCE)); assertEquals(true, authorizationService.isUserAuthorized(userId, null, ProcessInstancePermissions.RETRY_JOB, Resources.PROCESS_INSTANCE)); assertEquals(false, authorizationService.isUserAuthorized(userId, null, BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, Resources.BATCH)); assertEquals(false, authorizationService.isUserAuthorized(userId, null, ProcessDefinitionPermissions.RETRY_JOB, Resources.PROCESS_DEFINITION)); assertEquals(false, authorizationService.isUserAuthorized(userId, null, Permissions.ACCESS, Resources.APPLICATION)); try { authorizationService.isUserAuthorized(userId, null, ProcessDefinitionPermissions.RETRY_JOB, Resources.PROCESS_INSTANCE); fail("expected exception"); } catch (BadUserRequestException e) { assertTrue(e.Message.contains("The resource type 'ProcessInstance' is not valid")); assertTrue(e.Message.contains(ProcessDefinitionPermissions.RETRY_JOB.Name)); } }
// authorization /////////////////////////////////////////////////////// protected internal virtual void createGrantAuthorization(Resource resource, string resourceId, Permission permission, string userId) { Authorization authorization = createGrantAuthorization(resource, resourceId); authorization.UserId = userId; authorization.addPermission(permission); saveAuthorization(authorization); }
// transformers /////////////////////////////////////// public static void update(AuthorizationCreateDto dto, Authorization dbAuthorization, ProcessEngineConfiguration engineConfiguration) { dbAuthorization.GroupId = dto.GroupId; dbAuthorization.UserId = dto.UserId; dbAuthorization.ResourceType = dto.ResourceType.Value; dbAuthorization.ResourceId = dto.ResourceId; dbAuthorization.Permissions = PermissionConverter.getPermissionsForNames(dto.Permissions, dto.ResourceType.Value, engineConfiguration); }
public virtual void updateAuthorization(AuthorizationDto dto) { // get db auth Authorization dbAuthorization = DbAuthorization; // copy values from dto AuthorizationDto.update(dto, dbAuthorization, processEngine.ProcessEngineConfiguration); // save authorizationService.saveAuthorization(dbAuthorization); }
protected internal static Authorization createAuthorization(AuthorizationService authorizationService, Permission permission, Resources resource, string userId) { Authorization auth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); auth.addPermission(permission); auth.Resource = resource; auth.ResourceId = org.camunda.bpm.engine.authorization.Authorization_Fields.ANY; auth.UserId = userId; return(auth); }
protected internal virtual void createGrantAuthorization(Resource resource, string resourceId, string userId, params Permission[] permissions) { Authorization authorization = createAuthorization(AUTH_TYPE_GRANT, resource, resourceId); authorization.UserId = userId; foreach (Permission permission in permissions) { authorization.addPermission(permission); } authorizationService.saveAuthorization(authorization); }
protected internal virtual Authorization createAuthorization(int type, Resource resource, string resourceId) { Authorization authorization = authorizationService.createNewAuthorization(type); authorization.Resource = resource; if (!string.ReferenceEquals(resourceId, null)) { authorization.ResourceId = resourceId; } return(authorization); }
protected internal virtual void grouptGrant(string groupId, Resource resource, params Permission[] perms) { AuthorizationService authorizationService = engine.AuthorizationService; Authorization groupGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); groupGrant.Resource = resource; groupGrant.ResourceId = ANY; foreach (Permission permission in perms) { groupGrant.addPermission(permission); } groupGrant.GroupId = groupId; authorizationService.saveAuthorization(groupGrant); }
public virtual void testCreateAuthorization() { // add base permission which allows nobody to create authorizations Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); basePerms.Resource = AUTHORIZATION; basePerms.ResourceId = ANY; basePerms.addPermission(ALL); // add all then remove 'create' basePerms.removePermission(CREATE); authorizationService.saveAuthorization(basePerms); // now enable authorizations: processEngineConfiguration.AuthorizationEnabled = true; identityService.AuthenticatedUserId = jonny2; try { // we cannot create another authorization authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); fail("exception expected"); } catch (AuthorizationException e) { assertEquals(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; assertEquals(jonny2, e.UserId); assertExceptionInfo(CREATE.Name, AUTHORIZATION.resourceName(), null, info); } // circumvent auth check to get new transient object Authorization authorization = new AuthorizationEntity(AUTH_TYPE_REVOKE); authorization.UserId = "someUserId"; authorization.Resource = Resources.APPLICATION; try { authorizationService.saveAuthorization(authorization); fail("exception expected"); } catch (AuthorizationException e) { assertEquals(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; assertEquals(jonny2, e.UserId); assertExceptionInfo(CREATE.Name, AUTHORIZATION.resourceName(), null, info); } }
public virtual void testIsUserAuthorizedWithValidResourceImpl() { // given ResourceImpl resource = new ResourceImpl(this, "application", 0); Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); string userId = "userId"; authorization.UserId = userId; authorization.addPermission(Permissions.ACCESS); authorization.Resource = Resources.APPLICATION; authorization.ResourceId = ANY; authorizationService.saveAuthorization(authorization); processEngineConfiguration.AuthorizationEnabled = true; // then assertEquals(true, authorizationService.isUserAuthorized(userId, null, Permissions.ACCESS, resource)); }
public virtual void testUserUpdateAuthorizations() { // create global auth Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); basePerms.Resource = AUTHORIZATION; basePerms.ResourceId = ANY; basePerms.addPermission(ALL); basePerms.removePermission(UPDATE); // revoke update authorizationService.saveAuthorization(basePerms); // turn on authorization processEngineConfiguration.AuthorizationEnabled = true; identityService.AuthenticatedUserId = jonny2; // fetch authhorization basePerms = authorizationService.createAuthorizationQuery().singleResult(); // make some change to the perms basePerms.addPermission(ALL); try { authorizationService.saveAuthorization(basePerms); fail("exception expected"); } catch (AuthorizationException e) { assertEquals(1, e.MissingAuthorizations.Count); MissingAuthorization info = e.MissingAuthorizations[0]; assertEquals(jonny2, e.UserId); assertExceptionInfo(UPDATE.Name, AUTHORIZATION.resourceName(), basePerms.Id, info); } // but we can create a new auth Authorization newAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); newAuth.UserId = "jonny2"; newAuth.Resource = AUTHORIZATION; newAuth.ResourceId = ANY; newAuth.addPermission(ALL); authorizationService.saveAuthorization(newAuth); }
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET: //ORIGINAL LINE: public void testSaveAuthorizationSetPermissionsWithInvalidResource() throws Exception public virtual void testSaveAuthorizationSetPermissionsWithInvalidResource() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.UserId = "userId"; authorization.Permissions = new BatchPermissions[] { BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES }; authorization.Resource = Resources.PROCESS_INSTANCE; authorization.ResourceId = ANY; processEngineConfiguration.AuthorizationEnabled = true; try { // when authorizationService.saveAuthorization(authorization); fail("expected exception"); } catch (BadUserRequestException e) { // then assertTrue(e.Message.contains("The resource type with id:'8' is not valid for 'CREATE_BATCH_MIGRATE_PROCESS_INSTANCES' permission.")); } // given authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.UserId = "userId"; authorization.Permissions = new Permissions[] { Permissions.CREATE, Permissions.ACCESS }; authorization.Resource = Resources.PROCESS_INSTANCE; try { // when authorizationService.saveAuthorization(authorization); fail("expected exception"); } catch (BadUserRequestException e) { // then assertTrue(e.Message.contains("The resource type with id:'8' is not valid for 'ACCESS' permission.")); } }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void testWithoutAdminUser() public virtual void testWithoutAdminUser() { processEngineConfiguration.AuthorizationEnabled = false; identityService.setAuthentication("adminUser", null, null); Authorization userAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); userAuth.UserId = "adminUser"; userAuth.Resource = USER; userAuth.ResourceId = ANY; userAuth.addPermission(READ); authorizationService.saveAuthorization(userAuth); processEngineConfiguration.AuthorizationEnabled = true; // then thrown.expect(typeof(AuthorizationException)); thrown.expectMessage("Required admin authenticated group or user."); // when managementService.Properties; }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void testWithAdminUser() public virtual void testWithAdminUser() { processEngineConfiguration.AdminUsers.Add("adminUser"); processEngineConfiguration.AuthorizationEnabled = false; identityService.setAuthentication("adminUser", null, null); Authorization userAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); userAuth.UserId = "adminUser"; userAuth.Resource = USER; userAuth.ResourceId = ANY; userAuth.addPermission(READ); authorizationService.saveAuthorization(userAuth); processEngineConfiguration.AuthorizationEnabled = true; // when managementService.Properties; // then no exception }
// user //////////////////////////////////////////////////////////////// protected internal virtual User createUser(string userId) { User user = identityService.newUser(userId); identityService.saveUser(user); // give user all permission to manipulate authorizations Authorization authorization = createGrantAuthorization(AUTHORIZATION, ANY); authorization.UserId = userId; authorization.addPermission(ALL); saveAuthorization(authorization); // give user all permission to manipulate users authorization = createGrantAuthorization(USER, ANY); authorization.UserId = userId; authorization.addPermission(Permissions.ALL); saveAuthorization(authorization); return(user); }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void testWithAdminGroup() public virtual void testWithAdminGroup() { processEngineConfiguration.AdminGroups.Add("adminGroup"); processEngineConfiguration.AuthorizationEnabled = false; identityService.setAuthentication("admin", Collections.singletonList("adminGroup"), null); Authorization userAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); userAuth.UserId = "admin"; userAuth.Resource = USER; userAuth.ResourceId = ANY; userAuth.addPermission(READ); authorizationService.saveAuthorization(userAuth); processEngineConfiguration.AuthorizationEnabled = true; // when identityService.unlockUser("jonny1"); // then no exception }
public void execute(ProcessEngine engine, string scenarioName) { IdentityService identityService = engine.IdentityService; string userId = USER_ID + scenarioName; string groupid = GROUP_ID + scenarioName; // create an user User user = identityService.newUser(userId); identityService.saveUser(user); // create group Group group = identityService.newGroup(groupid); identityService.saveGroup(group); // create membership identityService.createMembership(userId, groupid); //create full authorization AuthorizationService authorizationService = engine.AuthorizationService; //authorization for process definition Authorization authProcDef = createAuthorization(authorizationService, Permissions.ALL, Resources.PROCESS_DEFINITION, userId); engine.AuthorizationService.saveAuthorization(authProcDef); //authorization for deployment Authorization authDeployment = createAuthorization(authorizationService, Permissions.ALL, Resources.DEPLOYMENT, userId); engine.AuthorizationService.saveAuthorization(authDeployment); //authorization for process instance create Authorization authProcessInstance = createAuthorization(authorizationService, Permissions.CREATE, Resources.PROCESS_INSTANCE, userId); engine.AuthorizationService.saveAuthorization(authProcessInstance); // start a process instance engine.RuntimeService.startProcessInstanceByKey(PROCESS_DEF_KEY, scenarioName); }
public virtual void testAuthorizationQueryAuthorizations() { // we are jonny2 string authUserId = "jonny2"; identityService.AuthenticatedUserId = authUserId; // create new auth wich revokes read access on auth Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL); basePerms.Resource = AUTHORIZATION; basePerms.ResourceId = ANY; authorizationService.saveAuthorization(basePerms); // I can see it assertEquals(1, authorizationService.createAuthorizationQuery().count()); // now enable checks processEngineConfiguration.AuthorizationEnabled = true; // I can't see it assertEquals(0, authorizationService.createAuthorizationQuery().count()); }
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET: //ORIGINAL LINE: public void testSaveAuthorizationMultipleResourcesIncludingInvalidResource() throws Exception public virtual void testSaveAuthorizationMultipleResourcesIncludingInvalidResource() { // given Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT); authorization.UserId = "userId"; authorization.addPermission(Permissions.READ_HISTORY); authorization.addPermission(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES); authorization.Resource = Resources.PROCESS_DEFINITION; processEngineConfiguration.AuthorizationEnabled = true; try { // when authorizationService.saveAuthorization(authorization); fail("expected exception"); } catch (BadUserRequestException e) { // then assertTrue(e.Message.contains("The resource type with id:'6' is not valid for 'CREATE_BATCH_MIGRATE_PROCESS_INSTANCES' permission.")); } }
protected internal virtual void saveAuthorization(Authorization authorization) { authorizationService.saveAuthorization(authorization); }
protected internal virtual Authorization createGrantAuthorization(Resource resource, string resourceId) { Authorization authorization = createAuthorization(AUTH_TYPE_GRANT, resource, resourceId); return(authorization); }
public virtual void deleteAuthorization() { Authorization dbAuthorization = DbAuthorization; authorizationService.deleteAuthorization(dbAuthorization.Id); }
public virtual AuthorizationDto getAuthorization(UriInfo context) { Authorization dbAuthorization = DbAuthorization; return(AuthorizationDto.fromAuthorization(dbAuthorization, processEngine.ProcessEngineConfiguration)); }