TSK-423: isUserInRole and checkRoleMembership added to interface.
This commit is contained in:
Holger Hagen
Martin Rojas Miguel Angel
parent
baed067509
commit
19447510d1
|
|
@ -1,6 +1,7 @@
|
||||||
package pro.taskana;
|
package pro.taskana;
|
||||||
|
|
||||||
import pro.taskana.configuration.TaskanaEngineConfiguration;
|
import pro.taskana.configuration.TaskanaEngineConfiguration;
|
||||||
|
import pro.taskana.exceptions.NotAuthorizedException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The TaskanaEngine represents an overall set of all needed services.
|
* The TaskanaEngine represents an overall set of all needed services.
|
||||||
|
|
@ -80,4 +81,23 @@ public interface TaskanaEngine {
|
||||||
AUTOCOMMIT,
|
AUTOCOMMIT,
|
||||||
EXPLICIT
|
EXPLICIT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* check whether the current user is member of one of the roles specified.
|
||||||
|
*
|
||||||
|
* @param roles
|
||||||
|
* The roles that are checked for membership of the current user
|
||||||
|
* @return true if the current user is a member of at least one of the specified groups
|
||||||
|
*/
|
||||||
|
boolean isUserInRole(TaskanaRole... roles);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks whether current user is member of any of the specified roles.
|
||||||
|
*
|
||||||
|
* @param roles
|
||||||
|
* The roles that are checked for membership of the current user
|
||||||
|
* @throws NotAuthorizedException
|
||||||
|
* If the current user is not member of any specified role
|
||||||
|
*/
|
||||||
|
void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -230,7 +230,8 @@ public class TaskanaEngineImpl implements TaskanaEngine {
|
||||||
* @throws NotAuthorizedException
|
* @throws NotAuthorizedException
|
||||||
* If the current user is not member of any specified role
|
* If the current user is not member of any specified role
|
||||||
*/
|
*/
|
||||||
void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException {
|
@Override
|
||||||
|
public void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException {
|
||||||
if (isUserInRole(roles)) {
|
if (isUserInRole(roles)) {
|
||||||
return;
|
return;
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -252,6 +253,7 @@ public class TaskanaEngineImpl implements TaskanaEngine {
|
||||||
* The roles that are checked for membership of the current user
|
* The roles that are checked for membership of the current user
|
||||||
* @return true if the current user is a member of at least one of the specified groups
|
* @return true if the current user is a member of at least one of the specified groups
|
||||||
*/
|
*/
|
||||||
|
@Override
|
||||||
public boolean isUserInRole(TaskanaRole... roles) {
|
public boolean isUserInRole(TaskanaRole... roles) {
|
||||||
if (!getConfiguration().isSecurityEnabled()) {
|
if (!getConfiguration().isSecurityEnabled()) {
|
||||||
return true;
|
return true;
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,59 @@
|
||||||
|
package acceptance.security;
|
||||||
|
|
||||||
|
import static org.junit.Assert.assertFalse;
|
||||||
|
import static org.junit.Assert.assertTrue;
|
||||||
|
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.junit.runner.RunWith;
|
||||||
|
|
||||||
|
import acceptance.AbstractAccTest;
|
||||||
|
import pro.taskana.TaskanaRole;
|
||||||
|
import pro.taskana.exceptions.NotAuthorizedException;
|
||||||
|
import pro.taskana.security.JAASRunner;
|
||||||
|
import pro.taskana.security.WithAccessId;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Acceptance test for task queries and authorization.
|
||||||
|
*/
|
||||||
|
@RunWith(JAASRunner.class)
|
||||||
|
public class TaskEngineAccTest extends AbstractAccTest {
|
||||||
|
|
||||||
|
public TaskEngineAccTest() {
|
||||||
|
super();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test(expected = NotAuthorizedException.class)
|
||||||
|
public void testUnauthenticated() throws NotAuthorizedException {
|
||||||
|
assertFalse(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN));
|
||||||
|
assertFalse(taskanaEngine.isUserInRole(TaskanaRole.ADMIN));
|
||||||
|
taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN);
|
||||||
|
}
|
||||||
|
|
||||||
|
@WithAccessId(
|
||||||
|
userName = "user_1_1") // , groupNames = {"businessadmin"})
|
||||||
|
@Test(expected = NotAuthorizedException.class)
|
||||||
|
public void testUser() throws NotAuthorizedException {
|
||||||
|
assertFalse(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN));
|
||||||
|
assertFalse(taskanaEngine.isUserInRole(TaskanaRole.ADMIN));
|
||||||
|
taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN);
|
||||||
|
}
|
||||||
|
|
||||||
|
@WithAccessId(
|
||||||
|
userName = "user_1_1", groupNames = {"businessadmin"})
|
||||||
|
@Test
|
||||||
|
public void testBusinessAdmin() throws NotAuthorizedException {
|
||||||
|
assertTrue(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN));
|
||||||
|
assertFalse(taskanaEngine.isUserInRole(TaskanaRole.ADMIN));
|
||||||
|
taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN);
|
||||||
|
}
|
||||||
|
|
||||||
|
@WithAccessId(
|
||||||
|
userName = "user_1_1", groupNames = {"admin"})
|
||||||
|
@Test
|
||||||
|
public void testAdmin() throws NotAuthorizedException {
|
||||||
|
assertFalse(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN));
|
||||||
|
assertTrue(taskanaEngine.isUserInRole(TaskanaRole.ADMIN));
|
||||||
|
taskanaEngine.checkRoleMembership(TaskanaRole.ADMIN);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue