Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-9623

Handle regressions in Authorization related to newly introduced Permissions

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • L3 - Default
    • 7.11.0, 7.11.0-alpha1
    • None
    • engine
    • None

    Description

      The duplicated values of the Permissions lead to problems when checking the authorizations. For example Permissions.CREATE_BATCH_DELETE_DECISION_INSTANCES and Permissions.UPDATE_INSTANCE values are duplicated.

      Please check the following test case:

        public void testAuthorizations() {
    Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    authorization.setUserId(userId);
    authorization.addPermission(BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES);
    authorization.setResource(Resources.BATCH);
    authorization.setResourceId(ANY);
    authorizationService.saveAuthorization(authorization);

    processEngineConfiguration.setAuthorizationEnabled(true);
    assertEquals(false, authorizationService.isUserAuthorized(userId, Arrays.asList(groupId), Permissions.UPDATE_INSTANCE, Resources.BATCH));
    assertEquals(true, authorizationService.isUserAuthorized(userId, Arrays.asList(groupId), BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES, Resources.BATCH));
    assertTrue(authorization.isPermissionRevoked(BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES));
    assertFalse(authorization.isPermissionRevoked(Permissions.UPDATE_INSTANCE));
  }

      Investigate for all of the places where the duplication is problematic and fix accordingly.

      Rest API is affected as well: https://github.com/camunda/camunda-bpm-platform/blob/cf36405e281cf83860abadbe6c966fd8464519d6/engine-rest/engine-rest/src/main/java/org/camunda/bpm/engine/rest/AuthorizationRestService.java#L43
      Please have look at:
      https://github.com/camunda/camunda-bpm-platform/blob/cf36405e281cf83860abadbe6c966fd8464519d6/engine-rest/engine-rest/src/main/java/org/camunda/bpm/engine/rest/util/AuthorizationUtil.java#L37

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            is related to

            Feature Request - A new feature of the product, which has yet to be developed. CAM-9548 Advanced Operator Authorizations

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Activity

              People

                thorben.lindhauer Thorben Lindhauer
                yana.vasileva Yana Vasileva
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Salesforce