TSK-423: isUserInRole and checkRoleMembership added to interface.

2018-04-27 09:03:47 +02:00 · 2018-04-27 09:03:47 +02:00 · 19447510d1
parent baed067509
commit 19447510d1
3 changed files with 82 additions and 1 deletions
--- a/lib/taskana-core/src/main/java/pro/taskana/TaskanaEngine.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/TaskanaEngine.java
@ -1,6 +1,7 @@
 package pro.taskana;

 import pro.taskana.configuration.TaskanaEngineConfiguration;
+import pro.taskana.exceptions.NotAuthorizedException;

 /**
 * The TaskanaEngine represents an overall set of all needed services.
@ -80,4 +81,23 @@ public interface TaskanaEngine {
        AUTOCOMMIT,
        EXPLICIT
    }
+
+    /**
+     * check whether the current user is member of one of the roles specified.
+     *
+     * @param roles
+     *            The roles that are checked for membership of the current user
+     * @return true if the current user is a member of at least one of the specified groups
+     */
+    boolean isUserInRole(TaskanaRole... roles);
+
+    /**
+     * Checks whether current user is member of any of the specified roles.
+     *
+     * @param roles
+     *            The roles that are checked for membership of the current user
+     * @throws NotAuthorizedException
+     *             If the current user is not member of any specified role
+     */
+    void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException;
 }
--- a/lib/taskana-core/src/main/java/pro/taskana/impl/TaskanaEngineImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/impl/TaskanaEngineImpl.java
@ -230,7 +230,8 @@ public class TaskanaEngineImpl implements TaskanaEngine {
     * @throws NotAuthorizedException
     *             If the current user is not member of any specified role
     */
-    void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException {
+    @Override
+    public void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException {
        if (isUserInRole(roles)) {
            return;
        } else {
@ -252,6 +253,7 @@ public class TaskanaEngineImpl implements TaskanaEngine {
     *            The roles that are checked for membership of the current user
     * @return true if the current user is a member of at least one of the specified groups
     */
+    @Override
    public boolean isUserInRole(TaskanaRole... roles) {
        if (!getConfiguration().isSecurityEnabled()) {
            return true;
--- a/lib/taskana-core/src/test/java/acceptance/security/TaskEngineAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/security/TaskEngineAccTest.java
@ -0,0 +1,59 @@
+package acceptance.security;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import acceptance.AbstractAccTest;
+import pro.taskana.TaskanaRole;
+import pro.taskana.exceptions.NotAuthorizedException;
+import pro.taskana.security.JAASRunner;
+import pro.taskana.security.WithAccessId;
+
+/**
+ * Acceptance test for task queries and authorization.
+ */
+@RunWith(JAASRunner.class)
+public class TaskEngineAccTest extends AbstractAccTest {
+
+    public TaskEngineAccTest() {
+        super();
+    }
+
+    @Test(expected = NotAuthorizedException.class)
+    public void testUnauthenticated() throws NotAuthorizedException {
+        assertFalse(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN));
+        assertFalse(taskanaEngine.isUserInRole(TaskanaRole.ADMIN));
+        taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN);
+    }
+
+    @WithAccessId(
+        userName = "user_1_1") // , groupNames = {"businessadmin"})
+    @Test(expected = NotAuthorizedException.class)
+    public void testUser() throws NotAuthorizedException {
+        assertFalse(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN));
+        assertFalse(taskanaEngine.isUserInRole(TaskanaRole.ADMIN));
+        taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN);
+    }
+
+    @WithAccessId(
+        userName = "user_1_1", groupNames = {"businessadmin"})
+    @Test
+    public void testBusinessAdmin() throws NotAuthorizedException {
+        assertTrue(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN));
+        assertFalse(taskanaEngine.isUserInRole(TaskanaRole.ADMIN));
+        taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN);
+    }
+
+    @WithAccessId(
+        userName = "user_1_1", groupNames = {"admin"})
+    @Test
+    public void testAdmin() throws NotAuthorizedException {
+        assertFalse(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN));
+        assertTrue(taskanaEngine.isUserInRole(TaskanaRole.ADMIN));
+        taskanaEngine.checkRoleMembership(TaskanaRole.ADMIN);
+    }
+
+}