Skip to content

Commit

Permalink
test(engine+webapps): simplify revoke ALWAYS tests (#3540)
Browse files Browse the repository at this point in the history
* Removes repeated authorization test cases (~1600) for revoke mode ALWAYS.
  Instead, ensures that mode ALWAYS leads equivalent queries compared to when
  AUTO mode triggers. The latter is well-tested, ensuring ALWAYS works as well.

related to #3530
  • Loading branch information
tmetzke authored Jul 5, 2023
1 parent 6249ebb commit d0a7e11
Show file tree
Hide file tree
Showing 4 changed files with 123 additions and 69 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
/*
* Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
* under one or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information regarding copyright
* ownership. Camunda licenses this file to you under the Apache License,
* Version 2.0; you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.camunda.bpm.engine.test.api.authorization;

import static org.assertj.core.api.Assertions.assertThat;
import static org.camunda.bpm.engine.authorization.Authorization.ANY;
import static org.camunda.bpm.engine.authorization.Permissions.READ;
import static org.camunda.bpm.engine.authorization.Permissions.UPDATE;
import static org.camunda.bpm.engine.authorization.Resources.TASK;

import ch.qos.logback.classic.Level;
import ch.qos.logback.classic.spi.ILoggingEvent;
import java.util.List;
import org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl;
import org.camunda.commons.testing.ProcessEngineLoggingRule;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;

public class AuthorizationRevokeModeAlwaysTest extends AuthorizationTest {

protected static final String LOGGING_CONTEXT = "org.camunda.bpm.engine.impl.persistence.entity.TaskEntity";

protected String defaultRevokeMode;

@Rule
public ProcessEngineLoggingRule loggingRule = new ProcessEngineLoggingRule()
.watch(LOGGING_CONTEXT, Level.DEBUG);

@Before
public void storeRevokeMode() {
defaultRevokeMode = processEngineConfiguration.getAuthorizationCheckRevokes();
}

@After
public void resetRevokeMode() {
processEngineConfiguration.setAuthorizationCheckRevokes(defaultRevokeMode);
}

@Test
public void shouldCreateEqualQueriesForModesAlwaysAndAutoWhenRevokeExists() {
// given
disableAuthorization();
testRule.deploy("org/camunda/bpm/engine/test/api/oneTaskProcess.bpmn20.xml");
runtimeService.startProcessInstanceByKey("oneTaskProcess");
createGrantAuthorization(TASK, ANY, userId, READ);
createRevokeAuthorization(TASK, ANY, userId, UPDATE);
enableAuthorization();

processEngineConfiguration.setAuthorizationCheckRevokes(ProcessEngineConfigurationImpl.AUTHORIZATION_CHECK_REVOKE_ALWAYS);
int taskLogOffset = loggingRule.getLog(LOGGING_CONTEXT).size();

taskService.createTaskQuery().list();
List<ILoggingEvent> taskLog = loggingRule.getLog(LOGGING_CONTEXT);
String modeAlwaysQuery = taskLog.get(taskLogOffset).getFormattedMessage();
taskLogOffset = taskLog.size();

processEngineConfiguration.setAuthorizationCheckRevokes(ProcessEngineConfigurationImpl.AUTHORIZATION_CHECK_REVOKE_AUTO);

// when
taskService.createTaskQuery().list();

// then
String modeAutoQuery = loggingRule.getLog(LOGGING_CONTEXT).get(taskLogOffset).getFormattedMessage();
assertThat(modeAutoQuery).containsIgnoringCase("Preparing: select").isEqualTo(modeAlwaysQuery);
}

@Test
public void shouldCreateUnequalQueriesForModesAlwaysAndAutoWhenNoRevokeExists() {
// given
disableAuthorization();
testRule.deploy("org/camunda/bpm/engine/test/api/oneTaskProcess.bpmn20.xml");
runtimeService.startProcessInstanceByKey("oneTaskProcess");
createGrantAuthorization(TASK, ANY, userId, READ);
enableAuthorization();

processEngineConfiguration.setAuthorizationCheckRevokes(ProcessEngineConfigurationImpl.AUTHORIZATION_CHECK_REVOKE_ALWAYS);
int taskLogOffset = loggingRule.getLog(LOGGING_CONTEXT).size();

taskService.createTaskQuery().list();
List<ILoggingEvent> taskLog = loggingRule.getLog(LOGGING_CONTEXT);
String modeAlwaysQuery = taskLog.get(taskLogOffset).getFormattedMessage();
taskLogOffset = taskLog.size();

processEngineConfiguration.setAuthorizationCheckRevokes(ProcessEngineConfigurationImpl.AUTHORIZATION_CHECK_REVOKE_AUTO);

// when
taskService.createTaskQuery().list();

// then
String modeAutoQuery = loggingRule.getLog(LOGGING_CONTEXT).get(taskLogOffset).getFormattedMessage();
assertThat(modeAutoQuery).containsIgnoringCase("Preparing: select").isNotEqualTo(modeAlwaysQuery);
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@
import java.util.List;
import java.util.Map;
import java.util.concurrent.Callable;
import org.camunda.bpm.engine.ProcessEngineConfiguration;
import org.camunda.bpm.engine.ProcessEngineException;
import org.camunda.bpm.engine.authorization.Authorization;
import org.camunda.bpm.engine.authorization.Permission;
Expand All @@ -57,15 +56,10 @@
import org.camunda.bpm.engine.variable.Variables;
import org.junit.After;
import org.junit.Before;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.runners.Parameterized.Parameter;
import org.junit.runners.Parameterized.Parameters;

/**
* @author Roman Smirnov
*/
@RunWith(Parameterized.class)
public abstract class AuthorizationTest extends PluggableProcessEngineTest {

protected String userId = "test";
Expand All @@ -77,22 +71,6 @@ public abstract class AuthorizationTest extends PluggableProcessEngineTest {
protected static final String VARIABLE_VALUE = "aVariableValue";
protected List<String> deploymentIds = new ArrayList<>();

@Parameter(0)
public String authorizationRevokeMode;
protected String defaultAuthorizationRevokeMode;

/**
* Parameters:
* authorizationRevokeMode: The revoke authorization mode to use in engine configuration
*/
@Parameters(name = "revoke check mode {0}")
public static List<Object[]> data() {
return Arrays.asList(new Object[][] {
{ ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_ALWAYS },
{ ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_AUTO }
});
}

@Before
public void setUp() throws Exception {
user = createUser(userId);
Expand All @@ -102,15 +80,11 @@ public void setUp() throws Exception {

identityService.setAuthentication(userId, Arrays.asList(groupId));
processEngineConfiguration.setAuthorizationEnabled(true);

defaultAuthorizationRevokeMode = processEngineConfiguration.getAuthorizationCheckRevokes();
processEngineConfiguration.setAuthorizationCheckRevokes(authorizationRevokeMode);
}

@After
public void tearDown() {
processEngineConfiguration.setAuthorizationEnabled(false);
processEngineConfiguration.setAuthorizationCheckRevokes(defaultAuthorizationRevokeMode);
for (User user : identityService.createUserQuery().list()) {
identityService.deleteUser(user.getId());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@
import java.util.Date;
import java.util.List;
import org.camunda.bpm.engine.AuthorizationException;
import org.camunda.bpm.engine.ProcessEngineConfiguration;
import org.camunda.bpm.engine.TaskService;
import org.camunda.bpm.engine.task.Task;
import org.camunda.bpm.engine.test.util.ClockTestUtil;
Expand All @@ -41,23 +40,26 @@
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.runners.Parameterized.Parameter;
import org.junit.runners.Parameterized.Parameters;

@RunWith(Parameterized.class)
public class SetTaskPropertyAuthorizationTest extends AuthorizationTest {

protected static final String PROCESS_KEY = "oneTaskProcess";

@Rule
public EntityRemoveRule entityRemoveRule = EntityRemoveRule.of(testRule);

@Parameter(1)
@Parameter(0)
public String operationName;
@Parameter(2)
@Parameter(1)
public TriConsumer<TaskService, String, Object> operation;
@Parameter(3)
@Parameter(2)
public String taskId;
@Parameter(4)
@Parameter(3)
public Object value;

protected boolean deleteTask;
Expand All @@ -70,7 +72,7 @@ public class SetTaskPropertyAuthorizationTest extends AuthorizationTest {
* setValue: The value to use to set property to
* taskQueryBuilderMethodName: The corresponding taskQuery builder method name to use for assertion purposes
*/
@Parameters(name = "{1} (mode {0})")
@Parameters(name = "{0}")
public static List<Object[]> data() {
TriConsumer<TaskService, String, Object> setPriority = (taskService, taskId, value) -> taskService.setPriority(taskId, (int) value);
TriConsumer<TaskService, String, Object> setName = (taskService, taskId, value) -> taskService.setName(taskId, (String) value);
Expand All @@ -79,16 +81,11 @@ public static List<Object[]> data() {
TriConsumer<TaskService, String, Object> setFollowUpDate = (taskService, taskId, value) -> taskService.setFollowUpDate(taskId, (Date) value);

return Arrays.asList(new Object[][] {
{ ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_ALWAYS, "setPriority", setPriority, "taskId", 80 },
{ ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_ALWAYS, "setName", setName, "taskId", "name" },
{ ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_ALWAYS, "setDescription", setDescription, "taskId", "description" },
{ ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_ALWAYS, "setDueDate", setDueDate, "taskId", ClockTestUtil.setClockToDateWithoutMilliseconds() },
{ ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_ALWAYS, "setFollowUpDate", setFollowUpDate, "taskId", ClockTestUtil.setClockToDateWithoutMilliseconds() },
{ ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_AUTO, "setPriority", setPriority, "taskId", 80 },
{ ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_AUTO, "setName", setName, "taskId", "name" },
{ ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_AUTO, "setDescription", setDescription, "taskId", "description" },
{ ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_AUTO, "setDueDate", setDueDate, "taskId", ClockTestUtil.setClockToDateWithoutMilliseconds()},
{ ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_AUTO, "setFollowUpDate", setFollowUpDate, "taskId", ClockTestUtil.setClockToDateWithoutMilliseconds() }
{"setPriority", setPriority, "taskId", 80 },
{"setName", setName, "taskId", "name" },
{"setDescription", setDescription, "taskId", "description" },
{"setDueDate", setDueDate, "taskId", ClockTestUtil.setClockToDateWithoutMilliseconds() },
{"setFollowUpDate", setFollowUpDate, "taskId", ClockTestUtil.setClockToDateWithoutMilliseconds() }
});
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,10 @@
import static org.camunda.bpm.engine.authorization.Resources.USER;

import java.util.Arrays;
import java.util.List;
import org.camunda.bpm.cockpit.plugin.test.AbstractCockpitPluginTest;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.ProcessEngineConfiguration;
import org.camunda.bpm.engine.RepositoryService;
import org.camunda.bpm.engine.RuntimeService;
import org.camunda.bpm.engine.authorization.Authorization;
Expand All @@ -44,16 +42,11 @@
import org.camunda.bpm.engine.runtime.ProcessInstance;
import org.junit.After;
import org.junit.Before;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.runners.Parameterized.Parameter;
import org.junit.runners.Parameterized.Parameters;

/**
* @author Roman Smirnov
*
*/
@RunWith(Parameterized.class)
public abstract class AuthorizationTest extends AbstractCockpitPluginTest {

protected ProcessEngine processEngine;
Expand All @@ -70,22 +63,6 @@ public abstract class AuthorizationTest extends AbstractCockpitPluginTest {
protected User user;
protected Group group;

@Parameter(0)
public String authorizationRevokeMode;
protected String defaultAuthorizationRevokeMode;

/**
* Parameters:
* authorizationRevokeMode: The revoke authorization mode to use in engine configuration
*/
@Parameters(name = "revoke check mode {0}")
public static List<Object[]> data() {
return Arrays.asList(new Object[][] {
{ ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_ALWAYS },
{ ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_AUTO }
});
}

@Before
public void setUp() throws Exception {
super.before();
Expand All @@ -106,15 +83,11 @@ public void setUp() throws Exception {

identityService.setAuthentication(userId, Arrays.asList(groupId));
enableAuthorization();

defaultAuthorizationRevokeMode = processEngineConfiguration.getAuthorizationCheckRevokes();
processEngineConfiguration.setAuthorizationCheckRevokes(authorizationRevokeMode);
}

@After
public void tearDown() {
disableAuthorization();
processEngineConfiguration.setAuthorizationCheckRevokes(defaultAuthorizationRevokeMode);
for (User user : identityService.createUserQuery().list()) {
identityService.deleteUser(user.getId());
}
Expand Down

0 comments on commit d0a7e11

Please sign in to comment.