TSK-443 If taskquery contains workbasket filter, check open and read permission and omit subqery for wb / access
This commit is contained in:
BerndBreier
Holger Hagen
parent
80e61cfb8c
commit
149ac8d296
|
|
@ -137,13 +137,14 @@ public interface WorkbasketService {
|
|||
* @param workbasketId
|
||||
* the id of the workbasket we want to access
|
||||
* @param permission
|
||||
* the needed {@link WorkbasketPermission}
|
||||
* the needed {@link WorkbasketPermission} If more than one permission is specified, the current user
|
||||
* needs all of them.
|
||||
* @throws NotAuthorizedException
|
||||
* if the current user has not the requested authorization for the specified workbasket
|
||||
* @throws WorkbasketNotFoundException
|
||||
* if the workbasket cannot be found for the given ID.
|
||||
*/
|
||||
void checkAuthorization(String workbasketId, WorkbasketPermission permission)
|
||||
void checkAuthorization(String workbasketId, WorkbasketPermission... permission)
|
||||
throws NotAuthorizedException, WorkbasketNotFoundException;
|
||||
|
||||
/**
|
||||
|
|
@ -154,13 +155,14 @@ public interface WorkbasketService {
|
|||
* @param domain
|
||||
* the domain of the workbasket we want to access
|
||||
* @param permission
|
||||
* the needed {@link WorkbasketPermission}
|
||||
* the needed {@link WorkbasketPermission}. If more than one permission is specified, the current user
|
||||
* needs all of them.
|
||||
* @throws NotAuthorizedException
|
||||
* if the current user has not the requested permission for the specified workbasket
|
||||
* @throws WorkbasketNotFoundException
|
||||
* if no workbasket can be found for the given key+domain values.
|
||||
*/
|
||||
void checkAuthorization(String workbasketKey, String domain, WorkbasketPermission permission)
|
||||
void checkAuthorization(String workbasketKey, String domain, WorkbasketPermission... permission)
|
||||
throws NotAuthorizedException, WorkbasketNotFoundException;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -107,6 +107,7 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
private String[] custom16In;
|
||||
private String[] custom16Like;
|
||||
private String[] accessIdIn;
|
||||
private boolean filterByAccessIdIn;
|
||||
private TimeInterval[] createdIn;
|
||||
private TimeInterval[] claimedIn;
|
||||
private TimeInterval[] completedIn;
|
||||
|
|
@ -119,6 +120,7 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
this.taskanaEngine = (TaskanaEngineImpl) taskanaEngine;
|
||||
this.taskService = (TaskServiceImpl) taskanaEngine.getTaskService();
|
||||
this.orderBy = new ArrayList<>();
|
||||
this.filterByAccessIdIn = true;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -701,7 +703,7 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
try {
|
||||
LOGGER.debug("entry to list(), this = {}", this);
|
||||
taskanaEngine.openConnection();
|
||||
checkOpenPermissionForSpecifiedWorkbaskets();
|
||||
checkOpenAndReadPermissionForSpecifiedWorkbaskets();
|
||||
List<TaskSummaryImpl> tasks = new ArrayList<>();
|
||||
setupAccessIds();
|
||||
tasks = taskanaEngine.getSqlSession().selectList(LINK_TO_MAPPER, this);
|
||||
|
|
@ -722,7 +724,7 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
}
|
||||
|
||||
private void setupAccessIds() {
|
||||
if (taskanaEngine.isUserInRole(TaskanaRole.ADMIN)) {
|
||||
if (taskanaEngine.isUserInRole(TaskanaRole.ADMIN) || !filterByAccessIdIn) {
|
||||
this.accessIdIn = null;
|
||||
} else if (this.accessIdIn == null) {
|
||||
String[] accessIds = new String[0];
|
||||
|
|
@ -746,6 +748,8 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
this.columnName = columnName;
|
||||
this.orderBy.clear();
|
||||
this.addOrderCriteria(columnName, sortDirection);
|
||||
checkOpenAndReadPermissionForSpecifiedWorkbaskets();
|
||||
setupAccessIds();
|
||||
result = taskanaEngine.getSqlSession().selectList(LINK_TO_VALUEMAPPER, this);
|
||||
return result;
|
||||
} finally {
|
||||
|
|
@ -764,9 +768,9 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
List<TaskSummary> result = new ArrayList<>();
|
||||
try {
|
||||
taskanaEngine.openConnection();
|
||||
checkOpenPermissionForSpecifiedWorkbaskets();
|
||||
RowBounds rowBounds = new RowBounds(offset, limit);
|
||||
checkOpenAndReadPermissionForSpecifiedWorkbaskets();
|
||||
setupAccessIds();
|
||||
RowBounds rowBounds = new RowBounds(offset, limit);
|
||||
List<TaskSummaryImpl> tasks = taskanaEngine.getSqlSession().selectList(LINK_TO_MAPPER, this, rowBounds);
|
||||
result = taskService.augmentTaskSummariesByContainedSummaries(tasks);
|
||||
return result;
|
||||
|
|
@ -794,7 +798,7 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
TaskSummary result = null;
|
||||
try {
|
||||
taskanaEngine.openConnection();
|
||||
checkOpenPermissionForSpecifiedWorkbaskets();
|
||||
checkOpenAndReadPermissionForSpecifiedWorkbaskets();
|
||||
setupAccessIds();
|
||||
TaskSummaryImpl taskSummaryImpl = taskanaEngine.getSqlSession().selectOne(LINK_TO_MAPPER, this);
|
||||
if (taskSummaryImpl == null) {
|
||||
|
|
@ -818,7 +822,7 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
Long rowCount = null;
|
||||
try {
|
||||
taskanaEngine.openConnection();
|
||||
checkOpenPermissionForSpecifiedWorkbaskets();
|
||||
checkOpenAndReadPermissionForSpecifiedWorkbaskets();
|
||||
setupAccessIds();
|
||||
rowCount = taskanaEngine.getSqlSession().selectOne(LINK_TO_COUNTER, this);
|
||||
return (rowCount == null) ? 0L : rowCount;
|
||||
|
|
@ -828,20 +832,22 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
}
|
||||
}
|
||||
|
||||
private void checkOpenPermissionForSpecifiedWorkbaskets() {
|
||||
private void checkOpenAndReadPermissionForSpecifiedWorkbaskets() {
|
||||
if (taskanaEngine.isUserInRole(TaskanaRole.ADMIN)) {
|
||||
LOGGER.debug("Skipping permissions check since user is in role ADMIN.");
|
||||
return;
|
||||
}
|
||||
try {
|
||||
if (this.workbasketIdIn != null && this.workbasketIdIn.length > 0) {
|
||||
filterByAccessIdIn = false;
|
||||
for (String workbasketId : workbasketIdIn) {
|
||||
checkOpenPermissionById(workbasketId);
|
||||
checkOpenAndReadPermissionById(workbasketId);
|
||||
}
|
||||
}
|
||||
if (workbasketKeyDomainIn != null && workbasketKeyDomainIn.length > 0) {
|
||||
filterByAccessIdIn = false;
|
||||
for (KeyDomain keyDomain : workbasketKeyDomainIn) {
|
||||
checkOpenPermissionByKeyDomain(keyDomain);
|
||||
checkOpenAndReadPermissionByKeyDomain(keyDomain);
|
||||
}
|
||||
}
|
||||
} catch (NotAuthorizedException e) {
|
||||
|
|
@ -849,19 +855,19 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
}
|
||||
}
|
||||
|
||||
private void checkOpenPermissionById(String workbasketId) throws NotAuthorizedException {
|
||||
private void checkOpenAndReadPermissionById(String workbasketId) throws NotAuthorizedException {
|
||||
try {
|
||||
taskanaEngine.getWorkbasketService().checkAuthorization(workbasketId,
|
||||
WorkbasketPermission.OPEN);
|
||||
WorkbasketPermission.OPEN, WorkbasketPermission.READ);
|
||||
} catch (WorkbasketNotFoundException e) {
|
||||
LOGGER.warn("The workbasket with the ID '" + workbasketId + "' does not exist.", e);
|
||||
}
|
||||
}
|
||||
|
||||
private void checkOpenPermissionByKeyDomain(KeyDomain keyDomain) throws NotAuthorizedException {
|
||||
private void checkOpenAndReadPermissionByKeyDomain(KeyDomain keyDomain) throws NotAuthorizedException {
|
||||
try {
|
||||
taskanaEngine.getWorkbasketService().checkAuthorization(keyDomain.getKey(),
|
||||
keyDomain.getDomain(), WorkbasketPermission.OPEN);
|
||||
keyDomain.getDomain(), WorkbasketPermission.OPEN, WorkbasketPermission.READ);
|
||||
} catch (WorkbasketNotFoundException e) {
|
||||
LOGGER.warn("The workbasket with the KEY '" + keyDomain.getKey() + "' and DOMAIN '"
|
||||
+ keyDomain.getDomain() + "'does not exist.", e);
|
||||
|
|
@ -1192,11 +1198,7 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
@Override
|
||||
public String toString() {
|
||||
StringBuilder builder = new StringBuilder();
|
||||
builder.append("TaskQueryImpl [taskanaEngine=");
|
||||
builder.append(taskanaEngine);
|
||||
builder.append(", taskService=");
|
||||
builder.append(taskService);
|
||||
builder.append(", columnName=");
|
||||
builder.append("TaskQueryImpl [columnName=");
|
||||
builder.append(columnName);
|
||||
builder.append(", nameIn=");
|
||||
builder.append(Arrays.toString(nameIn));
|
||||
|
|
@ -1220,12 +1222,12 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
builder.append(Arrays.toString(workbasketIdIn));
|
||||
builder.append(", stateIn=");
|
||||
builder.append(Arrays.toString(stateIn));
|
||||
builder.append(", classificationIdIn=");
|
||||
builder.append(Arrays.toString(classificationIdIn));
|
||||
builder.append(", classificationKeyIn=");
|
||||
builder.append(Arrays.toString(classificationKeyIn));
|
||||
builder.append(", classificationKeyLike=");
|
||||
builder.append(Arrays.toString(classificationKeyLike));
|
||||
builder.append(", classificationIdIn=");
|
||||
builder.append(Arrays.toString(classificationIdIn));
|
||||
builder.append(", classificationCategoryIn=");
|
||||
builder.append(Arrays.toString(classificationCategoryIn));
|
||||
builder.append(", classificationCategoryLike=");
|
||||
|
|
@ -1330,6 +1332,10 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
builder.append(Arrays.toString(custom16In));
|
||||
builder.append(", custom16Like=");
|
||||
builder.append(Arrays.toString(custom16Like));
|
||||
builder.append(", accessIdIn=");
|
||||
builder.append(Arrays.toString(accessIdIn));
|
||||
builder.append(", filterByAccessIdIn=");
|
||||
builder.append(filterByAccessIdIn);
|
||||
builder.append(", createdIn=");
|
||||
builder.append(Arrays.toString(createdIn));
|
||||
builder.append(", claimedIn=");
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package pro.taskana.impl;
|
|||
|
||||
import java.time.Instant;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
|
@ -22,7 +23,6 @@ import pro.taskana.exceptions.DomainNotFoundException;
|
|||
import pro.taskana.exceptions.InvalidArgumentException;
|
||||
import pro.taskana.exceptions.InvalidWorkbasketException;
|
||||
import pro.taskana.exceptions.NotAuthorizedException;
|
||||
import pro.taskana.exceptions.SystemException;
|
||||
import pro.taskana.exceptions.WorkbasketAlreadyExistException;
|
||||
import pro.taskana.exceptions.WorkbasketInUseException;
|
||||
import pro.taskana.exceptions.WorkbasketNotFoundException;
|
||||
|
|
@ -305,28 +305,120 @@ public class WorkbasketServiceImpl implements WorkbasketService {
|
|||
|
||||
@Override
|
||||
public void checkAuthorization(String workbasketId,
|
||||
WorkbasketPermission workbasketPermission) throws NotAuthorizedException, WorkbasketNotFoundException {
|
||||
if (workbasketMapper.findById(workbasketId) == null) {
|
||||
LOGGER.error("Throwing WorkbasketNotFoundException because workbasket with id {} does not exist",
|
||||
workbasketId);
|
||||
throw new WorkbasketNotFoundException(workbasketId,
|
||||
"Workbasket with id " + workbasketId + " was not found.");
|
||||
WorkbasketPermission... requestedPermissions) throws NotAuthorizedException, WorkbasketNotFoundException {
|
||||
boolean isAuthorized = true;
|
||||
try {
|
||||
taskanaEngine.openConnection();
|
||||
|
||||
if (workbasketMapper.findById(workbasketId) == null) {
|
||||
LOGGER.error("Throwing WorkbasketNotFoundException because workbasket with id {} does not exist",
|
||||
workbasketId);
|
||||
throw new WorkbasketNotFoundException(workbasketId,
|
||||
"Workbasket with id " + workbasketId + " was not found.");
|
||||
}
|
||||
|
||||
if (skipAuthorizationCheck()) {
|
||||
return;
|
||||
}
|
||||
|
||||
List<String> accessIds = CurrentUserContext.getAccessIds();
|
||||
List<WorkbasketPermission> grantedPermissions = new ArrayList<>();
|
||||
WorkbasketAccessItem wbAcc = workbasketAccessMapper.findByWorkbasketAndAccessId(workbasketId,
|
||||
accessIds);
|
||||
if (wbAcc == null) {
|
||||
LOGGER.error(
|
||||
"AccessIds {} do not have permission {} on workbasket with id {}. Throwing NotAuthorizedException.",
|
||||
LoggerUtils.listToString(accessIds), Arrays.toString(requestedPermissions), workbasketId);
|
||||
throw new NotAuthorizedException(
|
||||
"Not authorized. Permission '" + Arrays.toString(requestedPermissions) + "' on workbasket '"
|
||||
+ workbasketId
|
||||
+ "' is needed.");
|
||||
}
|
||||
|
||||
this.addWorkbasketAccessItemValuesToPermissionSet(wbAcc, grantedPermissions);
|
||||
|
||||
for (WorkbasketPermission perm : requestedPermissions) {
|
||||
if (!grantedPermissions.contains(perm)) {
|
||||
isAuthorized = false;
|
||||
LOGGER.error(
|
||||
"AccessIds {} do not have permission {} on workbasket with id {}. Throwing NotAuthorizedException.",
|
||||
LoggerUtils.listToString(accessIds), perm.name(), workbasketId);
|
||||
throw new NotAuthorizedException(
|
||||
"Not authorized. Permission '" + perm.name() + "' on workbasket '" + workbasketId
|
||||
+ "' is needed.");
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
taskanaEngine.returnConnection();
|
||||
LOGGER.debug("exit from checkAuthorization(). User is authorized = {}.", isAuthorized);
|
||||
}
|
||||
checkAuthorization(null, null, workbasketId, workbasketPermission);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkAuthorization(String workbasketKey, String domain,
|
||||
WorkbasketPermission workbasketPermission)
|
||||
WorkbasketPermission... requestedPermissions)
|
||||
throws NotAuthorizedException, WorkbasketNotFoundException {
|
||||
if (workbasketMapper.findByKeyAndDomain(workbasketKey, domain) == null) {
|
||||
LOGGER.error(
|
||||
"Throwing WorkbasketNotFoundException because workbasket with key {} and domain {} does not exist",
|
||||
workbasketKey, domain);
|
||||
throw new WorkbasketNotFoundException(workbasketKey, domain,
|
||||
"Workbasket with key " + workbasketKey + " and domain " + domain + " was not found");
|
||||
boolean isAuthorized = true;
|
||||
try {
|
||||
taskanaEngine.openConnection();
|
||||
|
||||
if (workbasketMapper.findByKeyAndDomain(workbasketKey, domain) == null) {
|
||||
LOGGER.error(
|
||||
"Throwing WorkbasketNotFoundException because workbasket with key {} and domain {} does not exist",
|
||||
workbasketKey, domain);
|
||||
throw new WorkbasketNotFoundException(workbasketKey, domain,
|
||||
"Workbasket with key " + workbasketKey + " and domain " + domain + " was not found");
|
||||
}
|
||||
if (skipAuthorizationCheck()) {
|
||||
return;
|
||||
}
|
||||
List<String> accessIds = CurrentUserContext.getAccessIds();
|
||||
List<WorkbasketPermission> grantedPermissions = new ArrayList<>();
|
||||
WorkbasketAccessItem wbAcc = workbasketAccessMapper.findByWorkbasketKeyDomainAndAccessId(
|
||||
workbasketKey, domain, accessIds);
|
||||
if (wbAcc == null) {
|
||||
LOGGER.error(
|
||||
"AccessIds {} do not have permission {} on workbasket with key {} and domain {}. Throwing NotAuthorizedException.",
|
||||
LoggerUtils.listToString(accessIds), Arrays.toString(requestedPermissions), workbasketKey, domain);
|
||||
throw new NotAuthorizedException(
|
||||
"Not authorized. Permission '" + Arrays.toString(requestedPermissions)
|
||||
+ "' on workbasket with key '"
|
||||
+ workbasketKey
|
||||
+ "' and domain '" + domain + "' is needed.");
|
||||
}
|
||||
this.addWorkbasketAccessItemValuesToPermissionSet(wbAcc, grantedPermissions);
|
||||
|
||||
for (WorkbasketPermission perm : requestedPermissions) {
|
||||
if (!grantedPermissions.contains(perm)) {
|
||||
isAuthorized = false;
|
||||
LOGGER.error(
|
||||
"AccessIds {} do not have permission {} on workbasket with key {} and domain {}. Throwing NotAuthorizedException.",
|
||||
LoggerUtils.listToString(accessIds), perm.name(), workbasketKey, domain);
|
||||
throw new NotAuthorizedException(
|
||||
"Not authorized. Permission '" + perm.name() + "' on workbasket with key '" + workbasketKey
|
||||
+ "' and domain '" + domain + "' is needed.");
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
taskanaEngine.returnConnection();
|
||||
LOGGER.debug("exit from checkAuthorization(). User is authorized = {}.", isAuthorized);
|
||||
}
|
||||
checkAuthorization(workbasketKey, domain, null, workbasketPermission);
|
||||
}
|
||||
|
||||
private boolean skipAuthorizationCheck() {
|
||||
|
||||
// Skip permission check is security is not enabled
|
||||
if (!taskanaEngine.getConfiguration().isSecurityEnabled()) {
|
||||
LOGGER.debug("Skipping permissions check since security is disabled.");
|
||||
return true;
|
||||
}
|
||||
|
||||
if (taskanaEngine.isUserInRole(TaskanaRole.ADMIN)) {
|
||||
LOGGER.debug("Skipping permissions check since user is in role ADMIN.");
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -731,75 +823,4 @@ public class WorkbasketServiceImpl implements WorkbasketService {
|
|||
return new WorkbasketAccessItemQueryImpl(this.taskanaEngine);
|
||||
}
|
||||
|
||||
private void checkAuthorization(String workbasketKey, String domain, String workbasketId,
|
||||
WorkbasketPermission workbasketPermission)
|
||||
throws NotAuthorizedException {
|
||||
LOGGER.debug("entry to checkAuthorization(workbasketId = {}, workbasketPermission = {})", workbasketKey,
|
||||
workbasketPermission);
|
||||
if (workbasketPermission == null) {
|
||||
throw new SystemException("checkAuthorization was called with an invalid parameter combination");
|
||||
}
|
||||
|
||||
// Skip permission check is security is not enabled
|
||||
if (!taskanaEngine.getConfiguration().isSecurityEnabled()) {
|
||||
LOGGER.debug("Skipping permissions check since security is disabled.");
|
||||
return;
|
||||
}
|
||||
|
||||
if (taskanaEngine.isUserInRole(TaskanaRole.ADMIN)) {
|
||||
LOGGER.debug("Skipping permissions check since user is in role ADMIN.");
|
||||
return;
|
||||
}
|
||||
|
||||
boolean isAuthorized = false;
|
||||
try {
|
||||
taskanaEngine.openConnection();
|
||||
|
||||
List<String> accessIds = CurrentUserContext.getAccessIds();
|
||||
LOGGER.debug("checkAuthorization: Verifying that {} has the permission {} on workbasket {}",
|
||||
CurrentUserContext.getUserid(),
|
||||
workbasketPermission.name(), workbasketKey);
|
||||
|
||||
List<WorkbasketAccessItemImpl> accessItems;
|
||||
|
||||
if (workbasketKey != null) {
|
||||
accessItems = workbasketAccessMapper
|
||||
.findByWorkbasketAccessByWorkbasketKeyDomainAndAuthorization(workbasketKey, domain, accessIds,
|
||||
workbasketPermission.name());
|
||||
} else if (workbasketId != null) {
|
||||
accessItems = workbasketAccessMapper
|
||||
.findByWorkbasketAndAccessIdAndAuthorizationsById(workbasketId, accessIds,
|
||||
workbasketPermission.name());
|
||||
} else {
|
||||
LOGGER.error(
|
||||
"Throwing SystemException because an internal error occurred. Workbasket key and id were null in checkAuthorization");
|
||||
throw new SystemException(
|
||||
"checkAuthorizationImpl was called with both workbasketKey and workbasketId set to null");
|
||||
}
|
||||
|
||||
if (accessItems.isEmpty()) {
|
||||
if (workbasketId != null) {
|
||||
LOGGER.error(
|
||||
"AccessIds {} do not have permission {} on workbasket with id {}. Throwing NotAuthorizedException.",
|
||||
LoggerUtils.listToString(accessIds), workbasketPermission.name(), workbasketId);
|
||||
throw new NotAuthorizedException("Not authorized. Permission '" + workbasketPermission.name()
|
||||
+ "' on workbasket '" + workbasketId + "' is needed.");
|
||||
} else {
|
||||
LOGGER.error(
|
||||
"AccessIds {} do not have permission {} on workbasket with key {} and domain {}. Throwing NotAuthorizedException.",
|
||||
LoggerUtils.listToString(accessIds), workbasketPermission.name(), workbasketKey, domain);
|
||||
throw new NotAuthorizedException("Not authorized. Permission '" + workbasketPermission.name()
|
||||
+ "' on workbasket with key '" + workbasketKey + "' and domain '" + domain
|
||||
+ "' is needed.");
|
||||
}
|
||||
}
|
||||
|
||||
isAuthorized = true;
|
||||
|
||||
} finally {
|
||||
taskanaEngine.returnConnection();
|
||||
LOGGER.debug("exit from checkAuthorization(). User is authorized = {}.", isAuthorized);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -120,78 +120,34 @@ public interface WorkbasketAccessMapper {
|
|||
WorkbasketAccessItemImpl findByWorkbasketAndAccessId(
|
||||
@Param("workbasketId") String workbasketId, @Param("accessIds") List<String> accessIds);
|
||||
|
||||
@Select("<script>SELECT a.ID, a.WORKBASKET_ID, a.ACCESS_ID, a.PERM_READ, a.PERM_OPEN, a.PERM_APPEND, a.PERM_TRANSFER, a.PERM_DISTRIBUTE, a.PERM_CUSTOM_1, a.PERM_CUSTOM_2, a.PERM_CUSTOM_3, a.PERM_CUSTOM_4, a.PERM_CUSTOM_5, a.PERM_CUSTOM_6, a.PERM_CUSTOM_7, a.PERM_CUSTOM_8, a.PERM_CUSTOM_9, a.PERM_CUSTOM_10, a.PERM_CUSTOM_11, a.PERM_CUSTOM_12 "
|
||||
+ "FROM TASKANA.WORKBASKET_ACCESS_LIST a LEFT OUTER JOIN TASKANA.WORKBASKET w on w.ID = a.WORKBASKET_ID "
|
||||
+ "WHERE w.KEY = #{workbasketKey} AND w.DOMAIN = #{domain} "
|
||||
+ "AND ACCESS_ID IN(<foreach item='item' collection='accessIds' separator=',' >#{item}</foreach>)"
|
||||
+ "AND <if test=\"authorization == 'OPEN'\">a.PERM_OPEN</if>"
|
||||
+ "<if test=\"authorization == 'READ'\">a.PERM_READ</if>"
|
||||
+ "<if test=\"authorization == 'APPEND'\">a.PERM_APPEND</if>"
|
||||
+ "<if test=\"authorization == 'TRANSFER'\">a.PERM_TRANSFER</if>"
|
||||
+ "<if test=\"authorization == 'DISTRIBUTE'\">a.PERM_DISTRIBUTE</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_1'\">a.PERM_CUSTOM_1</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_2'\">a.PERM_CUSTOM_2</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_3'\">a.PERM_CUSTOM_3</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_4'\">a.PERM_CUSTOM_4</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_5'\">a.PERM_CUSTOM_5</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_6'\">a.PERM_CUSTOM_6</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_7'\">a.PERM_CUSTOM_7</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_8'\">a.PERM_CUSTOM_8</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_9'\">a.PERM_CUSTOM_9</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_10'\">a.PERM_CUSTOM_10</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_11'\">a.PERM_CUSTOM_11</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_12'\">a.PERM_CUSTOM_12</if> = 1 "
|
||||
@Select("<script>SELECT MAX(PERM_READ) AS P_READ, MAX(PERM_OPEN) AS P_OPEN, MAX(PERM_APPEND) AS P_APPEND, MAX(PERM_TRANSFER) AS P_TRANSFER, MAX(PERM_DISTRIBUTE) AS P_DISTRIBUTE, MAX(PERM_CUSTOM_1) AS P_CUSTOM_1, MAX(PERM_CUSTOM_2) AS P_CUSTOM_2, MAX(PERM_CUSTOM_3) AS P_CUSTOM_3, MAX(PERM_CUSTOM_4) AS P_CUSTOM_4, MAX(PERM_CUSTOM_5) AS P_CUSTOM_5, MAX(PERM_CUSTOM_6) AS P_CUSTOM_6, MAX(PERM_CUSTOM_7) AS P_CUSTOM_7, MAX(PERM_CUSTOM_8) AS P_CUSTOM_8, MAX(PERM_CUSTOM_9) AS P_CUSTOM_9, MAX(PERM_CUSTOM_10) AS P_CUSTOM_10, MAX(PERM_CUSTOM_11) AS P_CUSTOM_11, MAX(PERM_CUSTOM_12) AS P_CUSTOM_12 "
|
||||
+ "FROM TASKANA.WORKBASKET_ACCESS_LIST "
|
||||
+ "WHERE WORKBASKET_ID in (SELECT ID FROM TASKANA.WORKBASKET WHERE KEY = #{workbasketKey} AND DOMAIN = #{domain} ) "
|
||||
+ "AND ACCESS_ID IN(<foreach item='item' collection='accessIds' separator=',' >#{item}</foreach>) "
|
||||
+ "<if test=\"_databaseId == 'db2'\">with UR </if> "
|
||||
+ "</script>")
|
||||
@Results(value = {
|
||||
@Result(property = "id", column = "ID"),
|
||||
@Result(property = "workbasketId", column = "WORKBASKET_ID"),
|
||||
@Result(property = "accessId", column = "ACCESS_ID"),
|
||||
@Result(property = "permRead", column = "PERM_READ"),
|
||||
@Result(property = "permOpen", column = "PERM_OPEN"),
|
||||
@Result(property = "permAppend", column = "PERM_APPEND"),
|
||||
@Result(property = "permTransfer", column = "PERM_TRANSFER"),
|
||||
@Result(property = "permDistribute", column = "PERM_DISTRIBUTE"),
|
||||
@Result(property = "permCustom1", column = "PERM_CUSTOM_1"),
|
||||
@Result(property = "permCustom2", column = "PERM_CUSTOM_2"),
|
||||
@Result(property = "permCustom3", column = "PERM_CUSTOM_3"),
|
||||
@Result(property = "permCustom4", column = "PERM_CUSTOM_4"),
|
||||
@Result(property = "permCustom5", column = "PERM_CUSTOM_5"),
|
||||
@Result(property = "permCustom6", column = "PERM_CUSTOM_6"),
|
||||
@Result(property = "permCustom7", column = "PERM_CUSTOM_7"),
|
||||
@Result(property = "permCustom8", column = "PERM_CUSTOM_8"),
|
||||
@Result(property = "permCustom9", column = "PERM_CUSTOM_9"),
|
||||
@Result(property = "permCustom10", column = "PERM_CUSTOM_10"),
|
||||
@Result(property = "permCustom11", column = "PERM_CUSTOM_11"),
|
||||
@Result(property = "permCustom12", column = "PERM_CUSTOM_12")})
|
||||
List<WorkbasketAccessItemImpl> findByWorkbasketAccessByWorkbasketKeyDomainAndAuthorization(
|
||||
@Result(property = "permRead", column = "P_READ"),
|
||||
@Result(property = "permOpen", column = "P_OPEN"),
|
||||
@Result(property = "permAppend", column = "P_APPEND"),
|
||||
@Result(property = "permTransfer", column = "P_TRANSFER"),
|
||||
@Result(property = "permDistribute", column = "P_DISTRIBUTE"),
|
||||
@Result(property = "permCustom1", column = "P_CUSTOM_1"),
|
||||
@Result(property = "permCustom2", column = "P_CUSTOM_2"),
|
||||
@Result(property = "permCustom3", column = "P_CUSTOM_3"),
|
||||
@Result(property = "permCustom4", column = "P_CUSTOM_4"),
|
||||
@Result(property = "permCustom5", column = "P_CUSTOM_5"),
|
||||
@Result(property = "permCustom6", column = "P_CUSTOM_6"),
|
||||
@Result(property = "permCustom7", column = "P_CUSTOM_7"),
|
||||
@Result(property = "permCustom8", column = "P_CUSTOM_8"),
|
||||
@Result(property = "permCustom9", column = "P_CUSTOM_9"),
|
||||
@Result(property = "permCustom10", column = "P_CUSTOM_10"),
|
||||
@Result(property = "permCustom11", column = "P_CUSTOM_11"),
|
||||
@Result(property = "permCustom12", column = "P_CUSTOM_12")})
|
||||
WorkbasketAccessItemImpl findByWorkbasketKeyDomainAndAccessId(
|
||||
@Param("workbasketKey") String workbasketKey, @Param("domain") String domain,
|
||||
@Param("accessIds") List<String> accessIds, @Param("authorization") String authorization);
|
||||
@Param("accessIds") List<String> accessIds);
|
||||
|
||||
@Select("<script>SELECT ID, WORKBASKET_ID, ACCESS_ID, PERM_READ, PERM_OPEN, PERM_APPEND, PERM_TRANSFER, PERM_DISTRIBUTE, PERM_CUSTOM_1, PERM_CUSTOM_2, PERM_CUSTOM_3, PERM_CUSTOM_4, PERM_CUSTOM_5, PERM_CUSTOM_6, PERM_CUSTOM_7, PERM_CUSTOM_8, PERM_CUSTOM_9, PERM_CUSTOM_10, PERM_CUSTOM_11, PERM_CUSTOM_12 "
|
||||
+ "FROM TASKANA.WORKBASKET_ACCESS_LIST "
|
||||
+ "WHERE WORKBASKET_ID = #{workbasketId} "
|
||||
+ "AND ACCESS_ID IN(<foreach item='item' collection='accessIds' separator=',' >#{item}</foreach>)"
|
||||
+ "AND <if test=\"authorization == 'OPEN'\">PERM_OPEN</if>"
|
||||
+ "<if test=\"authorization == 'READ'\">PERM_READ</if>"
|
||||
+ "<if test=\"authorization == 'APPEND'\">PERM_APPEND</if>"
|
||||
+ "<if test=\"authorization == 'TRANSFER'\">PERM_TRANSFER</if>"
|
||||
+ "<if test=\"authorization == 'DISTRIBUTE'\">PERM_DISTRIBUTE</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_1'\">PERM_CUSTOM_1</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_2'\">PERM_CUSTOM_2</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_3'\">PERM_CUSTOM_3</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_4'\">PERM_CUSTOM_4</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_5'\">PERM_CUSTOM_5</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_6'\">PERM_CUSTOM_6</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_7'\">PERM_CUSTOM_7</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_8'\">PERM_CUSTOM_8</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_9'\">PERM_CUSTOM_9</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_10'\">PERM_CUSTOM_10</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_11'\">PERM_CUSTOM_11</if>"
|
||||
+ "<if test=\"authorization == 'CUSTOM_12'\">PERM_CUSTOM_12</if> = 1 "
|
||||
+ "<if test=\"_databaseId == 'db2'\">with UR </if> "
|
||||
+ "</script>")
|
||||
List<WorkbasketAccessItemImpl> findByWorkbasketAndAccessIdAndAuthorizationsById(
|
||||
@Param("workbasketId") String workbasketId, @Param("accessIds") List<String> accessIds,
|
||||
@Param("authorization") String authorization);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -56,6 +56,9 @@ public class QueryTasksAccTest extends AbstractAccTest {
|
|||
super();
|
||||
}
|
||||
|
||||
@WithAccessId(
|
||||
userName = "teamlead_1",
|
||||
groupNames = {"admin"})
|
||||
@Test
|
||||
public void testQueryTaskValuesForColumnName() {
|
||||
TaskService taskService = taskanaEngine.getTaskService();
|
||||
|
|
|
|||
|
|
@ -355,14 +355,14 @@ public class WorkbasketServiceImplTest {
|
|||
Workbasket actualWb = cutSpy.createWorkbasket(expectedWb);
|
||||
cutSpy.setDistributionTargets(expectedWb.getId(), null);
|
||||
|
||||
verify(taskanaEngineImplMock, times(3)).openConnection();
|
||||
verify(taskanaEngineImplMock, times(4)).openConnection();
|
||||
verify(taskanaEngineImplMock, times(1)).getConfiguration();
|
||||
verify(taskanaEngineConfigurationMock, times(1)).isSecurityEnabled();
|
||||
verify(workbasketMapperMock, times(1)).insert(expectedWb);
|
||||
verify(workbasketMapperMock, times(1)).findByKeyAndDomain(any(), any());
|
||||
verify(workbasketMapperMock, times(2)).findById(expectedWb.getId());
|
||||
verify(workbasketMapperMock, times(1)).update(any());
|
||||
verify(taskanaEngineImplMock, times(3)).returnConnection();
|
||||
verify(taskanaEngineImplMock, times(4)).returnConnection();
|
||||
verify(taskanaEngineImplMock, times(2)).checkRoleMembership(any());
|
||||
verify(taskanaEngineImplMock, times(1)).isUserInRole(any());
|
||||
verify(taskanaEngineImplMock, times(1)).domainExists(any());
|
||||
|
|
|
|||
Loading…
Reference in New Issue