TSK-659: considering permissions for business admins in workbasket queries.

2018-07-20 15:36:22 +02:00 · 2018-07-20 15:36:22 +02:00 · 3e0334ee6f
parent 7a5fcacb36
commit 3e0334ee6f
3 changed files with 27 additions and 5 deletions
--- a/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketQueryImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketQueryImpl.java
@ -707,18 +707,20 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
            // if user is admin or businessadmin, don't check read permission on workbasket.
            // in addition, if user is admin or businessadmin and no accessIds were specified, don't join with access
            // list
-            // if this query is used to augment task, a business admin should be treated like a normal user
+            // if this query is used to augment task or a permission is given as filter criteria,
+            // a business admin should be treated like a normal user
+            //
            // (joinWithAccessList,checkReadPermission) can assume the following combinations:
            // (t,t) -> query performed by user
            // (f,f) -> admin queries w/o access ids specified
-            // (t,f) -> admin queries with access ids specified
+            // (t,f) -> admin queries with access ids specified or permissions given
            // (f,t) -> cannot happen, cannot be matched to meaningful query
            joinWithAccessList = true;
            checkReadPermission = true;
            if (taskanaEngine.isUserInRole(TaskanaRole.ADMIN)
                || (taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN) && !usedToAugmentTasks)) {
                checkReadPermission = false;
-                if (accessId == null) {
+                if (accessId == null && permission == null) {
                    joinWithAccessList = false;
                }
            }
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketByPermissionAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketByPermissionAccTest.java
@ -144,4 +144,14 @@ public class QueryWorkbasketByPermissionAccTest extends AbstractAccTest {
        Assert.assertEquals(1, results.size());
    }

+    @WithAccessId(userName = "teamlead_1", groupNames = {"businessadmin"})
+    @Test
+    public void testConsiderBusinessAdminPermissionsWhileQueryingWorkbaskets() {
+        WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
+        List<WorkbasketSummary> results = workbasketService.createWorkbasketQuery()
+            .callerHasPermission(WorkbasketPermission.OPEN)
+            .list();
+        Assert.assertEquals(3, results.size());
+    }
+
 }
--- a/rest/taskana-rest-spring-example/src/test/java/pro/taskana/rest/WorkbasketControllerIntTest.java
+++ b/rest/taskana-rest-spring-example/src/test/java/pro/taskana/rest/WorkbasketControllerIntTest.java
@ -15,7 +15,6 @@ import org.junit.runner.RunWith;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.boot.web.server.LocalServerPort;
-import org.springframework.context.annotation.Import;
 import org.springframework.core.ParameterizedTypeReference;
 import org.springframework.hateoas.Link;
 import org.springframework.hateoas.PagedResources;
@ -40,7 +39,8 @@ import pro.taskana.rest.resource.DistributionTargetResource;
 import pro.taskana.rest.resource.WorkbasketSummaryResource;

@RunWith(SpringRunner.class)
-@SpringBootTest(classes = RestConfiguration.class, webEnvironment = WebEnvironment.RANDOM_PORT, properties = {"devMode=true"})
+@SpringBootTest(classes = RestConfiguration.class, webEnvironment = WebEnvironment.RANDOM_PORT,
+    properties = {"devMode=true"})
 public class WorkbasketControllerIntTest {

    String url = "http://127.0.0.1:";
@ -66,6 +66,16 @@ public class WorkbasketControllerIntTest {
        assertNotNull(response.getBody().getLink(Link.REL_SELF));
    }

+    @Test
+    public void testGetAllWorkbasketsBusinessAdminHasOpenPermission() {
+        ResponseEntity<PagedResources<WorkbasketSummaryResource>> response = template.exchange(
+            url + port + "/v1/workbaskets?required-permission=OPEN", HttpMethod.GET, request,
+            new ParameterizedTypeReference<PagedResources<WorkbasketSummaryResource>>() {
+            });
+        assertNotNull(response.getBody().getLink(Link.REL_SELF));
+        assertEquals(3, response.getBody().getContent().size());
+    }
+
    @Test
    public void testGetAllWorkbasketsKeepingFilters() {
        String parameters = "/v1/workbaskets?type=PERSONAL&sort-by=key&order=desc";