From 79780f4666a3865e0a5ca211444dee2bc7223b77 Mon Sep 17 00:00:00 2001 From: BVier <26220150+BVier@users.noreply.github.com> Date: Wed, 22 Nov 2017 14:09:11 +0100 Subject: [PATCH] WB-Access-List: Add CUSTOM-Attributes and insert prefix 'PERM_' for all Boolean values --- .../workbasket-authorization.component.html | 48 +++--- lib/taskana-core/pom.xml | 1 - .../java/pro/taskana/WorkbasketService.java | 21 +-- .../taskana/impl/WorkbasketServiceImpl.java | 29 +++- .../taskana/model/WorkbasketAccessItem.java | 134 +++++++++++---- .../taskana/model/mappings/QueryMapper.java | 2 +- .../mappings/WorkbasketAccessMapper.java | 162 ++++++++++-------- .../model/mappings/WorkbasketMapper.java | 18 +- .../taskana/security/CurrentUserContext.java | 25 ++- .../src/main/resources/sql/taskana-schema.sql | 21 ++- .../impl/WorkbasketServiceImplTest.java | 35 ++-- .../WorkbasketServiceImplIntTest.java | 37 ++-- .../sample-data/workbasket-access-list.sql | 6 +- 13 files changed, 310 insertions(+), 229 deletions(-) diff --git a/admin/src/app/workbasket-authorization/workbasket-authorization.component.html b/admin/src/app/workbasket-authorization/workbasket-authorization.component.html index d93b9a37c..66e48ada6 100644 --- a/admin/src/app/workbasket-authorization/workbasket-authorization.component.html +++ b/admin/src/app/workbasket-authorization/workbasket-authorization.component.html @@ -2,8 +2,7 @@ - - + @@ -14,25 +13,22 @@ - - + - - -
IDUserIDGroupIDAccessID READ OPEN APPEND
- + - + - + - + - + - - - + {{ workbasketAuthorization.userId }}{{ workbasketAuthorization.accessId }} - - {{ workbasketAuthorization.groupId }} - + - + - + - + - + - + - + - + - + - + - +
\ No newline at end of file + diff --git a/lib/taskana-core/pom.xml b/lib/taskana-core/pom.xml index 68a5427ea..eab95c129 100644 --- a/lib/taskana-core/pom.xml +++ b/lib/taskana-core/pom.xml @@ -91,7 +91,6 @@ 3.5.1 true - true -Xlint:all diff --git a/lib/taskana-core/src/main/java/pro/taskana/WorkbasketService.java b/lib/taskana-core/src/main/java/pro/taskana/WorkbasketService.java index 936012076..60db7358e 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/WorkbasketService.java +++ b/lib/taskana-core/src/main/java/pro/taskana/WorkbasketService.java @@ -1,13 +1,13 @@ package pro.taskana; -import java.util.List; - import pro.taskana.exceptions.NotAuthorizedException; import pro.taskana.exceptions.WorkbasketNotFoundException; import pro.taskana.model.Workbasket; import pro.taskana.model.WorkbasketAccessItem; import pro.taskana.model.WorkbasketAuthorization; +import java.util.List; + /** * This service manages the Workbaskets. */ @@ -43,11 +43,9 @@ public interface WorkbasketService { Workbasket updateWorkbasket(Workbasket workbasket) throws NotAuthorizedException; /** - * Create a new authorization for a specific workbasket and a specific user. - * @param workbasket - * the choosen workbasket - * @param user - * the choosen user + * Create a new Workbasket Authorization with a Workbasket and a AccessId. + * @param workbasketAccessItem + * the new workbasketAccessItem * @return */ WorkbasketAccessItem createWorkbasketAuthorization(WorkbasketAccessItem workbasketAccessItem); @@ -74,11 +72,10 @@ public interface WorkbasketService { void deleteWorkbasketAuthorization(String id); /** - * This method checks the authorization with the saved one. - * @param workbasket - * the workbasket to check - * @param userId - * the user to check + * This method checks the authorization with the saved one for the actual User. + * + * @param workbasketId + * the workbasket we want to access * @param authorization * the needed Authorization * @throws WorkbasketNotFoundException diff --git a/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketServiceImpl.java index 5b621d553..841c29a6b 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketServiceImpl.java @@ -1,8 +1,5 @@ package pro.taskana.impl; -import java.sql.Timestamp; -import java.util.List; - import org.slf4j.Logger; import org.slf4j.LoggerFactory; import pro.taskana.TaskanaEngine; @@ -17,6 +14,13 @@ import pro.taskana.model.mappings.DistributionTargetMapper; import pro.taskana.model.mappings.WorkbasketAccessMapper; import pro.taskana.model.mappings.WorkbasketMapper; import pro.taskana.security.CurrentUserContext; + +import java.sql.Timestamp; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + /** * This is the implementation of WorkbasketService. */ @@ -55,7 +59,14 @@ public class WorkbasketServiceImpl implements WorkbasketService { @Override public List getWorkbaskets(List permissions) { - return workbasketMapper.findByPermission(permissions, CurrentUserContext.getUserid()); + //use a set to avoid duplicates + Set workbaskets = new HashSet<>(); + for (String accessId : CurrentUserContext.getAccessIds()) { + workbaskets.addAll(workbasketMapper.findByPermission(permissions, accessId)); + } + List workbasketList = new ArrayList(); + workbasketList.addAll(workbaskets); + return workbasketList; } @Override @@ -135,18 +146,18 @@ public class WorkbasketServiceImpl implements WorkbasketService { public void checkAuthorization(String workbasketId, WorkbasketAuthorization workbasketAuthorization) throws NotAuthorizedException { - // Skip permission check is security is not enabled + // Skip permission check if security is not enabled if (!taskanaEngine.getConfiguration().isSecurityEnabled()) { LOGGER.debug("Skipping permissions check since security is disabled."); return; } - String userId = CurrentUserContext.getUserid(); - LOGGER.debug("Verifying that {} has the permission {} on workbasket {}", userId, workbasketAuthorization.name(), - workbasketId); + List accessIds = CurrentUserContext.getAccessIds(); + LOGGER.debug("Verifying that {} has the permission {} on workbasket {}", + CurrentUserContext.getUserid(), workbasketAuthorization.name(), workbasketId); List accessItems = workbasketAccessMapper - .findByWorkbasketAndUserAndAuthorization(workbasketId, userId, workbasketAuthorization.name()); + .findByWorkbasketAndAccessIdAndAuthorizations(workbasketId, accessIds, workbasketAuthorization.name()); if (accessItems.size() <= 0) { throw new NotAuthorizedException("Not authorized. Authorization '" + workbasketAuthorization.name() diff --git a/lib/taskana-core/src/main/java/pro/taskana/model/WorkbasketAccessItem.java b/lib/taskana-core/src/main/java/pro/taskana/model/WorkbasketAccessItem.java index 61ee36bf6..9892f65c9 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/model/WorkbasketAccessItem.java +++ b/lib/taskana-core/src/main/java/pro/taskana/model/WorkbasketAccessItem.java @@ -7,13 +7,21 @@ public class WorkbasketAccessItem { private String id; private String workbasketId; - private String userId; - private String groupId; - private boolean read; - private boolean open; - private boolean append; - private boolean transfer; - private boolean distribute; + private String accessId; + private boolean permRead; + private boolean permOpen; + private boolean permAppend; + private boolean permTransfer; + private boolean permDistribute; + private boolean permCustom1; + private boolean permCustom2; + private boolean permCustom3; + private boolean permCustom4; + private boolean permCustom5; + private boolean permCustom6; + private boolean permCustom7; + private boolean permCustom8; + public String getId() { return id; @@ -31,59 +39,115 @@ public class WorkbasketAccessItem { this.workbasketId = workbasketId; } - public String getUserId() { - return userId; + public String getAccessId() { + return accessId; } - public void setUserId(String userId) { - this.userId = userId; + public void setAccessId(String accessId) { + this.accessId = accessId; } - public String getGroupId() { - return groupId; + public boolean isPermRead() { + return permRead; } - public void setGroupId(String groupId) { - this.groupId = groupId; + public void setPermRead(boolean permRead) { + this.permRead = permRead; } - public boolean isRead() { - return read; + public boolean isPermOpen() { + return permOpen; } - public void setRead(boolean read) { - this.read = read; + public void setPermOpen(boolean permOpen) { + this.permOpen = permOpen; } - public boolean isOpen() { - return open; + public boolean isPermAppend() { + return permAppend; } - public void setOpen(boolean open) { - this.open = open; + public void setPermAppend(boolean permAppend) { + this.permAppend = permAppend; } - public boolean isAppend() { - return append; + public boolean isPermTransfer() { + return permTransfer; } - public void setAppend(boolean append) { - this.append = append; + public void setPermTransfer(boolean permTransfer) { + this.permTransfer = permTransfer; } - public boolean isTransfer() { - return transfer; + public boolean isPermDistribute() { + return permDistribute; } - public void setTransfer(boolean transfer) { - this.transfer = transfer; + public void setPermDistribute(boolean permDistribute) { + this.permDistribute = permDistribute; } - public boolean isDistribute() { - return distribute; + public boolean isPermCustom1() { + return permCustom1; } - public void setDistribute(boolean distribute) { - this.distribute = distribute; + public void setPermCustom1(boolean permCustom1) { + this.permCustom1 = permCustom1; + } + + public boolean isPermCustom2() { + return permCustom2; + } + + public void setPermCustom2(boolean permCustom2) { + this.permCustom2 = permCustom2; + } + + public boolean isPermCustom3() { + return permCustom3; + } + + public void setPermCustom3(boolean permCustom3) { + this.permCustom3 = permCustom3; + } + + public boolean isPermCustom4() { + return permCustom4; + } + + public void setPermCustom4(boolean permCustom4) { + this.permCustom4 = permCustom4; + } + + public boolean isPermCustom5() { + return permCustom5; + } + + public void setPermCustom5(boolean permCustom5) { + this.permCustom5 = permCustom5; + } + + public boolean isPermCustom6() { + return permCustom6; + } + + public void setPermCustom6(boolean permCustom6) { + this.permCustom6 = permCustom6; + } + + public boolean isPermCustom7() { + return permCustom7; + } + + public void setPermCustom7(boolean permCustom7) { + this.permCustom7 = permCustom7; + } + + public boolean isPermCustom8() { + return permCustom8; + } + + public void setPermCustom8(boolean permCustom8) { + this.permCustom8 = permCustom8; } } diff --git a/lib/taskana-core/src/main/java/pro/taskana/model/mappings/QueryMapper.java b/lib/taskana-core/src/main/java/pro/taskana/model/mappings/QueryMapper.java index 18125e0bc..7f02e78aa 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/model/mappings/QueryMapper.java +++ b/lib/taskana-core/src/main/java/pro/taskana/model/mappings/QueryMapper.java @@ -90,7 +90,7 @@ public interface QueryMapper { @Result(property = "custom10", column = "CUSTOM_10") }) List queryTasks(TaskQueryImpl taskQuery); - @Select("") + + "AND ACCESS_ID IN(#{item})" + + "AND PERM_OPEN" + + "PERM_READ" + + "PERM_APPEND" + + "PERM_TRANSFER" + + "PERM_DISTRIBUTE = 1") @Results(value = { @Result(property = "id", column = "ID"), @Result(property = "workbasketId", column = "WORKBASKET_ID"), - @Result(property = "userId", column = "USER_ID"), - @Result(property = "groupId", column = "GROUP_ID"), - @Result(property = "read", column = "READ"), - @Result(property = "open", column = "OPEN"), - @Result(property = "append", column = "APPEND"), - @Result(property = "transfer", column = "TRANSFER"), - @Result(property = "distribute", column = "DISTRIBUTE") }) - List findByWorkbasketAndUserAndAuthorization(@Param("workbasketId") String workbasketId, @Param("userId") String userId, @Param("authorization") String authorization); + @Result(property = "accessId", column = "ACCESS_ID"), + @Result(property = "permRead", column = "PERM_READ"), + @Result(property = "permOpen", column = "PERM_OPEN"), + @Result(property = "permAppend", column = "PERM_APPEND"), + @Result(property = "permTransfer", column = "PERM_TRANSFER"), + @Result(property = "permDistribute", column = "PERM_DISTRIBUTE"), + @Result(property = "permCustom1", column = "PERM_CUSTOM_1"), + @Result(property = "permCustom2", column = "PERM_CUSTOM_2"), + @Result(property = "permCustom3", column = "PERM_CUSTOM_3"), + @Result(property = "permCustom4", column = "PERM_CUSTOM_4"), + @Result(property = "permCustom5", column = "PERM_CUSTOM_5"), + @Result(property = "permCustom6", column = "PERM_CUSTOM_6"), + @Result(property = "permCustom7", column = "PERM_CUSTOM_7"), + @Result(property = "permCustom8", column = "PERM_CUSTOM_8")}) + List findByWorkbasketAndAccessIdAndAuthorizations(@Param("workbasketId") String workbasketId, @Param("accessIds") List accessIds, @Param("authorization") String authorization); - @Select("SELECT ID, WORKBASKET_ID, USER_ID, GROUP_ID, READ, OPEN, APPEND, TRANSFER, DISTRIBUTE FROM WORKBASKET_ACCESS_LIST WHERE WORKBASKET_ID = #{workbasketId} AND GROUP_ID = #{groupId}") - @Results(value = { - @Result(property = "id", column = "ID"), - @Result(property = "workbasketId", column = "WORKBASKET_ID"), - @Result(property = "userId", column = "USER_ID"), - @Result(property = "groupId", column = "GROUP_ID"), - @Result(property = "read", column = "READ"), - @Result(property = "open", column = "OPEN"), - @Result(property = "append", column = "APPEND"), - @Result(property = "transfer", column = "TRANSFER"), - @Result(property = "distribute", column = "DISTRIBUTE") }) - List findByWorkbasketAndGroup(@Param("workbasketId") String workbasketId, @Param("groupId") String groupId); } diff --git a/lib/taskana-core/src/main/java/pro/taskana/model/mappings/WorkbasketMapper.java b/lib/taskana-core/src/main/java/pro/taskana/model/mappings/WorkbasketMapper.java index 0499091e5..93fd2ce38 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/model/mappings/WorkbasketMapper.java +++ b/lib/taskana-core/src/main/java/pro/taskana/model/mappings/WorkbasketMapper.java @@ -1,19 +1,11 @@ package pro.taskana.model.mappings; -import java.util.List; - -import org.apache.ibatis.annotations.Delete; -import org.apache.ibatis.annotations.Insert; -import org.apache.ibatis.annotations.Many; -import org.apache.ibatis.annotations.Options; -import org.apache.ibatis.annotations.Param; -import org.apache.ibatis.annotations.Result; -import org.apache.ibatis.annotations.Results; -import org.apache.ibatis.annotations.Select; -import org.apache.ibatis.annotations.Update; +import org.apache.ibatis.annotations.*; import org.apache.ibatis.mapping.FetchType; import pro.taskana.model.Workbasket; import pro.taskana.model.WorkbasketAuthorization; + +import java.util.List; /** * This class is the mybatis mapping of workbaskets. */ @@ -52,7 +44,7 @@ public interface WorkbasketMapper { List findAll(); @Select("