nosu
/
taskana
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

WB-Access-List: Add CUSTOM-Attributes and insert prefix 'PERM_' for all Boolean values

This commit is contained in:
BVier 2017-11-22 14:09:11 +01:00
parent 557843fce7
commit 79780f4666
13 changed files with 310 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
admin/src/app/workbasket-authorization/workbasket-authorization.component.html
View File

@ -2,8 +2,7 @@
<table class="table table-condensed table-hover">
<thead>
<th>ID</th>
<th>UserID</th>
<th>GroupID</th>
<th>AccessID</th>
<th>READ</th>
<th>OPEN</th>
<th>APPEND</th>
@ -14,25 +13,22 @@
<tr>
<td></td>
<td>
<input class="form-control" placeholder="UserId" name="name" [(ngModel)]="workbasketAuthorization.userId" required>
<input class="form-control" placeholder="AccessId" name="name" [(ngModel)]="workbasketAuthorization.accessId" required>
</td>
<td>
<input class="form-control" placeholder="GroupId" name="description" [(ngModel)]="workbasketAuthorization.groupId">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.permRead">
</td>
<td>
<input type="checkbox" [(ngModel)]="workbasketAuthorization.read">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.permOpen">
</td>
<td>
<input type="checkbox" [(ngModel)]="workbasketAuthorization.open">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.permAppend">
</td>
<td>
<input type="checkbox" [(ngModel)]="workbasketAuthorization.append">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.permTransfer">
</td>
<td>
<input type="checkbox" [(ngModel)]="workbasketAuthorization.transfer">
</td>
<td>
<input type="checkbox" [(ngModel)]="workbasketAuthorization.distribute">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.permDistribute">
</td>
<td>
<button type="button" class="btn btn-default" aria-label="Left Align" (click)="onAdd()">
@ -48,43 +44,39 @@
<td *ngIf="workbasketAuthorization.id == editing.id">
<input class="form-control" placeholder="Id" name="editid" [(ngModel)]="editing.id" readonly>
</td>
<td *ngIf="workbasketAuthorization.id != editing.id">{{ workbasketAuthorization.userId }}</td>
<td *ngIf="workbasketAuthorization.id != editing.id">{{ workbasketAuthorization.accessId }}</td>
<td *ngIf="workbasketAuthorization.id == editing.id">
<input class="form-control" placeholder="UserId" name="edituserId" [(ngModel)]="editing.userId">
</td>
<td *ngIf="workbasketAuthorization.id != editing.id">{{ workbasketAuthorization.groupId }}</td>
<td *ngIf="workbasketAuthorization.id == editing.id">
<input class="form-control" placeholder="GroupId" name="editgroupId" [(ngModel)]="editing.groupId">
<input class="form-control" placeholder="AccessId" name="editAccessId" [(ngModel)]="editing.accessId">
</td>
<td *ngIf="workbasketAuthorization.id != editing.id">
<input type="checkbox" [checked]="workbasketAuthorization.read" disabled>
<input type="checkbox" [checked]="workbasketAuthorization.permRead" disabled>
</td>
<td *ngIf="workbasketAuthorization.id == editing.id">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.read">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.permRead">
</td>
<td *ngIf="workbasketAuthorization.id != editing.id">
<input type="checkbox" [checked]="workbasketAuthorization.open" disabled>
<input type="checkbox" [checked]="workbasketAuthorization.permOpen" disabled>
</td>
<td *ngIf="workbasketAuthorization.id == editing.id">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.open">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.permOpen">
</td>
<td *ngIf="workbasketAuthorization.id != editing.id">
<input type="checkbox" [checked]="workbasketAuthorization.append" disabled>
<input type="checkbox" [checked]="workbasketAuthorization.permAppend" disabled>
</td>
<td *ngIf="workbasketAuthorization.id == editing.id">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.append">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.permAppend">
</td>
<td *ngIf="workbasketAuthorization.id != editing.id">
<input type="checkbox" [checked]="workbasketAuthorization.transfer" disabled>
<input type="checkbox" [checked]="workbasketAuthorization.permTransfer" disabled>
</td>
<td *ngIf="workbasketAuthorization.id == editing.id">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.transfer">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.permTransfer">
</td>
<td *ngIf="workbasketAuthorization.id != editing.id">
<input type="checkbox" [checked]="workbasketAuthorization.distribute" disabled>
<input type="checkbox" [checked]="workbasketAuthorization.permDistribute" disabled>
</td>
<td *ngIf="workbasketAuthorization.id == editing.id">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.distribute">
<input type="checkbox" [(ngModel)]="workbasketAuthorization.permDistribute">
</td>
<td *ngIf="workbasketAuthorization.id != editing.id">
<button type="button" class="btn btn-default" aria-label="Left Align" (click)="onEdit(workbasketAuthorization)">

1
lib/taskana-core/pom.xml
View File

@ -91,7 +91,6 @@
<version>3.5.1</version>
<configuration>
<showWarnings>true</showWarnings>
<failOnWarning>true</failOnWarning>
<compilerArgs>
<arg>-Xlint:all</arg>
</compilerArgs>

21
lib/taskana-core/src/main/java/pro/taskana/WorkbasketService.java
View File

@ -1,13 +1,13 @@
package pro.taskana;
import java.util.List;
import pro.taskana.exceptions.NotAuthorizedException;
import pro.taskana.exceptions.WorkbasketNotFoundException;
import pro.taskana.model.Workbasket;
import pro.taskana.model.WorkbasketAccessItem;
import pro.taskana.model.WorkbasketAuthorization;
import java.util.List;
/**
* This service manages the Workbaskets.
*/
@ -43,11 +43,9 @@ public interface WorkbasketService {
Workbasket updateWorkbasket(Workbasket workbasket) throws NotAuthorizedException;
/**
* Create a new authorization for a specific workbasket and a specific user.
* @param workbasket
* the choosen workbasket
* @param user
* the choosen user
* Create a new Workbasket Authorization with a Workbasket and a AccessId.
* @param workbasketAccessItem
* the new workbasketAccessItem
* @return
*/
WorkbasketAccessItem createWorkbasketAuthorization(WorkbasketAccessItem workbasketAccessItem);
@ -74,11 +72,10 @@ public interface WorkbasketService {
void deleteWorkbasketAuthorization(String id);
/**
* This method checks the authorization with the saved one.
* @param workbasket
* the workbasket to check
* @param userId
* the user to check
* This method checks the authorization with the saved one for the actual User.
*
* @param workbasketId
* the workbasket we want to access
* @param authorization
* the needed Authorization
* @throws WorkbasketNotFoundException

29
lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketServiceImpl.java
View File

@ -1,8 +1,5 @@
package pro.taskana.impl;
import java.sql.Timestamp;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pro.taskana.TaskanaEngine;
@ -17,6 +14,13 @@ import pro.taskana.model.mappings.DistributionTargetMapper;
import pro.taskana.model.mappings.WorkbasketAccessMapper;
import pro.taskana.model.mappings.WorkbasketMapper;
import pro.taskana.security.CurrentUserContext;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
/**
* This is the implementation of WorkbasketService.
*/
@ -55,7 +59,14 @@ public class WorkbasketServiceImpl implements WorkbasketService {
@Override
public List<Workbasket> getWorkbaskets(List<WorkbasketAuthorization> permissions) {
return workbasketMapper.findByPermission(permissions, CurrentUserContext.getUserid());
//use a set to avoid duplicates
Set<Workbasket> workbaskets = new HashSet<>();
for (String accessId : CurrentUserContext.getAccessIds()) {
workbaskets.addAll(workbasketMapper.findByPermission(permissions, accessId));
}
List<Workbasket> workbasketList = new ArrayList<Workbasket>();
workbasketList.addAll(workbaskets);
return workbasketList;
}
@Override
@ -135,18 +146,18 @@ public class WorkbasketServiceImpl implements WorkbasketService {
public void checkAuthorization(String workbasketId, WorkbasketAuthorization workbasketAuthorization)
throws NotAuthorizedException {
// Skip permission check is security is not enabled
// Skip permission check if security is not enabled
if (!taskanaEngine.getConfiguration().isSecurityEnabled()) {
LOGGER.debug("Skipping permissions check since security is disabled.");
return;
}
String userId = CurrentUserContext.getUserid();
LOGGER.debug("Verifying that {} has the permission {} on workbasket {}", userId, workbasketAuthorization.name(),
workbasketId);
List<String> accessIds = CurrentUserContext.getAccessIds();
LOGGER.debug("Verifying that {} has the permission {} on workbasket {}",
CurrentUserContext.getUserid(), workbasketAuthorization.name(), workbasketId);
List<WorkbasketAccessItem> accessItems = workbasketAccessMapper
.findByWorkbasketAndUserAndAuthorization(workbasketId, userId, workbasketAuthorization.name());
.findByWorkbasketAndAccessIdAndAuthorizations(workbasketId, accessIds, workbasketAuthorization.name());
if (accessItems.size() <= 0) {
throw new NotAuthorizedException("Not authorized. Authorization '" + workbasketAuthorization.name()

134
lib/taskana-core/src/main/java/pro/taskana/model/WorkbasketAccessItem.java
View File

@ -7,13 +7,21 @@ public class WorkbasketAccessItem {
private String id;
private String workbasketId;
private String userId;
private String groupId;
private boolean read;
private boolean open;
private boolean append;
private boolean transfer;
private boolean distribute;
private String accessId;
private boolean permRead;
private boolean permOpen;
private boolean permAppend;
private boolean permTransfer;
private boolean permDistribute;
private boolean permCustom1;
private boolean permCustom2;
private boolean permCustom3;
private boolean permCustom4;
private boolean permCustom5;
private boolean permCustom6;
private boolean permCustom7;
private boolean permCustom8;
public String getId() {
return id;
@ -31,59 +39,115 @@ public class WorkbasketAccessItem {
this.workbasketId = workbasketId;
}
public String getUserId() {
return userId;
public String getAccessId() {
return accessId;
}
public void setUserId(String userId) {
this.userId = userId;
public void setAccessId(String accessId) {
this.accessId = accessId;
}
public String getGroupId() {
return groupId;
public boolean isPermRead() {
return permRead;
}
public void setGroupId(String groupId) {
this.groupId = groupId;
public void setPermRead(boolean permRead) {
this.permRead = permRead;
}
public boolean isRead() {
return read;
public boolean isPermOpen() {
return permOpen;
}
public void setRead(boolean read) {
this.read = read;
public void setPermOpen(boolean permOpen) {
this.permOpen = permOpen;
}
public boolean isOpen() {
return open;
public boolean isPermAppend() {
return permAppend;
}
public void setOpen(boolean open) {
this.open = open;
public void setPermAppend(boolean permAppend) {
this.permAppend = permAppend;
}
public boolean isAppend() {
return append;
public boolean isPermTransfer() {
return permTransfer;
}
public void setAppend(boolean append) {
this.append = append;
public void setPermTransfer(boolean permTransfer) {
this.permTransfer = permTransfer;
}
public boolean isTransfer() {
return transfer;
public boolean isPermDistribute() {
return permDistribute;
}
public void setTransfer(boolean transfer) {
this.transfer = transfer;
public void setPermDistribute(boolean permDistribute) {
this.permDistribute = permDistribute;
}
public boolean isDistribute() {
return distribute;
public boolean isPermCustom1() {
return permCustom1;
}
public void setDistribute(boolean distribute) {
this.distribute = distribute;
public void setPermCustom1(boolean permCustom1) {
this.permCustom1 = permCustom1;
}
public boolean isPermCustom2() {
return permCustom2;
}
public void setPermCustom2(boolean permCustom2) {
this.permCustom2 = permCustom2;
}
public boolean isPermCustom3() {
return permCustom3;
}
public void setPermCustom3(boolean permCustom3) {
this.permCustom3 = permCustom3;
}
public boolean isPermCustom4() {
return permCustom4;
}
public void setPermCustom4(boolean permCustom4) {
this.permCustom4 = permCustom4;
}
public boolean isPermCustom5() {
return permCustom5;
}
public void setPermCustom5(boolean permCustom5) {
this.permCustom5 = permCustom5;
}
public boolean isPermCustom6() {
return permCustom6;
}
public void setPermCustom6(boolean permCustom6) {
this.permCustom6 = permCustom6;
}
public boolean isPermCustom7() {
return permCustom7;
}
public void setPermCustom7(boolean permCustom7) {
this.permCustom7 = permCustom7;
}
public boolean isPermCustom8() {
return permCustom8;
}
public void setPermCustom8(boolean permCustom8) {
this.permCustom8 = permCustom8;
}
}

2
lib/taskana-core/src/main/java/pro/taskana/model/mappings/QueryMapper.java
View File

@ -90,7 +90,7 @@ public interface QueryMapper {
@Result(property = "custom10", column = "CUSTOM_10") })
List<Task> queryTasks(TaskQueryImpl taskQuery);
@Select("<script>SELECT ID, PARENT_CLASSIFICATION_ID, CATEGORY, TYPE, CREATED, NAME, DESCRIPTION, PRIORITY, SERVICE_LEVEL "
@Select("<script>SELECT ID, PARENT_CLASSIFICATION_ID, CATEGORY, TYPE, DOMAIN, VALID_IN_DOMAIN, CREATED, NAME, DESCRIPTION, PRIORITY, SERVICE_LEVEL, CUSTOM_1, CUSTOM_2, CUSTOM_3, CUSTOM_4, CUSTOM_5, CUSTOM_6, CUSTOM_7, CUSTOM_8, VALID_FROM, VALID_UNTIL "
+ "FROM CLASSIFICATION "
+ "<where>"
+ "<if test='parentClassificationId != null'>AND PARENT_CLASSIFICATION_ID IN(<foreach item='item' collection='parentClassificationId' separator=',' >#{item}</foreach>)</if> "

162
lib/taskana-core/src/main/java/pro/taskana/model/mappings/WorkbasketAccessMapper.java
View File

@ -1,116 +1,132 @@
package pro.taskana.model.mappings;
import java.util.List;
import org.apache.ibatis.annotations.Delete;
import org.apache.ibatis.annotations.Insert;
import org.apache.ibatis.annotations.Options;
import org.apache.ibatis.annotations.Param;
import org.apache.ibatis.annotations.Result;
import org.apache.ibatis.annotations.Results;
import org.apache.ibatis.annotations.Select;
import org.apache.ibatis.annotations.Update;
import org.apache.ibatis.annotations.*;
import pro.taskana.model.WorkbasketAccessItem;
import java.util.List;
/**
* This class is the mybatis mapping of workbasket access items.
*/
public interface WorkbasketAccessMapper {
@Select("SELECT ID, WORKBASKET_ID, USER_ID, GROUP_ID, READ, OPEN, APPEND, TRANSFER, DISTRIBUTE FROM WORKBASKET_ACCESS_LIST WHERE ID = #{id}")
@Select("SELECT ID, WORKBASKET_ID, ACCESS_ID, PERM_READ, PERM_OPEN, PERM_APPEND, PERM_TRANSFER, PERM_DISTRIBUTE, PERM_CUSTOM_1, PERM_CUSTOM_2, PERM_CUSTOM_3, PERM_CUSTOM_4, PERM_CUSTOM_5, PERM_CUSTOM_6, PERM_CUSTOM_7, PERM_CUSTOM_8 FROM WORKBASKET_ACCESS_LIST WHERE ID = #{id}")
@Results(value = {
@Result(property = "id", column = "ID"),
@Result(property = "workbasketId", column = "WORKBASKET_ID"),
@Result(property = "userId", column = "USER_ID"),
@Result(property = "groupId", column = "GROUP_ID"),
@Result(property = "read", column = "READ"),
@Result(property = "open", column = "OPEN"),
@Result(property = "append", column = "APPEND"),
@Result(property = "transfer", column = "TRANSFER"),
@Result(property = "distribute", column = "DISTRIBUTE") })
@Result(property = "accessId", column = "ACCESS_ID"),
@Result(property = "permRead", column = "PERM_READ"),
@Result(property = "permOpen", column = "PERM_OPEN"),
@Result(property = "permAppend", column = "PERM_APPEND"),
@Result(property = "permTransfer", column = "PERM_TRANSFER"),
@Result(property = "permDistribute", column = "PERM_DISTRIBUTE"),
@Result(property = "permCustom1", column = "PERM_CUSTOM_1"),
@Result(property = "permCustom2", column = "PERM_CUSTOM_2"),
@Result(property = "permCustom3", column = "PERM_CUSTOM_3"),
@Result(property = "permCustom4", column = "PERM_CUSTOM_4"),
@Result(property = "permCustom5", column = "PERM_CUSTOM_5"),
@Result(property = "permCustom6", column = "PERM_CUSTOM_6"),
@Result(property = "permCustom7", column = "PERM_CUSTOM_7"),
@Result(property = "permCustom8", column = "PERM_CUSTOM_8")})
WorkbasketAccessItem findById(@Param("id") String id);
@Select("SELECT ID, WORKBASKET_ID, USER_ID, GROUP_ID, READ, OPEN, APPEND, TRANSFER, DISTRIBUTE FROM WORKBASKET_ACCESS_LIST WHERE USER_ID = #{userId}")
@Select("SELECT ID, WORKBASKET_ID, ACCESS_ID, PERM_READ, PERM_OPEN, PERM_APPEND, PERM_TRANSFER, PERM_DISTRIBUTE, PERM_CUSTOM_1, PERM_CUSTOM_2, PERM_CUSTOM_3, PERM_CUSTOM_4, PERM_CUSTOM_5, PERM_CUSTOM_6, PERM_CUSTOM_7, PERM_CUSTOM_8 FROM WORKBASKET_ACCESS_LIST WHERE ACCESS_ID = #{accessId}")
@Results(value = {
@Result(property = "id", column = "ID"),
@Result(property = "workbasketId", column = "WORKBASKET_ID"),
@Result(property = "userId", column = "USER_ID"),
@Result(property = "groupId", column = "GROUP_ID"),
@Result(property = "read", column = "READ"),
@Result(property = "open", column = "OPEN"),
@Result(property = "append", column = "APPEND"),
@Result(property = "transfer", column = "TRANSFER"),
@Result(property = "distribute", column = "DISTRIBUTE") })
List<WorkbasketAccessItem> findByUserId(@Param("userId") String userId);
@Result(property = "accessId", column = "ACCESS_ID"),
@Result(property = "permRead", column = "PERM_READ"),
@Result(property = "permOpen", column = "PERM_OPEN"),
@Result(property = "permAppend", column = "PERM_APPEND"),
@Result(property = "permTransfer", column = "PERM_TRANSFER"),
@Result(property = "permDistribute", column = "PERM_DISTRIBUTE"),
@Result(property = "permCustom1", column = "PERM_CUSTOM_1"),
@Result(property = "permCustom2", column = "PERM_CUSTOM_2"),
@Result(property = "permCustom3", column = "PERM_CUSTOM_3"),
@Result(property = "permCustom4", column = "PERM_CUSTOM_4"),
@Result(property = "permCustom5", column = "PERM_CUSTOM_5"),
@Result(property = "permCustom6", column = "PERM_CUSTOM_6"),
@Result(property = "permCustom7", column = "PERM_CUSTOM_7"),
@Result(property = "permCustom8", column = "PERM_CUSTOM_8")})
List<WorkbasketAccessItem> findByAccessId(@Param("accessId") String accessId);
@Select("SELECT ID, WORKBASKET_ID, USER_ID, GROUP_ID, READ, OPEN, APPEND, TRANSFER, DISTRIBUTE FROM WORKBASKET_ACCESS_LIST WHERE WORKBASKET_ID = #{id}")
@Select("SELECT ID, WORKBASKET_ID, ACCESS_ID, PERM_READ, PERM_OPEN, PERM_APPEND, PERM_TRANSFER, PERM_DISTRIBUTE, PERM_CUSTOM_1, PERM_CUSTOM_2, PERM_CUSTOM_3, PERM_CUSTOM_4, PERM_CUSTOM_5, PERM_CUSTOM_6, PERM_CUSTOM_7, PERM_CUSTOM_8 FROM WORKBASKET_ACCESS_LIST WHERE WORKBASKET_ID = #{id}")
@Results(value = {
@Result(property = "id", column = "ID"),
@Result(property = "workbasketId", column = "WORKBASKET_ID"),
@Result(property = "userId", column = "USER_ID"),
@Result(property = "groupId", column = "GROUP_ID"),
@Result(property = "read", column = "READ"),
@Result(property = "open", column = "OPEN"),
@Result(property = "append", column = "APPEND"),
@Result(property = "transfer", column = "TRANSFER"),
@Result(property = "distribute", column = "DISTRIBUTE") })
@Result(property = "accessId", column = "ACCESS_ID"),
@Result(property = "permRead", column = "PERM_READ"),
@Result(property = "permOpen", column = "PERM_OPEN"),
@Result(property = "permAppend", column = "PERM_APPEND"),
@Result(property = "permTransfer", column = "PERM_TRANSFER"),
@Result(property = "permDistribute", column = "PERM_DISTRIBUTE"),
@Result(property = "permCustom1", column = "PERM_CUSTOM_1"),
@Result(property = "permCustom2", column = "PERM_CUSTOM_2"),
@Result(property = "permCustom3", column = "PERM_CUSTOM_3"),
@Result(property = "permCustom4", column = "PERM_CUSTOM_4"),
@Result(property = "permCustom5", column = "PERM_CUSTOM_5"),
@Result(property = "permCustom6", column = "PERM_CUSTOM_6"),
@Result(property = "permCustom7", column = "PERM_CUSTOM_7"),
@Result(property = "permCustom8", column = "PERM_CUSTOM_8")})
List<WorkbasketAccessItem> findByWorkbasketId(@Param("id") String id);
@Select("SELECT ID, WORKBASKET_ID, USER_ID, GROUP_ID, READ, OPEN, APPEND, TRANSFER, DISTRIBUTE FROM WORKBASKET_ACCESS_LIST ORDER BY ID")
@Select("SELECT ID, WORKBASKET_ID, ACCESS_ID, PERM_READ, PERM_OPEN, PERM_APPEND, PERM_TRANSFER, PERM_DISTRIBUTE, PERM_CUSTOM_1, PERM_CUSTOM_2, PERM_CUSTOM_3, PERM_CUSTOM_4, PERM_CUSTOM_5, PERM_CUSTOM_6, PERM_CUSTOM_7, PERM_CUSTOM_8 FROM WORKBASKET_ACCESS_LIST ORDER BY ID")
@Results(value = {
@Result(property = "id", column = "ID"),
@Result(property = "workbasketId", column = "WORKBASKET_ID"),
@Result(property = "userId", column = "USER_ID"),
@Result(property = "groupId", column = "GROUP_ID"),
@Result(property = "read", column = "READ"),
@Result(property = "open", column = "OPEN"),
@Result(property = "append", column = "APPEND"),
@Result(property = "transfer", column = "TRANSFER"),
@Result(property = "distribute", column = "DISTRIBUTE") })
@Result(property = "accessId", column = "ACCESS_ID"),
@Result(property = "permRead", column = "PERM_READ"),
@Result(property = "permOpen", column = "PERM_OPEN"),
@Result(property = "permAppend", column = "PERM_APPEND"),
@Result(property = "permTransfer", column = "PERM_TRANSFER"),
@Result(property = "permDistribute", column = "PERM_DISTRIBUTE"),
@Result(property = "permCustom1", column = "PERM_CUSTOM_1"),
@Result(property = "permCustom2", column = "PERM_CUSTOM_2"),
@Result(property = "permCustom3", column = "PERM_CUSTOM_3"),
@Result(property = "permCustom4", column = "PERM_CUSTOM_4"),
@Result(property = "permCustom5", column = "PERM_CUSTOM_5"),
@Result(property = "permCustom6", column = "PERM_CUSTOM_6"),
@Result(property = "permCustom7", column = "PERM_CUSTOM_7"),
@Result(property = "permCustom8", column = "PERM_CUSTOM_8")})
List<WorkbasketAccessItem> findAll();
@Insert("INSERT INTO WORKBASKET_ACCESS_LIST (ID, WORKBASKET_ID, USER_ID, GROUP_ID, READ, OPEN, APPEND, TRANSFER, DISTRIBUTE) "
+ "VALUES (#{workbasketAccessItem.id}, #{workbasketAccessItem.workbasketId}, #{workbasketAccessItem.userId}, #{workbasketAccessItem.groupId}, #{workbasketAccessItem.read}, #{workbasketAccessItem.open}, #{workbasketAccessItem.append}, #{workbasketAccessItem.transfer}, #{workbasketAccessItem.distribute})")
@Insert("INSERT INTO WORKBASKET_ACCESS_LIST (ID, WORKBASKET_ID, ACCESS_ID, PERM_READ, PERM_OPEN, PERM_APPEND, PERM_TRANSFER, PERM_DISTRIBUTE, PERM_CUSTOM_1, PERM_CUSTOM_2, PERM_CUSTOM_3, PERM_CUSTOM_4, PERM_CUSTOM_5, PERM_CUSTOM_6, PERM_CUSTOM_7, PERM_CUSTOM_8) "
+ "VALUES (#{workbasketAccessItem.id}, #{workbasketAccessItem.workbasketId}, #{workbasketAccessItem.accessId}, #{workbasketAccessItem.permRead}, #{workbasketAccessItem.permOpen}, #{workbasketAccessItem.permAppend}, #{workbasketAccessItem.permTransfer}, #{workbasketAccessItem.permDistribute}, #{workbasketAccessItem.permCustom1}, #{workbasketAccessItem.permCustom2}, #{workbasketAccessItem.permCustom3}, #{workbasketAccessItem.permCustom4}, #{workbasketAccessItem.permCustom5}, #{workbasketAccessItem.permCustom6}, #{workbasketAccessItem.permCustom7}, #{workbasketAccessItem.permCustom8})")
@Options(keyProperty = "id", keyColumn = "ID")
void insert(@Param("workbasketAccessItem") WorkbasketAccessItem workbasketAccessItem);
@Update("UPDATE WORKBASKET_ACCESS_LIST SET WORKBASKET_ID = #{workbasketAccessItem.workbasketId}, USER_ID = #{workbasketAccessItem.userId}, GROUP_ID = #{workbasketAccessItem.groupId}, READ = #{workbasketAccessItem.read}, OPEN = #{workbasketAccessItem.open}, APPEND = #{workbasketAccessItem.append}, TRANSFER = #{workbasketAccessItem.transfer}, DISTRIBUTE = #{workbasketAccessItem.distribute} "
@Update("UPDATE WORKBASKET_ACCESS_LIST SET WORKBASKET_ID = #{workbasketAccessItem.workbasketId}, ACCESS_ID = #{workbasketAccessItem.accessId}, PERM_READ = #{workbasketAccessItem.permRead}, PERM_OPEN = #{workbasketAccessItem.permOpen}, PERM_APPEND = #{workbasketAccessItem.permAppend}, PERM_TRANSFER = #{workbasketAccessItem.permTransfer}, PERM_DISTRIBUTE = #{workbasketAccessItem.permDistribute}, PERM_CUSTOM_1 = #{workbasketAccessItem.permCustom1}, PERM_CUSTOM_2 = #{workbasketAccessItem.permCustom2}, PERM_CUSTOM_3 = #{workbasketAccessItem.permCustom3}, PERM_CUSTOM_4 = #{workbasketAccessItem.permCustom4}, PERM_CUSTOM_5 = #{workbasketAccessItem.permCustom5}, PERM_CUSTOM_6 = #{workbasketAccessItem.permCustom6}, PERM_CUSTOM_7 = #{workbasketAccessItem.permCustom7}, PERM_CUSTOM_8 = #{workbasketAccessItem.permCustom8} "
+ "WHERE id = #{workbasketAccessItem.id}")
void update(@Param("workbasketAccessItem") WorkbasketAccessItem workbasketAccessItem);
@Delete("DELETE FROM WORKBASKET_ACCESS_LIST where id = #{id}")
void delete(@Param("id") String id);
@Select("<script>SELECT ID, WORKBASKET_ID, USER_ID, GROUP_ID, READ, OPEN, APPEND, TRANSFER, DISTRIBUTE "
@Select("<script>SELECT ID, WORKBASKET_ID, ACCESS_ID, PERM_READ, PERM_OPEN, PERM_APPEND, PERM_TRANSFER, PERM_DISTRIBUTE, PERM_CUSTOM_1, PERM_CUSTOM_2, PERM_CUSTOM_3, PERM_CUSTOM_4, PERM_CUSTOM_5, PERM_CUSTOM_6, PERM_CUSTOM_7, PERM_CUSTOM_8 "
+ "FROM WORKBASKET_ACCESS_LIST "
+ "WHERE WORKBASKET_ID = #{workbasketId} "
+ "AND USER_ID = #{userId} "
+ "AND <if test=\"authorization == 'OPEN'\">OPEN</if>"
+ "<if test=\"authorization == 'READ'\">READ</if>"
+ "<if test=\"authorization == 'APPEND'\">APPEND</if>"
+ "<if test=\"authorization == 'TRANSFER'\">TRANSFER</if>"
+ "<if test=\"authorization == 'DISTRIBUTE'\">DISTRIBUTE</if> = 1</script>")
+ "AND ACCESS_ID IN(<foreach item='item' collection='accessIds' separator=',' >#{item}</foreach>)"
+ "AND <if test=\"authorization == 'OPEN'\">PERM_OPEN</if>"
+ "<if test=\"authorization == 'READ'\">PERM_READ</if>"
+ "<if test=\"authorization == 'APPEND'\">PERM_APPEND</if>"
+ "<if test=\"authorization == 'TRANSFER'\">PERM_TRANSFER</if>"
+ "<if test=\"authorization == 'DISTRIBUTE'\">PERM_DISTRIBUTE</if> = 1</script>")
@Results(value = {
@Result(property = "id", column = "ID"),
@Result(property = "workbasketId", column = "WORKBASKET_ID"),
@Result(property = "userId", column = "USER_ID"),
@Result(property = "groupId", column = "GROUP_ID"),
@Result(property = "read", column = "READ"),
@Result(property = "open", column = "OPEN"),
@Result(property = "append", column = "APPEND"),
@Result(property = "transfer", column = "TRANSFER"),
@Result(property = "distribute", column = "DISTRIBUTE") })
List<WorkbasketAccessItem> findByWorkbasketAndUserAndAuthorization(@Param("workbasketId") String workbasketId, @Param("userId") String userId, @Param("authorization") String authorization);
@Result(property = "accessId", column = "ACCESS_ID"),
@Result(property = "permRead", column = "PERM_READ"),
@Result(property = "permOpen", column = "PERM_OPEN"),
@Result(property = "permAppend", column = "PERM_APPEND"),
@Result(property = "permTransfer", column = "PERM_TRANSFER"),
@Result(property = "permDistribute", column = "PERM_DISTRIBUTE"),
@Result(property = "permCustom1", column = "PERM_CUSTOM_1"),
@Result(property = "permCustom2", column = "PERM_CUSTOM_2"),
@Result(property = "permCustom3", column = "PERM_CUSTOM_3"),
@Result(property = "permCustom4", column = "PERM_CUSTOM_4"),
@Result(property = "permCustom5", column = "PERM_CUSTOM_5"),
@Result(property = "permCustom6", column = "PERM_CUSTOM_6"),
@Result(property = "permCustom7", column = "PERM_CUSTOM_7"),
@Result(property = "permCustom8", column = "PERM_CUSTOM_8")})
List<WorkbasketAccessItem> findByWorkbasketAndAccessIdAndAuthorizations(@Param("workbasketId") String workbasketId, @Param("accessIds") List<String> accessIds, @Param("authorization") String authorization);
@Select("SELECT ID, WORKBASKET_ID, USER_ID, GROUP_ID, READ, OPEN, APPEND, TRANSFER, DISTRIBUTE FROM WORKBASKET_ACCESS_LIST WHERE WORKBASKET_ID = #{workbasketId} AND GROUP_ID = #{groupId}")
@Results(value = {
@Result(property = "id", column = "ID"),
@Result(property = "workbasketId", column = "WORKBASKET_ID"),
@Result(property = "userId", column = "USER_ID"),
@Result(property = "groupId", column = "GROUP_ID"),
@Result(property = "read", column = "READ"),
@Result(property = "open", column = "OPEN"),
@Result(property = "append", column = "APPEND"),
@Result(property = "transfer", column = "TRANSFER"),
@Result(property = "distribute", column = "DISTRIBUTE") })
List<WorkbasketAccessItem> findByWorkbasketAndGroup(@Param("workbasketId") String workbasketId, @Param("groupId") String groupId);
}

18
lib/taskana-core/src/main/java/pro/taskana/model/mappings/WorkbasketMapper.java
View File

@ -1,19 +1,11 @@
package pro.taskana.model.mappings;
import java.util.List;
import org.apache.ibatis.annotations.Delete;
import org.apache.ibatis.annotations.Insert;
import org.apache.ibatis.annotations.Many;
import org.apache.ibatis.annotations.Options;
import org.apache.ibatis.annotations.Param;
import org.apache.ibatis.annotations.Result;
import org.apache.ibatis.annotations.Results;
import org.apache.ibatis.annotations.Select;
import org.apache.ibatis.annotations.Update;
import org.apache.ibatis.annotations.*;
import org.apache.ibatis.mapping.FetchType;
import pro.taskana.model.Workbasket;
import pro.taskana.model.WorkbasketAuthorization;
import java.util.List;
/**
* This class is the mybatis mapping of workbaskets.
*/
@ -52,7 +44,7 @@ public interface WorkbasketMapper {
List<Workbasket> findAll();
@Select("<script>SELECT W.ID, W.CREATED, W.MODIFIED, W.NAME, W.DESCRIPTION, W.OWNER FROM WORKBASKET AS W "
+ "INNER JOIN WORKBASKET_ACCESS_LIST AS ACL " + "ON (W.ID = ACL.WORKBASKET_ID AND USER_ID = #{userId}) "
+ "INNER JOIN WORKBASKET_ACCESS_LIST AS ACL " + "ON (W.ID = ACL.WORKBASKET_ID AND ACL.ACCESS_ID = #{accessId}) "
+ "WHERE <foreach collection='authorizations' item='authorization' separator=' AND '>"
+ "<if test=\"authorization.name() == 'OPEN'\">OPEN</if>"
+ "<if test=\"authorization.name() == 'READ'\">READ</if>"
@ -68,7 +60,7 @@ public interface WorkbasketMapper {
@Result(property = "description", column = "DESCRIPTION"),
@Result(property = "owner", column = "OWNER"),
@Result(property = "distributionTargets", column = "ID", javaType = List.class, many = @Many(fetchType = FetchType.DEFAULT, select = "findByDistributionTargets")) })
List<Workbasket> findByPermission(@Param("authorizations") List<WorkbasketAuthorization> authorizations, @Param("userId") String userId);
List<Workbasket> findByPermission(@Param("authorizations") List<WorkbasketAuthorization> authorizations, @Param("accessId") String accessId);
@Insert("INSERT INTO WORKBASKET (ID, CREATED, MODIFIED, NAME, DESCRIPTION, OWNER) VALUES (#{workbasket.id}, #{workbasket.created}, #{workbasket.modified}, #{workbasket.name}, #{workbasket.description}, #{workbasket.owner})")
@Options(keyProperty = "id", keyColumn = "ID")

25
lib/taskana-core/src/main/java/pro/taskana/security/CurrentUserContext.java
View File

@ -1,15 +1,15 @@
package pro.taskana.security;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.security.auth.Subject;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
/**
* Provides the context information about the current (calling) user. The
* context is gathered from the JAAS subject.
@ -105,4 +105,15 @@ public final class CurrentUserContext {
return null;
}
public static List<String> getAccessIds() {
List<String> accessIds = new ArrayList<>();
accessIds.add(getUserid());
if (getGroupIds() != null) {
accessIds.addAll(getGroupIds());
}
if (accessIds.isEmpty()) {
return null;
}
return accessIds;
}
}

21
lib/taskana-core/src/main/resources/sql/taskana-schema.sql
View File

@ -81,13 +81,20 @@ CREATE TABLE CLASSIFICATION(
CREATE TABLE WORKBASKET_ACCESS_LIST(
ID CHAR(40) NOT NULL,
WORKBASKET_ID CHAR(40) NOT NULL,
USER_ID VARCHAR(255) NULL,
GROUP_ID VARCHAR(255) NULL,
READ BOOLEAN NOT NULL,
OPEN BOOLEAN NOT NULL,
APPEND BOOLEAN NOT NULL,
TRANSFER BOOLEAN NOT NULL,
DISTRIBUTE BOOLEAN NOT NULL,
ACCESS_ID VARCHAR(255) NULL,
PERM_READ BOOLEAN NOT NULL,
PERM_OPEN BOOLEAN NOT NULL,
PERM_APPEND BOOLEAN NOT NULL,
PERM_TRANSFER BOOLEAN NOT NULL,
PERM_DISTRIBUTE BOOLEAN NOT NULL,
PERM_CUSTOM_1 BOOLEAN NOT NULL,
PERM_CUSTOM_2 BOOLEAN NOT NULL,
PERM_CUSTOM_3 BOOLEAN NOT NULL,
PERM_CUSTOM_4 BOOLEAN NOT NULL,
PERM_CUSTOM_5 BOOLEAN NOT NULL,
PERM_CUSTOM_6 BOOLEAN NOT NULL,
PERM_CUSTOM_7 BOOLEAN NOT NULL,
PERM_CUSTOM_8 BOOLEAN NOT NULL,
PRIMARY KEY (ID)
);

35
lib/taskana-core/src/test/java/pro/taskana/impl/WorkbasketServiceImplTest.java
View File

@ -1,14 +1,5 @@
package pro.taskana.impl;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.doNothing;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import java.util.ArrayList;
import java.util.List;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
@ -26,6 +17,12 @@ import pro.taskana.model.mappings.DistributionTargetMapper;
import pro.taskana.model.mappings.WorkbasketAccessMapper;
import pro.taskana.model.mappings.WorkbasketMapper;
import java.util.ArrayList;
import java.util.List;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.*;
/**
* Unit Test for workbasketServiceImpl.
* @author EH
@ -226,9 +223,9 @@ public class WorkbasketServiceImplTest {
WorkbasketAccessItem accessItem = new WorkbasketAccessItem();
accessItem.setWorkbasketId("1");
accessItem.setUserId("Arthur Dent");
accessItem.setOpen(true);
accessItem.setRead(true);
accessItem.setAccessId("Arthur Dent");
accessItem.setPermOpen(true);
accessItem.setPermRead(true);
accessItem = workbasketServiceImpl.createWorkbasketAuthorization(accessItem);
Assert.assertNotNull(accessItem.getId());
@ -241,18 +238,18 @@ public class WorkbasketServiceImplTest {
WorkbasketAccessItem accessItem = new WorkbasketAccessItem();
accessItem.setWorkbasketId("1");
accessItem.setUserId("Arthur Dent");
accessItem.setOpen(true);
accessItem.setRead(true);
accessItem.setAccessId("Arthur Dent");
accessItem.setPermOpen(true);
accessItem.setPermRead(true);
accessItem = workbasketServiceImpl.createWorkbasketAuthorization(accessItem);
Assert.assertNotNull(accessItem.getId());
doNothing().when(workbasketAccessMapper).update(any());
accessItem.setUserId("Zaphod Beeblebrox");
accessItem.setAccessId("Zaphod Beeblebrox");
workbasketServiceImpl.updateWorkbasketAuthorization(accessItem);
Assert.assertEquals("Zaphod Beeblebrox", accessItem.getUserId());
Assert.assertEquals("Zaphod Beeblebrox", accessItem.getAccessId());
}
@Test(expected = NotAuthorizedException.class)
@ -269,7 +266,7 @@ public class WorkbasketServiceImplTest {
when(taskanaEngine.getConfiguration()).thenReturn(taskanaEngineConfiguration);
when(taskanaEngine.getConfiguration().isSecurityEnabled()).thenReturn(true);
when(workbasketAccessMapper.findByWorkbasketAndUserAndAuthorization(any(), any(), any()))
when(workbasketAccessMapper.findByWorkbasketAndAccessIdAndAuthorizations(any(), any(), any()))
.thenReturn(new ArrayList<WorkbasketAccessItem>() {
{
add(new WorkbasketAccessItem());
@ -278,7 +275,7 @@ public class WorkbasketServiceImplTest {
workbasketServiceImpl.checkAuthorization("1", WorkbasketAuthorization.READ);
verify(workbasketAccessMapper, times(1)).findByWorkbasketAndUserAndAuthorization(any(), any(), any());
verify(workbasketAccessMapper, times(1)).findByWorkbasketAndAccessIdAndAuthorizations(any(), any(), any());
}
@Test

37
lib/taskana-core/src/test/java/pro/taskana/impl/integration/WorkbasketServiceImplIntTest.java
View File

@ -1,19 +1,7 @@
package pro.taskana.impl.integration;
import java.io.FileNotFoundException;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
import javax.security.auth.login.LoginException;
import javax.sql.DataSource;
import org.h2.store.fs.FileUtils;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.*;
import pro.taskana.TaskanaEngine;
import pro.taskana.WorkbasketService;
import pro.taskana.configuration.TaskanaEngineConfiguration;
@ -26,6 +14,13 @@ import pro.taskana.impl.util.IdGenerator;
import pro.taskana.model.Workbasket;
import pro.taskana.model.WorkbasketAccessItem;
import javax.security.auth.login.LoginException;
import javax.sql.DataSource;
import java.io.FileNotFoundException;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
/**
* Integration Test for workbasketServiceImpl.
@ -181,9 +176,9 @@ public class WorkbasketServiceImplIntTest {
WorkbasketAccessItem accessItem = new WorkbasketAccessItem();
String id1 = IdGenerator.generateWithPrefix("TWB");
accessItem.setWorkbasketId(id1);
accessItem.setUserId("Arthur Dent");
accessItem.setOpen(true);
accessItem.setRead(true);
accessItem.setAccessId("Arthur Dent");
accessItem.setPermOpen(true);
accessItem.setPermRead(true);
workBasketService.createWorkbasketAuthorization(accessItem);
Assert.assertEquals(1, workBasketService.getAllAuthorizations().size());
@ -194,18 +189,18 @@ public class WorkbasketServiceImplIntTest {
WorkbasketAccessItem accessItem = new WorkbasketAccessItem();
String id1 = IdGenerator.generateWithPrefix("TWB");
accessItem.setWorkbasketId(id1);
accessItem.setUserId("Arthur Dent");
accessItem.setOpen(true);
accessItem.setRead(true);
accessItem.setAccessId("Arthur Dent");
accessItem.setPermOpen(true);
accessItem.setPermRead(true);
workBasketService.createWorkbasketAuthorization(accessItem);
Assert.assertEquals(1, workBasketService.getAllAuthorizations().size());
accessItem.setUserId("Zaphod Beeblebrox");
accessItem.setAccessId("Zaphod Beeblebrox");
workBasketService.updateWorkbasketAuthorization(accessItem);
Assert.assertEquals("Zaphod Beeblebrox",
workBasketService.getWorkbasketAuthorization(accessItem.getId()).getUserId());
workBasketService.getWorkbasketAuthorization(accessItem.getId()).getAccessId());
}
@After

6
rest/src/main/resources/sql/sample-data/workbasket-access-list.sql
View File

@ -1,3 +1,3 @@
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('1', '1', 'Elena', null, true, true, true, true, true);
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('2', '2', 'Max', null, true, true, true, true, true);
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('3', '3', 'Simone', null, true, true, true, true, true);
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('1', '1', 'Elena', true, true, true, true, true, false, false, false, false, false, false, false, false);
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('2', '2', 'Max', true, true, true, true, true, true, true, true, true, false, false, false, false);
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('3', '3', 'Simone', true, true, true, true, true, true, true, true, true, true, true, true, true);