TSK-1909: optimize authorization in db2 query

2022-06-28 12:10:39 +02:00 · 2022-06-28 12:10:39 +02:00 · 8d87d15e7c
parent 48fa1fb031
commit 8d87d15e7c
2 changed files with 46 additions and 7 deletions
--- a/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java
+++ b/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java
@ -149,6 +149,15 @@ class TaskQueryImplAccTest {
              taskSummary1, taskSummary2, taskSummary3, taskSummary4, taskSummary5);
    }

+    @WithAccessId(user = "admin")
+    @Test
+    void should_CountAllTasksFromWorkbasketAsAdmin_When_NoAccessItemForWorkbasketExists() {
+      long result =
+          taskService.createTaskQuery().workbasketIdIn(wbWithoutPermissions.getId()).count();
+
+      assertThat(result).isEqualTo(3);
+    }
+
    @WithAccessId(user = "user-1-1")
    @Test
    void should_OnlyReturnTasksFromCorrectWorkbaskets_When_UserHasNoPermissionToOneWorkbasket() {
--- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java
@ -102,13 +102,32 @@ public class TaskQuerySqlProvider {
        + "LEFT JOIN USER_INFO AS u ON t.owner = u.USER_ID "
        + "</if>"
        + OPENING_WHERE_TAG
-        + checkForAuthorization()
        + commonTaskWhereStatement()
        + CLOSING_WHERE_TAG
-        + ")"
+        + "), Y ("
+        + db2selectFields()
+        + ", FLAG ) AS ("
        + "SELECT "
        + db2selectFields()
-        + "FROM X "
+        + ", ("
+        + "<if test='accessIdIn != null'> "
+        + "SELECT 1 "
+        + "FROM WORKBASKET_ACCESS_LIST s "
+        + "WHERE "
+        + "s.ACCESS_ID IN "
+        + "(<foreach item='item' collection='accessIdIn' separator=',' >#{item}</foreach>) "
+        + "and "
+        + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 fetch first 1 rows only"
+        + "</if>"
+        + "<if test='accessIdIn == null'> "
+        + "VALUES(1)"
+        + "</if>"
+        + " ) "
+        + "FROM X )"
+        + "SELECT "
+        + db2selectFields()
+        + "FROM Y "
+        + "WHERE FLAG = 1 "
        + "<if test='!orderBy.isEmpty()'>"
        + "ORDER BY <foreach item='item' collection='orderBy' separator=',' >${item}</foreach>"
        + "</if> "
@ -168,12 +187,23 @@ public class TaskQuerySqlProvider {
        + "LEFT JOIN USER_INFO AS u ON t.owner = u.USER_ID "
        + "</if>"
        + OPENING_WHERE_TAG
-        + checkForAuthorization()
        + commonTaskWhereStatement()
        + CLOSING_WHERE_TAG
-        + ")"
-        + "SELECT COUNT(*) "
-        + "FROM X with UR"
+        + "), Y (ID, FLAG) AS ("
+        + "SELECT ID, ("
+        + "<if test='accessIdIn != null'>"
+        + "SELECT 1 FROM WORKBASKET_ACCESS_LIST s "
+        + "WHERE s.ACCESS_ID IN "
+        + "(<foreach item='item' collection='accessIdIn' separator=',' >#{item}</foreach>) "
+        + "and "
+        + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 fetch first 1 rows only "
+        + "</if> "
+        + "<if test='accessIdIn == null'>"
+        + "VALUES(1)"
+        + "</if> "
+        + ") "
+        + "FROM X ) SELECT COUNT(*) "
+        + "FROM Y WHERE FLAG = 1 with UR"
        + CLOSING_SCRIPT_TAG;
  }