nosu
/
taskana
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

TSK-1957: extend getUser() method with domain information 

- extended WorkbasketQuery methods 'accessIdsHavePermission' & 'callerHasPermission' to accept multiple permissions
- added domain attribute to User API
- extended UserService to aggregate domain information

Co-authored-by: Mustapha Zorgati <15628173+mustaphazorgati@users.noreply.github.com>
This commit is contained in:
Norman Schmidt 2022-09-22 12:04:00 +02:00 committed by norman-schmidt
parent 5a14c00fa1
commit 90a64a9b88
15 changed files with 701 additions and 371 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

635
lib/taskana-core-test/src/test/java/acceptance/user/UserServiceAccTest.java
View File

@ -2,320 +2,483 @@ package acceptance.user;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.assertj.core.api.Assertions.catchThrowableOfType;
import static pro.taskana.common.internal.util.CheckedSupplier.wrap;
import static pro.taskana.testapi.DefaultTestEntities.defaultTestWorkbasket;
import static pro.taskana.testapi.DefaultTestEntities.randomTestUser;
import static pro.taskana.testapi.builder.UserBuilder.newUser;
import java.util.Arrays; import java.util.Arrays;
import java.util.Iterator; import java.util.Iterator;
import java.util.List;
import java.util.stream.Stream; import java.util.stream.Stream;
import org.assertj.core.api.ThrowableAssert.ThrowingCallable; import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.DynamicTest; import org.junit.jupiter.api.DynamicTest;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestFactory; import org.junit.jupiter.api.TestFactory;
import org.junit.jupiter.api.TestInstance;
import org.junit.jupiter.api.TestInstance.Lifecycle;
import org.junit.jupiter.api.function.ThrowingConsumer; import org.junit.jupiter.api.function.ThrowingConsumer;
import pro.taskana.TaskanaEngineConfiguration;
import pro.taskana.common.api.TaskanaEngine;
import pro.taskana.common.api.TaskanaRole; import pro.taskana.common.api.TaskanaRole;
import pro.taskana.common.api.exceptions.InvalidArgumentException; import pro.taskana.common.api.exceptions.InvalidArgumentException;
import pro.taskana.common.api.exceptions.MismatchedRoleException; import pro.taskana.common.api.exceptions.MismatchedRoleException;
import pro.taskana.testapi.TaskanaEngineConfigurationModifier;
import pro.taskana.testapi.TaskanaInject; import pro.taskana.testapi.TaskanaInject;
import pro.taskana.testapi.TaskanaIntegrationTest; import pro.taskana.testapi.TaskanaIntegrationTest;
import pro.taskana.testapi.builder.WorkbasketAccessItemBuilder;
import pro.taskana.testapi.security.WithAccessId; import pro.taskana.testapi.security.WithAccessId;
import pro.taskana.user.api.UserService; import pro.taskana.user.api.UserService;
import pro.taskana.user.api.exceptions.UserAlreadyExistException; import pro.taskana.user.api.exceptions.UserAlreadyExistException;
import pro.taskana.user.api.exceptions.UserNotFoundException; import pro.taskana.user.api.exceptions.UserNotFoundException;
import pro.taskana.user.api.models.User; import pro.taskana.user.api.models.User;
import pro.taskana.workbasket.api.WorkbasketPermission;
import pro.taskana.workbasket.api.WorkbasketService;
import pro.taskana.workbasket.api.models.Workbasket;
import pro.taskana.workbasket.api.models.WorkbasketAccessItem;
/** Acceptance test which tests the functionality of the UserService. */ /** Acceptance test which tests the functionality of the UserService. */
@TaskanaIntegrationTest @TaskanaIntegrationTest
class UserServiceAccTest { class UserServiceAccTest {
@TaskanaInject WorkbasketService workbasketService;
@TaskanaInject UserService userService; @TaskanaInject UserService userService;
@TaskanaInject TaskanaEngine taskanaEngine;
protected User createExampleUser(String id) { private WorkbasketAccessItem createAccessItem(
User user = userService.newUser(); User user, Workbasket workbasket, WorkbasketPermission... permissions) throws Exception {
user.setId(id); WorkbasketAccessItemBuilder builder =
user.setFirstName("Hans"); WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
user.setLastName("Georg"); .accessId(user.getId())
user.setFullName("Georg, Hans"); .workbasketId(workbasket.getId());
user.setLongName("Georg, Hans - (user-10-20)"); for (WorkbasketPermission permission : permissions) {
user.setEmail("hans.georg@web.com"); builder.permission(permission);
user.setPhone("1234"); }
user.setMobilePhone("01574275632");
user.setOrgLevel4("level4");
user.setOrgLevel3("level3");
user.setOrgLevel2("level2");
user.setOrgLevel1("level1");
user.setData("ab");
return user; return builder.buildAndStore(workbasketService, "businessadmin");
} }
@WithAccessId(user = "admin") @Nested
@BeforeAll @TestInstance(Lifecycle.PER_CLASS)
void setup() throws Exception { class GetUser {
User testuser1 = userService.newUser();
testuser1.setId("testuser1");
testuser1.setFirstName("Max");
testuser1.setLastName("Mustermann");
testuser1.setFullName("Max, Mustermann");
testuser1.setLongName("Max, Mustermann - (testuser1)");
testuser1.setEmail("max.mustermann@web.com");
testuser1.setPhone("040-2951854");
testuser1.setMobilePhone("015637683197");
testuser1.setOrgLevel4("Novatec");
testuser1.setOrgLevel3("BPM");
testuser1.setOrgLevel2("Human Workflow");
testuser1.setOrgLevel1("TASKANA");
testuser1.setData("");
userService.createUser(testuser1);
User testuser2 = userService.newUser(); @WithAccessId(user = "user-1-1")
testuser2.setId("testuser2"); @Test
testuser2.setFirstName("Elena"); void should_ThrowUserNotFoundException_When_TryingToGetUserWithNonExistingId() {
testuser2.setLastName("Eifrig"); ThrowingCallable callable = () -> userService.getUser("NOT_EXISTING");
testuser2.setFullName("Elena, Eifrig");
testuser2.setLongName("Elena, Eifrig - (testuser2)"); assertThatThrownBy(callable)
testuser2.setEmail("elena.eifrig@web.com"); .isInstanceOf(UserNotFoundException.class)
testuser2.setPhone("040-2951854"); .extracting(UserNotFoundException.class::cast)
testuser2.setMobilePhone("015637683197"); .extracting(UserNotFoundException::getUserId)
testuser2.setOrgLevel4("Novatec"); .isEqualTo("NOT_EXISTING");
testuser2.setOrgLevel3("BPM"); }
testuser2.setOrgLevel2("Human Workflow");
testuser2.setOrgLevel1("TASKANA"); @WithAccessId(user = "user-1-1")
testuser2.setData(""); @Test
userService.createUser(testuser2); void should_ReturnUserWithAllFields_When_TryingToGetUserWithIdExisting() throws Exception {
final User userToGet =
newUser()
.id("max-mustermann")
.firstName("Max")
.lastName("Mustermann")
.fullName("Max Mustermann")
.longName("Mustermann, Max")
.email("max@mustermann.de")
.phone("123456798")
.mobilePhone("987654321")
.orgLevel1("org1")
.orgLevel2("org2")
.orgLevel3("org3")
.orgLevel4("org4")
.data("this is some extra data about max")
.buildAndStore(userService, "businessadmin");
User userInDatabase = userService.getUser(userToGet.getId());
assertThat(userInDatabase).hasNoNullFieldsOrProperties().isEqualTo(userToGet);
}
} }
@WithAccessId(user = "user-1-2") @Nested
@Test @TestInstance(Lifecycle.PER_CLASS)
void should_ReturnUserWithAllFields_When_IdExisting() throws Exception { class CreateUser {
User userInDatabase = userService.getUser("testuser1");
User userToCompare = userService.newUser(); @WithAccessId(user = "businessadmin")
userToCompare.setId("testuser1"); @Test
userToCompare.setFirstName("Max"); void should_InsertUserInDatabase_When_CreatingUser() throws Exception {
userToCompare.setLastName("Mustermann"); User userToCreate = userService.newUser();
userToCompare.setFullName("Max, Mustermann"); userToCreate.setId("anton");
userToCompare.setLongName("Max, Mustermann - (testuser1)"); userToCreate.setFirstName("Anton");
userToCompare.setEmail("max.mustermann@web.com"); userToCreate.setLastName("Miller");
userToCompare.setPhone("040-2951854"); userService.createUser(userToCreate);
userToCompare.setMobilePhone("015637683197");
userToCompare.setOrgLevel4("Novatec");
userToCompare.setOrgLevel3("BPM");
userToCompare.setOrgLevel2("Human Workflow");
userToCompare.setOrgLevel1("TASKANA");
userToCompare.setData("");
assertThat(userInDatabase).hasNoNullFieldsOrProperties().isEqualTo(userToCompare); User userInDatabase = userService.getUser(userToCreate.getId());
assertThat(userToCreate).isNotSameAs(userInDatabase).isEqualTo(userInDatabase);
}
@WithAccessId(user = "businessadmin")
@Test
void should_SetTheLongAndFullNameAccordingToRules_When_CreatingUserWithThoseFieldsEmpty()
throws Exception {
User userToCreate = userService.newUser();
userToCreate.setId("martina");
userToCreate.setFirstName("Martina");
userToCreate.setLastName("Schmidt");
User createdUser = userService.createUser(userToCreate);
assertThat(createdUser.getLongName()).isEqualTo("Schmidt, Martina - (martina)");
assertThat(createdUser.getFullName()).isEqualTo("Schmidt, Martina");
}
@WithAccessId(user = "businessadmin")
@Test
void should_ThrowInvalidArgumentException_When_TryingToCreateUserWithFirstNameNull() {
User userToCreate = userService.newUser();
userToCreate.setId("user-1");
userToCreate.setFirstName(null);
userToCreate.setLastName("Schmidt");
ThrowingCallable callable = () -> userService.createUser(userToCreate);
assertThatThrownBy(callable)
.isInstanceOf(InvalidArgumentException.class)
.hasMessage("First and last name of User must be set or empty.");
}
@WithAccessId(user = "businessadmin")
@Test
void should_ThrowInvalidArgumentException_When_TryingToCreateUserWithLastNameNull() {
User userToCreate = userService.newUser();
userToCreate.setId("user-2");
userToCreate.setFirstName("User 1");
userToCreate.setLastName(null);
ThrowingCallable callable = () -> userService.createUser(userToCreate);
assertThatThrownBy(callable)
.isInstanceOf(InvalidArgumentException.class)
.hasMessage("First and last name of User must be set or empty.");
}
@WithAccessId(user = "businessadmin")
@TestFactory
Stream<DynamicTest> should_ThrowInvalidArgumentException_When_TryingToCreateUserWithNotSetId() {
Iterator<String> iterator = Arrays.asList("", null).iterator();
ThrowingConsumer<String> test =
userId -> {
User userToCreate = userService.newUser();
userToCreate.setFirstName("firstName");
userToCreate.setLastName("lastName");
userToCreate.setId(userId);
ThrowingCallable callable = () -> userService.createUser(userToCreate);
assertThatThrownBy(callable)
.isInstanceOf(InvalidArgumentException.class)
.hasMessage("UserId must not be empty when creating User.");
};
return DynamicTest.stream(iterator, c -> "for " + c, test);
}
@WithAccessId(user = "businessadmin")
@Test
void should_ThrowUserAlreadyExistException_When_TryingToCreateUserWithExistingId()
throws Exception {
User existingUser = randomTestUser().buildAndStore(userService);
ThrowingCallable callable =
() -> {
User userToCreate = userService.newUser();
userToCreate.setId(existingUser.getId());
userToCreate.setFirstName("firstName");
userToCreate.setLastName("lastName");
userService.createUser(userToCreate);
};
assertThatThrownBy(callable)
.isInstanceOf(UserAlreadyExistException.class)
.extracting(UserAlreadyExistException.class::cast)
.extracting(UserAlreadyExistException::getUserId)
.isEqualTo(existingUser.getId());
}
@WithAccessId(user = "user-1-1")
@Test
void should_ThrowNotAuthorizedException_When_TryingToCreateUserWithoutAdminRole() {
User userToCreate = userService.newUser();
userToCreate.setId("user-3");
userToCreate.setFirstName("firstName");
userToCreate.setLastName("lastName");
ThrowingCallable callable = () -> userService.createUser(userToCreate);
MismatchedRoleException ex = catchThrowableOfType(callable, MismatchedRoleException.class);
assertThat(ex.getCurrentUserId()).isEqualTo("user-1-1");
assertThat(ex.getRoles())
.isEqualTo(new TaskanaRole[] {TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN});
}
} }
@WithAccessId(user = "user-1-2") @Nested
@Test @TestInstance(Lifecycle.PER_CLASS)
void should_ThrowUserNotFoundException_When_TryingToGetUserWithNonExistingId() { class UpdateUser {
ThrowingCallable callable = () -> userService.getUser("NOT_EXISTING");
assertThatThrownBy(callable) @WithAccessId(user = "businessadmin")
.isInstanceOf(UserNotFoundException.class) @Test
.hasFieldOrPropertyWithValue("userId", "NOT_EXISTING") void should_UpdateUserInDatabase_When_IdExisting() throws Exception {
.hasMessage("User with id 'NOT_EXISTING' was not found."); User userToUpdate = randomTestUser().buildAndStore(userService);
userToUpdate.setFirstName("Anton");
userService.updateUser(userToUpdate);
User userInDatabase = userService.getUser(userToUpdate.getId());
assertThat(userInDatabase).isNotSameAs(userToUpdate).isEqualTo(userToUpdate);
}
@WithAccessId(user = "user-1-1")
@Test
void should_ThrowNotAuthorizedException_When_TryingToUpdateUserWithNoAdminRole()
throws Exception {
User userToUpdate = randomTestUser().buildAndStore(userService, "businessadmin");
ThrowingCallable callable =
() -> {
userToUpdate.setLastName("updated last name");
userService.updateUser(userToUpdate);
};
MismatchedRoleException ex = catchThrowableOfType(callable, MismatchedRoleException.class);
assertThat(ex.getCurrentUserId()).isEqualTo("user-1-1");
assertThat(ex.getRoles())
.isEqualTo(new TaskanaRole[] {TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN});
}
@WithAccessId(user = "businessadmin")
@Test
void should_ThrowUserNotFoundException_When_TryingToUpdateUserWithNonExistingId() {
User userToUpdate = userService.newUser();
userToUpdate.setId("user-4");
userToUpdate.setFirstName("firstName");
userToUpdate.setLastName("lastName");
ThrowingCallable callable = () -> userService.updateUser(userToUpdate);
assertThatThrownBy(callable)
.isInstanceOf(UserNotFoundException.class)
.extracting(UserNotFoundException.class::cast)
.extracting(UserNotFoundException::getUserId)
.isEqualTo(userToUpdate.getId());
}
} }
@WithAccessId(user = "admin") @Nested
@Test @TestInstance(Lifecycle.PER_CLASS)
void should_InsertUserInDatabase_When_CreatingUser() throws Exception { class DeleteUser {
User userToCreate = createExampleUser("user-10-20");
userService.createUser(userToCreate); @WithAccessId(user = "businessadmin")
@Test
void should_DeleteUserFromDatabase_When_IdExisting() throws Exception {
User userToDelete = randomTestUser().buildAndStore(userService);
User userInDatabse = userService.getUser(userToCreate.getId()); userService.deleteUser(userToDelete.getId());
assertThat(userToCreate) // Validate that user is indeed deleted
.hasNoNullFieldsOrProperties() ThrowingCallable callable = () -> userService.getUser(userToDelete.getId());
.isNotSameAs(userInDatabse) assertThatThrownBy(callable)
.isEqualTo(userInDatabse); .isInstanceOf(UserNotFoundException.class)
.extracting(UserNotFoundException.class::cast)
.extracting(UserNotFoundException::getUserId)
.isEqualTo(userToDelete.getId());
}
@WithAccessId(user = "businessadmin")
@Test
void should_ThrowUserNotFoundException_When_TryingToDeleteUserWithNonExistingId() {
ThrowingCallable callable = () -> userService.deleteUser("NOT_EXISTING");
assertThatThrownBy(callable)
.isInstanceOf(UserNotFoundException.class)
.extracting(UserNotFoundException.class::cast)
.extracting(UserNotFoundException::getUserId)
.isEqualTo("NOT_EXISTING");
}
@WithAccessId(user = "user-1-1")
@Test
void should_ThrowNotAuthorizedException_When_TryingToDeleteUserWithNoAdminRole()
throws Exception {
User userToDelete = randomTestUser().buildAndStore(userService, "businessadmin");
ThrowingCallable callable = () -> userService.deleteUser(userToDelete.getId());
MismatchedRoleException ex = catchThrowableOfType(callable, MismatchedRoleException.class);
assertThat(ex.getCurrentUserId()).isEqualTo("user-1-1");
assertThat(ex.getRoles())
.isEqualTo(new TaskanaRole[] {TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN});
}
} }
@WithAccessId(user = "admin") @Nested
@Test @TestInstance(Lifecycle.PER_CLASS)
void should_SetTheLongAndFullNameAccordingToRules_When_CreatingUserWithThoseFieldsEmpty() class DynamicDomainComputation {
throws Exception {
User userToCreate = createExampleUser("user-10-21");
userToCreate.setLongName(null);
userToCreate.setFullName(null);
String fullName = userToCreate.getLastName() + ", " + userToCreate.getFirstName(); @WithAccessId(user = "user-1-1")
String longName = @Test
userToCreate.getLastName() void should_ReturnEmptyDomains_When_UserHasInsufficientMinimalPermissionsToAssignDomains()
+ ", " throws Exception {
+ userToCreate.getFirstName() User user = randomTestUser().buildAndStore(userService, "businessadmin");
+ " - (" Workbasket workbasket =
+ userToCreate.getId() defaultTestWorkbasket().buildAndStore(workbasketService, "businessadmin");
+ ")"; createAccessItem(user, workbasket, WorkbasketPermission.READ);
User createdUser = userService.createUser(userToCreate); User userInDatabase = userService.getUser(user.getId());
assertThat(createdUser.getLongName()).isEqualTo(longName); assertThat(userInDatabase.getDomains()).isEmpty();
assertThat(createdUser.getFullName()).isEqualTo(fullName); }
}
@WithAccessId(user = "admin") @WithAccessId(user = "user-1-1")
@Test @Test
void should_ThrowInvalidArgumentException_When_TryingToCreateUserWithFirstOrLastNameNull() void should_ReturnEmptyDomains_When_UserHasNoPermissions() throws Exception {
throws Exception { User user = randomTestUser().buildAndStore(userService, "businessadmin");
User userToCreate = createExampleUser("user-10-20"); defaultTestWorkbasket().buildAndStore(workbasketService, "businessadmin");
userToCreate.setFirstName(null);
ThrowingCallable callable = () -> userService.createUser(userToCreate); User userInDatabase = userService.getUser(user.getId());
assertThatThrownBy(callable) assertThat(userInDatabase.getDomains()).isEmpty();
.isInstanceOf(InvalidArgumentException.class) }
.hasMessage("First and last name of User must be set or empty.");
}
@WithAccessId(user = "admin") @WithAccessId(user = "user-1-1")
@Test @Test
void should_ThrowInvalidArgumentException_When_TryingToCreateUserWithLastNameNull() { void should_ReturnOneDomain_When_UserHasSufficientMinimalPermissionsToAssignDomains()
User userToCreate = createExampleUser("user-10-20"); throws Exception {
userToCreate.setLastName(null); User user = randomTestUser().buildAndStore(userService, "businessadmin");
Workbasket workbasket =
defaultTestWorkbasket().buildAndStore(workbasketService, "businessadmin");
createAccessItem(user, workbasket, WorkbasketPermission.OPEN, WorkbasketPermission.READ);
ThrowingCallable callable = () -> userService.createUser(userToCreate); User userInDatabase = userService.getUser(user.getId());
assertThatThrownBy(callable) assertThat(userInDatabase.getDomains()).containsExactly(workbasket.getDomain());
.isInstanceOf(InvalidArgumentException.class) }
.hasMessage("First and last name of User must be set or empty.");
}
@WithAccessId(user = "admin") @WithAccessId(user = "user-1-1")
@TestFactory @Test
Stream<DynamicTest> should_ThrowInvalidArgumentException_When_TryingToCreateUserWithNotSetId() void should_ReturnEmptyDomains_When_UserHasSufficientPermissionsWhichThenGetRevoked()
throws Exception { throws Exception {
Iterator<String> iterator = Arrays.asList("", null).iterator(); User user = randomTestUser().buildAndStore(userService, "businessadmin");
Workbasket workbasket =
defaultTestWorkbasket().buildAndStore(workbasketService, "businessadmin");
WorkbasketAccessItem wai =
createAccessItem(user, workbasket, WorkbasketPermission.OPEN, WorkbasketPermission.READ);
ThrowingConsumer<String> test = User userInDatabase = userService.getUser(user.getId());
userId -> {
User userToCreate = createExampleUser("user-10-20");
userToCreate.setId(userId);
ThrowingCallable callable = () -> userService.createUser(userToCreate); assertThat(userInDatabase.getDomains()).containsExactly(workbasket.getDomain());
assertThatThrownBy(callable) // then permission gets revoked
.isInstanceOf(InvalidArgumentException.class)
.hasMessage("UserId must not be empty when creating User.");
};
return DynamicTest.stream(iterator, c -> "for " + c, test); wai.setPermission(WorkbasketPermission.OPEN, false);
} taskanaEngine.runAsAdmin(wrap(() -> workbasketService.updateWorkbasketAccessItem(wai)));
@WithAccessId(user = "admin") userInDatabase = userService.getUser(user.getId());
@Test
void should_ThrowUserAlreadyExistException_When_TryingToCreateUserWithExistingId() {
User userToCreate = createExampleUser("testuser1"); // existing userId
ThrowingCallable callable = () -> userService.createUser(userToCreate); assertThat(userInDatabase.getDomains()).isEmpty();
}
assertThatThrownBy(callable) @WithAccessId(user = "user-1-1")
.isInstanceOf(UserAlreadyExistException.class) @Test
.hasFieldOrPropertyWithValue("userId", "testuser1") void should_ReturnMultipleDomains_When_UserHasSufficientMinimalPermissionsForMultipleDomains()
.hasMessage("User with id 'testuser1' already exists."); throws Exception {
} User user = randomTestUser().buildAndStore(userService, "businessadmin");
Workbasket workbasket1 =
defaultTestWorkbasket().buildAndStore(workbasketService, "businessadmin");
Workbasket workbasket2 =
defaultTestWorkbasket()
.domain("DOMAIN_B")
.buildAndStore(workbasketService, "businessadmin");
createAccessItem(user, workbasket1, WorkbasketPermission.OPEN, WorkbasketPermission.READ);
createAccessItem(user, workbasket2, WorkbasketPermission.OPEN, WorkbasketPermission.READ);
@WithAccessId(user = "user-1-2") User userInDatabase = userService.getUser(user.getId());
@Test
void should_ThrowNotAuthorizedException_When_TryingToCreateUserWithoutAdminRole() {
User userToCreate = createExampleUser("user-10-22");
ThrowingCallable callable = () -> userService.createUser(userToCreate); assertThat(userInDatabase.getDomains())
.containsExactlyInAnyOrder(workbasket1.getDomain(), workbasket2.getDomain());
}
assertThatThrownBy(callable) @Nested
.isInstanceOf(MismatchedRoleException.class) @TestInstance(Lifecycle.PER_CLASS)
.hasFieldOrPropertyWithValue("currentUserId", "user-1-2") class DifferentMinimalPermissionsToAssignDomains implements TaskanaEngineConfigurationModifier {
.hasFieldOrPropertyWithValue(
"roles", new TaskanaRole[] {TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN})
.hasMessage(
"Not authorized. The current user 'user-1-2' is not member of role(s) "
+ "'[BUSINESS_ADMIN, ADMIN]'.");
}
@WithAccessId(user = "admin") @TaskanaInject UserService userService;
@Test @TaskanaInject WorkbasketService workbasketService;
void should_UpdateUserInDatabase_When_IdExisting() throws Exception {
User userToUpdate = createExampleUser("testuser1"); // existing userId
userService.updateUser(userToUpdate); @Override
public void modify(TaskanaEngineConfiguration taskanaEngineConfiguration) {
taskanaEngineConfiguration.setMinimalPermissionsToAssignDomains(
List.of(WorkbasketPermission.APPEND));
}
User userInDatabase = userService.getUser("testuser1"); @WithAccessId(user = "user-1-1")
@Test
void should_ReturnEmptyDomains_When_UserHasInsufficientMinimalPermissionsToAssignDomains()
throws Exception {
User user = randomTestUser().buildAndStore(userService, "businessadmin");
Workbasket workbasket =
defaultTestWorkbasket().buildAndStore(workbasketService, "businessadmin");
createAccessItem(user, workbasket, WorkbasketPermission.OPEN, WorkbasketPermission.READ);
assertThat(userToUpdate).isNotSameAs(userInDatabase).isEqualTo(userInDatabase); User userInDatabase = userService.getUser(user.getId());
}
@WithAccessId(user = "admin") assertThat(userInDatabase.getDomains()).isEmpty();
@Test }
void should_ThrowUserNotFoundException_When_TryingToUpdateUserWithNonExistingId() {
User userToUpdate = createExampleUser("NOT_EXISTING");
ThrowingCallable callable = () -> userService.updateUser(userToUpdate); @WithAccessId(user = "user-1-1")
@Test
void should_ReturnOneDomain_When_UserHasSufficientMinimalPermissionsToAssignDomains()
throws Exception {
User user = randomTestUser().buildAndStore(userService, "businessadmin");
Workbasket workbasket =
defaultTestWorkbasket().buildAndStore(workbasketService, "businessadmin");
createAccessItem(user, workbasket, WorkbasketPermission.APPEND);
assertThatThrownBy(callable) User userInDatabase = userService.getUser(user.getId());
.isInstanceOf(UserNotFoundException.class)
.hasFieldOrPropertyWithValue("userId", "NOT_EXISTING")
.hasMessage("User with id 'NOT_EXISTING' was not found.");
}
@WithAccessId(user = "user-1-2") assertThat(userInDatabase.getDomains()).isEmpty();
@Test }
void should_ThrowNotAuthorizedException_When_TryingToUpdateUserWithNoAdminRole() { }
User userToUpdate = createExampleUser("testuser1"); // existing userId
ThrowingCallable callable = () -> userService.updateUser(userToUpdate); @Nested
@TestInstance(Lifecycle.PER_CLASS)
class PropertyMinimalPermissionsToAssignDomainsIsNotSet
implements TaskanaEngineConfigurationModifier {
assertThatThrownBy(callable) @TaskanaInject UserService userService;
.isInstanceOf(MismatchedRoleException.class) @TaskanaInject WorkbasketService workbasketService;
.hasFieldOrPropertyWithValue("currentUserId", "user-1-2")
.hasFieldOrPropertyWithValue(
"roles", new TaskanaRole[] {TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN})
.hasMessage(
"Not authorized. The current user 'user-1-2' is not member of role(s) "
+ "'[BUSINESS_ADMIN, ADMIN]'.");
}
@WithAccessId(user = "admin") @Override
@Test public void modify(TaskanaEngineConfiguration taskanaEngineConfiguration) {
void should_DeleteUserFromDatabase_When_IdExisting() throws Exception { taskanaEngineConfiguration.setMinimalPermissionsToAssignDomains(null);
String id = "testuser2"; }
userService.getUser(id); // User existing
userService.deleteUser(id); @WithAccessId(user = "user-1-1")
@Test
void should_ReturnEmptyDomains_When_PropertyIsNotSet() throws Exception {
User user = randomTestUser().buildAndStore(userService, "businessadmin");
Workbasket workbasket =
defaultTestWorkbasket().buildAndStore(workbasketService, "businessadmin");
createAccessItem(user, workbasket, WorkbasketPermission.OPEN, WorkbasketPermission.READ);
ThrowingCallable callable = () -> userService.getUser(id); // User deleted User userInDatabase = userService.getUser(user.getId());
assertThatThrownBy(callable) assertThat(userInDatabase.getDomains()).isEmpty();
.isInstanceOf(UserNotFoundException.class) }
.hasFieldOrPropertyWithValue("userId", "testuser2") }
.hasMessage("User with id 'testuser2' was not found.");
}
@WithAccessId(user = "admin")
@Test
void should_ThrowUserNotFoundException_When_TryingToDeleteUserWithNonExistingId() {
ThrowingCallable callable = () -> userService.deleteUser("NOT_EXISTING");
assertThatThrownBy(callable)
.isInstanceOf(UserNotFoundException.class)
.hasFieldOrPropertyWithValue("userId", "NOT_EXISTING")
.hasMessage("User with id 'NOT_EXISTING' was not found.");
}
@WithAccessId(user = "user-1-2")
@Test
void should_ThrowNotAuthorizedException_When_TryingToDeleteUserWithNoAdminRole() {
ThrowingCallable callable = () -> userService.deleteUser("testuser1");
assertThatThrownBy(callable)
.isInstanceOf(MismatchedRoleException.class)
.hasFieldOrPropertyWithValue("currentUserId", "user-1-2")
.hasFieldOrPropertyWithValue(
"roles", new TaskanaRole[] {TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN})
.hasMessage(
"Not authorized. The current user 'user-1-2' is not member of role(s) "
+ "'[BUSINESS_ADMIN, ADMIN]'.");
} }
} }

2
lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskTransferrer.java
View File

@ -238,7 +238,7 @@ final class TaskTransferrer {
.toArray(String[]::new); .toArray(String[]::new);
List<WorkbasketSummary> sourceWorkbaskets = List<WorkbasketSummary> sourceWorkbaskets =
query.callerHasPermission(WorkbasketPermission.TRANSFER).idIn(workbasketIds).list(); query.callerHasPermissions(WorkbasketPermission.TRANSFER).idIn(workbasketIds).list();
return sourceWorkbaskets.stream().map(WorkbasketSummary::getId).collect(Collectors.toSet()); return sourceWorkbaskets.stream().map(WorkbasketSummary::getId).collect(Collectors.toSet());
} }

5
lib/taskana-core/src/main/java/pro/taskana/user/api/exceptions/UserAlreadyExistException.java
View File

@ -13,10 +13,11 @@ public class UserAlreadyExistException extends TaskanaException {
public static final String ERROR_KEY = "USER_ALREADY_EXISTS"; public static final String ERROR_KEY = "USER_ALREADY_EXISTS";
private final String userId; private final String userId;
public UserAlreadyExistException(String userId) { public UserAlreadyExistException(String userId, Exception cause) {
super( super(
String.format("User with id '%s' already exists.", userId), String.format("User with id '%s' already exists.", userId),
ErrorCode.of(ERROR_KEY, MapCreator.of("userId", userId))); ErrorCode.of(ERROR_KEY, MapCreator.of("userId", userId)),
cause);
this.userId = userId; this.userId = userId;
} }

14
lib/taskana-core/src/main/java/pro/taskana/user/api/models/User.java
View File

@ -1,5 +1,9 @@
package pro.taskana.user.api.models; package pro.taskana.user.api.models;
import java.util.Set;
import pro.taskana.TaskanaEngineConfiguration;
/** The User holds some relevant information about the TASKANA users. */ /** The User holds some relevant information about the TASKANA users. */
public interface User { public interface User {
@ -185,6 +189,16 @@ public interface User {
*/ */
void setData(String data); void setData(String data);
/**
* Returns the domains of the User.
*
* <p>The domains are derived from the workbasket permissions and the according Taskana property
* {@linkplain TaskanaEngineConfiguration#getMinimalPermissionsToAssignDomains()}.
*
* @return domains
*/
Set<String> getDomains();
/** /**
* Duplicates this User. * Duplicates this User.
* *

5
lib/taskana-core/src/main/java/pro/taskana/user/internal/UserMapper.java
View File

@ -7,6 +7,7 @@ import org.apache.ibatis.annotations.Result;
import org.apache.ibatis.annotations.SelectProvider; import org.apache.ibatis.annotations.SelectProvider;
import org.apache.ibatis.annotations.UpdateProvider; import org.apache.ibatis.annotations.UpdateProvider;
import pro.taskana.user.api.models.User;
import pro.taskana.user.internal.models.UserImpl; import pro.taskana.user.internal.models.UserImpl;
public interface UserMapper { public interface UserMapper {
@ -27,10 +28,10 @@ public interface UserMapper {
UserImpl findById(@Param("id") String id); UserImpl findById(@Param("id") String id);
@InsertProvider(type = UserMapperSqlProvider.class, method = "insert") @InsertProvider(type = UserMapperSqlProvider.class, method = "insert")
void insert(UserImpl user); void insert(User user);
@UpdateProvider(type = UserMapperSqlProvider.class, method = "update") @UpdateProvider(type = UserMapperSqlProvider.class, method = "update")
void update(UserImpl user); void update(User user);
@DeleteProvider(type = UserMapperSqlProvider.class, method = "delete") @DeleteProvider(type = UserMapperSqlProvider.class, method = "delete")
void delete(String id); void delete(String id);

70
lib/taskana-core/src/main/java/pro/taskana/user/internal/UserServiceImpl.java
View File

@ -1,9 +1,16 @@
package pro.taskana.user.internal; package pro.taskana.user.internal;
import static pro.taskana.common.internal.util.CheckedSupplier.wrap;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.ibatis.exceptions.PersistenceException; import org.apache.ibatis.exceptions.PersistenceException;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import pro.taskana.common.api.BaseQuery.SortDirection;
import pro.taskana.common.api.TaskanaRole; import pro.taskana.common.api.TaskanaRole;
import pro.taskana.common.api.exceptions.InvalidArgumentException; import pro.taskana.common.api.exceptions.InvalidArgumentException;
import pro.taskana.common.api.exceptions.NotAuthorizedException; import pro.taskana.common.api.exceptions.NotAuthorizedException;
@ -13,16 +20,23 @@ import pro.taskana.user.api.exceptions.UserAlreadyExistException;
import pro.taskana.user.api.exceptions.UserNotFoundException; import pro.taskana.user.api.exceptions.UserNotFoundException;
import pro.taskana.user.api.models.User; import pro.taskana.user.api.models.User;
import pro.taskana.user.internal.models.UserImpl; import pro.taskana.user.internal.models.UserImpl;
import pro.taskana.workbasket.api.WorkbasketPermission;
import pro.taskana.workbasket.api.WorkbasketQueryColumnName;
import pro.taskana.workbasket.api.WorkbasketService;
public class UserServiceImpl implements UserService { public class UserServiceImpl implements UserService {
private static final Logger LOGGER = LoggerFactory.getLogger(UserServiceImpl.class); private static final Logger LOGGER = LoggerFactory.getLogger(UserServiceImpl.class);
private final InternalTaskanaEngine internalTaskanaEngine;
private final InternalTaskanaEngine taskanaEngine;
private final UserMapper userMapper; private final UserMapper userMapper;
private final WorkbasketService workbasketService;
private final List<WorkbasketPermission> minimalWorkbasketPermissions;
public UserServiceImpl(InternalTaskanaEngine taskanaEngine, UserMapper userMapper) { public UserServiceImpl(InternalTaskanaEngine internalTaskanaEngine, UserMapper userMapper) {
this.taskanaEngine = taskanaEngine; this.internalTaskanaEngine = internalTaskanaEngine;
this.userMapper = userMapper; this.userMapper = userMapper;
this.workbasketService = internalTaskanaEngine.getEngine().getWorkbasketService();
minimalWorkbasketPermissions =
internalTaskanaEngine.getEngine().getConfiguration().getMinimalPermissionsToAssignDomains();
} }
@Override @Override
@ -32,18 +46,22 @@ public class UserServiceImpl implements UserService {
@Override @Override
public User getUser(String id) throws UserNotFoundException { public User getUser(String id) throws UserNotFoundException {
User user = taskanaEngine.executeInDatabaseConnection(() -> userMapper.findById(id)); UserImpl user =
internalTaskanaEngine.executeInDatabaseConnection(() -> userMapper.findById(id));
if (user == null) { if (user == null) {
throw new UserNotFoundException(id); throw new UserNotFoundException(id);
} }
user.setDomains(determineDomains(user.getId()));
return user; return user;
} }
@Override @Override
public User createUser(User userToCreate) public User createUser(User userToCreate)
throws InvalidArgumentException, NotAuthorizedException, UserAlreadyExistException { throws InvalidArgumentException, NotAuthorizedException, UserAlreadyExistException {
taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN); internalTaskanaEngine
.getEngine()
.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
validateAndPopulateFields(userToCreate); validateAndPopulateFields(userToCreate);
insertIntoDatabase(userToCreate); insertIntoDatabase(userToCreate);
@ -56,10 +74,12 @@ public class UserServiceImpl implements UserService {
@Override @Override
public User updateUser(User userToUpdate) throws UserNotFoundException, NotAuthorizedException { public User updateUser(User userToUpdate) throws UserNotFoundException, NotAuthorizedException {
taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN); internalTaskanaEngine
.getEngine()
.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
getUser(userToUpdate.getId()); getUser(userToUpdate.getId());
taskanaEngine.executeInDatabaseConnection(() -> userMapper.update((UserImpl) userToUpdate)); internalTaskanaEngine.executeInDatabaseConnection(() -> userMapper.update(userToUpdate));
if (LOGGER.isDebugEnabled()) { if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Method updateUser() updated User '{}'.", userToUpdate); LOGGER.debug("Method updateUser() updated User '{}'.", userToUpdate);
} }
@ -69,23 +89,45 @@ public class UserServiceImpl implements UserService {
@Override @Override
public void deleteUser(String id) throws UserNotFoundException, NotAuthorizedException { public void deleteUser(String id) throws UserNotFoundException, NotAuthorizedException {
taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN); internalTaskanaEngine
.getEngine()
.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
getUser(id); getUser(id);
taskanaEngine.executeInDatabaseConnection(() -> userMapper.delete(id)); internalTaskanaEngine.executeInDatabaseConnection(() -> userMapper.delete(id));
if (LOGGER.isDebugEnabled()) { if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Method deleteUser() deleted User with id '{}'.", id); LOGGER.debug("Method deleteUser() deleted User with id '{}'.", id);
} }
} }
private Set<String> determineDomains(String... accessIds) {
if (minimalWorkbasketPermissions != null && !minimalWorkbasketPermissions.isEmpty()) {
// since WorkbasketService#accessIdsHavePermissions requires some role permissions we have to
// execute this query as an admin. Since we're only determining the domains of a given user
// (and any user can request information on any other user) this query is "harmless".
return new HashSet<>(
internalTaskanaEngine
.getEngine()
.runAsAdmin(
wrap(
() ->
workbasketService
.createWorkbasketQuery()
.accessIdsHavePermissions(minimalWorkbasketPermissions, accessIds)
.listValues(
WorkbasketQueryColumnName.DOMAIN, SortDirection.ASCENDING))));
}
return Collections.emptySet();
}
private void insertIntoDatabase(User userToCreate) throws UserAlreadyExistException { private void insertIntoDatabase(User userToCreate) throws UserAlreadyExistException {
try { try {
taskanaEngine.openConnection(); internalTaskanaEngine.openConnection();
userMapper.insert((UserImpl) userToCreate); userMapper.insert(userToCreate);
} catch (PersistenceException e) { } catch (PersistenceException e) {
throw new UserAlreadyExistException(userToCreate.getId()); throw new UserAlreadyExistException(userToCreate.getId(), e);
} finally { } finally {
taskanaEngine.returnConnection(); internalTaskanaEngine.returnConnection();
} }
} }

21
lib/taskana-core/src/main/java/pro/taskana/user/internal/models/UserImpl.java
View File

@ -1,6 +1,8 @@
package pro.taskana.user.internal.models; package pro.taskana.user.internal.models;
import java.util.HashSet;
import java.util.Objects; import java.util.Objects;
import java.util.Set;
import pro.taskana.user.api.models.User; import pro.taskana.user.api.models.User;
@ -18,6 +20,7 @@ public class UserImpl implements User {
private String orgLevel2; private String orgLevel2;
private String orgLevel1; private String orgLevel1;
private String data; private String data;
private Set<String> domains = new HashSet<>();
public UserImpl() {} public UserImpl() {}
@ -35,6 +38,7 @@ public class UserImpl implements User {
this.orgLevel2 = copyFrom.orgLevel2; this.orgLevel2 = copyFrom.orgLevel2;
this.orgLevel1 = copyFrom.orgLevel1; this.orgLevel1 = copyFrom.orgLevel1;
this.data = copyFrom.data; this.data = copyFrom.data;
this.domains = copyFrom.domains;
} }
@Override @Override
@ -167,6 +171,15 @@ public class UserImpl implements User {
this.data = data; this.data = data;
} }
@Override
public Set<String> getDomains() {
return domains;
}
public void setDomains(Set<String> domains) {
this.domains = domains;
}
@Override @Override
public UserImpl copy() { public UserImpl copy() {
return new UserImpl(this); return new UserImpl(this);
@ -187,7 +200,8 @@ public class UserImpl implements User {
orgLevel3, orgLevel3,
orgLevel2, orgLevel2,
orgLevel1, orgLevel1,
data); data,
domains);
} }
@Override @Override
@ -214,7 +228,8 @@ public class UserImpl implements User {
&& Objects.equals(orgLevel3, other.orgLevel3) && Objects.equals(orgLevel3, other.orgLevel3)
&& Objects.equals(orgLevel2, other.orgLevel2) && Objects.equals(orgLevel2, other.orgLevel2)
&& Objects.equals(orgLevel1, other.orgLevel1) && Objects.equals(orgLevel1, other.orgLevel1)
&& Objects.equals(data, other.data); && Objects.equals(data, other.data)
&& Objects.equals(domains, other.domains);
} }
@Override @Override
@ -245,6 +260,8 @@ public class UserImpl implements User {
+ orgLevel1 + orgLevel1
+ ", data=" + ", data="
+ data + data
+ ", domains="
+ domains
+ "]"; + "]";
} }
} }

44
lib/taskana-core/src/main/java/pro/taskana/workbasket/api/WorkbasketQuery.java
View File

@ -1,5 +1,7 @@
package pro.taskana.workbasket.api; package pro.taskana.workbasket.api;
import java.util.List;
import pro.taskana.common.api.BaseQuery; import pro.taskana.common.api.BaseQuery;
import pro.taskana.common.api.TimeInterval; import pro.taskana.common.api.TimeInterval;
import pro.taskana.common.api.exceptions.InvalidArgumentException; import pro.taskana.common.api.exceptions.InvalidArgumentException;
@ -143,16 +145,37 @@ public interface WorkbasketQuery extends BaseQuery<WorkbasketSummary, Workbasket
/** /**
* Setting up the permission which should be granted on the result workbaskets and the users which * Setting up the permission which should be granted on the result workbaskets and the users which
* should be checked. READ permission will always be checked by default.<br> * should be checked. READ permission will always be checked by default.<br>
* The AccessIds and the given permission will throw a Exception if they would be NULL. * The AccessIds and the given permission will throw an Exception if they would be NULL.
* *
* @param permission which should be used for results. * @param permission which should be used for results.
* @param accessIds Users which sould be checked for given permissions on workbaskets. * @param accessIds Users which should be checked for given permissions on workbaskets.
* @return the current query object. * @return the current query object.
* @throws InvalidArgumentException if permission OR the accessIds are NULL. * @throws InvalidArgumentException if permission OR the accessIds are NULL.
* @throws NotAuthorizedException if the current user is not member of role BUSINESS_ADMIN or * @throws NotAuthorizedException if the current user is not member of role BUSINESS_ADMIN or
* ADMIN * ADMIN
* @deprecated Use {@linkplain #accessIdsHavePermissions(List, String...)} instead
*/ */
WorkbasketQuery accessIdsHavePermission(WorkbasketPermission permission, String... accessIds) @Deprecated(forRemoval = true)
default WorkbasketQuery accessIdsHavePermission(
WorkbasketPermission permission, String... accessIds)
throws InvalidArgumentException, NotAuthorizedException {
return accessIdsHavePermissions(List.of(permission), accessIds);
}
/**
* Setting up the permissions which should be granted on the result workbaskets and the users
* which should be checked. READ permission will always be checked by default.<br>
* The AccessIds and the given permission will throw an Exception if they would be NULL.
*
* @param permissions which should be used for results.
* @param accessIds Users which should be checked for given permissions on workbaskets.
* @return the current query object.
* @throws InvalidArgumentException if permissions OR the accessIds are NULL or empty.
* @throws NotAuthorizedException if the current user is not member of role BUSINESS_ADMIN or
* ADMIN
*/
WorkbasketQuery accessIdsHavePermissions(
List<WorkbasketPermission> permissions, String... accessIds)
throws InvalidArgumentException, NotAuthorizedException; throws InvalidArgumentException, NotAuthorizedException;
/** /**
@ -161,8 +184,21 @@ public interface WorkbasketQuery extends BaseQuery<WorkbasketSummary, Workbasket
* *
* @param permission the permission for the query condition. * @param permission the permission for the query condition.
* @return the updated query. * @return the updated query.
* @deprecated Use {@linkplain #callerHasPermissions(WorkbasketPermission...)} instead
*/ */
WorkbasketQuery callerHasPermission(WorkbasketPermission permission); @Deprecated(forRemoval = true)
default WorkbasketQuery callerHasPermission(WorkbasketPermission permission) {
return callerHasPermissions(permission);
}
/**
* Add condition to query if the caller (one of the accessIds of the caller) has the given
* permissions on the workbasket.
*
* @param permissions the permissions for the query condition.
* @return the updated query.
*/
WorkbasketQuery callerHasPermissions(WorkbasketPermission... permissions);
/** /**
* Sort the query result by name. * Sort the query result by name.

31
lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryImpl.java
View File

@ -30,10 +30,13 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
"pro.taskana.workbasket.internal.WorkbasketQueryMapper.countQueryWorkbaskets"; "pro.taskana.workbasket.internal.WorkbasketQueryMapper.countQueryWorkbaskets";
private static final String LINK_TO_VALUEMAPPER = private static final String LINK_TO_VALUEMAPPER =
"pro.taskana.workbasket.internal.WorkbasketQueryMapper.queryWorkbasketColumnValues"; "pro.taskana.workbasket.internal.WorkbasketQueryMapper.queryWorkbasketColumnValues";
private final InternalTaskanaEngine taskanaEngine;
private final List<String> orderBy;
private final List<String> orderColumns;
private WorkbasketQueryColumnName columnName; private WorkbasketQueryColumnName columnName;
private String[] accessId; private String[] accessId;
private String[] idIn; private String[] idIn;
private WorkbasketPermission permission; private WorkbasketPermission[] permissions;
private String[] nameIn; private String[] nameIn;
private String[] nameLike; private String[] nameLike;
private String[] keyIn; private String[] keyIn;
@ -64,10 +67,6 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
private String[] orgLevel4In; private String[] orgLevel4In;
private String[] orgLevel4Like; private String[] orgLevel4Like;
private boolean markedForDeletion; private boolean markedForDeletion;
private InternalTaskanaEngine taskanaEngine;
private List<String> orderBy;
private List<String> orderColumns;
private boolean joinWithAccessList; private boolean joinWithAccessList;
private boolean checkReadPermission; private boolean checkReadPermission;
private boolean usedToAugmentTasks; private boolean usedToAugmentTasks;
@ -165,22 +164,22 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
} }
@Override @Override
public WorkbasketQuery accessIdsHavePermission( public WorkbasketQuery accessIdsHavePermissions(
WorkbasketPermission permission, String... accessIds) List<WorkbasketPermission> permissions, String... accessIds)
throws InvalidArgumentException, NotAuthorizedException { throws InvalidArgumentException, NotAuthorizedException {
taskanaEngine taskanaEngine
.getEngine() .getEngine()
.checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN, TaskanaRole.TASK_ADMIN); .checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN, TaskanaRole.TASK_ADMIN);
// Checking pre-conditions // Checking pre-conditions
if (permission == null) { if (permissions == null || permissions.isEmpty()) {
throw new InvalidArgumentException("Permission can't be null."); throw new InvalidArgumentException("Permissions can't be null or empty.");
} }
if (accessIds == null || accessIds.length == 0) { if (accessIds == null || accessIds.length == 0) {
throw new InvalidArgumentException("accessIds can't be NULL or empty."); throw new InvalidArgumentException("accessIds can't be NULL or empty.");
} }
// set up permissions and ids // set up permissions and ids
this.permission = permission; this.permissions = permissions.toArray(WorkbasketPermission[]::new);
this.accessId = accessIds; this.accessId = accessIds;
lowercaseAccessIds(this.accessId); lowercaseAccessIds(this.accessId);
@ -188,8 +187,8 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
} }
@Override @Override
public WorkbasketQuery callerHasPermission(WorkbasketPermission permission) { public WorkbasketQuery callerHasPermissions(WorkbasketPermission... permissions) {
this.permission = permission; this.permissions = permissions;
return this; return this;
} }
@ -428,8 +427,8 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
return accessId; return accessId;
} }
public WorkbasketPermission getPermission() { public WorkbasketPermission[] getPermissions() {
return permission; return permissions;
} }
public String[] getNameIn() { public String[] getNameIn() {
@ -625,7 +624,7 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
} else if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.BUSINESS_ADMIN) } else if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.BUSINESS_ADMIN)
&& !usedToAugmentTasks) { && !usedToAugmentTasks) {
checkReadPermission = false; checkReadPermission = false;
if (accessId == null && permission == null) { if (accessId == null && (permissions == null || permissions.length == 0)) {
joinWithAccessList = false; joinWithAccessList = false;
} }
} }
@ -659,7 +658,7 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
+ ", idIn=" + ", idIn="
+ Arrays.toString(idIn) + Arrays.toString(idIn)
+ ", permission=" + ", permission="
+ permission + Arrays.toString(permissions)
+ ", nameIn=" + ", nameIn="
+ Arrays.toString(nameIn) + Arrays.toString(nameIn)
+ ", nameLike=" + ", nameLike="

22
lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryMapper.java
View File

@ -69,10 +69,11 @@ public interface WorkbasketQueryMapper {
+ "<if test = 'checkReadPermission'> " + "<if test = 'checkReadPermission'> "
+ "AND (a.MAX_READ = 1 " + "AND (a.MAX_READ = 1 "
+ "</if> " + "</if> "
+ "<if test='permission != null'>AND " + "<if test='permissions != null'>AND "
+ "<if test = '!checkReadPermission'> " + "<if test = '!checkReadPermission'> "
+ "( " + "( "
+ "</if> " + "</if> "
+ "<foreach item='permission' collection='permissions' separator=' AND ' >"
+ "<if test=\"permission.name() == 'READ'\">a.MAX_READ</if> " + "<if test=\"permission.name() == 'READ'\">a.MAX_READ</if> "
+ "<if test=\"permission.name() == 'OPEN'\">a.MAX_OPEN</if> " + "<if test=\"permission.name() == 'OPEN'\">a.MAX_OPEN</if> "
+ "<if test=\"permission.name() == 'APPEND'\">a.MAX_APPEND</if>" + "<if test=\"permission.name() == 'APPEND'\">a.MAX_APPEND</if>"
@ -90,6 +91,7 @@ public interface WorkbasketQueryMapper {
+ "<if test=\"permission.name() == 'CUSTOM_10'\">a.MAX_CUSTOM_10</if>" + "<if test=\"permission.name() == 'CUSTOM_10'\">a.MAX_CUSTOM_10</if>"
+ "<if test=\"permission.name() == 'CUSTOM_11'\">a.MAX_CUSTOM_11</if>" + "<if test=\"permission.name() == 'CUSTOM_11'\">a.MAX_CUSTOM_11</if>"
+ "<if test=\"permission.name() == 'CUSTOM_12'\">a.MAX_CUSTOM_12</if> = 1 " + "<if test=\"permission.name() == 'CUSTOM_12'\">a.MAX_CUSTOM_12</if> = 1 "
+ "</foreach>"
+ "</if>)" + "</if>)"
+ "</if>" + "</if>"
+ "</where>" + "</where>"
@ -211,10 +213,11 @@ public interface WorkbasketQueryMapper {
+ "<if test = 'checkReadPermission'> " + "<if test = 'checkReadPermission'> "
+ "AND (a.MAX_READ = 1 " + "AND (a.MAX_READ = 1 "
+ "</if> " + "</if> "
+ "<if test='permission != null'>AND " + "<if test='permissions != null'>AND "
+ "<if test = '!checkReadPermission'> " + "<if test = '!checkReadPermission'> "
+ "( " + "( "
+ "</if> " + "</if> "
+ "<foreach item='permission' collection='permissions' separator=' AND ' >"
+ "<if test=\"permission.name() == 'READ'\">a.MAX_READ</if> " + "<if test=\"permission.name() == 'READ'\">a.MAX_READ</if> "
+ "<if test=\"permission.name() == 'OPEN'\">a.MAX_OPEN</if> " + "<if test=\"permission.name() == 'OPEN'\">a.MAX_OPEN</if> "
+ "<if test=\"permission.name() == 'APPEND'\">a.MAX_APPEND</if>" + "<if test=\"permission.name() == 'APPEND'\">a.MAX_APPEND</if>"
@ -232,6 +235,7 @@ public interface WorkbasketQueryMapper {
+ "<if test=\"permission.name() == 'CUSTOM_10'\">a.MAX_CUSTOM_10</if>" + "<if test=\"permission.name() == 'CUSTOM_10'\">a.MAX_CUSTOM_10</if>"
+ "<if test=\"permission.name() == 'CUSTOM_11'\">a.MAX_CUSTOM_11</if>" + "<if test=\"permission.name() == 'CUSTOM_11'\">a.MAX_CUSTOM_11</if>"
+ "<if test=\"permission.name() == 'CUSTOM_12'\">a.MAX_CUSTOM_12</if> = 1 " + "<if test=\"permission.name() == 'CUSTOM_12'\">a.MAX_CUSTOM_12</if> = 1 "
+ "</foreach>"
+ "</if>)" + "</if>)"
+ "</if>" + "</if>"
+ "</where>" + "</where>"
@ -306,10 +310,11 @@ public interface WorkbasketQueryMapper {
+ "<if test = 'checkReadPermission'> " + "<if test = 'checkReadPermission'> "
+ "AND (a.MAX_READ = 1 " + "AND (a.MAX_READ = 1 "
+ "</if> " + "</if> "
+ "<if test='permission != null'>AND " + "<if test='permissions != null'>AND "
+ "<if test = '!checkReadPermission'> " + "<if test = '!checkReadPermission'> "
+ "( " + "( "
+ "</if> " + "</if> "
+ "<foreach item='permission' collection='permissions' separator=' AND ' >"
+ "<if test=\"permission.name() == 'READ'\">a.MAX_READ</if> " + "<if test=\"permission.name() == 'READ'\">a.MAX_READ</if> "
+ "<if test=\"permission.name() == 'OPEN'\">a.MAX_OPEN</if> " + "<if test=\"permission.name() == 'OPEN'\">a.MAX_OPEN</if> "
+ "<if test=\"permission.name() == 'APPEND'\">a.MAX_APPEND</if>" + "<if test=\"permission.name() == 'APPEND'\">a.MAX_APPEND</if>"
@ -326,15 +331,8 @@ public interface WorkbasketQueryMapper {
+ "<if test=\"permission.name() == 'CUSTOM_9'\">a.MAX_CUSTOM_9</if>" + "<if test=\"permission.name() == 'CUSTOM_9'\">a.MAX_CUSTOM_9</if>"
+ "<if test=\"permission.name() == 'CUSTOM_10'\">a.MAX_CUSTOM_10</if>" + "<if test=\"permission.name() == 'CUSTOM_10'\">a.MAX_CUSTOM_10</if>"
+ "<if test=\"permission.name() == 'CUSTOM_11'\">a.MAX_CUSTOM_11</if>" + "<if test=\"permission.name() == 'CUSTOM_11'\">a.MAX_CUSTOM_11</if>"
+ "<if test=\"permission.name() == 'CUSTOM_12'\">a.MAX_CUSTOM_12</if>" + "<if test=\"permission.name() == 'CUSTOM_12'\">a.MAX_CUSTOM_12</if> = 1 "
+ "<choose>" + "</foreach>"
+ "<when test=\"_databaseId == 'postgres'\">"
+ "= TRUE "
+ "</when>"
+ "<otherwise>"
+ "= 1 "
+ "</otherwise>"
+ "</choose>"
+ "</if>)" + "</if>)"
+ "</if>" + "</if>"
+ "</where>" + "</where>"

4
lib/taskana-core/src/test/java/acceptance/workbasket/query/QueryWorkbasketAccTest.java
View File

@ -317,8 +317,8 @@ class QueryWorkbasketAccTest extends AbstractAccTest {
WORKBASKET_SERVICE WORKBASKET_SERVICE
.createWorkbasketQuery() .createWorkbasketQuery()
.nameLike("%") .nameLike("%")
.accessIdsHavePermission( .accessIdsHavePermissions(
WorkbasketPermission.TRANSFER, "teamlead-1", GROUP_1_DN, GROUP_2_DN) List.of(WorkbasketPermission.TRANSFER), "teamlead-1", GROUP_1_DN, GROUP_2_DN)
.orderByName(DESCENDING) .orderByName(DESCENDING)
.list(); .list();

185
lib/taskana-core/src/test/java/acceptance/workbasket/query/QueryWorkbasketByPermissionAccTest.java
View File

@ -7,6 +7,7 @@ import acceptance.AbstractAccTest;
import java.util.List; import java.util.List;
import org.assertj.core.api.ThrowableAssert.ThrowingCallable; import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestTemplate;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import pro.taskana.common.api.BaseQuery.SortDirection; import pro.taskana.common.api.BaseQuery.SortDirection;
@ -21,90 +22,122 @@ import pro.taskana.workbasket.api.models.WorkbasketSummary;
@ExtendWith(JaasExtension.class) @ExtendWith(JaasExtension.class)
class QueryWorkbasketByPermissionAccTest extends AbstractAccTest { class QueryWorkbasketByPermissionAccTest extends AbstractAccTest {
private static SortDirection asc = SortDirection.ASCENDING; private static final WorkbasketService WORKBASKET_SERVICE = taskanaEngine.getWorkbasketService();
private static SortDirection desc = SortDirection.DESCENDING;
QueryWorkbasketByPermissionAccTest() { // region accessIdsHavePermission
super();
}
@WithAccessId(user = "businessadmin") @WithAccessId(user = "businessadmin")
@Test @Test
void testQueryAllTransferTargetsForUser() throws Exception { void should_GetAllTransferTargetsForUser_When_QueryingForSinglePermission() throws Exception {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
List<WorkbasketSummary> results = List<WorkbasketSummary> results =
workbasketService WORKBASKET_SERVICE
.createWorkbasketQuery() .createWorkbasketQuery()
.accessIdsHavePermission(WorkbasketPermission.APPEND, "user-1-1") .accessIdsHavePermissions(List.of(WorkbasketPermission.APPEND), "user-1-1")
.list(); .list();
assertThat(results).hasSize(1); assertThat(results).hasSize(1);
assertThat(results.get(0).getKey()).isEqualTo("USER-1-1"); assertThat(results.get(0).getKey()).isEqualTo("USER-1-1");
} }
@WithAccessId(user = "businessadmin")
@Test
void should_GetAllTransferTargetsForUser_When_QueryingForMultiplePermissions() throws Exception {
List<WorkbasketSummary> results =
WORKBASKET_SERVICE
.createWorkbasketQuery()
.accessIdsHavePermissions(
List.of(WorkbasketPermission.APPEND, WorkbasketPermission.DISTRIBUTE), "teamlead-1")
.list();
assertThat(results)
.extracting(WorkbasketSummary::getKey)
.hasSize(2)
.containsExactlyInAnyOrder("GPK_KSC", "TEAMLEAD-1");
}
@WithAccessId(user = "unknownuser") @WithAccessId(user = "unknownuser")
@Test @Test
void testQueryAllTransferTargetsForUserNotAuthorized() { void should_ThrowNotAuthorizedException_When_QueryingWithUnknownUser() {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
ThrowingCallable call = ThrowingCallable call =
() -> { () ->
workbasketService WORKBASKET_SERVICE
.createWorkbasketQuery() .createWorkbasketQuery()
.accessIdsHavePermission(WorkbasketPermission.APPEND, "user-1-1") .accessIdsHavePermissions(List.of(WorkbasketPermission.APPEND), "user-1-1")
.list(); .list();
};
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class); assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
} }
@WithAccessId(user = "businessadmin") @WithAccessId(user = "businessadmin")
@Test @Test
void testQueryAllTransferTargetsForUserAndGroup() throws Exception { void should_GetAllTransferTargetsForUserAndGroup_When_QueryingForSinglePermission()
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); throws Exception {
List<WorkbasketSummary> results = List<WorkbasketSummary> results =
workbasketService WORKBASKET_SERVICE
.createWorkbasketQuery() .createWorkbasketQuery()
.accessIdsHavePermission(WorkbasketPermission.APPEND, "user-1-1", GROUP_1_DN) .accessIdsHavePermissions(List.of(WorkbasketPermission.APPEND), "user-1-1", GROUP_1_DN)
.list(); .list();
assertThat(results).hasSize(6); assertThat(results).hasSize(6);
} }
@WithAccessId(user = "businessadmin") @WithAccessId(user = "businessadmin")
@Test @Test
void testQueryAllTransferTargetsForUserAndGroupSortedByNameAscending() throws Exception { void should_GetAllTransferTargetsForUserAndGroup_When_QueryingForMultiplePermissions()
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); throws Exception {
List<WorkbasketSummary> results = List<WorkbasketSummary> results =
workbasketService WORKBASKET_SERVICE
.createWorkbasketQuery() .createWorkbasketQuery()
.accessIdsHavePermission(WorkbasketPermission.APPEND, "user-1-1", GROUP_1_DN) .accessIdsHavePermissions(
.orderByName(asc) List.of(WorkbasketPermission.APPEND, WorkbasketPermission.OPEN),
"user-1-1",
GROUP_1_DN)
.list(); .list();
assertThat(results).hasSize(4);
}
@WithAccessId(user = "businessadmin")
@Test
void should_GetAllTransferTargetsForUserAndGroup_When_QueryingForSortedByNameAscending()
throws Exception {
List<WorkbasketSummary> results =
WORKBASKET_SERVICE
.createWorkbasketQuery()
.accessIdsHavePermissions(List.of(WorkbasketPermission.APPEND), "user-1-1", GROUP_1_DN)
.orderByName(SortDirection.ASCENDING)
.list();
assertThat(results).hasSize(6); assertThat(results).hasSize(6);
assertThat(results.get(0).getKey()).isEqualTo("GPK_KSC_1"); assertThat(results.get(0).getKey()).isEqualTo("GPK_KSC_1");
} }
@WithAccessId(user = "businessadmin") @WithAccessId(user = "businessadmin")
@Test @Test
void testQueryAllTransferTargetsForUserAndGroupSortedByNameDescending() throws Exception { void should_GetAllTransferTargetsForUserAndGroup_When_QueryingForSortedByNameDescending()
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); throws Exception {
List<WorkbasketSummary> results = List<WorkbasketSummary> results =
workbasketService WORKBASKET_SERVICE
.createWorkbasketQuery() .createWorkbasketQuery()
.accessIdsHavePermission(WorkbasketPermission.APPEND, "user-1-1", GROUP_1_DN) .accessIdsHavePermissions(List.of(WorkbasketPermission.APPEND), "user-1-1", GROUP_1_DN)
.orderByName(desc) .orderByName(SortDirection.DESCENDING)
.orderByKey(asc) .orderByKey(SortDirection.ASCENDING)
.list(); .list();
assertThat(results).hasSize(6); assertThat(results).hasSize(6);
assertThat(results.get(0).getKey()).isEqualTo("USER-2-2"); assertThat(results.get(0).getKey()).isEqualTo("USER-2-2");
} }
@WithAccessId(user = "businessadmin") @WithAccessId(user = "businessadmin")
@Test @Test
void testQueryAllTransferSourcesForUserAndGroup() throws Exception { void should_GetAllTransferSourcesForUserAndGroup_When_QueryingForSinglePermission()
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); throws Exception {
List<WorkbasketSummary> results = List<WorkbasketSummary> results =
workbasketService WORKBASKET_SERVICE
.createWorkbasketQuery() .createWorkbasketQuery()
.accessIdsHavePermission(WorkbasketPermission.DISTRIBUTE, "user-1-1", GROUP_1_DN) .accessIdsHavePermissions(
List.of(WorkbasketPermission.DISTRIBUTE), "user-1-1", GROUP_1_DN)
.list(); .list();
assertThat(results) assertThat(results)
@ -112,51 +145,83 @@ class QueryWorkbasketByPermissionAccTest extends AbstractAccTest {
.containsExactlyInAnyOrder("GPK_KSC_1", "USER-1-1"); .containsExactlyInAnyOrder("GPK_KSC_1", "USER-1-1");
} }
@WithAccessId(user = "user-1-1", groups = GROUP_1_DN) // endregion
@Test
void testQueryAllTransferTargetsForUserAndGroupFromSubject() { // region callerHasPermission
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
List<WorkbasketSummary> results =
workbasketService
.createWorkbasketQuery()
.callerHasPermission(WorkbasketPermission.APPEND)
.list();
assertThat(results).hasSize(6);
}
@WithAccessId(user = "user-1-1") @WithAccessId(user = "user-1-1")
@Test @Test
void testQueryAllAvailableWorkbasketForOpeningForUserAndGroupFromSubject() { void should_GetAllTransferTargetsForSubjectUser_When_QueryingForSinglePermission() {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
List<WorkbasketSummary> results = List<WorkbasketSummary> results =
workbasketService WORKBASKET_SERVICE
.createWorkbasketQuery() .createWorkbasketQuery()
.callerHasPermission(WorkbasketPermission.READ) .callerHasPermissions(WorkbasketPermission.READ)
.list(); .list();
assertThat(results).hasSize(1); assertThat(results).hasSize(1);
} }
@WithAccessId(user = "teamlead-1") @WithAccessId(user = "teamlead-1")
@Test @Test
void testConsiderBusinessAdminPermissionsWhileQueryingWorkbaskets() { void should_GetAllTransferTargetsForSubjectUser_When_QueryingForMultiplePermission() {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
List<WorkbasketSummary> results = List<WorkbasketSummary> results =
workbasketService WORKBASKET_SERVICE
.createWorkbasketQuery() .createWorkbasketQuery()
.callerHasPermission(WorkbasketPermission.OPEN) .callerHasPermissions(WorkbasketPermission.READ, WorkbasketPermission.OPEN)
.list(); .list();
assertThat(results).hasSize(3); assertThat(results).hasSize(3);
} }
@WithAccessId(user = "admin") @WithAccessId(user = "user-1-1", groups = GROUP_1_DN)
@Test @Test
void testSkipAuthorizationCheckForAdminWhileQueryingWorkbaskets() { void should_GetAllTransferTargetsForSubjectUserAndGroup_When_QueryingForSinglePermission() {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
List<WorkbasketSummary> results = List<WorkbasketSummary> results =
workbasketService WORKBASKET_SERVICE
.createWorkbasketQuery() .createWorkbasketQuery()
.callerHasPermission(WorkbasketPermission.OPEN) .callerHasPermissions(WorkbasketPermission.APPEND)
.list(); .list();
assertThat(results).hasSize(6);
}
@WithAccessId(user = "user-1-1", groups = GROUP_1_DN)
@Test
void should_GetAllTransferTargetsForSubjectUserAndGroup_When_QueryingForMultiplePermissions() {
List<WorkbasketSummary> results =
WORKBASKET_SERVICE
.createWorkbasketQuery()
.callerHasPermissions(WorkbasketPermission.APPEND, WorkbasketPermission.OPEN)
.list();
assertThat(results).hasSize(4);
}
@WithAccessId(user = "businessadmin")
@Test
void should_ConsiderBusinessAdminPermissions_When_QueryingWorkbaskets() {
List<WorkbasketSummary> filteredWorkbaskets =
WORKBASKET_SERVICE
.createWorkbasketQuery()
.callerHasPermissions(WorkbasketPermission.OPEN)
.list();
assertThat(filteredWorkbaskets).isEmpty();
}
@WithAccessId(user = "admin")
@WithAccessId(user = "taskadmin")
@TestTemplate
void should_SkipAuthorizationCheckForAdmin_When_QueryingWorkbaskets() {
List<WorkbasketSummary> results =
WORKBASKET_SERVICE
.createWorkbasketQuery()
.callerHasPermissions(WorkbasketPermission.OPEN)
.list();
assertThat(results).hasSize(26); assertThat(results).hasSize(26);
} }
// endregion
} }

20
lib/taskana-core/src/test/java/acceptance/workbasket/query/WorkbasketQueryAccTest.java
View File

@ -20,10 +20,6 @@ import pro.taskana.workbasket.api.models.WorkbasketSummary;
@ExtendWith(JaasExtension.class) @ExtendWith(JaasExtension.class)
class WorkbasketQueryAccTest extends AbstractAccTest { class WorkbasketQueryAccTest extends AbstractAccTest {
WorkbasketQueryAccTest() {
super();
}
@Test @Test
void testQueryWorkbasketByUnauthenticated() { void testQueryWorkbasketByUnauthenticated() {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
@ -35,8 +31,8 @@ class WorkbasketQueryAccTest extends AbstractAccTest {
workbasketService workbasketService
.createWorkbasketQuery() .createWorkbasketQuery()
.nameLike("%") .nameLike("%")
.accessIdsHavePermission( .accessIdsHavePermissions(
WorkbasketPermission.TRANSFER, "teamlead-1", GROUP_1_DN, GROUP_2_DN) List.of(WorkbasketPermission.TRANSFER), "teamlead-1", GROUP_1_DN, GROUP_2_DN)
.list(); .list();
}; };
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class); assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
@ -54,8 +50,8 @@ class WorkbasketQueryAccTest extends AbstractAccTest {
workbasketService workbasketService
.createWorkbasketQuery() .createWorkbasketQuery()
.nameLike("%") .nameLike("%")
.accessIdsHavePermission( .accessIdsHavePermissions(
WorkbasketPermission.TRANSFER, "teamlead-1", GROUP_1_DN, GROUP_2_DN) List.of(WorkbasketPermission.TRANSFER), "teamlead-1", GROUP_1_DN, GROUP_2_DN)
.list(); .list();
}; };
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class); assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
@ -73,8 +69,8 @@ class WorkbasketQueryAccTest extends AbstractAccTest {
workbasketService workbasketService
.createWorkbasketQuery() .createWorkbasketQuery()
.nameLike("%") .nameLike("%")
.accessIdsHavePermission( .accessIdsHavePermissions(
WorkbasketPermission.TRANSFER, "teamlead-1", GROUP_1_DN, GROUP_2_DN) List.of(WorkbasketPermission.TRANSFER), "teamlead-1", GROUP_1_DN, GROUP_2_DN)
.list(); .list();
assertThat(results).hasSize(13); assertThat(results).hasSize(13);
@ -92,8 +88,8 @@ class WorkbasketQueryAccTest extends AbstractAccTest {
workbasketService workbasketService
.createWorkbasketQuery() .createWorkbasketQuery()
.nameLike("%") .nameLike("%")
.accessIdsHavePermission( .accessIdsHavePermissions(
WorkbasketPermission.TRANSFER, "teamlead-1", GROUP_1_DN, GROUP_2_DN) List.of(WorkbasketPermission.TRANSFER), "teamlead-1", GROUP_1_DN, GROUP_2_DN)
.list(); .list();
assertThat(results).hasSize(13); assertThat(results).hasSize(13);

6
rest/taskana-rest-spring/src/main/java/pro/taskana/workbasket/rest/WorkbasketQueryFilterParameter.java
View File

@ -65,7 +65,7 @@ public class WorkbasketQueryFilterParameter implements QueryParameter<Workbasket
/** Filter by the required permission for the Workbasket. */ /** Filter by the required permission for the Workbasket. */
@JsonProperty("required-permission") @JsonProperty("required-permission")
private final WorkbasketPermission requiredPermissions; private final WorkbasketPermission[] requiredPermissions;
@SuppressWarnings("indentation") @SuppressWarnings("indentation")
@ConstructorProperties({ @ConstructorProperties({
@ -90,7 +90,7 @@ public class WorkbasketQueryFilterParameter implements QueryParameter<Workbasket
String[] descriptionLike, String[] descriptionLike,
String[] domain, String[] domain,
WorkbasketType[] type, WorkbasketType[] type,
WorkbasketPermission requiredPermissions) { WorkbasketPermission[] requiredPermissions) {
this.name = name; this.name = name;
this.nameLike = nameLike; this.nameLike = nameLike;
this.key = key; this.key = key;
@ -118,7 +118,7 @@ public class WorkbasketQueryFilterParameter implements QueryParameter<Workbasket
.ifPresent(query::descriptionLike); .ifPresent(query::descriptionLike);
Optional.ofNullable(domain).ifPresent(query::domainIn); Optional.ofNullable(domain).ifPresent(query::domainIn);
Optional.ofNullable(type).ifPresent(query::typeIn); Optional.ofNullable(type).ifPresent(query::typeIn);
Optional.ofNullable(requiredPermissions).ifPresent(query::callerHasPermission); Optional.ofNullable(requiredPermissions).ifPresent(query::callerHasPermissions);
return null; return null;
} }
} }

8
rest/taskana-rest-spring/src/test/java/pro/taskana/workbasket/rest/WorkbasketControllerIntTest.java
View File

@ -6,8 +6,8 @@ import static pro.taskana.common.test.rest.RestHelper.TEMPLATE;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.net.URLDecoder; import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.time.Instant; import java.time.Instant;
import java.util.Optional;
import org.assertj.core.api.ThrowableAssert.ThrowingCallable; import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -51,15 +51,13 @@ class WorkbasketControllerIntTest {
ResponseEntity<WorkbasketRepresentationModel> response = ResponseEntity<WorkbasketRepresentationModel> response =
TEMPLATE.exchange( TEMPLATE.exchange(
URLDecoder.decode(url, "UTF-8"), URLDecoder.decode(url, StandardCharsets.UTF_8),
HttpMethod.GET, HttpMethod.GET,
auth, auth,
ParameterizedTypeReference.forType(WorkbasketRepresentationModel.class)); ParameterizedTypeReference.forType(WorkbasketRepresentationModel.class));
assertThat(response.getBody()).isNotNull(); assertThat(response.getBody()).isNotNull();
assertThat(response.getBody().getLink(IanaLinkRelations.SELF)).isNotNull(); assertThat(response.getBody().getLink(IanaLinkRelations.SELF)).contains(Link.of(url));
assertThat(response.getBody().getLink(IanaLinkRelations.SELF))
.isEqualTo(Optional.of(Link.of(url)));
assertThat(response.getHeaders().getContentType()).isEqualTo(MediaTypes.HAL_JSON); assertThat(response.getHeaders().getContentType()).isEqualTo(MediaTypes.HAL_JSON);
} }