nosu
/
taskana
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Task-Admin now allowed to get DistributionTargets

This commit is contained in:
Jörg Heffner 2020-04-29 15:32:13 +02:00
parent baf794518c
commit b84f652a54
4 changed files with 99 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java
View File

@ -41,7 +41,9 @@ import pro.taskana.workbasket.internal.models.WorkbasketAccessItemImpl;
import pro.taskana.workbasket.internal.models.WorkbasketImpl;
import pro.taskana.workbasket.internal.models.WorkbasketSummaryImpl;
/** This is the implementation of WorkbasketService. */
/**
* This is the implementation of WorkbasketService.
*/
public class WorkbasketServiceImpl implements WorkbasketService {
private static final Logger LOGGER = LoggerFactory.getLogger(WorkbasketServiceImpl.class);
@ -76,8 +78,9 @@ public class WorkbasketServiceImpl implements WorkbasketService {
workbasketId, "Workbasket with id " + workbasketId + " was not found.");
}
if (!taskanaEngine
.getEngine()
.isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN, TaskanaRole.TASK_ADMIN)) {
.getEngine()
.isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN,
TaskanaRole.TASK_ADMIN)) {
this.checkAuthorization(workbasketId, WorkbasketPermission.READ);
}
return result;
@ -102,8 +105,9 @@ public class WorkbasketServiceImpl implements WorkbasketService {
"Workbasket with key " + workbasketKey + " and domain " + domain + " was not found.");
}
if (!taskanaEngine
.getEngine()
.isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN, TaskanaRole.TASK_ADMIN)) {
.getEngine()
.isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN,
TaskanaRole.TASK_ADMIN)) {
this.checkAuthorization(workbasketKey, domain, WorkbasketPermission.READ);
}
return result;
@ -116,7 +120,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
@Override
public Workbasket createWorkbasket(Workbasket newWorkbasket)
throws InvalidWorkbasketException, NotAuthorizedException, WorkbasketAlreadyExistException,
DomainNotFoundException {
DomainNotFoundException {
LOGGER.debug("entry to createtWorkbasket(workbasket)", newWorkbasket);
taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
@ -205,7 +209,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
@Override
public WorkbasketAccessItem createWorkbasketAccessItem(WorkbasketAccessItem workbasketAccessItem)
throws InvalidArgumentException, NotAuthorizedException, WorkbasketNotFoundException,
WorkbasketAccessItemAlreadyExistException {
WorkbasketAccessItemAlreadyExistException {
LOGGER.debug(
"entry to createWorkbasketAccessItemn(workbasketAccessItem = {})", workbasketAccessItem);
taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
@ -214,8 +218,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
taskanaEngine.openConnection();
accessItem.setId(IdGenerator.generateWithPrefix(ID_PREFIX_WORKBASKET_AUTHORIZATION));
if (workbasketAccessItem.getId() == null
|| workbasketAccessItem.getAccessId() == null
|| workbasketAccessItem.getWorkbasketId() == null) {
|| workbasketAccessItem.getAccessId() == null
|| workbasketAccessItem.getWorkbasketId() == null) {
throw new InvalidArgumentException(
String.format(
"Checking the preconditions of the current "
@ -242,7 +246,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
"SQLCODE=-803", // DB2
"uc_accessid_wbid", // POSTGRES
"UC_ACCESSID_WBID_INDEX_E" // H2
);
);
if (accessItemExistsIdentifier.anyMatch(e.getMessage()::contains)) {
throw new WorkbasketAccessItemAlreadyExistException(accessItem);
}
@ -269,9 +273,9 @@ public class WorkbasketServiceImpl implements WorkbasketService {
WorkbasketAccessItem originalItem = workbasketAccessMapper.findById(accessItem.getId());
if ((originalItem.getAccessId() != null
&& !originalItem.getAccessId().equals(accessItem.getAccessId()))
|| (originalItem.getWorkbasketId() != null
&& !originalItem.getWorkbasketId().equals(accessItem.getWorkbasketId()))) {
&& !originalItem.getAccessId().equals(accessItem.getAccessId()))
|| (originalItem.getWorkbasketId() != null
&& !originalItem.getWorkbasketId().equals(accessItem.getWorkbasketId()))) {
throw new InvalidArgumentException(
"AccessId and WorkbasketId must not be changed in updateWorkbasketAccessItem calls");
}
@ -435,7 +439,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
public void setWorkbasketAccessItems(
String workbasketId, List<WorkbasketAccessItem> wbAccessItems)
throws InvalidArgumentException, NotAuthorizedException,
WorkbasketAccessItemAlreadyExistException {
WorkbasketAccessItemAlreadyExistException {
LOGGER.debug(
"entry to setWorkbasketAccessItems(workbasketAccessItems = {})", wbAccessItems.toString());
taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
@ -514,7 +518,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
taskanaEngine.openConnection();
// check that source workbasket exists
getWorkbasket(workbasketId);
if (!taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN)) {
if (!taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN,
TaskanaRole.TASK_ADMIN)) {
checkAuthorization(workbasketId, WorkbasketPermission.READ);
}
List<WorkbasketSummaryImpl> distributionTargets =
@ -543,7 +548,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
taskanaEngine.openConnection();
// check that source workbasket exists
Workbasket workbasket = getWorkbasket(workbasketKey, domain);
if (!taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN)) {
if (!taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN,
TaskanaRole.TASK_ADMIN)) {
checkAuthorization(workbasket.getId(), WorkbasketPermission.READ);
}
List<WorkbasketSummaryImpl> distributionTargets =
@ -690,7 +696,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
@Override
public boolean deleteWorkbasket(String workbasketId)
throws NotAuthorizedException, WorkbasketNotFoundException, WorkbasketInUseException,
InvalidArgumentException {
InvalidArgumentException {
LOGGER.debug("entry to deleteWorkbasket(workbasketId = {})", workbasketId);
taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
@ -862,9 +868,9 @@ public class WorkbasketServiceImpl implements WorkbasketService {
/**
* Check if current workbasket is based on the newest (by modified).
*
* @param oldWorkbasket the old workbasket in the system
* @param oldWorkbasket the old workbasket in the system
* @param workbasketImplToUpdate the workbasket to update
* @throws ConcurrencyException if the workbasket has been modified by some other process.
* @throws ConcurrencyException if the workbasket has been modified by some other process.
* @throws WorkbasketNotFoundException if the given workbasket does not exist.
*/
void checkModifiedHasNotChanged(Workbasket oldWorkbasket, WorkbasketImpl workbasketImplToUpdate)
@ -891,21 +897,21 @@ public class WorkbasketServiceImpl implements WorkbasketService {
private long getCountTasksByWorkbasketId(String workbasketId) {
return taskanaEngine
.getEngine()
.getTaskService()
.createTaskQuery()
.workbasketIdIn(workbasketId)
.count();
.getEngine()
.getTaskService()
.createTaskQuery()
.workbasketIdIn(workbasketId)
.count();
}
private long getCountTasksNotCompletedByWorkbasketId(String workbasketId) {
return taskanaEngine
.getEngine()
.getTaskService()
.createTaskQuery()
.workbasketIdIn(workbasketId)
.stateNotIn(TaskState.COMPLETED, TaskState.TERMINATED, TaskState.CANCELLED)
.count();
.getEngine()
.getTaskService()
.createTaskQuery()
.workbasketIdIn(workbasketId)
.stateNotIn(TaskState.COMPLETED, TaskState.TERMINATED, TaskState.CANCELLED)
.count();
}
private boolean skipAuthorizationCheck(WorkbasketPermission... requestedPermissions) {

63
lib/taskana-core/src/test/java/acceptance/task/UpdateTaskAccTest.java
View File

@ -1,6 +1,7 @@
package acceptance.task;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatCode;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import acceptance.AbstractAccTest;
@ -10,6 +11,7 @@ import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestTemplate;
import org.junit.jupiter.api.extension.ExtendWith;
@ -32,7 +34,9 @@ import pro.taskana.task.api.models.Task;
import pro.taskana.task.internal.models.TaskImpl;
import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
/** Acceptance test for all "update task" scenarios. */
/**
* Acceptance test for all "update task" scenarios.
*/
@ExtendWith(JaasExtension.class)
class UpdateTaskAccTest extends AbstractAccTest {
@ -44,8 +48,8 @@ class UpdateTaskAccTest extends AbstractAccTest {
@Test
void should_UpdatePrimaryObjectReferenceOfTask_When_Requested()
throws NotAuthorizedException, InvalidArgumentException, ClassificationNotFoundException,
TaskNotFoundException, ConcurrencyException, AttachmentPersistenceException,
InvalidStateException {
TaskNotFoundException, ConcurrencyException, AttachmentPersistenceException,
InvalidStateException {
TaskService taskService = taskanaEngine.getTaskService();
Task task = taskService.getTask("TKI:000000000000000000000000000000000000");
@ -113,8 +117,8 @@ class UpdateTaskAccTest extends AbstractAccTest {
@Test
void should_ThrowException_When_TaskHasAlreadyBeenUpdated()
throws NotAuthorizedException, InvalidArgumentException, ClassificationNotFoundException,
TaskNotFoundException, ConcurrencyException, AttachmentPersistenceException,
InvalidStateException, InterruptedException {
TaskNotFoundException, ConcurrencyException, AttachmentPersistenceException,
InvalidStateException, InterruptedException {
TaskService taskService = taskanaEngine.getTaskService();
Task task = taskService.getTask("TKI:000000000000000000000000000000000000");
@ -134,6 +138,22 @@ class UpdateTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "taskadmin")
@TestTemplate
void should_UpdateTask_When_NoExplicitPermissionsButUserIsInAdministrativeRole()
throws NotAuthorizedException, TaskNotFoundException {
TaskService taskService = taskanaEngine.getTaskService();
Task task = taskService.getTask("TKI:000000000000000000000000000000000000");
final ClassificationSummary classificationSummary = task.getClassificationSummary();
task.setClassificationKey("T2100");
ThrowingCallable updateTaskCall = () -> {
taskService.updateTask(task);
};
assertThatCode(updateTaskCall).doesNotThrowAnyException();
}
@WithAccessId(user = "user_1_1", groups = "group_1")
@Test
void should_UpdateTaskProperties_When_ClassificationOfTaskIsChanged()
throws TaskNotFoundException, ClassificationNotFoundException, InvalidArgumentException,
ConcurrencyException, NotAuthorizedException, AttachmentPersistenceException,
InvalidStateException, SQLException {
@ -152,31 +172,6 @@ class UpdateTaskAccTest extends AbstractAccTest {
assertThat(task.getPlanned()).isEqualTo(updatedTask.getPlanned());
assertThat(task.getName()).isEqualTo(updatedTask.getName());
assertThat(task.getDescription()).isEqualTo(updatedTask.getDescription());
resetDb(false); // classification of task TKI:0..00 was changed...
}
@WithAccessId(user = "user_1_1", groups = "group_1")
@Test
void should_UpdateTaskProperties_When_ClassificationOfTaskIsChanged()
throws TaskNotFoundException, ClassificationNotFoundException, InvalidArgumentException,
ConcurrencyException, NotAuthorizedException, AttachmentPersistenceException,
InvalidStateException, SQLException {
TaskService taskService = taskanaEngine.getTaskService();
Task task = taskService.getTask("TKI:000000000000000000000000000000000000");
final ClassificationSummary classificationSummary = task.getClassificationSummary();
task.setClassificationKey("T2100");
Task updatedTask = taskService.updateTask(task);
updatedTask = taskService.getTask(updatedTask.getId());
assertThat(updatedTask).isNotNull();
assertThat(updatedTask.getClassificationSummary().getKey()).isEqualTo("T2100");
assertThat(updatedTask.getClassificationSummary()).isNotEqualTo(classificationSummary);
assertThat(updatedTask.getCreated()).isNotEqualTo(updatedTask.getModified());
assertThat(task.getPlanned()).isEqualTo(updatedTask.getPlanned());
assertThat(task.getName()).isEqualTo(updatedTask.getName());
assertThat(task.getDescription()).isEqualTo(updatedTask.getDescription());
resetDb(false); // classification of task TKI:0..00 was changed...
}
@WithAccessId(user = "user_1_2", groups = "group_1")
@ -206,8 +201,8 @@ class UpdateTaskAccTest extends AbstractAccTest {
@Test
void should_UpdateTask_When_CustomPropertiesOfTaskWereChanged()
throws TaskNotFoundException, ClassificationNotFoundException, InvalidArgumentException,
ConcurrencyException, NotAuthorizedException, AttachmentPersistenceException,
InvalidStateException {
ConcurrencyException, NotAuthorizedException, AttachmentPersistenceException,
InvalidStateException {
TaskService taskService = taskanaEngine.getTaskService();
Task task = taskService.getTask("TKI:000000000000000000000000000000000000");
task.setCustomAttribute("1", "T2100");
@ -311,8 +306,8 @@ class UpdateTaskAccTest extends AbstractAccTest {
@Test
void should_UpdateCallbackInfo_When_RequestedByApi()
throws WorkbasketNotFoundException, ClassificationNotFoundException, NotAuthorizedException,
TaskAlreadyExistException, InvalidArgumentException, TaskNotFoundException,
ConcurrencyException, AttachmentPersistenceException, InvalidStateException {
TaskAlreadyExistException, InvalidArgumentException, TaskNotFoundException,
ConcurrencyException, AttachmentPersistenceException, InvalidStateException {
TaskService taskService = taskanaEngine.getTaskService();
Task newTask = taskService.newTask("USER_1_1", "DOMAIN_A");

9
lib/taskana-core/src/test/java/acceptance/workbasket/DeleteWorkbasketAuthorizationsAccTest.java
View File

@ -11,7 +11,6 @@ import pro.taskana.common.api.exceptions.NotAuthorizedException;
import pro.taskana.security.JaasExtension;
import pro.taskana.security.WithAccessId;
import pro.taskana.workbasket.api.WorkbasketService;
import pro.taskana.workbasket.api.models.WorkbasketAccessItem;
/**
* Acceptance test for all "delete workbasket authorizations" scenarios.
@ -33,15 +32,9 @@ public class DeleteWorkbasketAuthorizationsAccTest extends AbstractAccTest {
assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class);
WorkbasketAccessItem workbasketAccessItem =
workbasketService.newWorkbasketAccessItem(
"WBI:100000000000000000000000000000000008", "newAccessIdForUpdate");
workbasketAccessItem.setPermCustom1(true);
deleteWorkbasketAccessItemCall =
() -> {
workbasketService.deleteWorkbasketAccessItem(workbasketAccessItem.getId());
workbasketService.deleteWorkbasketAccessItem("WAI:100000000000000000000000000000000001");
};
assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class);

40
lib/taskana-core/src/test/java/acceptance/workbasket/DistributionTargetsAccTest.java
View File

@ -24,7 +24,9 @@ import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
import pro.taskana.workbasket.api.models.Workbasket;
import pro.taskana.workbasket.api.models.WorkbasketSummary;
/** Acceptance test for all "get workbasket" scenarios. */
/**
* Acceptance test for all "get workbasket" scenarios.
*/
@ExtendWith(JaasExtension.class)
class DistributionTargetsAccTest extends AbstractAccTest {
@ -110,6 +112,22 @@ class DistributionTargetsAccTest extends AbstractAccTest {
assertThat(beforeCount).isEqualTo(afterCount);
}
@WithAccessId(user = "admin")
@WithAccessId(user = "businessadmin")
@WithAccessId(user = "taskadmin")
@TestTemplate
void should_ReturnDistributionTargets_When_NoExplicitPermissionsButUserIsInAdministrativeRole()
throws NotAuthorizedException, WorkbasketNotFoundException {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
String existingWb = "WBI:100000000000000000000000000000000001";
List<WorkbasketSummary> distributionTargets = workbasketService
.getDistributionTargets(existingWb);
assertThat(distributionTargets).hasSize(4);
}
@WithAccessId(user = "user_1_1", groups = "group_1")
@WithAccessId(user = "taskadmin")
@TestTemplate
@ -118,12 +136,6 @@ class DistributionTargetsAccTest extends AbstractAccTest {
String existingWb = "WBI:100000000000000000000000000000000001";
ThrowingCallable call =
() -> {
workbasketService.getDistributionTargets(existingWb);
};
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
call =
() -> {
workbasketService.setDistributionTargets(
existingWb, Collections.singletonList("WBI:100000000000000000000000000000000002"));
@ -145,6 +157,20 @@ class DistributionTargetsAccTest extends AbstractAccTest {
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "user_1_1")
@Test
void should_ThrowException_When_UserTriesToGetDistributionTargetsAndRoleIsNotAdministrative() {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
String existingWb = "WBI:100000000000000000000000000000000001";
ThrowingCallable getDistributionTargetsCall =
() -> {
workbasketService.getDistributionTargets(existingWb);
};
assertThatThrownBy(getDistributionTargetsCall).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(
user = "user_2_2",
groups = {"group_1", "group_2", "businessadmin"})