Task-Admin now allowed to get DistributionTargets
This commit is contained in:
Jörg Heffner
parent
baf794518c
commit
b84f652a54
|
|
@ -41,7 +41,9 @@ import pro.taskana.workbasket.internal.models.WorkbasketAccessItemImpl;
|
|||
import pro.taskana.workbasket.internal.models.WorkbasketImpl;
|
||||
import pro.taskana.workbasket.internal.models.WorkbasketSummaryImpl;
|
||||
|
||||
/** This is the implementation of WorkbasketService. */
|
||||
/**
|
||||
* This is the implementation of WorkbasketService.
|
||||
*/
|
||||
public class WorkbasketServiceImpl implements WorkbasketService {
|
||||
|
||||
private static final Logger LOGGER = LoggerFactory.getLogger(WorkbasketServiceImpl.class);
|
||||
|
|
@ -77,7 +79,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
|
|||
}
|
||||
if (!taskanaEngine
|
||||
.getEngine()
|
||||
.isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN, TaskanaRole.TASK_ADMIN)) {
|
||||
.isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN,
|
||||
TaskanaRole.TASK_ADMIN)) {
|
||||
this.checkAuthorization(workbasketId, WorkbasketPermission.READ);
|
||||
}
|
||||
return result;
|
||||
|
|
@ -103,7 +106,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
|
|||
}
|
||||
if (!taskanaEngine
|
||||
.getEngine()
|
||||
.isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN, TaskanaRole.TASK_ADMIN)) {
|
||||
.isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN,
|
||||
TaskanaRole.TASK_ADMIN)) {
|
||||
this.checkAuthorization(workbasketKey, domain, WorkbasketPermission.READ);
|
||||
}
|
||||
return result;
|
||||
|
|
@ -514,7 +518,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
|
|||
taskanaEngine.openConnection();
|
||||
// check that source workbasket exists
|
||||
getWorkbasket(workbasketId);
|
||||
if (!taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN)) {
|
||||
if (!taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN,
|
||||
TaskanaRole.TASK_ADMIN)) {
|
||||
checkAuthorization(workbasketId, WorkbasketPermission.READ);
|
||||
}
|
||||
List<WorkbasketSummaryImpl> distributionTargets =
|
||||
|
|
@ -543,7 +548,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
|
|||
taskanaEngine.openConnection();
|
||||
// check that source workbasket exists
|
||||
Workbasket workbasket = getWorkbasket(workbasketKey, domain);
|
||||
if (!taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN)) {
|
||||
if (!taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN,
|
||||
TaskanaRole.TASK_ADMIN)) {
|
||||
checkAuthorization(workbasket.getId(), WorkbasketPermission.READ);
|
||||
}
|
||||
List<WorkbasketSummaryImpl> distributionTargets =
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package acceptance.task;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatCode;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
|
||||
import acceptance.AbstractAccTest;
|
||||
|
|
@ -10,6 +11,7 @@ import java.util.Arrays;
|
|||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.TestTemplate;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
|
|
@ -32,7 +34,9 @@ import pro.taskana.task.api.models.Task;
|
|||
import pro.taskana.task.internal.models.TaskImpl;
|
||||
import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
|
||||
|
||||
/** Acceptance test for all "update task" scenarios. */
|
||||
/**
|
||||
* Acceptance test for all "update task" scenarios.
|
||||
*/
|
||||
@ExtendWith(JaasExtension.class)
|
||||
class UpdateTaskAccTest extends AbstractAccTest {
|
||||
|
||||
|
|
@ -134,25 +138,17 @@ class UpdateTaskAccTest extends AbstractAccTest {
|
|||
@WithAccessId(user = "taskadmin")
|
||||
@TestTemplate
|
||||
void should_UpdateTask_When_NoExplicitPermissionsButUserIsInAdministrativeRole()
|
||||
throws TaskNotFoundException, ClassificationNotFoundException, InvalidArgumentException,
|
||||
ConcurrencyException, NotAuthorizedException, AttachmentPersistenceException,
|
||||
InvalidStateException, SQLException {
|
||||
throws NotAuthorizedException, TaskNotFoundException {
|
||||
|
||||
TaskService taskService = taskanaEngine.getTaskService();
|
||||
Task task = taskService.getTask("TKI:000000000000000000000000000000000000");
|
||||
final ClassificationSummary classificationSummary = task.getClassificationSummary();
|
||||
task.setClassificationKey("T2100");
|
||||
Task updatedTask = taskService.updateTask(task);
|
||||
updatedTask = taskService.getTask(updatedTask.getId());
|
||||
ThrowingCallable updateTaskCall = () -> {
|
||||
taskService.updateTask(task);
|
||||
};
|
||||
assertThatCode(updateTaskCall).doesNotThrowAnyException();
|
||||
|
||||
assertThat(updatedTask).isNotNull();
|
||||
assertThat(updatedTask.getClassificationSummary().getKey()).isEqualTo("T2100");
|
||||
assertThat(updatedTask.getClassificationSummary()).isNotEqualTo(classificationSummary);
|
||||
assertThat(updatedTask.getCreated()).isNotEqualTo(updatedTask.getModified());
|
||||
assertThat(task.getPlanned()).isEqualTo(updatedTask.getPlanned());
|
||||
assertThat(task.getName()).isEqualTo(updatedTask.getName());
|
||||
assertThat(task.getDescription()).isEqualTo(updatedTask.getDescription());
|
||||
resetDb(false); // classification of task TKI:0..00 was changed...
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user_1_1", groups = "group_1")
|
||||
|
|
@ -176,7 +172,6 @@ class UpdateTaskAccTest extends AbstractAccTest {
|
|||
assertThat(task.getPlanned()).isEqualTo(updatedTask.getPlanned());
|
||||
assertThat(task.getName()).isEqualTo(updatedTask.getName());
|
||||
assertThat(task.getDescription()).isEqualTo(updatedTask.getDescription());
|
||||
resetDb(false); // classification of task TKI:0..00 was changed...
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user_1_2", groups = "group_1")
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ import pro.taskana.common.api.exceptions.NotAuthorizedException;
|
|||
import pro.taskana.security.JaasExtension;
|
||||
import pro.taskana.security.WithAccessId;
|
||||
import pro.taskana.workbasket.api.WorkbasketService;
|
||||
import pro.taskana.workbasket.api.models.WorkbasketAccessItem;
|
||||
|
||||
/**
|
||||
* Acceptance test for all "delete workbasket authorizations" scenarios.
|
||||
|
|
@ -33,15 +32,9 @@ public class DeleteWorkbasketAuthorizationsAccTest extends AbstractAccTest {
|
|||
|
||||
assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class);
|
||||
|
||||
WorkbasketAccessItem workbasketAccessItem =
|
||||
workbasketService.newWorkbasketAccessItem(
|
||||
"WBI:100000000000000000000000000000000008", "newAccessIdForUpdate");
|
||||
|
||||
workbasketAccessItem.setPermCustom1(true);
|
||||
|
||||
deleteWorkbasketAccessItemCall =
|
||||
() -> {
|
||||
workbasketService.deleteWorkbasketAccessItem(workbasketAccessItem.getId());
|
||||
workbasketService.deleteWorkbasketAccessItem("WAI:100000000000000000000000000000000001");
|
||||
};
|
||||
|
||||
assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class);
|
||||
|
|
|
|||
|
|
@ -24,7 +24,9 @@ import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
|
|||
import pro.taskana.workbasket.api.models.Workbasket;
|
||||
import pro.taskana.workbasket.api.models.WorkbasketSummary;
|
||||
|
||||
/** Acceptance test for all "get workbasket" scenarios. */
|
||||
/**
|
||||
* Acceptance test for all "get workbasket" scenarios.
|
||||
*/
|
||||
@ExtendWith(JaasExtension.class)
|
||||
class DistributionTargetsAccTest extends AbstractAccTest {
|
||||
|
||||
|
|
@ -110,6 +112,22 @@ class DistributionTargetsAccTest extends AbstractAccTest {
|
|||
assertThat(beforeCount).isEqualTo(afterCount);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "admin")
|
||||
@WithAccessId(user = "businessadmin")
|
||||
@WithAccessId(user = "taskadmin")
|
||||
@TestTemplate
|
||||
void should_ReturnDistributionTargets_When_NoExplicitPermissionsButUserIsInAdministrativeRole()
|
||||
throws NotAuthorizedException, WorkbasketNotFoundException {
|
||||
|
||||
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
|
||||
String existingWb = "WBI:100000000000000000000000000000000001";
|
||||
|
||||
List<WorkbasketSummary> distributionTargets = workbasketService
|
||||
.getDistributionTargets(existingWb);
|
||||
assertThat(distributionTargets).hasSize(4);
|
||||
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user_1_1", groups = "group_1")
|
||||
@WithAccessId(user = "taskadmin")
|
||||
@TestTemplate
|
||||
|
|
@ -118,12 +136,6 @@ class DistributionTargetsAccTest extends AbstractAccTest {
|
|||
String existingWb = "WBI:100000000000000000000000000000000001";
|
||||
|
||||
ThrowingCallable call =
|
||||
() -> {
|
||||
workbasketService.getDistributionTargets(existingWb);
|
||||
};
|
||||
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
|
||||
|
||||
call =
|
||||
() -> {
|
||||
workbasketService.setDistributionTargets(
|
||||
existingWb, Collections.singletonList("WBI:100000000000000000000000000000000002"));
|
||||
|
|
@ -145,6 +157,20 @@ class DistributionTargetsAccTest extends AbstractAccTest {
|
|||
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user_1_1")
|
||||
@Test
|
||||
void should_ThrowException_When_UserTriesToGetDistributionTargetsAndRoleIsNotAdministrative() {
|
||||
|
||||
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
|
||||
String existingWb = "WBI:100000000000000000000000000000000001";
|
||||
|
||||
ThrowingCallable getDistributionTargetsCall =
|
||||
() -> {
|
||||
workbasketService.getDistributionTargets(existingWb);
|
||||
};
|
||||
assertThatThrownBy(getDistributionTargetsCall).isInstanceOf(NotAuthorizedException.class);
|
||||
}
|
||||
|
||||
@WithAccessId(
|
||||
user = "user_2_2",
|
||||
groups = {"group_1", "group_2", "businessadmin"})
|
||||
|
|
|
|||
Loading…
Reference in New Issue