TSK-359 setWorkbasketAccessItems doesn't save access items

2018-03-05 10:47:35 +01:00 · 2018-03-05 10:47:35 +01:00 · bab3d9ff5c
parent df6d5944bc
commit bab3d9ff5c
7 changed files with 50 additions and 18 deletions
--- a/lib/taskana-core/src/main/java/pro/taskana/WorkbasketService.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/WorkbasketService.java
@ -160,8 +160,10 @@ public interface WorkbasketService {
     * @param workbasketId
     *            the id of the Workbasket
     * @return List of WorkbasketAccessItems for the Workbasket with workbasketKey
+     * @throws NotAuthorizedException
+     *             if the current user is not member of role BUSINESS_ADMIN or ADMIN
     */
-    List<WorkbasketAccessItem> getWorkbasketAccessItems(String workbasketId);
+    List<WorkbasketAccessItem> getWorkbasketAccessItems(String workbasketId) throws NotAuthorizedException;

    /**
     * Setting up the new WorkbasketAccessItems for a Workbasket. Already stored values will be completely replaced by
@ -173,9 +175,11 @@ public interface WorkbasketService {
     *            List of WorkbasketAccessItems which does replace all current stored ones.
     * @throws InvalidArgumentException
     *             will be thrown when the parameter is NULL or member doesn´t match the preconditions
+     * @throws NotAuthorizedException
+     *             if the current user is not member of role BUSINESS_ADMIN or ADMIN
     */
    void setWorkbasketAccessItems(String workbasketId, List<WorkbasketAccessItem> wbAccessItems)
-        throws InvalidArgumentException;
+        throws InvalidArgumentException, NotAuthorizedException;

    /**
     * This method returns the workbaskets for which the current user has all permissions specified in the permissions
@ -352,6 +356,8 @@ public interface WorkbasketService {
     *
     * @param accessId
     *            of a taskana-user.
+     * @throws NotAuthorizedException
+     *             if the current user is not member of role BUSINESS_ADMIN or ADMIN
     */
-    void deleteWorkbasketAccessItemsForAccessId(String accessId);
+    void deleteWorkbasketAccessItemsForAccessId(String accessId) throws NotAuthorizedException;
 }
--- a/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketServiceImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketServiceImpl.java
@ -210,10 +210,11 @@ public class WorkbasketServiceImpl implements WorkbasketService {

    @Override
    public void setWorkbasketAccessItems(String workbasketId, List<WorkbasketAccessItem> wbAccessItems)
-        throws InvalidArgumentException {
+        throws InvalidArgumentException, NotAuthorizedException {
+        LOGGER.debug("entry to setWorkbasketAccessItems(workbasketAccessItems = {})", wbAccessItems.toString());
+        taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
        List<WorkbasketAccessItemImpl> newItems = new ArrayList<>();
        try {
-            LOGGER.debug("entry to setWorkbasketAccessItems(workbasketAccessItems = {})", wbAccessItems.toString());
            taskanaEngine.openConnection();
            // Check pre-conditions and set ID
            if (!wbAccessItems.isEmpty()) {
@ -262,8 +263,9 @@ public class WorkbasketServiceImpl implements WorkbasketService {
    }

    @Override
-    public void deleteWorkbasketAccessItemsForAccessId(String accessId) {
+    public void deleteWorkbasketAccessItemsForAccessId(String accessId) throws NotAuthorizedException {
        LOGGER.debug("entry to deleteWorkbasketAccessItemsForAccessId(accessId = {})", accessId);
+        taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
        try {
            taskanaEngine.openConnection();
            workbasketAccessMapper.deleteAccessItemsForAccessId(accessId);
@ -321,8 +323,9 @@ public class WorkbasketServiceImpl implements WorkbasketService {
    }

    @Override
-    public List<WorkbasketAccessItem> getWorkbasketAccessItems(String workbasketId) {
+    public List<WorkbasketAccessItem> getWorkbasketAccessItems(String workbasketId) throws NotAuthorizedException {
        LOGGER.debug("entry to getWorkbasketAccessItems(workbasketId = {})", workbasketId);
+        taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
        List<WorkbasketAccessItem> result = new ArrayList<>();
        try {
            taskanaEngine.openConnection();
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/UpdateWorkbasketAuthorizationsAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/UpdateWorkbasketAuthorizationsAccTest.java
@ -158,9 +158,9 @@ public class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest {

    @WithAccessId(
        userName = "teamlead_1",
-        groupNames = {"group_1"})
+        groupNames = {"group_1", "businessadmin"})
    @Test
-    public void testUpdatedAccessItemList() throws InvalidArgumentException {
+    public void testUpdatedAccessItemList() throws InvalidArgumentException, NotAuthorizedException {
        WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
        final String wbId = "WBI:100000000000000000000000000000000004";
        List<WorkbasketAccessItem> accessItems = workbasketService
@ -199,9 +199,9 @@ public class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest {

    @WithAccessId(
        userName = "teamlead_1",
-        groupNames = {"group_1"})
+        groupNames = {"group_1", "businessadmin"})
    @Test
-    public void testInsertAccessItemList() throws InvalidArgumentException {
+    public void testInsertAccessItemList() throws InvalidArgumentException, NotAuthorizedException {
        WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
        final String wbId = "WBI:100000000000000000000000000000000004";
        List<WorkbasketAccessItem> accessItems = workbasketService
@ -257,8 +257,11 @@ public class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest {
        assertTrue(accessIdCountBefore > accessIdCountAfter);
    }

+    @WithAccessId(
+        userName = "teamlead_1",
+        groupNames = {"businessadmin"})
    @Test
-    public void testDeleteAccessItemsForAccessIdWithUnusedValuesThrowingNoException() {
+    public void testDeleteAccessItemsForAccessIdWithUnusedValuesThrowingNoException() throws NotAuthorizedException {
        WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
        workbasketService.deleteWorkbasketAccessItemsForAccessId("");
        workbasketService.deleteWorkbasketAccessItemsForAccessId(null);
--- a/rest/taskana-rest-spring-example/src/main/java/pro/taskana/rest/security/SampleLoginModule.java
+++ b/rest/taskana-rest-spring-example/src/main/java/pro/taskana/rest/security/SampleLoginModule.java
@ -37,7 +37,7 @@ public class SampleLoginModule implements LoginModule {
    }

    private void addGroupSubjectsDerivedFromUsername() {
-        String username = nameCallback.getName();
+        String username = nameCallback.getName().toLowerCase();
        char role = username.charAt(1);
        switch (role) {
            case 'u':
@ -48,8 +48,12 @@ public class SampleLoginModule implements LoginModule {
                subject.getPrincipals()
                    .add(new GroupPrincipal("manager" + "_domain_" + username.charAt(0)));
                break;
+            case 'e':
+                subject.getPrincipals()
+                    .add(new GroupPrincipal("businessadmin"));
+                break;
            default:
-                //necessary for checkstyle
+                // necessary for checkstyle
        }
        subject.getPrincipals().add(new GroupPrincipal("team_" + username.substring(2, 6)));
    }
--- a/rest/taskana-rest-spring-example/src/main/resources/taskanaroles.properties
+++ b/rest/taskana-rest-spring-example/src/main/resources/taskanaroles.properties
@ -0,0 +1,3 @@
+taskana.roles.user = group1 | group2|teamlead_1 |teamlead_2 |user_1_1| user_1_1| user_1_2| user_2_1| user_2_2| max|elena|simone
+taskana.roles.Admin=name=konrad,Organisation=novatec|admin
+taskana.roles.businessadmin=max|Moritz|businessadmin
--- a/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/WorkbasketController.java
+++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/WorkbasketController.java
@ -185,8 +185,14 @@ public class WorkbasketController {
    @Transactional(readOnly = true, rollbackFor = Exception.class)
    public ResponseEntity<List<WorkbasketAccessItemResource>> getWorkbasketAccessItems(
        @PathVariable(value = "workbasketId") String workbasketId) {
-        List<WorkbasketAccessItem> wbAuthorizations = workbasketService.getWorkbasketAccessItems(workbasketId);
+        List<WorkbasketAccessItem> wbAuthorizations;
        List<WorkbasketAccessItemResource> result = new ArrayList<>();
+        try {
+            wbAuthorizations = workbasketService.getWorkbasketAccessItems(workbasketId);
+        } catch (NotAuthorizedException e1) {
+            TransactionInterceptor.currentTransactionStatus().setRollbackOnly();
+            return new ResponseEntity<>(result, HttpStatus.UNAUTHORIZED);
+        }
        wbAuthorizations
            .forEach(accItem -> {
                try {
@ -228,6 +234,7 @@ public class WorkbasketController {
    }

    @PutMapping(value = "/{workbasketId}/workbasketAccessItems/")
+    @Transactional(rollbackFor = Exception.class)
    public ResponseEntity<?> setWorkbasketAccessItems(@PathVariable(value = "workbasketId") String workbasketId,
        @RequestBody List<WorkbasketAccessItemResource> workbasketAccessResourceItems) {
        try {
@ -236,7 +243,12 @@ public class WorkbasketController {
            }
            List<WorkbasketAccessItem> wbAccessItems = new ArrayList<>();
            workbasketAccessResourceItems.forEach(item -> wbAccessItems.add(workbasketAccessItemMapper.toModel(item)));
-            workbasketService.setWorkbasketAccessItems(workbasketId, wbAccessItems);
+            try {
+                workbasketService.setWorkbasketAccessItems(workbasketId, wbAccessItems);
+            } catch (NotAuthorizedException e) {
+                TransactionInterceptor.currentTransactionStatus().setRollbackOnly();
+                return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
+            }
            return new ResponseEntity<>(HttpStatus.NO_CONTENT);
        } catch (InvalidArgumentException | NullPointerException e) {
            return new ResponseEntity<>(HttpStatus.PRECONDITION_FAILED);
--- a/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/resource/mapper/WorkbasketAccessItemMapper.java
+++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/resource/mapper/WorkbasketAccessItemMapper.java
@ -17,7 +17,8 @@ import pro.taskana.rest.WorkbasketController;
 import pro.taskana.rest.resource.WorkbasketAccessItemResource;

 /**
- * Transforms {@link WorkbasketAccessItem} to its resource counterpart {@link WorkbasketAccessItemResource} and vice versa.
+ * Transforms {@link WorkbasketAccessItem} to its resource counterpart {@link WorkbasketAccessItemResource} and vice
+ * versa.
 */
@Component
 public class WorkbasketAccessItemMapper {
@ -57,7 +58,7 @@ public class WorkbasketAccessItemMapper {
        resource.add(
            linkTo(methodOn(WorkbasketController.class).setWorkbasketAccessItems(wbAccItem.getWorkbasketId(),
                Collections.singletonList(resource)))
-                .withRel("setWorkbasketAuthorizations"));
+                    .withRel("setWorkbasketAccessItems"));
        resource.add(
            linkTo(methodOn(WorkbasketController.class).deleteWorkbasketAccessItem(wbAccItem.getId()))
                .withRel("deleteWorkbasketAccessItem"));