TSK-1736: fix TaskQuery in db2 for admin user and no workbasketAccessItems

2022-03-29 16:59:02 +02:00 · 2022-03-29 16:59:02 +02:00 · c4ebafa3f4
parent 0133f98548
commit c4ebafa3f4
2 changed files with 71 additions and 26 deletions
--- a/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java
+++ b/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java
@ -88,6 +88,70 @@ class TaskQueryImplAccTest {
        .buildAndStore(workbasketService, "businessadmin");
  }

+  @Nested
+  @TestInstance(Lifecycle.PER_CLASS)
+  class PermissionsTest {
+    WorkbasketSummary wb1;
+    WorkbasketSummary wb2;
+    WorkbasketSummary wbWithoutPermissions;
+    TaskSummary taskSummary1;
+    TaskSummary taskSummary2;
+    TaskSummary taskSummary3;
+    TaskSummary taskSummary4;
+    TaskSummary taskSummary5;
+
+    @WithAccessId(user = "user-1-1")
+    @BeforeAll
+    void setup() throws Exception {
+      wb1 = createWorkbasketWithPermission();
+      wb2 = createWorkbasketWithPermission();
+      wbWithoutPermissions =
+          defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin");
+
+      taskSummary1 = taskInWorkbasket(wb1).buildAndStoreAsSummary(taskService);
+      taskSummary2 = taskInWorkbasket(wb2).buildAndStoreAsSummary(taskService);
+      taskSummary3 =
+          taskInWorkbasket(wbWithoutPermissions).buildAndStoreAsSummary(taskService, "admin");
+      taskSummary4 =
+          taskInWorkbasket(wbWithoutPermissions).buildAndStoreAsSummary(taskService, "admin");
+      taskSummary5 =
+          taskInWorkbasket(wbWithoutPermissions).buildAndStoreAsSummary(taskService, "admin");
+    }
+
+    @WithAccessId(user = "admin")
+    @Test
+    void should_ReturnAllTasksFromWorkbasketAsAdmin_When_NoAccessItemForWorkbasketExists() {
+      List<TaskSummary> list =
+          taskService.createTaskQuery().workbasketIdIn(wbWithoutPermissions.getId()).list();
+
+      assertThat(list).containsExactlyInAnyOrder(taskSummary3, taskSummary4, taskSummary5);
+    }
+
+    @WithAccessId(user = "taskadmin")
+    @Test
+    void should_ReturnAllTasksAsTaskadmin_When_NoAccessItemForAWorkbasketExists() {
+      List<TaskSummary> list =
+          taskService
+              .createTaskQuery()
+              .workbasketIdIn(wb1.getId(), wb2.getId(), wbWithoutPermissions.getId())
+              .list();
+
+      assertThat(list)
+          .containsExactlyInAnyOrder(
+              taskSummary1, taskSummary2, taskSummary3, taskSummary4, taskSummary5);
+    }
+
+    @WithAccessId(user = "user-1-1")
+    @Test
+    void should_OnlyReturnTasksFromCorrectWorkbaskets_When_UserHasNoPermissionToOneWorkbasket() {
+      List<TaskSummary> list = taskService.createTaskQuery().list();
+
+      assertThat(list)
+          .contains(taskSummary1, taskSummary2)
+          .doesNotContain(taskSummary3, taskSummary4, taskSummary5);
+    }
+  }
+
  @Nested
  @TestInstance(Lifecycle.PER_CLASS)
  class FilterTest {
--- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java
@ -102,27 +102,13 @@ public class TaskQuerySqlProvider {
        + "LEFT JOIN USER_INFO AS u ON t.owner = u.USER_ID "
        + "</if>"
        + OPENING_WHERE_TAG
+        + checkForAuthorization()
        + commonTaskWhereStatement()
        + CLOSING_WHERE_TAG
-        + "), Y ("
-        + db2selectFields()
-        + ", FLAG ) AS ("
+        + ")"
        + "SELECT "
        + db2selectFields()
-        + ", ("
-        + "SELECT 1 "
-        + "FROM WORKBASKET_ACCESS_LIST s "
-        + "WHERE "
-        + "<if test='accessIdIn != null'> "
-        + "s.ACCESS_ID IN "
-        + "(<foreach item='item' collection='accessIdIn' separator=',' >#{item}</foreach>) "
-        + "and </if>"
-        + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 fetch first 1 rows only ) "
-        + "FROM X )"
-        + "SELECT "
-        + db2selectFields()
-        + "FROM Y "
-        + "WHERE FLAG = 1 "
+        + "FROM X "
        + "<if test='!orderBy.isEmpty()'>"
        + "ORDER BY <foreach item='item' collection='orderBy' separator=',' >${item}</foreach>"
        + "</if> "
@ -182,17 +168,12 @@ public class TaskQuerySqlProvider {
        + "LEFT JOIN USER_INFO AS u ON t.owner = u.USER_ID "
        + "</if>"
        + OPENING_WHERE_TAG
+        + checkForAuthorization()
        + commonTaskWhereStatement()
        + CLOSING_WHERE_TAG
-        + "), Y (ID, FLAG) AS ("
-        + "SELECT ID, ("
-        + "SELECT 1 FROM WORKBASKET_ACCESS_LIST s "
-        + "WHERE <if test='accessIdIn != null'> s.ACCESS_ID IN "
-        + "(<foreach item='item' collection='accessIdIn' separator=',' >#{item}</foreach>) "
-        + "and </if> "
-        + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 fetch first 1 rows only ) "
-        + "FROM X ) SELECT COUNT(*) "
-        + "FROM Y WHERE FLAG = 1 with UR"
+        + ")"
+        + "SELECT COUNT(*) "
+        + "FROM X with UR"
        + CLOSING_SCRIPT_TAG;
  }