TSK-669: ADMIN is authorized to OPEN all workbaskets.

2018-08-03 10:47:40 +02:00 · 2018-08-03 10:47:40 +02:00 · c6984977a6
parent 1e37fa3fe9
commit c6984977a6
3 changed files with 15 additions and 3 deletions
--- a/lib/taskana-core/src/main/java/pro/taskana/configuration/DbSchemaCreator.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/configuration/DbSchemaCreator.java
@ -137,7 +137,7 @@ public class DbSchemaCreator {
        this.dataSource = dataSource;
    }

-    private StringReader getSqlSchemaNameParsed(BufferedReader reader) throws SQLException {
+    private StringReader getSqlSchemaNameParsed(BufferedReader reader) {

        StringBuffer content = new StringBuffer();
        try {
--- a/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketQueryImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketQueryImpl.java
@ -717,8 +717,10 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
            // (f,t) -> cannot happen, cannot be matched to meaningful query
            joinWithAccessList = true;
            checkReadPermission = true;
-            if (taskanaEngine.isUserInRole(TaskanaRole.ADMIN)
-                || (taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN) && !usedToAugmentTasks)) {
+            if (taskanaEngine.isUserInRole(TaskanaRole.ADMIN) && accessId == null) {
+                checkReadPermission = false;
+                joinWithAccessList = false;
+            } else if (taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN) && !usedToAugmentTasks) {
                checkReadPermission = false;
                if (accessId == null && permission == null) {
                    joinWithAccessList = false;
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketByPermissionAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketByPermissionAccTest.java
@ -154,4 +154,14 @@ public class QueryWorkbasketByPermissionAccTest extends AbstractAccTest {
        Assert.assertEquals(3, results.size());
    }

+    @WithAccessId(userName = "admin")
+    @Test
+    public void testSkipAuthorizationCheckForAdminWhileQueryingWorkbaskets() {
+        WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
+        List<WorkbasketSummary> results = workbasketService.createWorkbasketQuery()
+            .callerHasPermission(WorkbasketPermission.OPEN)
+            .list();
+        Assert.assertEquals(25, results.size());
+    }
+
 }