Closes #2295 - implement EDITTASKS Permission
This commit is contained in:
jamesrdi
jamesrdi
parent
691410e259
commit
d29577ed99
|
|
@ -8,15 +8,21 @@ import static pro.taskana.testapi.DefaultTestEntities.defaultTestObjectReference
|
|||
import static pro.taskana.testapi.DefaultTestEntities.defaultTestWorkbasket;
|
||||
|
||||
import java.time.Instant;
|
||||
import java.util.List;
|
||||
import java.util.stream.Stream;
|
||||
import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.DynamicTest;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.TestFactory;
|
||||
import org.junit.jupiter.api.TestInstance;
|
||||
import org.junit.jupiter.api.TestInstance.Lifecycle;
|
||||
import org.junit.jupiter.api.function.ThrowingConsumer;
|
||||
import pro.taskana.TaskanaConfiguration;
|
||||
import pro.taskana.classification.api.ClassificationService;
|
||||
import pro.taskana.classification.api.models.ClassificationSummary;
|
||||
import pro.taskana.common.internal.util.Triplet;
|
||||
import pro.taskana.task.api.TaskService;
|
||||
import pro.taskana.task.api.TaskState;
|
||||
import pro.taskana.task.api.exceptions.InvalidOwnerException;
|
||||
|
|
@ -46,6 +52,9 @@ class ClaimTaskAccTest {
|
|||
ClassificationSummary defaultClassificationSummary;
|
||||
WorkbasketSummary defaultWorkbasketSummary;
|
||||
ObjectReference defaultObjectReference;
|
||||
WorkbasketSummary wbWithoutEditTasks;
|
||||
WorkbasketSummary wbWithoutReadTasks;
|
||||
WorkbasketSummary wbWithoutRead;
|
||||
|
||||
@WithAccessId(user = "businessadmin")
|
||||
@BeforeAll
|
||||
|
|
@ -53,6 +62,9 @@ class ClaimTaskAccTest {
|
|||
defaultClassificationSummary =
|
||||
defaultTestClassification().buildAndStoreAsSummary(classificationService);
|
||||
defaultWorkbasketSummary = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
wbWithoutEditTasks = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
wbWithoutReadTasks = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
wbWithoutRead = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(defaultWorkbasketSummary.getId())
|
||||
|
|
@ -60,6 +72,34 @@ class ClaimTaskAccTest {
|
|||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(wbWithoutEditTasks.getId())
|
||||
.accessId("user-1-2")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(wbWithoutReadTasks.getId())
|
||||
.accessId("user-1-2")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(wbWithoutRead.getId())
|
||||
.accessId("user-1-2")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
@ -240,28 +280,49 @@ class ClaimTaskAccTest {
|
|||
assertThat(claimedTask.getOwner()).isEqualTo("user-1-2");
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-taskrouter")
|
||||
@Test
|
||||
void should_ThrowNotAuthorizedException_When_UserHasNoReadPermissionAndTaskIsReady()
|
||||
@WithAccessId(user = "user-1-2")
|
||||
@TestFactory
|
||||
Stream<DynamicTest> should_ThrowException_When_ForceClaimingTaskWithMissingPermission()
|
||||
throws Exception {
|
||||
Task task =
|
||||
TaskBuilder.newTask()
|
||||
.state(TaskState.READY)
|
||||
.classificationSummary(defaultClassificationSummary)
|
||||
.workbasketSummary(defaultWorkbasketSummary)
|
||||
.primaryObjRef(defaultObjectReference)
|
||||
.buildAndStore(taskService, "user-1-2");
|
||||
List<Triplet<String, WorkbasketSummary, WorkbasketPermission>> list =
|
||||
List.of(
|
||||
Triplet.of("With Missing Read Permission", wbWithoutRead, WorkbasketPermission.READ),
|
||||
Triplet.of(
|
||||
"With Missing ReadTasks Permission",
|
||||
wbWithoutReadTasks,
|
||||
WorkbasketPermission.READTASKS),
|
||||
Triplet.of(
|
||||
"With Missing EditTasks Permission",
|
||||
wbWithoutEditTasks,
|
||||
WorkbasketPermission.EDITTASKS));
|
||||
ThrowingConsumer<Triplet<String, WorkbasketSummary, WorkbasketPermission>> testClaimTask =
|
||||
t -> {
|
||||
String anyUserName = "TestUser28";
|
||||
Task task =
|
||||
TaskBuilder.newTask()
|
||||
.classificationSummary(defaultClassificationSummary)
|
||||
.workbasketSummary(t.getMiddle())
|
||||
.primaryObjRef(DefaultTestEntities.defaultTestObjectReference().build())
|
||||
.state(TaskState.CLAIMED)
|
||||
.owner(anyUserName)
|
||||
.buildAndStore(taskService, "admin");
|
||||
|
||||
ThrowingCallable call = () -> taskService.claim(task.getId());
|
||||
ThrowingCallable call = () -> taskService.forceClaim(task.getId());
|
||||
|
||||
NotAuthorizedOnWorkbasketException e =
|
||||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-taskrouter");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId());
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
NotAuthorizedOnWorkbasketException e =
|
||||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
|
||||
;
|
||||
if (t.getRight() != WorkbasketPermission.EDITTASKS) {
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactlyInAnyOrder(
|
||||
WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
} else {
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.EDITTASKS);
|
||||
}
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(t.getMiddle().getId());
|
||||
};
|
||||
return DynamicTest.stream(list.iterator(), Triplet::getLeft, testClaimTask);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-taskrouter")
|
||||
|
|
@ -370,6 +431,51 @@ class ClaimTaskAccTest {
|
|||
assertThat(e.getTaskId()).isEqualTo(claimedTask.getId());
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-2")
|
||||
@TestFactory
|
||||
Stream<DynamicTest> should_ThrowException_When_CancelClaimingTaskWithMissingPermission()
|
||||
throws Exception {
|
||||
List<Triplet<String, WorkbasketSummary, WorkbasketPermission>> list =
|
||||
List.of(
|
||||
Triplet.of("With Missing Read Permission", wbWithoutRead, WorkbasketPermission.READ),
|
||||
Triplet.of(
|
||||
"With Missing ReadTasks Permission",
|
||||
wbWithoutReadTasks,
|
||||
WorkbasketPermission.READTASKS),
|
||||
Triplet.of(
|
||||
"With Missing EditTasks Permission",
|
||||
wbWithoutEditTasks,
|
||||
WorkbasketPermission.EDITTASKS));
|
||||
ThrowingConsumer<Triplet<String, WorkbasketSummary, WorkbasketPermission>> testCancelClaimTask =
|
||||
t -> {
|
||||
Task task =
|
||||
TaskBuilder.newTask()
|
||||
.classificationSummary(defaultClassificationSummary)
|
||||
.workbasketSummary(t.getMiddle())
|
||||
.primaryObjRef(DefaultTestEntities.defaultTestObjectReference().build())
|
||||
.state(TaskState.CLAIMED)
|
||||
.owner("user-1-2")
|
||||
.buildAndStore(taskService, "admin");
|
||||
|
||||
task.setNote("Test Note");
|
||||
ThrowingCallable call = () -> taskService.cancelClaim(task.getId());
|
||||
|
||||
NotAuthorizedOnWorkbasketException e =
|
||||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
|
||||
if (t.getRight() != WorkbasketPermission.EDITTASKS) {
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactlyInAnyOrder(
|
||||
WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
} else {
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.EDITTASKS);
|
||||
}
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(t.getMiddle().getId());
|
||||
};
|
||||
return DynamicTest.stream(list.iterator(), Triplet::getLeft, testCancelClaimTask);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-2")
|
||||
@Test
|
||||
void should_ForceCancelClaim_When_TaskClaimedByAnotherUser() throws Exception {
|
||||
|
|
@ -414,6 +520,51 @@ class ClaimTaskAccTest {
|
|||
assertThat(unclaimedTask.getOwner()).isNull();
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-2")
|
||||
@TestFactory
|
||||
Stream<DynamicTest> should_ThrowException_When_ForceCancelClaimingTaskWithMissingPermission()
|
||||
throws Exception {
|
||||
List<Triplet<String, WorkbasketSummary, WorkbasketPermission>> list =
|
||||
List.of(
|
||||
Triplet.of("With Missing Read Permission", wbWithoutRead, WorkbasketPermission.READ),
|
||||
Triplet.of(
|
||||
"With Missing ReadTasks Permission",
|
||||
wbWithoutReadTasks,
|
||||
WorkbasketPermission.READTASKS),
|
||||
Triplet.of(
|
||||
"With Missing EditTasks Permission",
|
||||
wbWithoutEditTasks,
|
||||
WorkbasketPermission.EDITTASKS));
|
||||
ThrowingConsumer<Triplet<String, WorkbasketSummary, WorkbasketPermission>> testCancelClaimTask =
|
||||
t -> {
|
||||
Task task =
|
||||
TaskBuilder.newTask()
|
||||
.classificationSummary(defaultClassificationSummary)
|
||||
.workbasketSummary(t.getMiddle())
|
||||
.primaryObjRef(DefaultTestEntities.defaultTestObjectReference().build())
|
||||
.state(TaskState.CLAIMED)
|
||||
.owner("user-1-2")
|
||||
.buildAndStore(taskService, "admin");
|
||||
|
||||
task.setNote("Test Note");
|
||||
ThrowingCallable call = () -> taskService.forceCancelClaim(task.getId());
|
||||
|
||||
NotAuthorizedOnWorkbasketException e =
|
||||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
|
||||
if (t.getRight() != WorkbasketPermission.EDITTASKS) {
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactlyInAnyOrder(
|
||||
WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
} else {
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.EDITTASKS);
|
||||
}
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(t.getMiddle().getId());
|
||||
};
|
||||
return DynamicTest.stream(list.iterator(), Triplet::getLeft, testCancelClaimTask);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-2")
|
||||
@Test
|
||||
void should_ClaimTask_When_OwnerOfReadyForReviewTaskIsSet() throws Exception {
|
||||
|
|
@ -452,6 +603,51 @@ class ClaimTaskAccTest {
|
|||
assertThat(taskClaimed.getOwner()).isEqualTo("user-1-2");
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-2")
|
||||
@TestFactory
|
||||
Stream<DynamicTest> should_ThrowException_When_ClaimingTaskWithMissingPermission()
|
||||
throws Exception {
|
||||
List<Triplet<String, WorkbasketSummary, WorkbasketPermission>> list =
|
||||
List.of(
|
||||
Triplet.of("With Missing Read Permission", wbWithoutRead, WorkbasketPermission.READ),
|
||||
Triplet.of(
|
||||
"With Missing ReadTasks Permission",
|
||||
wbWithoutReadTasks,
|
||||
WorkbasketPermission.READTASKS),
|
||||
Triplet.of(
|
||||
"With Missing EditTasks Permission",
|
||||
wbWithoutEditTasks,
|
||||
WorkbasketPermission.EDITTASKS));
|
||||
ThrowingConsumer<Triplet<String, WorkbasketSummary, WorkbasketPermission>> testClaimTask =
|
||||
t -> {
|
||||
String anyUserName = "TestUser28";
|
||||
Task task =
|
||||
TaskBuilder.newTask()
|
||||
.classificationSummary(defaultClassificationSummary)
|
||||
.workbasketSummary(t.getMiddle())
|
||||
.primaryObjRef(DefaultTestEntities.defaultTestObjectReference().build())
|
||||
.state(TaskState.READY)
|
||||
.owner(anyUserName)
|
||||
.buildAndStore(taskService, "admin");
|
||||
|
||||
ThrowingCallable call = () -> taskService.claim(task.getId());
|
||||
|
||||
NotAuthorizedOnWorkbasketException e =
|
||||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
|
||||
if (t.getRight() != WorkbasketPermission.EDITTASKS) {
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactlyInAnyOrder(
|
||||
WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
} else {
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.EDITTASKS);
|
||||
}
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(t.getMiddle().getId());
|
||||
};
|
||||
return DynamicTest.stream(list.iterator(), Triplet::getLeft, testClaimTask);
|
||||
}
|
||||
|
||||
@Nested
|
||||
@TestInstance(Lifecycle.PER_CLASS)
|
||||
class WithAdditionalUserInfoEnabled implements TaskanaConfigurationModifier {
|
||||
|
|
|
|||
|
|
@ -57,6 +57,7 @@ class SetOwnerAccTest {
|
|||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
|
|||
|
|
@ -11,10 +11,14 @@ import java.time.Instant;
|
|||
import java.time.temporal.ChronoUnit;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.stream.Stream;
|
||||
import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.DynamicTest;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.TestFactory;
|
||||
import org.junit.jupiter.api.TestTemplate;
|
||||
import org.junit.jupiter.api.function.ThrowingConsumer;
|
||||
import pro.taskana.TaskanaConfiguration;
|
||||
import pro.taskana.classification.api.ClassificationService;
|
||||
import pro.taskana.classification.api.models.ClassificationSummary;
|
||||
|
|
@ -24,6 +28,7 @@ import pro.taskana.common.api.exceptions.InvalidArgumentException;
|
|||
import pro.taskana.common.api.exceptions.TaskanaException;
|
||||
import pro.taskana.common.api.security.CurrentUserContext;
|
||||
import pro.taskana.common.internal.util.EnumUtil;
|
||||
import pro.taskana.common.internal.util.Triplet;
|
||||
import pro.taskana.task.api.TaskService;
|
||||
import pro.taskana.task.api.TaskState;
|
||||
import pro.taskana.task.api.exceptions.InvalidOwnerException;
|
||||
|
|
@ -58,6 +63,9 @@ class CompleteTaskAccTest implements TaskanaConfigurationModifier {
|
|||
ClassificationSummary defaultClassificationSummary;
|
||||
WorkbasketSummary defaultWorkbasketSummary;
|
||||
ObjectReference defaultObjectReference;
|
||||
WorkbasketSummary wbWithoutEditTasks;
|
||||
WorkbasketSummary wbWithoutReadTasks;
|
||||
WorkbasketSummary wbWithoutRead;
|
||||
|
||||
@Override
|
||||
public TaskanaConfiguration.Builder modify(TaskanaConfiguration.Builder builder) {
|
||||
|
|
@ -71,12 +79,43 @@ class CompleteTaskAccTest implements TaskanaConfigurationModifier {
|
|||
defaultClassificationSummary =
|
||||
defaultTestClassification().buildAndStoreAsSummary(classificationService);
|
||||
defaultWorkbasketSummary = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
wbWithoutEditTasks = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
wbWithoutReadTasks = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
wbWithoutRead = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(defaultWorkbasketSummary.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(wbWithoutEditTasks.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(wbWithoutReadTasks.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(wbWithoutRead.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
@ -193,6 +232,52 @@ class CompleteTaskAccTest implements TaskanaConfigurationModifier {
|
|||
assertTaskIsComplete(before, completedTask);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@TestFactory
|
||||
Stream<DynamicTest> should_ThrowException_When_ForceCompleteTaskWithMissingPermission()
|
||||
throws Exception {
|
||||
List<Triplet<String, WorkbasketSummary, WorkbasketPermission>> list =
|
||||
List.of(
|
||||
Triplet.of("With Missing Read Permission", wbWithoutRead, WorkbasketPermission.READ),
|
||||
Triplet.of(
|
||||
"With Missing ReadTasks Permission",
|
||||
wbWithoutReadTasks,
|
||||
WorkbasketPermission.READTASKS),
|
||||
Triplet.of(
|
||||
"With Missing EditTasks Permission",
|
||||
wbWithoutEditTasks,
|
||||
WorkbasketPermission.EDITTASKS));
|
||||
ThrowingConsumer<Triplet<String, WorkbasketSummary, WorkbasketPermission>> testCompleteTask =
|
||||
t -> {
|
||||
String anyUserName = "TestUser28";
|
||||
Task task =
|
||||
TaskBuilder.newTask()
|
||||
.classificationSummary(defaultClassificationSummary)
|
||||
.workbasketSummary(t.getMiddle())
|
||||
.primaryObjRef(DefaultTestEntities.defaultTestObjectReference().build())
|
||||
.state(TaskState.READY_FOR_REVIEW)
|
||||
.owner(anyUserName)
|
||||
.buildAndStore(taskService, "admin");
|
||||
|
||||
ThrowingCallable call = () -> taskService.forceCompleteTask(task.getId());
|
||||
|
||||
NotAuthorizedOnWorkbasketException e =
|
||||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
|
||||
if (t.getRight() != WorkbasketPermission.EDITTASKS) {
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactlyInAnyOrder(
|
||||
WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
} else {
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactlyInAnyOrder(WorkbasketPermission.EDITTASKS);
|
||||
}
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-1-1");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(t.getMiddle().getId());
|
||||
};
|
||||
return DynamicTest.stream(list.iterator(), Triplet::getLeft, testCompleteTask);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_ThrowException_When_CompletingNonExistingTask() {
|
||||
|
|
@ -688,6 +773,50 @@ class CompleteTaskAccTest implements TaskanaConfigurationModifier {
|
|||
assertTaskIsComplete(beforeBulkComplete, completedTask2);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@TestFactory
|
||||
Stream<DynamicTest> should_ThrowException_When_CompleteTaskWithMissingPermission()
|
||||
throws Exception {
|
||||
List<Triplet<String, WorkbasketSummary, WorkbasketPermission>> list =
|
||||
List.of(
|
||||
Triplet.of("With Missing Read Permission", wbWithoutRead, WorkbasketPermission.READ),
|
||||
Triplet.of(
|
||||
"With Missing ReadTasks Permission",
|
||||
wbWithoutReadTasks,
|
||||
WorkbasketPermission.READTASKS),
|
||||
Triplet.of(
|
||||
"With Missing EditTasks Permission",
|
||||
wbWithoutEditTasks,
|
||||
WorkbasketPermission.EDITTASKS));
|
||||
ThrowingConsumer<Triplet<String, WorkbasketSummary, WorkbasketPermission>> testCompleteTask =
|
||||
t -> {
|
||||
Task task =
|
||||
TaskBuilder.newTask()
|
||||
.classificationSummary(defaultClassificationSummary)
|
||||
.workbasketSummary(t.getMiddle())
|
||||
.primaryObjRef(DefaultTestEntities.defaultTestObjectReference().build())
|
||||
.state(TaskState.CLAIMED)
|
||||
.claimed(Instant.now())
|
||||
.owner("user-1-1")
|
||||
.buildAndStore(taskService, "admin");
|
||||
|
||||
ThrowingCallable call = () -> taskService.completeTask(task.getId());
|
||||
|
||||
NotAuthorizedOnWorkbasketException e =
|
||||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
|
||||
if (t.getRight() != WorkbasketPermission.EDITTASKS) {
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
} else {
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.EDITTASKS);
|
||||
}
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-1-1");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(t.getMiddle().getId());
|
||||
};
|
||||
return DynamicTest.stream(list.iterator(), Triplet::getLeft, testCompleteTask);
|
||||
}
|
||||
|
||||
private void assertTaskIsComplete(Instant before, Task completedTask) {
|
||||
assertThat(completedTask).isNotNull();
|
||||
assertThat(completedTask.getState()).isEqualTo(TaskState.COMPLETED);
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@ class CompleteTaskWithSpiAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
|
|||
|
|
@ -215,19 +215,15 @@ class TaskQueryImplAccTest {
|
|||
void should_ReturnEmptyList_When_WorkbasketOfTaskHasNoReadTasksPerm() {
|
||||
List<TaskSummary> list = taskService.createTaskQuery().idIn(taskSummary3.getId()).list();
|
||||
|
||||
assertThat(list.isEmpty());
|
||||
assertThat(list).isEmpty();
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_ThrowException_When_QueryByWorkbasketThatHasOpenReadButNoReadTasksPermission() {
|
||||
assertThatThrownBy(
|
||||
() ->
|
||||
taskService
|
||||
.createTaskQuery()
|
||||
.workbasketIdIn(wbWithoutReadTasksPerm.getId())
|
||||
.list())
|
||||
.isInstanceOf(NotAuthorizedToQueryWorkbasketException.class);
|
||||
ThrowingCallable call =
|
||||
() -> taskService.createTaskQuery().workbasketIdIn(wbWithoutReadTasksPerm.getId()).list();
|
||||
assertThatThrownBy(call).isInstanceOf(NotAuthorizedToQueryWorkbasketException.class);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
|
|
@ -261,17 +257,17 @@ class TaskQueryImplAccTest {
|
|||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_ThrowException_When_QueryByWbIdAndWorkbasketHasReadTasksButNoReadPerm() {
|
||||
assertThatThrownBy(
|
||||
() -> taskService.createTaskQuery().workbasketIdIn(wbWithoutReadPerm.getId()).list())
|
||||
.isInstanceOf(NotAuthorizedToQueryWorkbasketException.class);
|
||||
ThrowingCallable call =
|
||||
() -> taskService.createTaskQuery().workbasketIdIn(wbWithoutReadPerm.getId()).list();
|
||||
assertThatThrownBy(call).isInstanceOf(NotAuthorizedToQueryWorkbasketException.class);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_ThrowException_When_QueryByWbIdAndWorkbasketHasReadAndReadTasksButNoOpenPerm() {
|
||||
assertThatThrownBy(
|
||||
() -> taskService.createTaskQuery().workbasketIdIn(wbWithoutOpenPerm.getId()).list())
|
||||
.isInstanceOf(NotAuthorizedToQueryWorkbasketException.class);
|
||||
ThrowingCallable call =
|
||||
() -> taskService.createTaskQuery().workbasketIdIn(wbWithoutOpenPerm.getId()).list();
|
||||
assertThatThrownBy(call).isInstanceOf(NotAuthorizedToQueryWorkbasketException.class);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -803,9 +799,7 @@ class TaskQueryImplAccTest {
|
|||
taskInWorkbasket(wb)
|
||||
.completed(Instant.parse("2020-02-01T00:00:00Z"))
|
||||
.buildAndStoreAsSummary(taskService);
|
||||
taskInWorkbasket(wb)
|
||||
.completed(null)
|
||||
.buildAndStoreAsSummary(taskService);
|
||||
taskInWorkbasket(wb).completed(null).buildAndStoreAsSummary(taskService);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
|
|
|
|||
|
|
@ -125,30 +125,6 @@ class TaskQueryImplGroupByAccTest implements TaskanaConfigurationModifier {
|
|||
taskInWorkbasket(createWorkbasketWithPermission()).buildAndStore(taskService);
|
||||
}
|
||||
|
||||
private TaskBuilder taskInWorkbasket(WorkbasketSummary wb) {
|
||||
return TaskBuilder.newTask()
|
||||
.classificationSummary(defaultClassificationSummary)
|
||||
.primaryObjRef(defaultTestObjectReference().build())
|
||||
.workbasketSummary(wb);
|
||||
}
|
||||
|
||||
private WorkbasketSummary createWorkbasketWithPermission() throws Exception {
|
||||
WorkbasketSummary workbasketSummary =
|
||||
defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin");
|
||||
persistPermission(workbasketSummary);
|
||||
return workbasketSummary;
|
||||
}
|
||||
|
||||
private void persistPermission(WorkbasketSummary workbasketSummary) throws Exception {
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(workbasketSummary.getId())
|
||||
.accessId(currentUserContext.getUserid())
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService, "businessadmin");
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_GroupByPor_When_OrderingByName() {
|
||||
|
|
@ -331,4 +307,29 @@ class TaskQueryImplGroupByAccTest implements TaskanaConfigurationModifier {
|
|||
.count();
|
||||
assertThat(numberOfTasks).isEqualTo(1);
|
||||
}
|
||||
|
||||
private TaskBuilder taskInWorkbasket(WorkbasketSummary wb) {
|
||||
return TaskBuilder.newTask()
|
||||
.classificationSummary(defaultClassificationSummary)
|
||||
.primaryObjRef(defaultTestObjectReference().build())
|
||||
.workbasketSummary(wb);
|
||||
}
|
||||
|
||||
private WorkbasketSummary createWorkbasketWithPermission() throws Exception {
|
||||
WorkbasketSummary workbasketSummary =
|
||||
defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin");
|
||||
persistPermission(workbasketSummary);
|
||||
return workbasketSummary;
|
||||
}
|
||||
|
||||
private void persistPermission(WorkbasketSummary workbasketSummary) throws Exception {
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(workbasketSummary.getId())
|
||||
.accessId(currentUserContext.getUserid())
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService, "businessadmin");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -61,6 +61,7 @@ public class RequestChangesWithAfterSpiAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.permission(WorkbasketPermission.TRANSFER)
|
||||
.buildAndStore(workbasketService);
|
||||
|
|
@ -70,6 +71,7 @@ public class RequestChangesWithAfterSpiAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
|
|||
|
|
@ -58,6 +58,7 @@ public class RequestChangesWithBeforeSpiAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.permission(WorkbasketPermission.TRANSFER)
|
||||
.buildAndStore(workbasketService);
|
||||
|
|
|
|||
|
|
@ -62,6 +62,7 @@ public class RequestReviewWithAfterSpiAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.permission(WorkbasketPermission.TRANSFER)
|
||||
.buildAndStore(workbasketService);
|
||||
|
|
@ -71,6 +72,7 @@ public class RequestReviewWithAfterSpiAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
|
|||
|
|
@ -59,6 +59,7 @@ public class RequestReviewWithBeforeSpiAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.permission(WorkbasketPermission.TRANSFER)
|
||||
.buildAndStore(workbasketService);
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@ class UpdateManualPriorityAccTest {
|
|||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
defaultObjectReference = defaultTestObjectReference().build();
|
||||
|
|
|
|||
|
|
@ -75,6 +75,7 @@ class UpdateManualPriorityWithSpiAccTest {
|
|||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
defaultObjectReference = defaultTestObjectReference().build();
|
||||
|
|
|
|||
|
|
@ -38,14 +38,17 @@ import pro.taskana.classification.api.models.ClassificationSummary;
|
|||
import pro.taskana.common.api.exceptions.ConcurrencyException;
|
||||
import pro.taskana.common.api.exceptions.InvalidArgumentException;
|
||||
import pro.taskana.common.internal.util.Pair;
|
||||
import pro.taskana.common.internal.util.Triplet;
|
||||
import pro.taskana.task.api.TaskCustomField;
|
||||
import pro.taskana.task.api.TaskService;
|
||||
import pro.taskana.task.api.TaskState;
|
||||
import pro.taskana.task.api.exceptions.TaskNotFoundException;
|
||||
import pro.taskana.task.api.models.ObjectReference;
|
||||
import pro.taskana.task.api.models.Task;
|
||||
import pro.taskana.task.api.models.TaskSummary;
|
||||
import pro.taskana.task.internal.models.ObjectReferenceImpl;
|
||||
import pro.taskana.task.internal.models.TaskImpl;
|
||||
import pro.taskana.testapi.DefaultTestEntities;
|
||||
import pro.taskana.testapi.TaskanaConfigurationModifier;
|
||||
import pro.taskana.testapi.TaskanaInject;
|
||||
import pro.taskana.testapi.TaskanaIntegrationTest;
|
||||
|
|
@ -67,6 +70,9 @@ public class UpdateTaskAccTest {
|
|||
ClassificationSummary defaultClassificationSummary;
|
||||
WorkbasketSummary defaultWorkbasketSummary;
|
||||
ObjectReference defaultObjectReference;
|
||||
WorkbasketSummary wbWithoutEditTasks;
|
||||
WorkbasketSummary wbWithoutReadTasks;
|
||||
WorkbasketSummary wbWithoutRead;
|
||||
|
||||
@WithAccessId(user = "businessadmin")
|
||||
@BeforeAll
|
||||
|
|
@ -76,12 +82,44 @@ public class UpdateTaskAccTest {
|
|||
.serviceLevel("P1D")
|
||||
.buildAndStoreAsSummary(classificationService);
|
||||
defaultWorkbasketSummary = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
wbWithoutEditTasks = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
wbWithoutReadTasks = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
wbWithoutRead = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(defaultWorkbasketSummary.getId())
|
||||
.accessId("user-1-2")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(wbWithoutEditTasks.getId())
|
||||
.accessId("user-1-2")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(wbWithoutReadTasks.getId())
|
||||
.accessId("user-1-2")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(wbWithoutRead.getId())
|
||||
.accessId("user-1-2")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
@ -244,7 +282,8 @@ public class UpdateTaskAccTest {
|
|||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-taskrouter");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId());
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-2")
|
||||
|
|
@ -442,6 +481,42 @@ public class UpdateTaskAccTest {
|
|||
assertThat(taskIds).isEmpty();
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-2")
|
||||
@TestFactory
|
||||
Stream<DynamicTest> should_UpdateNoTasksWithPor_When_UserHasMissingPermission() throws Exception {
|
||||
List<Pair<String, WorkbasketSummary>> list =
|
||||
List.of(
|
||||
Pair.of("With Missing Read Permission", wbWithoutRead),
|
||||
Pair.of("With Missing ReadTasks Permission", wbWithoutReadTasks),
|
||||
Pair.of("With Missing EditTasks Permission", wbWithoutEditTasks));
|
||||
ThrowingConsumer<Pair<String, WorkbasketSummary>> testUpdateTask =
|
||||
t -> {
|
||||
ObjectReference objectReference =
|
||||
ObjectReferenceBuilder.newObjectReference()
|
||||
.company("00")
|
||||
.system("PASystem")
|
||||
.systemInstance("00")
|
||||
.type("VNR")
|
||||
.value("22334455")
|
||||
.build();
|
||||
TaskBuilder.newTask()
|
||||
.classificationSummary(defaultClassificationSummary)
|
||||
.workbasketSummary(t.getRight())
|
||||
.primaryObjRef(objectReference)
|
||||
.buildAndStore(taskService, "admin");
|
||||
Map<TaskCustomField, String> customProperties = new HashMap<>();
|
||||
customProperties.put(CUSTOM_7, "This is modifiedValue 7");
|
||||
customProperties.put(CUSTOM_14, null);
|
||||
customProperties.put(CUSTOM_3, "This is modifiedValue 3");
|
||||
customProperties.put(CUSTOM_16, "This is modifiedValue 16");
|
||||
|
||||
List<String> taskIds = taskService.updateTasks(objectReference, customProperties);
|
||||
|
||||
assertThat(taskIds).isEmpty();
|
||||
};
|
||||
return DynamicTest.stream(list.iterator(), Pair::getLeft, testUpdateTask);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-2")
|
||||
@Test
|
||||
void should_UpdateTasks_When_MatchingPrimaryObjectReferenceWasChanged() throws Exception {
|
||||
|
|
@ -519,6 +594,36 @@ public class UpdateTaskAccTest {
|
|||
}
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-2")
|
||||
@TestFactory
|
||||
Stream<DynamicTest> should_UpdateNoTasksWithTaskId_When_UserHasMissingPermission()
|
||||
throws Exception {
|
||||
List<Pair<String, WorkbasketSummary>> list =
|
||||
List.of(
|
||||
Pair.of("With Missing Read Permission", wbWithoutRead),
|
||||
Pair.of("With Missing ReadTasks Permission", wbWithoutReadTasks),
|
||||
Pair.of("With Missing EditTasks Permission", wbWithoutEditTasks));
|
||||
ThrowingConsumer<Pair<String, WorkbasketSummary>> testUpdateTask =
|
||||
t -> {
|
||||
Task task =
|
||||
TaskBuilder.newTask()
|
||||
.classificationSummary(defaultClassificationSummary)
|
||||
.workbasketSummary(t.getRight())
|
||||
.primaryObjRef(defaultObjectReference)
|
||||
.buildAndStore(taskService, "admin");
|
||||
Map<TaskCustomField, String> customProperties = new HashMap<>();
|
||||
customProperties.put(CUSTOM_7, "This is modifiedValue 7");
|
||||
customProperties.put(CUSTOM_14, null);
|
||||
customProperties.put(CUSTOM_3, "This is modifiedValue 3");
|
||||
customProperties.put(CUSTOM_16, "This is modifiedValue 16");
|
||||
|
||||
List<String> taskIds = taskService.updateTasks(List.of(task.getId()), customProperties);
|
||||
|
||||
assertThat(taskIds).isEmpty();
|
||||
};
|
||||
return DynamicTest.stream(list.iterator(), Pair::getLeft, testUpdateTask);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-2")
|
||||
@Test
|
||||
void should_UpdateCallbackInfo() throws Exception {
|
||||
|
|
@ -556,6 +661,51 @@ public class UpdateTaskAccTest {
|
|||
assertThat(retrievedUpdatedTask).extracting(TaskSummary::getReceived).isEqualTo(retrievedTime);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-2")
|
||||
@TestFactory
|
||||
Stream<DynamicTest> should_ThrowException_When_MissingOneOfThePermissions() throws Exception {
|
||||
List<Triplet<String, WorkbasketSummary, WorkbasketPermission>> list =
|
||||
List.of(
|
||||
Triplet.of("With Missing Read Permission", wbWithoutRead, WorkbasketPermission.READ),
|
||||
Triplet.of(
|
||||
"With Missing ReadTasks Permission",
|
||||
wbWithoutReadTasks,
|
||||
WorkbasketPermission.READTASKS),
|
||||
Triplet.of(
|
||||
"With Missing EditTasks Permission",
|
||||
wbWithoutEditTasks,
|
||||
WorkbasketPermission.EDITTASKS));
|
||||
ThrowingConsumer<Triplet<String, WorkbasketSummary, WorkbasketPermission>> testUpdateTask =
|
||||
t -> {
|
||||
String anyUserName = "TestUser28";
|
||||
Task task =
|
||||
TaskBuilder.newTask()
|
||||
.classificationSummary(defaultClassificationSummary)
|
||||
.workbasketSummary(t.getMiddle())
|
||||
.primaryObjRef(DefaultTestEntities.defaultTestObjectReference().build())
|
||||
.state(TaskState.READY)
|
||||
.owner(anyUserName)
|
||||
.buildAndStore(taskService, "admin");
|
||||
|
||||
task.setNote("Test Note");
|
||||
ThrowingCallable call = () -> taskService.updateTask(task);
|
||||
|
||||
NotAuthorizedOnWorkbasketException e =
|
||||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
|
||||
if (t.getRight() != WorkbasketPermission.EDITTASKS) {
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactlyInAnyOrder(
|
||||
WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
} else {
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.EDITTASKS);
|
||||
}
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(t.getMiddle().getId());
|
||||
};
|
||||
return DynamicTest.stream(list.iterator(), Triplet::getLeft, testUpdateTask);
|
||||
}
|
||||
|
||||
private ObjectReferenceImpl createObjectReference(
|
||||
String company, String system, String systemInstance, String type, String value) {
|
||||
ObjectReferenceImpl objectReference = new ObjectReferenceImpl();
|
||||
|
|
|
|||
|
|
@ -47,6 +47,7 @@ class UpdateTaskWithSorAccTest {
|
|||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.EDITTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
defaultObjectReference = defaultTestObjectReference().build();
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ import pro.taskana.workbasket.api.models.Workbasket;
|
|||
import pro.taskana.workbasket.api.models.WorkbasketSummary;
|
||||
|
||||
@TaskanaIntegrationTest
|
||||
public class GetWorkbasketAccTest {
|
||||
class GetWorkbasketAccTest {
|
||||
@TaskanaInject ClassificationService classificationService;
|
||||
@TaskanaInject WorkbasketService workbasketService;
|
||||
ClassificationSummary defaultClassificationSummary;
|
||||
|
|
@ -103,11 +103,12 @@ public class GetWorkbasketAccTest {
|
|||
List<WorkbasketPermission> permissions =
|
||||
workbasketService.getPermissionsForWorkbasket(defaultWorkbasketSummary.getId());
|
||||
|
||||
assertThat(permissions).hasSize(4);
|
||||
assertThat(permissions.contains(WorkbasketPermission.READ)).isTrue();
|
||||
assertThat(permissions.contains(WorkbasketPermission.OPEN)).isTrue();
|
||||
assertThat(permissions.contains(WorkbasketPermission.TRANSFER)).isTrue();
|
||||
assertThat(permissions.contains(WorkbasketPermission.APPEND)).isTrue();
|
||||
assertThat(permissions)
|
||||
.containsExactlyInAnyOrder(
|
||||
WorkbasketPermission.READ,
|
||||
WorkbasketPermission.APPEND,
|
||||
WorkbasketPermission.TRANSFER,
|
||||
WorkbasketPermission.OPEN);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
|
|
@ -166,7 +167,7 @@ public class GetWorkbasketAccTest {
|
|||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId());
|
||||
assertThat(e.getCurrentUserId()).isEqualTo(null);
|
||||
assertThat(e.getCurrentUserId()).isNull();
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);
|
||||
}
|
||||
|
||||
|
|
@ -179,7 +180,7 @@ public class GetWorkbasketAccTest {
|
|||
|
||||
assertThat(e.getWorkbasketKey()).isEqualTo("USER-1-2");
|
||||
assertThat(e.getDomain()).isEqualTo("DOMAIN_A");
|
||||
assertThat(e.getCurrentUserId()).isEqualTo(null);
|
||||
assertThat(e.getCurrentUserId()).isNull();
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -233,9 +233,7 @@ public interface TaskService {
|
|||
* WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
|
||||
*/
|
||||
Task forceCancelClaim(String taskId)
|
||||
throws TaskNotFoundException,
|
||||
NotAuthorizedOnWorkbasketException,
|
||||
InvalidTaskStateException;
|
||||
throws TaskNotFoundException, NotAuthorizedOnWorkbasketException, InvalidTaskStateException;
|
||||
|
||||
/**
|
||||
* Request review for an existing {@linkplain Task} that is in {@linkplain TaskState#CLAIMED}.
|
||||
|
|
@ -643,7 +641,8 @@ public interface TaskService {
|
|||
|
||||
/**
|
||||
* Updates specified {@linkplain TaskCustomField TaskCustomFields} of {@linkplain Task Tasks}
|
||||
* associated with the given {@linkplain Task#getPrimaryObjRef() primaryObjRef}.
|
||||
* associated with the given {@linkplain Task#getPrimaryObjRef() primaryObjRef}. Tasks in
|
||||
* Workbaskets without EDITTASKS permission will be ignored and not updated.
|
||||
*
|
||||
* @param selectionCriteria the {@linkplain Task#getPrimaryObjRef() primaryObjRef} of the
|
||||
* searched-for {@linkplain Task Tasks}.
|
||||
|
|
|
|||
|
|
@ -433,9 +433,7 @@ public class TaskQuerySqlProvider {
|
|||
}
|
||||
|
||||
private static String openOuterClauseForGroupByPorOrSor() {
|
||||
return "<if test=\"groupByPor or groupBySor != null\"> "
|
||||
+ "SELECT * FROM ("
|
||||
+ "</if> ";
|
||||
return "<if test=\"groupByPor or groupBySor != null\"> SELECT * FROM (</if> ";
|
||||
}
|
||||
|
||||
private static String closeOuterClauseForGroupByPor() {
|
||||
|
|
|
|||
|
|
@ -544,6 +544,12 @@ public class TaskServiceImpl implements TaskService {
|
|||
TaskImpl oldTaskImpl = (TaskImpl) getTask(newTaskImpl.getId());
|
||||
|
||||
checkConcurrencyAndSetModified(newTaskImpl, oldTaskImpl);
|
||||
if (!checkEditTasksPerm(oldTaskImpl)) {
|
||||
throw new NotAuthorizedOnWorkbasketException(
|
||||
taskanaEngine.getEngine().getCurrentUserContext().getUserid(),
|
||||
oldTaskImpl.getWorkbasketSummary().getId(),
|
||||
WorkbasketPermission.EDITTASKS);
|
||||
}
|
||||
|
||||
attachmentHandler.insertAndDeleteAttachmentsOnTaskUpdate(newTaskImpl, oldTaskImpl);
|
||||
objectReferenceHandler.insertAndDeleteObjectReferencesOnTaskUpdate(newTaskImpl, oldTaskImpl);
|
||||
|
|
@ -624,11 +630,18 @@ public class TaskServiceImpl implements TaskService {
|
|||
}
|
||||
|
||||
@Override
|
||||
public Optional<Task> selectAndClaim(TaskQuery taskQuery) {
|
||||
public Optional<Task> selectAndClaim(TaskQuery taskQuery)
|
||||
throws NotAuthorizedOnWorkbasketException {
|
||||
((TaskQueryImpl) taskQuery).selectAndClaimEquals(true);
|
||||
return taskanaEngine.executeInDatabaseConnection(
|
||||
() ->
|
||||
Optional.ofNullable(taskQuery.single()).map(TaskSummary::getId).map(wrap(this::claim)));
|
||||
try {
|
||||
return taskanaEngine.executeInDatabaseConnection(
|
||||
() ->
|
||||
Optional.ofNullable(taskQuery.single())
|
||||
.map(TaskSummary::getId)
|
||||
.map(wrap(this::claim)));
|
||||
} catch (Exception e) {
|
||||
return Optional.empty();
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -704,9 +717,17 @@ public class TaskServiceImpl implements TaskService {
|
|||
// use query in order to find only those tasks that are visible to the current user
|
||||
List<TaskSummary> taskSummaries = getTasksToChange(selectionCriteria);
|
||||
|
||||
List<TaskSummary> tasksWithPermissions = new ArrayList<>();
|
||||
for (TaskSummary taskSummary : taskSummaries) {
|
||||
if (checkEditTasksPerm(taskSummary)) {
|
||||
tasksWithPermissions.add(taskSummary);
|
||||
}
|
||||
}
|
||||
|
||||
List<String> changedTasks = new ArrayList<>();
|
||||
if (!taskSummaries.isEmpty()) {
|
||||
changedTasks = taskSummaries.stream().map(TaskSummary::getId).collect(Collectors.toList());
|
||||
if (!tasksWithPermissions.isEmpty()) {
|
||||
changedTasks =
|
||||
tasksWithPermissions.stream().map(TaskSummary::getId).collect(Collectors.toList());
|
||||
taskMapper.updateTasks(changedTasks, updated, fieldSelector);
|
||||
if (LOGGER.isDebugEnabled()) {
|
||||
LOGGER.debug("updateTasks() updated the following tasks: {} ", changedTasks);
|
||||
|
|
@ -738,9 +759,17 @@ public class TaskServiceImpl implements TaskService {
|
|||
// use query in order to find only those tasks that are visible to the current user
|
||||
List<TaskSummary> taskSummaries = getTasksToChange(taskIds);
|
||||
|
||||
List<TaskSummary> tasksWithPermissions = new ArrayList<>();
|
||||
for (TaskSummary taskSummary : taskSummaries) {
|
||||
if (checkEditTasksPerm(taskSummary)) {
|
||||
tasksWithPermissions.add(taskSummary);
|
||||
}
|
||||
}
|
||||
|
||||
List<String> changedTasks = new ArrayList<>();
|
||||
if (!taskSummaries.isEmpty()) {
|
||||
changedTasks = taskSummaries.stream().map(TaskSummary::getId).collect(Collectors.toList());
|
||||
if (!tasksWithPermissions.isEmpty()) {
|
||||
changedTasks =
|
||||
tasksWithPermissions.stream().map(TaskSummary::getId).collect(Collectors.toList());
|
||||
taskMapper.updateTasks(changedTasks, updatedTask, fieldSelector);
|
||||
if (LOGGER.isDebugEnabled()) {
|
||||
LOGGER.debug("updateTasks() updated the following tasks: {} ", changedTasks);
|
||||
|
|
@ -1442,7 +1471,7 @@ public class TaskServiceImpl implements TaskService {
|
|||
}
|
||||
|
||||
private void checkPreconditionsForClaimTask(TaskSummary task, boolean forced)
|
||||
throws InvalidOwnerException, InvalidTaskStateException {
|
||||
throws InvalidOwnerException, InvalidTaskStateException, NotAuthorizedOnWorkbasketException {
|
||||
TaskState state = task.getState();
|
||||
if (state.isEndState()) {
|
||||
throw new InvalidTaskStateException(
|
||||
|
|
@ -1455,6 +1484,12 @@ public class TaskServiceImpl implements TaskService {
|
|||
&& !task.getOwner().equals(userId)) {
|
||||
throw new InvalidOwnerException(userId, task.getId());
|
||||
}
|
||||
if (!checkEditTasksPerm(task)) {
|
||||
throw new NotAuthorizedOnWorkbasketException(
|
||||
taskanaEngine.getEngine().getCurrentUserContext().getUserid(),
|
||||
task.getWorkbasketSummary().getId(),
|
||||
WorkbasketPermission.EDITTASKS);
|
||||
}
|
||||
}
|
||||
|
||||
private static boolean taskIsNotClaimed(TaskSummary task) {
|
||||
|
|
@ -1473,7 +1508,7 @@ public class TaskServiceImpl implements TaskService {
|
|||
}
|
||||
|
||||
private void checkPreconditionsForCompleteTask(TaskSummary task)
|
||||
throws InvalidOwnerException, InvalidTaskStateException {
|
||||
throws InvalidOwnerException, InvalidTaskStateException, NotAuthorizedOnWorkbasketException {
|
||||
if (taskIsNotClaimed(task)) {
|
||||
throw new InvalidTaskStateException(
|
||||
task.getId(), task.getState(), TaskState.CLAIMED, TaskState.IN_REVIEW);
|
||||
|
|
@ -1486,6 +1521,12 @@ public class TaskServiceImpl implements TaskService {
|
|||
throw new InvalidOwnerException(
|
||||
taskanaEngine.getEngine().getCurrentUserContext().getUserid(), task.getId());
|
||||
}
|
||||
if (!checkEditTasksPerm(task)) {
|
||||
throw new NotAuthorizedOnWorkbasketException(
|
||||
taskanaEngine.getEngine().getCurrentUserContext().getUserid(),
|
||||
task.getWorkbasketSummary().getId(),
|
||||
WorkbasketPermission.EDITTASKS);
|
||||
}
|
||||
}
|
||||
|
||||
private Task cancelClaim(String taskId, boolean forceUnclaim)
|
||||
|
|
@ -1502,6 +1543,12 @@ public class TaskServiceImpl implements TaskService {
|
|||
TaskImpl oldTask = duplicateTaskExactly(task);
|
||||
|
||||
TaskState state = task.getState();
|
||||
if (!checkEditTasksPerm(task)) {
|
||||
throw new NotAuthorizedOnWorkbasketException(
|
||||
taskanaEngine.getEngine().getCurrentUserContext().getUserid(),
|
||||
task.getWorkbasketSummary().getId(),
|
||||
WorkbasketPermission.EDITTASKS);
|
||||
}
|
||||
if (state.isEndState()) {
|
||||
throw new InvalidTaskStateException(
|
||||
taskId, state, EnumUtil.allValuesExceptFor(TaskState.END_STATES));
|
||||
|
|
@ -2148,4 +2195,16 @@ public class TaskServiceImpl implements TaskService {
|
|||
oldTask.setSecondaryObjectReferences(task.getSecondaryObjectReferences());
|
||||
return oldTask;
|
||||
}
|
||||
|
||||
private boolean checkEditTasksPerm(TaskSummary task) {
|
||||
WorkbasketQueryImpl query = (WorkbasketQueryImpl) workbasketService.createWorkbasketQuery();
|
||||
String workbasketId = task.getWorkbasketSummary().getId();
|
||||
WorkbasketSummary workbasket =
|
||||
query.idIn(workbasketId).callerHasPermissions(WorkbasketPermission.EDITTASKS).single();
|
||||
if (workbasket == null) {
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,13 +18,13 @@ public interface WorkbasketQueryMapper {
|
|||
+ "<if test = 'joinWithAccessList'> "
|
||||
+ "<choose>"
|
||||
+ "<when test=\"_databaseId == 'db2' || _databaseId == 'oracle'\">"
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_READTASKS) as MAX_READTASKS, MAX(PERM_OPEN) as MAX_OPEN, "
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_READTASKS) as MAX_READTASKS, MAX(PERM_EDITTASKS) as MAX_EDITTASKS, MAX(PERM_OPEN) as MAX_OPEN, "
|
||||
+ "MAX(PERM_APPEND) as MAX_APPEND, MAX(PERM_TRANSFER) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2) as MAX_CUSTOM_2, "
|
||||
+ "MAX(PERM_CUSTOM_3) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7) as MAX_CUSTOM_7, "
|
||||
+ "MAX(PERM_CUSTOM_8) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12) as MAX_CUSTOM_12 "
|
||||
+ "</when>"
|
||||
+ "<otherwise>"
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_READTASKS::int) as MAX_READTASKS, MAX(PERM_OPEN::int) as MAX_OPEN, "
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_READTASKS::int) as MAX_READTASKS, MAX(PERM_EDITTASKS::int) as MAX_EDITTASKS, MAX(PERM_OPEN::int) as MAX_OPEN, "
|
||||
+ "MAX(PERM_APPEND::int) as MAX_APPEND, MAX(PERM_TRANSFER::int) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE::int) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1::int) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2::int) as MAX_CUSTOM_2, "
|
||||
+ "MAX(PERM_CUSTOM_3::int) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4::int) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5::int) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6::int) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7::int) as MAX_CUSTOM_7, "
|
||||
+ "MAX(PERM_CUSTOM_8::int) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9::int) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10::int) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11::int) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12::int) as MAX_CUSTOM_12 "
|
||||
|
|
@ -75,6 +75,7 @@ public interface WorkbasketQueryMapper {
|
|||
+ "<foreach item='permission' collection='permissions' separator=' AND ' >"
|
||||
+ "<if test=\"permission.name() == 'READ'\">a.MAX_READ</if> "
|
||||
+ "<if test=\"permission.name() == 'READTASKS'\">a.MAX_READTASKS</if> "
|
||||
+ "<if test=\"permission.name() == 'EDITTASKS'\">a.MAX_EDITTASKS</if> "
|
||||
+ "<if test=\"permission.name() == 'OPEN'\">a.MAX_OPEN</if> "
|
||||
+ "<if test=\"permission.name() == 'APPEND'\">a.MAX_APPEND</if>"
|
||||
+ "<if test=\"permission.name() == 'TRANSFER'\">a.MAX_TRANSFER</if>"
|
||||
|
|
@ -119,7 +120,7 @@ public interface WorkbasketQueryMapper {
|
|||
@Select(
|
||||
"<script>"
|
||||
+ "SELECT "
|
||||
+ "WBA.ID, WORKBASKET_ID, WB.KEY, ACCESS_ID, ACCESS_NAME, PERM_READ, PERM_READTASKS, PERM_OPEN, PERM_APPEND, PERM_TRANSFER, PERM_DISTRIBUTE, PERM_CUSTOM_1, PERM_CUSTOM_2, "
|
||||
+ "WBA.ID, WORKBASKET_ID, WB.KEY, ACCESS_ID, ACCESS_NAME, PERM_READ, PERM_READTASKS, PERM_EDITTASKS, PERM_OPEN, PERM_APPEND, PERM_TRANSFER, PERM_DISTRIBUTE, PERM_CUSTOM_1, PERM_CUSTOM_2, "
|
||||
+ "PERM_CUSTOM_3, PERM_CUSTOM_4, PERM_CUSTOM_5, PERM_CUSTOM_6, PERM_CUSTOM_7, PERM_CUSTOM_8, PERM_CUSTOM_9, PERM_CUSTOM_10, PERM_CUSTOM_11, PERM_CUSTOM_12 "
|
||||
+ "from WORKBASKET_ACCESS_LIST WBA "
|
||||
+ "LEFT JOIN WORKBASKET WB ON WORKBASKET_ID = WB.ID"
|
||||
|
|
@ -140,6 +141,7 @@ public interface WorkbasketQueryMapper {
|
|||
@Result(property = "accessName", column = "ACCESS_NAME")
|
||||
@Result(property = "permRead", column = "PERM_READ")
|
||||
@Result(property = "permReadTasks", column = "PERM_READTASKS")
|
||||
@Result(property = "permEditTasks", column = "PERM_EDITTASKS")
|
||||
@Result(property = "permOpen", column = "PERM_OPEN")
|
||||
@Result(property = "permAppend", column = "PERM_APPEND")
|
||||
@Result(property = "permTransfer", column = "PERM_TRANSFER")
|
||||
|
|
@ -165,13 +167,13 @@ public interface WorkbasketQueryMapper {
|
|||
+ "<if test = 'joinWithAccessList'> "
|
||||
+ "<choose>"
|
||||
+ "<when test=\"_databaseId == 'db2' || _databaseId == 'oracle'\">"
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_READTASKS) as MAX_READTASKS, MAX(PERM_OPEN) as MAX_OPEN, "
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_READTASKS) as MAX_READTASKS, MAX(PERM_EDITTASKS) as MAX_EDITTASKS, MAX(PERM_OPEN) as MAX_OPEN, "
|
||||
+ "MAX(PERM_APPEND) as MAX_APPEND, MAX(PERM_TRANSFER) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2) as MAX_CUSTOM_2, "
|
||||
+ "MAX(PERM_CUSTOM_3) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7) as MAX_CUSTOM_7, "
|
||||
+ "MAX(PERM_CUSTOM_8) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12) as MAX_CUSTOM_12 "
|
||||
+ "</when>"
|
||||
+ "<otherwise>"
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_READTASKS::int) as MAX_READTASKS, MAX(PERM_OPEN::int) as MAX_OPEN, "
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_READTASKS::int) as MAX_READTASKS, MAX(PERM_EDITTASKS::int) as MAX_EDITTASKS, MAX(PERM_OPEN::int) as MAX_OPEN, "
|
||||
+ "MAX(PERM_APPEND::int) as MAX_APPEND, MAX(PERM_TRANSFER::int) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE::int) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1::int) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2::int) as MAX_CUSTOM_2, "
|
||||
+ "MAX(PERM_CUSTOM_3::int) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4::int) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5::int) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6::int) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7::int) as MAX_CUSTOM_7, "
|
||||
+ "MAX(PERM_CUSTOM_8::int) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9::int) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10::int) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11::int) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12::int) as MAX_CUSTOM_12 "
|
||||
|
|
@ -222,6 +224,7 @@ public interface WorkbasketQueryMapper {
|
|||
+ "<foreach item='permission' collection='permissions' separator=' AND ' >"
|
||||
+ "<if test=\"permission.name() == 'READ'\">a.MAX_READ</if> "
|
||||
+ "<if test=\"permission.name() == 'READTASKS'\">a.MAX_READTASKS</if> "
|
||||
+ "<if test=\"permission.name() == 'EDITTASKS'\">a.MAX_EDITTASKS</if> "
|
||||
+ "<if test=\"permission.name() == 'OPEN'\">a.MAX_OPEN</if> "
|
||||
+ "<if test=\"permission.name() == 'APPEND'\">a.MAX_APPEND</if>"
|
||||
+ "<if test=\"permission.name() == 'TRANSFER'\">a.MAX_TRANSFER</if>"
|
||||
|
|
@ -262,13 +265,13 @@ public interface WorkbasketQueryMapper {
|
|||
+ "<if test = 'joinWithAccessList'> "
|
||||
+ "<choose>"
|
||||
+ "<when test=\"_databaseId == 'db2' || _databaseId == 'oracle'\">"
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_READTASKS) as MAX_READTASKS, MAX(PERM_OPEN) as MAX_OPEN, "
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_READTASKS) as MAX_READTASKS, MAX(PERM_EDITTASKS) as MAX_EDITTASKS, MAX(PERM_OPEN) as MAX_OPEN, "
|
||||
+ "MAX(PERM_APPEND) as MAX_APPEND, MAX(PERM_TRANSFER) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2) as MAX_CUSTOM_2, "
|
||||
+ "MAX(PERM_CUSTOM_3) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7) as MAX_CUSTOM_7, "
|
||||
+ "MAX(PERM_CUSTOM_8) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12) as MAX_CUSTOM_12 "
|
||||
+ "</when>"
|
||||
+ "<otherwise>"
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_READTASKS::int) as MAX_READTASKS, MAX(PERM_OPEN::int) as MAX_OPEN, "
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_READTASKS::int) as MAX_READTASKS, MAX(PERM_EDITTASKS::int) as MAX_EDITTASKS, MAX(PERM_OPEN::int) as MAX_OPEN, "
|
||||
+ "MAX(PERM_APPEND::int) as MAX_APPEND, MAX(PERM_TRANSFER::int) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE::int) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1::int) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2::int) as MAX_CUSTOM_2, "
|
||||
+ "MAX(PERM_CUSTOM_3::int) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4::int) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5::int) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6::int) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7::int) as MAX_CUSTOM_7, "
|
||||
+ "MAX(PERM_CUSTOM_8::int) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9::int) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10::int) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11::int) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12::int) as MAX_CUSTOM_12 "
|
||||
|
|
@ -320,6 +323,7 @@ public interface WorkbasketQueryMapper {
|
|||
+ "<foreach item='permission' collection='permissions' separator=' AND ' >"
|
||||
+ "<if test=\"permission.name() == 'READ'\">a.MAX_READ</if> "
|
||||
+ "<if test=\"permission.name() == 'READTASKS'\">a.MAX_READTASKS</if> "
|
||||
+ "<if test=\"permission.name() == 'EDITTASKS'\">a.MAX_EDITTASKS</if> "
|
||||
+ "<if test=\"permission.name() == 'OPEN'\">a.MAX_OPEN</if> "
|
||||
+ "<if test=\"permission.name() == 'APPEND'\">a.MAX_APPEND</if>"
|
||||
+ "<if test=\"permission.name() == 'TRANSFER'\">a.MAX_TRANSFER</if>"
|
||||
|
|
|
|||
|
|
@ -8,24 +8,61 @@ import java.util.ArrayList;
|
|||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
import java.util.function.Consumer;
|
||||
import java.util.stream.Collectors;
|
||||
import java.util.stream.Stream;
|
||||
import javax.security.auth.Subject;
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.DynamicTest;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.TestFactory;
|
||||
import org.junit.jupiter.api.TestInstance;
|
||||
import org.junit.jupiter.api.TestInstance.Lifecycle;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.junit.jupiter.api.function.ThrowingConsumer;
|
||||
import pro.taskana.common.api.BaseQuery.SortDirection;
|
||||
import pro.taskana.common.api.security.UserPrincipal;
|
||||
import pro.taskana.common.internal.util.CheckedConsumer;
|
||||
import pro.taskana.common.internal.util.Pair;
|
||||
import pro.taskana.common.test.security.JaasExtension;
|
||||
import pro.taskana.common.test.security.WithAccessId;
|
||||
import pro.taskana.common.test.util.ParallelThreadHelper;
|
||||
import pro.taskana.task.api.TaskQuery;
|
||||
import pro.taskana.task.api.TaskService;
|
||||
import pro.taskana.task.api.models.Task;
|
||||
import pro.taskana.task.internal.models.ObjectReferenceImpl;
|
||||
import pro.taskana.workbasket.api.WorkbasketPermission;
|
||||
import pro.taskana.workbasket.api.WorkbasketService;
|
||||
import pro.taskana.workbasket.api.WorkbasketType;
|
||||
import pro.taskana.workbasket.api.models.Workbasket;
|
||||
import pro.taskana.workbasket.api.models.WorkbasketAccessItem;
|
||||
|
||||
@TestInstance(Lifecycle.PER_CLASS)
|
||||
@ExtendWith(JaasExtension.class)
|
||||
class SelectAndClaimTaskAccTest extends AbstractAccTest {
|
||||
Workbasket wbWithoutRead;
|
||||
Workbasket wbWithoutReadTasks;
|
||||
Workbasket wbWithoutEditTasks;
|
||||
Task task1;
|
||||
Task task2;
|
||||
Task task3;
|
||||
|
||||
@WithAccessId(user = "admin")
|
||||
@BeforeAll
|
||||
void setup() throws Exception {
|
||||
wbWithoutRead = createWorkBasket();
|
||||
wbWithoutReadTasks = createWorkBasket();
|
||||
wbWithoutEditTasks = createWorkBasket();
|
||||
|
||||
createWorkbasketAccessItem(wbWithoutRead, WorkbasketPermission.READ);
|
||||
createWorkbasketAccessItem(wbWithoutReadTasks, WorkbasketPermission.READTASKS);
|
||||
createWorkbasketAccessItem(wbWithoutEditTasks, WorkbasketPermission.EDITTASKS);
|
||||
|
||||
task3 = createTask(wbWithoutEditTasks);
|
||||
task1 = createTask(wbWithoutRead);
|
||||
task2 = createTask(wbWithoutReadTasks);
|
||||
}
|
||||
|
||||
@Test
|
||||
void should_ClaimDifferentTasks_For_ConcurrentSelectAndClaimCalls() throws Exception {
|
||||
|
|
@ -53,6 +90,23 @@ class SelectAndClaimTaskAccTest extends AbstractAccTest {
|
|||
.containsExactlyInAnyOrder("admin", "taskadmin", "teamlead-1", "teamlead-2");
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-2")
|
||||
@TestFactory
|
||||
Stream<DynamicTest> should_ReturnEmptyOptional_When_MissingOnePermission() {
|
||||
List<Pair<String, Task>> list =
|
||||
List.of(
|
||||
Pair.of("With Missing Read Permission", task1),
|
||||
Pair.of("With Missing ReadTasks Permission", task2),
|
||||
Pair.of("With Missing EditTasks Permission", task3));
|
||||
ThrowingConsumer<Pair<String, Task>> testSelectClaimTask =
|
||||
t -> {
|
||||
TaskQuery query = taskService.createTaskQuery().idIn(t.getRight().getId());
|
||||
Optional<Task> task = taskService.selectAndClaim(query);
|
||||
assertThat(task).isEmpty();
|
||||
};
|
||||
return DynamicTest.stream(list.iterator(), Pair::getLeft, testSelectClaimTask);
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithAccessId(user = "admin")
|
||||
void should_ReturnEmptyOptional_When_TryingToSelectAndClaimNonExistingTask() throws Exception {
|
||||
|
|
@ -85,4 +139,50 @@ class SelectAndClaimTaskAccTest extends AbstractAccTest {
|
|||
private TaskQuery getTaskQuery() {
|
||||
return taskanaEngine.getTaskService().createTaskQuery().orderByTaskId(SortDirection.ASCENDING);
|
||||
}
|
||||
|
||||
private Workbasket createWorkBasket() throws Exception {
|
||||
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
|
||||
Workbasket workbasket =
|
||||
workbasketService.newWorkbasket(UUID.randomUUID().toString(), "DOMAIN_A");
|
||||
workbasket.setName("Megabasket");
|
||||
workbasket.setType(WorkbasketType.GROUP);
|
||||
workbasket.setOrgLevel1("company");
|
||||
workbasket = workbasketService.createWorkbasket(workbasket);
|
||||
return workbasket;
|
||||
}
|
||||
|
||||
private void createWorkbasketAccessItem(Workbasket workbasket, WorkbasketPermission missingPerm)
|
||||
throws Exception {
|
||||
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
|
||||
WorkbasketAccessItem wbai =
|
||||
workbasketService.newWorkbasketAccessItem(workbasket.getId(), "user-1-2");
|
||||
if (missingPerm == WorkbasketPermission.READ) {
|
||||
wbai.setPermission(WorkbasketPermission.READTASKS, true);
|
||||
wbai.setPermission(WorkbasketPermission.EDITTASKS, true);
|
||||
} else if (missingPerm == WorkbasketPermission.READTASKS) {
|
||||
wbai.setPermission(WorkbasketPermission.READ, true);
|
||||
wbai.setPermission(WorkbasketPermission.EDITTASKS, true);
|
||||
} else {
|
||||
wbai.setPermission(WorkbasketPermission.READ, true);
|
||||
wbai.setPermission(WorkbasketPermission.READTASKS, true);
|
||||
}
|
||||
workbasketService.createWorkbasketAccessItem(wbai);
|
||||
}
|
||||
|
||||
private Task createTask(Workbasket workbasket) throws Exception {
|
||||
ObjectReferenceImpl objectReference = new ObjectReferenceImpl();
|
||||
objectReference.setCompany("Company1");
|
||||
objectReference.setSystem("System1");
|
||||
objectReference.setSystemInstance("Instance1");
|
||||
objectReference.setType("Type1");
|
||||
objectReference.setValue("Value1");
|
||||
|
||||
Task task = taskService.newTask(workbasket.getId());
|
||||
task.setClassificationKey("L10000");
|
||||
task.setPrimaryObjRef(objectReference);
|
||||
task.setOwner("user-1-2");
|
||||
|
||||
Task createdTask = taskService.createTask(task);
|
||||
return createdTask;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -235,7 +235,26 @@ class CreateWorkbasketAccTest extends AbstractAccTest {
|
|||
WorkbasketAccessItem item =
|
||||
accessItems.stream().filter(t -> wbai.getId().equals(t.getId())).findFirst().orElse(null);
|
||||
assertThat(item).isNotNull();
|
||||
assertThat(item.getPermission(WorkbasketPermission.READTASKS)).isEqualTo(true);
|
||||
assertThat(item.getPermission(WorkbasketPermission.READTASKS)).isTrue();
|
||||
}
|
||||
|
||||
@WithAccessId(user = "businessadmin")
|
||||
@Test
|
||||
void should_SetEditTasks_When_CreatingWorkbasketAccessItem() throws Exception {
|
||||
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
|
||||
|
||||
WorkbasketAccessItem wbai =
|
||||
workbasketService.newWorkbasketAccessItem(
|
||||
"WBI:100000000000000000000000000000000001", "test-id2");
|
||||
wbai.setPermission(WorkbasketPermission.EDITTASKS, true);
|
||||
workbasketService.createWorkbasketAccessItem(wbai);
|
||||
|
||||
List<WorkbasketAccessItem> accessItems =
|
||||
workbasketService.getWorkbasketAccessItems("WBI:100000000000000000000000000000000001");
|
||||
WorkbasketAccessItem item =
|
||||
accessItems.stream().filter(t -> wbai.getId().equals(t.getId())).findFirst().orElse(null);
|
||||
assertThat(item).isNotNull();
|
||||
assertThat(item.getPermission(WorkbasketPermission.EDITTASKS)).isTrue();
|
||||
}
|
||||
|
||||
@WithAccessId(user = "businessadmin")
|
||||
|
|
|
|||
|
|
@ -111,6 +111,20 @@ class QueryWorkbasketByPermissionAccTest extends AbstractAccTest {
|
|||
assertThat(results).hasSize(7);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "businessadmin")
|
||||
@Test
|
||||
void should_GetAllWorkbasketsForUserAndGroup_When_QueryingForEditTasksPermissions()
|
||||
throws Exception {
|
||||
List<WorkbasketSummary> results =
|
||||
WORKBASKET_SERVICE
|
||||
.createWorkbasketQuery()
|
||||
.accessIdsHavePermissions(
|
||||
List.of(WorkbasketPermission.READTASKS), "user-1-1", GROUP_1_DN)
|
||||
.list();
|
||||
|
||||
assertThat(results).hasSize(7);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "businessadmin")
|
||||
@Test
|
||||
void should_GetAllTransferTargetsForUserAndGroup_When_QueryingForSortedByNameAscending()
|
||||
|
|
@ -186,6 +200,18 @@ class QueryWorkbasketByPermissionAccTest extends AbstractAccTest {
|
|||
assertThat(results).hasSize(1);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_GetAllWorkbasketsForSubjectUser_When_QueryingForEditTasksPermission() {
|
||||
List<WorkbasketSummary> results =
|
||||
WORKBASKET_SERVICE
|
||||
.createWorkbasketQuery()
|
||||
.callerHasPermissions(WorkbasketPermission.EDITTASKS)
|
||||
.list();
|
||||
|
||||
assertThat(results).hasSize(1);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "teamlead-1")
|
||||
@Test
|
||||
void should_GetAllTransferTargetsForSubjectUser_When_QueryingForMultiplePermission() {
|
||||
|
|
|
|||
|
|
@ -196,7 +196,33 @@ class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest {
|
|||
.findFirst()
|
||||
.orElse(null);
|
||||
assertThat(item).isNotNull();
|
||||
assertThat(theAccessItem.getPermission(WorkbasketPermission.READTASKS)).isEqualTo(false);
|
||||
assertThat(theAccessItem.getPermission(WorkbasketPermission.READTASKS)).isFalse();
|
||||
}
|
||||
|
||||
@WithAccessId(user = "businessadmin")
|
||||
@Test
|
||||
void should_setEditTasksPerm() throws Exception {
|
||||
final WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
|
||||
String wbId = "WBI:100000000000000000000000000000000006";
|
||||
|
||||
List<WorkbasketAccessItem> accessItems = workbasketService.getWorkbasketAccessItems(wbId);
|
||||
WorkbasketAccessItem theAccessItem =
|
||||
accessItems.stream()
|
||||
.filter(x -> "user-1-1".equalsIgnoreCase(x.getAccessId()))
|
||||
.findFirst()
|
||||
.orElse(null);
|
||||
assertThat(theAccessItem).isNotNull();
|
||||
theAccessItem.setPermission(WorkbasketPermission.EDITTASKS, false);
|
||||
workbasketService.updateWorkbasketAccessItem(theAccessItem);
|
||||
|
||||
List<WorkbasketAccessItem> accessItems2 = workbasketService.getWorkbasketAccessItems(wbId);
|
||||
WorkbasketAccessItem item =
|
||||
accessItems2.stream()
|
||||
.filter(t -> theAccessItem.getId().equals(t.getId()))
|
||||
.findFirst()
|
||||
.orElse(null);
|
||||
assertThat(item).isNotNull();
|
||||
assertThat(theAccessItem.getPermission(WorkbasketPermission.EDITTASKS)).isFalse();
|
||||
}
|
||||
|
||||
@WithAccessId(user = "businessadmin")
|
||||
|
|
|
|||
Loading…
Reference in New Issue