diff --git a/lib/taskana-core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java index 07bffb875..49042e5b7 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java @@ -45,6 +45,7 @@ class DeleteClassificationAccTest { .accessId("businessadmin") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService, "admin"); } diff --git a/lib/taskana-core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java index 64bcc46ae..9567993e1 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java @@ -134,6 +134,7 @@ class UpdateClassificationAccTest { .accessId(currentUserContext.getUserid()) .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService, "businessadmin"); @@ -156,6 +157,7 @@ class UpdateClassificationAccTest { .accessId(currentUserContext.getUserid()) .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService, "businessadmin"); ClassificationSummary classificationSummaryWithSpecifiedServiceLevel = diff --git a/lib/taskana-core-test/src/test/java/acceptance/jobs/helper/TaskUpdatePriorityWorkerAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/jobs/helper/TaskUpdatePriorityWorkerAccTest.java index 416ffd2b8..21b58091c 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/jobs/helper/TaskUpdatePriorityWorkerAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/jobs/helper/TaskUpdatePriorityWorkerAccTest.java @@ -65,6 +65,7 @@ class TaskUpdatePriorityWorkerAccTest { .workbasketId(workbasketSummary.getId()) .accessId("whatever") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .buildAndStore(workbasketService); TaskBuilder taskBuilder = diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/ServiceLevelOfAllTasksAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/ServiceLevelOfAllTasksAccTest.java index b28c0853f..5e0ca19c9 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/ServiceLevelOfAllTasksAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/ServiceLevelOfAllTasksAccTest.java @@ -79,6 +79,7 @@ class ServiceLevelOfAllTasksAccTest { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); } diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java index 678b5cae9..a70d46026 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java @@ -59,6 +59,7 @@ class ClaimTaskAccTest { .accessId("user-1-2") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -257,7 +258,8 @@ class ClaimTaskAccTest { catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); assertThat(e.getCurrentUserId()).isEqualTo("user-taskrouter"); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId()); - assertThat(e.getRequiredPermissions()).containsExactlyInAnyOrder(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); ; } @@ -280,7 +282,8 @@ class ClaimTaskAccTest { catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); assertThat(e.getCurrentUserId()).isEqualTo("user-taskrouter"); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId()); - assertThat(e.getRequiredPermissions()).containsExactlyInAnyOrder(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); } @WithAccessId(user = "user-1-2") diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/claim/SetOwnerAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/claim/SetOwnerAccTest.java index 9a3a16bc4..65d6f0a58 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/claim/SetOwnerAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/claim/SetOwnerAccTest.java @@ -56,6 +56,7 @@ class SetOwnerAccTest { .accessId("user-1-2") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -117,7 +118,8 @@ class SetOwnerAccTest { catchThrowableOfType(call2, NotAuthorizedOnWorkbasketException.class); assertThat(e2.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId()); assertThat(e2.getCurrentUserId()).isEqualTo("user-1-1"); - assertThat(e2.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e2.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); } @WithAccessId(user = "user-1-2") diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CancelTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CancelTaskAccTest.java index 99ba22a41..eab92363c 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CancelTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CancelTaskAccTest.java @@ -58,6 +58,7 @@ class CancelTaskAccTest { .accessId("user-1-2") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -130,7 +131,8 @@ class CancelTaskAccTest { NotAuthorizedOnWorkbasketException e = catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); - assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); assertThat(e.getCurrentUserId()).isEqualTo("user-taskrouter"); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId()); } diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java index 77065f604..2bcfa5496 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java @@ -76,6 +76,7 @@ class CompleteTaskAccTest implements TaskanaConfigurationModifier { .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -217,7 +218,8 @@ class CompleteTaskAccTest implements TaskanaConfigurationModifier { assertThat(e.getCurrentUserId()).isEqualTo(currentUserContext.getUserid()); WorkbasketSummary workbasket = claimedTask.getWorkbasketSummary(); assertThat(e.getWorkbasketId()).isEqualTo(workbasket.getId()); - assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); } @WithAccessId(user = "user-1-1") diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskWithSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskWithSpiAccTest.java index ccba830e0..03fccdd96 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskWithSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskWithSpiAccTest.java @@ -54,6 +54,7 @@ class CompleteTaskWithSpiAccTest { .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskAccTest.java index 1bd259287..cc54ccea4 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskAccTest.java @@ -85,6 +85,7 @@ class CreateTaskAccTest { .accessId("user-1-2") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskWithSorAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskWithSorAccTest.java index b309fe357..263f45b4e 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskWithSorAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskWithSorAccTest.java @@ -56,6 +56,7 @@ class CreateTaskWithSorAccTest { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskAccTest.java index 068b36f7e..440e243e8 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskAccTest.java @@ -64,6 +64,7 @@ class DeleteTaskAccTest { .accessId("user-1-2") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); task1 = diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskWithSorAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskWithSorAccTest.java index c7ba3c291..e5f3e1525 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskWithSorAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskWithSorAccTest.java @@ -56,6 +56,7 @@ class DeleteTaskWithSorAccTest { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskAccTest.java index 674c94c1a..3a62b94a7 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskAccTest.java @@ -52,8 +52,12 @@ class GetTaskAccTest { ClassificationSummary defaultClassificationSummary; WorkbasketSummary defaultWorkbasketSummary; + WorkbasketSummary wbWithoutReadTasksPerm; + WorkbasketSummary wbWithoutReadPerm; ObjectReference defaultObjectReference; Task task; + Task task2; + Task task3; Map callbackInfo; @WithAccessId(user = "admin") @@ -62,6 +66,8 @@ class GetTaskAccTest { defaultClassificationSummary = defaultTestClassification().buildAndStoreAsSummary(classificationService); defaultWorkbasketSummary = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService); + wbWithoutReadTasksPerm = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService); + wbWithoutReadPerm = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); callbackInfo = createSimpleCustomPropertyMap(3); @@ -70,6 +76,21 @@ class GetTaskAccTest { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) + .permission(WorkbasketPermission.APPEND) + .buildAndStore(workbasketService); + WorkbasketAccessItemBuilder.newWorkbasketAccessItem() + .workbasketId(wbWithoutReadTasksPerm.getId()) + .accessId("user-1-1") + .permission(WorkbasketPermission.OPEN) + .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.APPEND) + .buildAndStore(workbasketService); + WorkbasketAccessItemBuilder.newWorkbasketAccessItem() + .workbasketId(wbWithoutReadPerm.getId()) + .accessId("user-1-1") + .permission(WorkbasketPermission.OPEN) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -123,6 +144,20 @@ class GetTaskAccTest { .workbasketSummary(defaultWorkbasketSummary) .primaryObjRef(defaultObjectReference) .buildAndStore(taskService); + + task2 = + TaskBuilder.newTask() + .workbasketSummary(wbWithoutReadTasksPerm) + .classificationSummary(defaultClassificationSummary) + .primaryObjRef(defaultObjectReference) + .buildAndStore(taskService); + + task3 = + TaskBuilder.newTask() + .workbasketSummary(wbWithoutReadPerm) + .classificationSummary(defaultClassificationSummary) + .primaryObjRef(defaultObjectReference) + .buildAndStore(taskService); } @WithAccessId(user = "user-1-1") @@ -183,6 +218,34 @@ class GetTaskAccTest { .hasNoNullFieldsOrPropertiesExcept("ownerLongName", "completed", "groupByCount"); } + @WithAccessId(user = "user-1-1") + @Test + void should_ThrowException_When_NoReadTasksPerm() { + ThrowingCallable call = () -> taskService.getTask(task2.getId()); + + NotAuthorizedOnWorkbasketException e = + catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); + + assertThat(e.getRequiredPermissions()) + .containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); + assertThat(e.getCurrentUserId()).isEqualTo("user-1-1"); + assertThat(e.getWorkbasketId()).isEqualTo(wbWithoutReadTasksPerm.getId()); + } + + @WithAccessId(user = "user-1-1") + @Test + void should_ThrowException_When_UserHasReadTasksButNoReadPerm() { + ThrowingCallable call = () -> taskService.getTask(task3.getId()); + + NotAuthorizedOnWorkbasketException e = + catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); + + assertThat(e.getRequiredPermissions()) + .containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); + assertThat(e.getCurrentUserId()).isEqualTo("user-1-1"); + assertThat(e.getWorkbasketId()).isEqualTo(wbWithoutReadPerm.getId()); + } + @WithAccessId(user = "user-1-1") @Test void should_ThrowException_When_RequestedTaskByIdIsNotExisting() { diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskWithSorAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskWithSorAccTest.java index 340fc4029..99d2bb0d9 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskWithSorAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskWithSorAccTest.java @@ -45,6 +45,7 @@ class GetTaskWithSorAccTest { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java index f2514cfe7..01b493b18 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java @@ -47,6 +47,7 @@ import pro.taskana.testapi.builder.WorkbasketAccessItemBuilder; import pro.taskana.testapi.security.WithAccessId; import pro.taskana.workbasket.api.WorkbasketPermission; import pro.taskana.workbasket.api.WorkbasketService; +import pro.taskana.workbasket.api.exceptions.NotAuthorizedToQueryWorkbasketException; import pro.taskana.workbasket.api.models.WorkbasketSummary; @TaskanaIntegrationTest @@ -93,6 +94,7 @@ class TaskQueryImplAccTest { .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) .permission(WorkbasketPermission.APPEND) + .permission(WorkbasketPermission.READTASKS) .buildAndStore(workbasketService, "businessadmin"); } @@ -102,11 +104,17 @@ class TaskQueryImplAccTest { WorkbasketSummary wb1; WorkbasketSummary wb2; WorkbasketSummary wbWithoutPermissions; + WorkbasketSummary wbWithoutReadTasksPerm; + WorkbasketSummary wbWithoutReadPerm; + WorkbasketSummary wbWithoutOpenPerm; TaskSummary taskSummary1; TaskSummary taskSummary2; TaskSummary taskSummary3; TaskSummary taskSummary4; TaskSummary taskSummary5; + TaskSummary taskSummary6; + TaskSummary taskSummary7; + TaskSummary taskSummary8; @WithAccessId(user = "user-1-1") @BeforeAll @@ -115,6 +123,34 @@ class TaskQueryImplAccTest { wb2 = createWorkbasketWithPermission(); wbWithoutPermissions = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin"); + wbWithoutReadTasksPerm = + defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin"); + wbWithoutReadPerm = + defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin"); + wbWithoutOpenPerm = + defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin"); + + WorkbasketAccessItemBuilder.newWorkbasketAccessItem() + .workbasketId(wbWithoutReadTasksPerm.getId()) + .accessId(currentUserContext.getUserid()) + .permission(WorkbasketPermission.OPEN) + .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.APPEND) + .buildAndStore(workbasketService, "businessadmin"); + WorkbasketAccessItemBuilder.newWorkbasketAccessItem() + .workbasketId(wbWithoutReadPerm.getId()) + .accessId(currentUserContext.getUserid()) + .permission(WorkbasketPermission.OPEN) + .permission(WorkbasketPermission.READTASKS) + .permission(WorkbasketPermission.APPEND) + .buildAndStore(workbasketService, "businessadmin"); + WorkbasketAccessItemBuilder.newWorkbasketAccessItem() + .workbasketId(wbWithoutOpenPerm.getId()) + .accessId(currentUserContext.getUserid()) + .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) + .permission(WorkbasketPermission.APPEND) + .buildAndStore(workbasketService, "businessadmin"); taskSummary1 = taskInWorkbasket(wb1).buildAndStoreAsSummary(taskService); taskSummary2 = taskInWorkbasket(wb2).buildAndStoreAsSummary(taskService); @@ -124,6 +160,12 @@ class TaskQueryImplAccTest { taskInWorkbasket(wbWithoutPermissions).buildAndStoreAsSummary(taskService, "admin"); taskSummary5 = taskInWorkbasket(wbWithoutPermissions).buildAndStoreAsSummary(taskService, "admin"); + taskSummary6 = + taskInWorkbasket(wbWithoutReadTasksPerm).buildAndStoreAsSummary(taskService, "admin"); + taskSummary7 = + taskInWorkbasket(wbWithoutReadPerm).buildAndStoreAsSummary(taskService, "admin"); + taskSummary8 = + taskInWorkbasket(wbWithoutOpenPerm).buildAndStoreAsSummary(taskService, "admin"); } @WithAccessId(user = "admin") @@ -167,6 +209,70 @@ class TaskQueryImplAccTest { .contains(taskSummary1, taskSummary2) .doesNotContain(taskSummary3, taskSummary4, taskSummary5); } + + @WithAccessId(user = "user-1-1") + @Test + void should_ReturnEmptyList_When_WorkbasketOfTaskHasNoReadTasksPerm() { + List list = taskService.createTaskQuery().idIn(taskSummary3.getId()).list(); + + assertThat(list.isEmpty()); + } + + @WithAccessId(user = "user-1-1") + @Test + void should_ThrowException_When_QueryByWorkbasketThatHasOpenReadButNoReadTasksPermission() { + assertThatThrownBy( + () -> + taskService + .createTaskQuery() + .workbasketIdIn(wbWithoutReadTasksPerm.getId()) + .list()) + .isInstanceOf(NotAuthorizedToQueryWorkbasketException.class); + } + + @WithAccessId(user = "user-1-1") + @Test + void should_ReturnEmptyList_When_WorkbasketOfTaskHasReadTasksButNoReadPerm() { + List list = taskService.createTaskQuery().idIn(taskSummary7.getId()).list(); + + assertThat(list).isEmpty(); + } + + @WithAccessId(user = "user-1-1") + @Test + void should_QueryByTaskId_When_WorkbasketHasReadAndReadTasksButNoOpenPerm() { + List list = taskService.createTaskQuery().idIn(taskSummary8.getId()).list(); + + assertThat(list).containsOnly(taskSummary8); + } + + @WithAccessId(user = "user-1-1") + @Test + void should_OnlyReturnTaskFromWorkbasketWithoutOpenPerm_When_OthersHasNoReadOrReadTasksPerm() { + List list = + taskService + .createTaskQuery() + .idIn(taskSummary6.getId(), taskSummary7.getId(), taskSummary8.getId()) + .list(); + + assertThat(list).containsOnly(taskSummary8); + } + + @WithAccessId(user = "user-1-1") + @Test + void should_ThrowException_When_QueryByWbIdAndWorkbasketHasReadTasksButNoReadPerm() { + assertThatThrownBy( + () -> taskService.createTaskQuery().workbasketIdIn(wbWithoutReadPerm.getId()).list()) + .isInstanceOf(NotAuthorizedToQueryWorkbasketException.class); + } + + @WithAccessId(user = "user-1-1") + @Test + void should_ThrowException_When_QueryByWbIdAndWorkbasketHasReadAndReadTasksButNoOpenPerm() { + assertThatThrownBy( + () -> taskService.createTaskQuery().workbasketIdIn(wbWithoutOpenPerm.getId()).list()) + .isInstanceOf(NotAuthorizedToQueryWorkbasketException.class); + } } @Nested diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java index d66ec742e..a5c191e95 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java @@ -55,6 +55,7 @@ class RequestChangesAccTest { .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -143,7 +144,8 @@ class RequestChangesAccTest { NotAuthorizedOnWorkbasketException e = catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); - assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); assertThat(e.getCurrentUserId()).isEqualTo("user-1-2"); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId()); assertThat(e.getDomain()).isNull(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithAfterSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithAfterSpiAccTest.java index eb1fc7757..973181f93 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithAfterSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithAfterSpiAccTest.java @@ -60,6 +60,7 @@ public class RequestChangesWithAfterSpiAccTest { .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .permission(WorkbasketPermission.TRANSFER) .buildAndStore(workbasketService); @@ -68,6 +69,7 @@ public class RequestChangesWithAfterSpiAccTest { .workbasketId(newWorkbasket.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithBeforeSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithBeforeSpiAccTest.java index e244eed61..77911eb56 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithBeforeSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithBeforeSpiAccTest.java @@ -57,6 +57,7 @@ public class RequestChangesWithBeforeSpiAccTest { .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .permission(WorkbasketPermission.TRANSFER) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java index 2b2a2cda1..cedf97ff3 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java @@ -55,6 +55,7 @@ class RequestReviewAccTest { .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -172,7 +173,8 @@ class RequestReviewAccTest { NotAuthorizedOnWorkbasketException e = catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); - assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); assertThat(e.getCurrentUserId()).isEqualTo("user-1-2"); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId()); assertThat(e.getDomain()).isNull(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithAfterSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithAfterSpiAccTest.java index 3f70f5a32..94ebf4931 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithAfterSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithAfterSpiAccTest.java @@ -61,6 +61,7 @@ public class RequestReviewWithAfterSpiAccTest { .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .permission(WorkbasketPermission.TRANSFER) .buildAndStore(workbasketService); @@ -69,6 +70,7 @@ public class RequestReviewWithAfterSpiAccTest { .workbasketId(newWorkbasket.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithBeforeSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithBeforeSpiAccTest.java index 234e67e34..aac442e86 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithBeforeSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithBeforeSpiAccTest.java @@ -58,6 +58,7 @@ public class RequestReviewWithBeforeSpiAccTest { .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .permission(WorkbasketPermission.TRANSFER) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityAccTest.java index 928c2c525..b01646c35 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityAccTest.java @@ -53,6 +53,7 @@ class UpdateManualPriorityAccTest { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityWithSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityWithSpiAccTest.java index ff084a908..9d798005c 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityWithSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityWithSpiAccTest.java @@ -74,6 +74,7 @@ class UpdateManualPriorityWithSpiAccTest { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateTaskWithSorAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateTaskWithSorAccTest.java index ec22b3065..400fce4ed 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateTaskWithSorAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateTaskWithSorAccTest.java @@ -46,6 +46,7 @@ class UpdateTaskWithSorAccTest { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/create/CreateTaskCommentAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/create/CreateTaskCommentAccTest.java index 3e575ced2..1ac49a834 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/create/CreateTaskCommentAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/create/CreateTaskCommentAccTest.java @@ -50,6 +50,7 @@ class CreateTaskCommentAccTest { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -104,7 +105,8 @@ class CreateTaskCommentAccTest { catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); assertThat(e.getCurrentUserId()).isEqualTo("user-1-2"); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasket.getId()); - assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); } @WithAccessId(user = "user-1-1") diff --git a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/get/GetTaskCommentAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/get/GetTaskCommentAccTest.java index 318598b0f..0d0483089 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/get/GetTaskCommentAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/get/GetTaskCommentAccTest.java @@ -61,6 +61,7 @@ class GetTaskCommentAccTest { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); task1 = @@ -134,7 +135,8 @@ class GetTaskCommentAccTest { catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); assertThat(e.getCurrentUserId()).isEqualTo("user-1-2"); - assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasket.getId()); } @@ -154,7 +156,8 @@ class GetTaskCommentAccTest { catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); assertThat(e.getCurrentUserId()).isEqualTo("user-1-2"); - assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasket.getId()); } diff --git a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java index cca3c506b..99d02c726 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java @@ -53,6 +53,7 @@ class UpdateTaskCommentAccTest { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java index 3fbab64c6..4b13b6389 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java @@ -1983,7 +1983,7 @@ public class TaskQueryImpl implements TaskQuery { return taskanaEngine.executeInDatabaseConnection( () -> { checkForIllegalParamCombinations(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupJoinAndOrderParameters(); setupAccessIds(); List tasks = @@ -1999,7 +1999,7 @@ public class TaskQueryImpl implements TaskQuery { try { taskanaEngine.openConnection(); checkForIllegalParamCombinations(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupAccessIds(); setupJoinAndOrderParameters(); RowBounds rowBounds = new RowBounds(offset, limit); @@ -2031,7 +2031,7 @@ public class TaskQueryImpl implements TaskQuery { this.orderByInner.clear(); this.addOrderCriteria(columnName.toString(), sortDirection); checkForIllegalParamCombinations(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupAccessIds(); if (columnName.equals(TaskQueryColumnName.CLASSIFICATION_NAME)) { @@ -2067,7 +2067,7 @@ public class TaskQueryImpl implements TaskQuery { TaskSummary result; try { taskanaEngine.openConnection(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupAccessIds(); setupJoinAndOrderParameters(); TaskSummaryImpl taskSummaryImpl = @@ -2092,7 +2092,7 @@ public class TaskQueryImpl implements TaskQuery { Long rowCount; try { taskanaEngine.openConnection(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupAccessIds(); setupJoinAndOrderParameters(); rowCount = taskanaEngine.getSqlSession().selectOne(getLinkToCounterTaskScript(), this); @@ -2223,7 +2223,7 @@ public class TaskQueryImpl implements TaskQuery { } } - private void checkOpenAndReadPermissionForSpecifiedWorkbaskets() { + private void checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets() { if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN)) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("Skipping permissions check since user is in role ADMIN or TASK_ADMIN."); @@ -2234,13 +2234,13 @@ public class TaskQueryImpl implements TaskQuery { if (this.workbasketIdIn != null && this.workbasketIdIn.length > 0) { filterByAccessIdIn = false; for (String workbasketId : workbasketIdIn) { - checkOpenAndReadPermissionById(workbasketId); + checkOpenReadAndReadTasksPermissionById(workbasketId); } } if (workbasketKeyDomainIn != null && workbasketKeyDomainIn.length > 0) { filterByAccessIdIn = false; for (KeyDomain keyDomain : workbasketKeyDomainIn) { - checkOpenAndReadPermissionByKeyDomain(keyDomain); + checkOpenReadAndReadTasksPermissionByKeyDomain(keyDomain); } } } catch (NotAuthorizedOnWorkbasketException e) { @@ -2248,20 +2248,24 @@ public class TaskQueryImpl implements TaskQuery { } } - private void checkOpenAndReadPermissionById(String workbasketId) + private void checkOpenReadAndReadTasksPermissionById(String workbasketId) throws NotAuthorizedOnWorkbasketException { try { taskanaEngine .getEngine() .getWorkbasketService() - .checkAuthorization(workbasketId, WorkbasketPermission.OPEN, WorkbasketPermission.READ); + .checkAuthorization( + workbasketId, + WorkbasketPermission.OPEN, + WorkbasketPermission.READ, + WorkbasketPermission.READTASKS); } catch (WorkbasketNotFoundException e) { LOGGER.warn( String.format("The workbasket with the ID ' %s ' does not exist.", workbasketId), e); } } - private void checkOpenAndReadPermissionByKeyDomain(KeyDomain keyDomain) + private void checkOpenReadAndReadTasksPermissionByKeyDomain(KeyDomain keyDomain) throws NotAuthorizedOnWorkbasketException { try { taskanaEngine @@ -2271,7 +2275,8 @@ public class TaskQueryImpl implements TaskQuery { keyDomain.getKey(), keyDomain.getDomain(), WorkbasketPermission.OPEN, - WorkbasketPermission.READ); + WorkbasketPermission.READ, + WorkbasketPermission.READTASKS); } catch (WorkbasketNotFoundException e) { LOGGER.warn( String.format( diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java index 3fda287d3..867994f95 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java @@ -128,7 +128,8 @@ public class TaskQuerySqlProvider { + "s.ACCESS_ID IN " + "(#{item}) " + "and " - + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 fetch first 1 rows only" + + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 AND s.perm_readtasks = 1" + + " fetch first 1 rows only" + "" + " " + "VALUES(1)" @@ -271,7 +272,8 @@ public class TaskQuerySqlProvider { + "WHERE s.ACCESS_ID IN " + "(#{item}) " + "and " - + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 fetch first 1 rows only " + + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 AND s.perm_readtasks = 1" + + " fetch first 1 rows only " + " " + "" + "VALUES(1)" @@ -387,16 +389,18 @@ public class TaskQuerySqlProvider { + "FROM (" + "" + "" - + "SELECT WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ " + + "SELECT WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, " + + "MAX(PERM_READTASKS) as MAX_READTASKS " + "" + "" - + "SELECT WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ " + + "SELECT WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, " + + "MAX(PERM_READTASKS::int) as MAX_READTASKS " + "" + "" + "FROM WORKBASKET_ACCESS_LIST s where ACCESS_ID IN " + "(#{item}) " + "GROUP by WORKBASKET_ID) f " - + "WHERE MAX_READ = 1) " + + "WHERE MAX_READ = 1 AND MAX_READTASKS = 1) " + ""; } diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java index 99e742fa2..445e28fc2 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java @@ -359,12 +359,14 @@ public class TaskServiceImpl implements TaskService { WorkbasketQueryImpl query = (WorkbasketQueryImpl) workbasketService.createWorkbasketQuery(); query.setUsedToAugmentTasks(true); String workbasketId = resultTask.getWorkbasketSummary().getId(); - List workbaskets = query.idIn(workbasketId).list(); + List workbaskets = + query.idIn(workbasketId).callerHasPermissions(WorkbasketPermission.READTASKS).list(); if (workbaskets.isEmpty()) { throw new NotAuthorizedOnWorkbasketException( taskanaEngine.getEngine().getCurrentUserContext().getUserid(), workbasketId, - WorkbasketPermission.READ); + WorkbasketPermission.READ, + WorkbasketPermission.READTASKS); } else { resultTask.setWorkbasketSummary(workbaskets.get(0)); } diff --git a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryMapper.java b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryMapper.java index 4cea03abb..156eb1d3a 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryMapper.java +++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryMapper.java @@ -18,13 +18,13 @@ public interface WorkbasketQueryMapper { + " " + "" + "" - + "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_OPEN) as MAX_OPEN, " + + "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_READTASKS) as MAX_READTASKS, MAX(PERM_OPEN) as MAX_OPEN, " + "MAX(PERM_APPEND) as MAX_APPEND, MAX(PERM_TRANSFER) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2) as MAX_CUSTOM_2, " + "MAX(PERM_CUSTOM_3) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7) as MAX_CUSTOM_7, " + "MAX(PERM_CUSTOM_8) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12) as MAX_CUSTOM_12 " + "" + "" - + "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_OPEN::int) as MAX_OPEN, " + + "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_READTASKS::int) as MAX_READTASKS, MAX(PERM_OPEN::int) as MAX_OPEN, " + "MAX(PERM_APPEND::int) as MAX_APPEND, MAX(PERM_TRANSFER::int) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE::int) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1::int) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2::int) as MAX_CUSTOM_2, " + "MAX(PERM_CUSTOM_3::int) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4::int) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5::int) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6::int) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7::int) as MAX_CUSTOM_7, " + "MAX(PERM_CUSTOM_8::int) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9::int) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10::int) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11::int) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12::int) as MAX_CUSTOM_12 " @@ -74,6 +74,7 @@ public interface WorkbasketQueryMapper { + " " + "" + "a.MAX_READ " + + "a.MAX_READTASKS " + "a.MAX_OPEN " + "a.MAX_APPEND" + "a.MAX_TRANSFER" @@ -118,7 +119,7 @@ public interface WorkbasketQueryMapper { @Select( "