Closes #2269 - Implement READTASKS Permission
This commit is contained in:
jamesrdi
holgerhagen
parent
5b6fb0a9b6
commit
e4348df319
|
|
@ -45,6 +45,7 @@ class DeleteClassificationAccTest {
|
|||
.accessId("businessadmin")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService, "admin");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -134,6 +134,7 @@ class UpdateClassificationAccTest {
|
|||
.accessId(currentUserContext.getUserid())
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService, "businessadmin");
|
||||
|
||||
|
|
@ -156,6 +157,7 @@ class UpdateClassificationAccTest {
|
|||
.accessId(currentUserContext.getUserid())
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService, "businessadmin");
|
||||
ClassificationSummary classificationSummaryWithSpecifiedServiceLevel =
|
||||
|
|
|
|||
|
|
@ -65,6 +65,7 @@ class TaskUpdatePriorityWorkerAccTest {
|
|||
.workbasketId(workbasketSummary.getId())
|
||||
.accessId("whatever")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
TaskBuilder taskBuilder =
|
||||
|
|
|
|||
|
|
@ -79,6 +79,7 @@ class ServiceLevelOfAllTasksAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -59,6 +59,7 @@ class ClaimTaskAccTest {
|
|||
.accessId("user-1-2")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
@ -257,7 +258,8 @@ class ClaimTaskAccTest {
|
|||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-taskrouter");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId());
|
||||
assertThat(e.getRequiredPermissions()).containsExactlyInAnyOrder(WorkbasketPermission.READ);
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
|
||||
;
|
||||
}
|
||||
|
|
@ -280,7 +282,8 @@ class ClaimTaskAccTest {
|
|||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-taskrouter");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId());
|
||||
assertThat(e.getRequiredPermissions()).containsExactlyInAnyOrder(WorkbasketPermission.READ);
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-2")
|
||||
|
|
|
|||
|
|
@ -56,6 +56,7 @@ class SetOwnerAccTest {
|
|||
.accessId("user-1-2")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
@ -117,7 +118,8 @@ class SetOwnerAccTest {
|
|||
catchThrowableOfType(call2, NotAuthorizedOnWorkbasketException.class);
|
||||
assertThat(e2.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId());
|
||||
assertThat(e2.getCurrentUserId()).isEqualTo("user-1-1");
|
||||
assertThat(e2.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);
|
||||
assertThat(e2.getRequiredPermissions())
|
||||
.containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-2")
|
||||
|
|
|
|||
|
|
@ -58,6 +58,7 @@ class CancelTaskAccTest {
|
|||
.accessId("user-1-2")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
@ -130,7 +131,8 @@ class CancelTaskAccTest {
|
|||
|
||||
NotAuthorizedOnWorkbasketException e =
|
||||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-taskrouter");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -76,6 +76,7 @@ class CompleteTaskAccTest implements TaskanaConfigurationModifier {
|
|||
.workbasketId(defaultWorkbasketSummary.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
@ -217,7 +218,8 @@ class CompleteTaskAccTest implements TaskanaConfigurationModifier {
|
|||
assertThat(e.getCurrentUserId()).isEqualTo(currentUserContext.getUserid());
|
||||
WorkbasketSummary workbasket = claimedTask.getWorkbasketSummary();
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(workbasket.getId());
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@ class CompleteTaskWithSpiAccTest {
|
|||
.workbasketId(defaultWorkbasketSummary.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@ class CreateTaskAccTest {
|
|||
.accessId("user-1-2")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
defaultObjectReference = defaultTestObjectReference().build();
|
||||
|
|
|
|||
|
|
@ -56,6 +56,7 @@ class CreateTaskWithSorAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
defaultObjectReference = defaultTestObjectReference().build();
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@ class DeleteTaskAccTest {
|
|||
.accessId("user-1-2")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
task1 =
|
||||
|
|
|
|||
|
|
@ -56,6 +56,7 @@ class DeleteTaskWithSorAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
defaultObjectReference = defaultTestObjectReference().build();
|
||||
|
|
|
|||
|
|
@ -52,8 +52,12 @@ class GetTaskAccTest {
|
|||
|
||||
ClassificationSummary defaultClassificationSummary;
|
||||
WorkbasketSummary defaultWorkbasketSummary;
|
||||
WorkbasketSummary wbWithoutReadTasksPerm;
|
||||
WorkbasketSummary wbWithoutReadPerm;
|
||||
ObjectReference defaultObjectReference;
|
||||
Task task;
|
||||
Task task2;
|
||||
Task task3;
|
||||
Map<String, String> callbackInfo;
|
||||
|
||||
@WithAccessId(user = "admin")
|
||||
|
|
@ -62,6 +66,8 @@ class GetTaskAccTest {
|
|||
defaultClassificationSummary =
|
||||
defaultTestClassification().buildAndStoreAsSummary(classificationService);
|
||||
defaultWorkbasketSummary = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
wbWithoutReadTasksPerm = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
wbWithoutReadPerm = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
|
||||
defaultObjectReference = defaultTestObjectReference().build();
|
||||
callbackInfo = createSimpleCustomPropertyMap(3);
|
||||
|
||||
|
|
@ -70,6 +76,21 @@ class GetTaskAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(wbWithoutReadTasksPerm.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(wbWithoutReadPerm.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
@ -123,6 +144,20 @@ class GetTaskAccTest {
|
|||
.workbasketSummary(defaultWorkbasketSummary)
|
||||
.primaryObjRef(defaultObjectReference)
|
||||
.buildAndStore(taskService);
|
||||
|
||||
task2 =
|
||||
TaskBuilder.newTask()
|
||||
.workbasketSummary(wbWithoutReadTasksPerm)
|
||||
.classificationSummary(defaultClassificationSummary)
|
||||
.primaryObjRef(defaultObjectReference)
|
||||
.buildAndStore(taskService);
|
||||
|
||||
task3 =
|
||||
TaskBuilder.newTask()
|
||||
.workbasketSummary(wbWithoutReadPerm)
|
||||
.classificationSummary(defaultClassificationSummary)
|
||||
.primaryObjRef(defaultObjectReference)
|
||||
.buildAndStore(taskService);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
|
|
@ -183,6 +218,34 @@ class GetTaskAccTest {
|
|||
.hasNoNullFieldsOrPropertiesExcept("ownerLongName", "completed", "groupByCount");
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_ThrowException_When_NoReadTasksPerm() {
|
||||
ThrowingCallable call = () -> taskService.getTask(task2.getId());
|
||||
|
||||
NotAuthorizedOnWorkbasketException e =
|
||||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-1-1");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(wbWithoutReadTasksPerm.getId());
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_ThrowException_When_UserHasReadTasksButNoReadPerm() {
|
||||
ThrowingCallable call = () -> taskService.getTask(task3.getId());
|
||||
|
||||
NotAuthorizedOnWorkbasketException e =
|
||||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-1-1");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(wbWithoutReadPerm.getId());
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_ThrowException_When_RequestedTaskByIdIsNotExisting() {
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ class GetTaskWithSorAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
defaultObjectReference = defaultTestObjectReference().build();
|
||||
|
|
|
|||
|
|
@ -47,6 +47,7 @@ import pro.taskana.testapi.builder.WorkbasketAccessItemBuilder;
|
|||
import pro.taskana.testapi.security.WithAccessId;
|
||||
import pro.taskana.workbasket.api.WorkbasketPermission;
|
||||
import pro.taskana.workbasket.api.WorkbasketService;
|
||||
import pro.taskana.workbasket.api.exceptions.NotAuthorizedToQueryWorkbasketException;
|
||||
import pro.taskana.workbasket.api.models.WorkbasketSummary;
|
||||
|
||||
@TaskanaIntegrationTest
|
||||
|
|
@ -93,6 +94,7 @@ class TaskQueryImplAccTest {
|
|||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.buildAndStore(workbasketService, "businessadmin");
|
||||
}
|
||||
|
||||
|
|
@ -102,11 +104,17 @@ class TaskQueryImplAccTest {
|
|||
WorkbasketSummary wb1;
|
||||
WorkbasketSummary wb2;
|
||||
WorkbasketSummary wbWithoutPermissions;
|
||||
WorkbasketSummary wbWithoutReadTasksPerm;
|
||||
WorkbasketSummary wbWithoutReadPerm;
|
||||
WorkbasketSummary wbWithoutOpenPerm;
|
||||
TaskSummary taskSummary1;
|
||||
TaskSummary taskSummary2;
|
||||
TaskSummary taskSummary3;
|
||||
TaskSummary taskSummary4;
|
||||
TaskSummary taskSummary5;
|
||||
TaskSummary taskSummary6;
|
||||
TaskSummary taskSummary7;
|
||||
TaskSummary taskSummary8;
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@BeforeAll
|
||||
|
|
@ -115,6 +123,34 @@ class TaskQueryImplAccTest {
|
|||
wb2 = createWorkbasketWithPermission();
|
||||
wbWithoutPermissions =
|
||||
defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin");
|
||||
wbWithoutReadTasksPerm =
|
||||
defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin");
|
||||
wbWithoutReadPerm =
|
||||
defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin");
|
||||
wbWithoutOpenPerm =
|
||||
defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin");
|
||||
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(wbWithoutReadTasksPerm.getId())
|
||||
.accessId(currentUserContext.getUserid())
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService, "businessadmin");
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(wbWithoutReadPerm.getId())
|
||||
.accessId(currentUserContext.getUserid())
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService, "businessadmin");
|
||||
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
|
||||
.workbasketId(wbWithoutOpenPerm.getId())
|
||||
.accessId(currentUserContext.getUserid())
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService, "businessadmin");
|
||||
|
||||
taskSummary1 = taskInWorkbasket(wb1).buildAndStoreAsSummary(taskService);
|
||||
taskSummary2 = taskInWorkbasket(wb2).buildAndStoreAsSummary(taskService);
|
||||
|
|
@ -124,6 +160,12 @@ class TaskQueryImplAccTest {
|
|||
taskInWorkbasket(wbWithoutPermissions).buildAndStoreAsSummary(taskService, "admin");
|
||||
taskSummary5 =
|
||||
taskInWorkbasket(wbWithoutPermissions).buildAndStoreAsSummary(taskService, "admin");
|
||||
taskSummary6 =
|
||||
taskInWorkbasket(wbWithoutReadTasksPerm).buildAndStoreAsSummary(taskService, "admin");
|
||||
taskSummary7 =
|
||||
taskInWorkbasket(wbWithoutReadPerm).buildAndStoreAsSummary(taskService, "admin");
|
||||
taskSummary8 =
|
||||
taskInWorkbasket(wbWithoutOpenPerm).buildAndStoreAsSummary(taskService, "admin");
|
||||
}
|
||||
|
||||
@WithAccessId(user = "admin")
|
||||
|
|
@ -167,6 +209,70 @@ class TaskQueryImplAccTest {
|
|||
.contains(taskSummary1, taskSummary2)
|
||||
.doesNotContain(taskSummary3, taskSummary4, taskSummary5);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_ReturnEmptyList_When_WorkbasketOfTaskHasNoReadTasksPerm() {
|
||||
List<TaskSummary> list = taskService.createTaskQuery().idIn(taskSummary3.getId()).list();
|
||||
|
||||
assertThat(list.isEmpty());
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_ThrowException_When_QueryByWorkbasketThatHasOpenReadButNoReadTasksPermission() {
|
||||
assertThatThrownBy(
|
||||
() ->
|
||||
taskService
|
||||
.createTaskQuery()
|
||||
.workbasketIdIn(wbWithoutReadTasksPerm.getId())
|
||||
.list())
|
||||
.isInstanceOf(NotAuthorizedToQueryWorkbasketException.class);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_ReturnEmptyList_When_WorkbasketOfTaskHasReadTasksButNoReadPerm() {
|
||||
List<TaskSummary> list = taskService.createTaskQuery().idIn(taskSummary7.getId()).list();
|
||||
|
||||
assertThat(list).isEmpty();
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_QueryByTaskId_When_WorkbasketHasReadAndReadTasksButNoOpenPerm() {
|
||||
List<TaskSummary> list = taskService.createTaskQuery().idIn(taskSummary8.getId()).list();
|
||||
|
||||
assertThat(list).containsOnly(taskSummary8);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_OnlyReturnTaskFromWorkbasketWithoutOpenPerm_When_OthersHasNoReadOrReadTasksPerm() {
|
||||
List<TaskSummary> list =
|
||||
taskService
|
||||
.createTaskQuery()
|
||||
.idIn(taskSummary6.getId(), taskSummary7.getId(), taskSummary8.getId())
|
||||
.list();
|
||||
|
||||
assertThat(list).containsOnly(taskSummary8);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_ThrowException_When_QueryByWbIdAndWorkbasketHasReadTasksButNoReadPerm() {
|
||||
assertThatThrownBy(
|
||||
() -> taskService.createTaskQuery().workbasketIdIn(wbWithoutReadPerm.getId()).list())
|
||||
.isInstanceOf(NotAuthorizedToQueryWorkbasketException.class);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_ThrowException_When_QueryByWbIdAndWorkbasketHasReadAndReadTasksButNoOpenPerm() {
|
||||
assertThatThrownBy(
|
||||
() -> taskService.createTaskQuery().workbasketIdIn(wbWithoutOpenPerm.getId()).list())
|
||||
.isInstanceOf(NotAuthorizedToQueryWorkbasketException.class);
|
||||
}
|
||||
}
|
||||
|
||||
@Nested
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@ class RequestChangesAccTest {
|
|||
.workbasketId(defaultWorkbasketSummary.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
@ -143,7 +144,8 @@ class RequestChangesAccTest {
|
|||
|
||||
NotAuthorizedOnWorkbasketException e =
|
||||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId());
|
||||
assertThat(e.getDomain()).isNull();
|
||||
|
|
|
|||
|
|
@ -60,6 +60,7 @@ public class RequestChangesWithAfterSpiAccTest {
|
|||
.workbasketId(defaultWorkbasketSummary.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.permission(WorkbasketPermission.TRANSFER)
|
||||
.buildAndStore(workbasketService);
|
||||
|
|
@ -68,6 +69,7 @@ public class RequestChangesWithAfterSpiAccTest {
|
|||
.workbasketId(newWorkbasket.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
|
|||
|
|
@ -57,6 +57,7 @@ public class RequestChangesWithBeforeSpiAccTest {
|
|||
.workbasketId(defaultWorkbasketSummary.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.permission(WorkbasketPermission.TRANSFER)
|
||||
.buildAndStore(workbasketService);
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@ class RequestReviewAccTest {
|
|||
.workbasketId(defaultWorkbasketSummary.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
@ -172,7 +173,8 @@ class RequestReviewAccTest {
|
|||
|
||||
NotAuthorizedOnWorkbasketException e =
|
||||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId());
|
||||
assertThat(e.getDomain()).isNull();
|
||||
|
|
|
|||
|
|
@ -61,6 +61,7 @@ public class RequestReviewWithAfterSpiAccTest {
|
|||
.workbasketId(defaultWorkbasketSummary.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.permission(WorkbasketPermission.TRANSFER)
|
||||
.buildAndStore(workbasketService);
|
||||
|
|
@ -69,6 +70,7 @@ public class RequestReviewWithAfterSpiAccTest {
|
|||
.workbasketId(newWorkbasket.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
|
|||
|
|
@ -58,6 +58,7 @@ public class RequestReviewWithBeforeSpiAccTest {
|
|||
.workbasketId(defaultWorkbasketSummary.getId())
|
||||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.permission(WorkbasketPermission.TRANSFER)
|
||||
.buildAndStore(workbasketService);
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ class UpdateManualPriorityAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
defaultObjectReference = defaultTestObjectReference().build();
|
||||
|
|
|
|||
|
|
@ -74,6 +74,7 @@ class UpdateManualPriorityWithSpiAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
defaultObjectReference = defaultTestObjectReference().build();
|
||||
|
|
|
|||
|
|
@ -46,6 +46,7 @@ class UpdateTaskWithSorAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
defaultObjectReference = defaultTestObjectReference().build();
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@ class CreateTaskCommentAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
|
||||
|
|
@ -104,7 +105,8 @@ class CreateTaskCommentAccTest {
|
|||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasket.getId());
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
|
|
|
|||
|
|
@ -61,6 +61,7 @@ class GetTaskCommentAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
task1 =
|
||||
|
|
@ -134,7 +135,8 @@ class GetTaskCommentAccTest {
|
|||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasket.getId());
|
||||
}
|
||||
|
||||
|
|
@ -154,7 +156,8 @@ class GetTaskCommentAccTest {
|
|||
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
|
||||
|
||||
assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
|
||||
assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);
|
||||
assertThat(e.getRequiredPermissions())
|
||||
.containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
|
||||
assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasket.getId());
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ class UpdateTaskCommentAccTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.OPEN)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.buildAndStore(workbasketService);
|
||||
defaultObjectReference = defaultTestObjectReference().build();
|
||||
|
|
|
|||
|
|
@ -1983,7 +1983,7 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
return taskanaEngine.executeInDatabaseConnection(
|
||||
() -> {
|
||||
checkForIllegalParamCombinations();
|
||||
checkOpenAndReadPermissionForSpecifiedWorkbaskets();
|
||||
checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets();
|
||||
setupJoinAndOrderParameters();
|
||||
setupAccessIds();
|
||||
List<TaskSummaryImpl> tasks =
|
||||
|
|
@ -1999,7 +1999,7 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
try {
|
||||
taskanaEngine.openConnection();
|
||||
checkForIllegalParamCombinations();
|
||||
checkOpenAndReadPermissionForSpecifiedWorkbaskets();
|
||||
checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets();
|
||||
setupAccessIds();
|
||||
setupJoinAndOrderParameters();
|
||||
RowBounds rowBounds = new RowBounds(offset, limit);
|
||||
|
|
@ -2031,7 +2031,7 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
this.orderByInner.clear();
|
||||
this.addOrderCriteria(columnName.toString(), sortDirection);
|
||||
checkForIllegalParamCombinations();
|
||||
checkOpenAndReadPermissionForSpecifiedWorkbaskets();
|
||||
checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets();
|
||||
setupAccessIds();
|
||||
|
||||
if (columnName.equals(TaskQueryColumnName.CLASSIFICATION_NAME)) {
|
||||
|
|
@ -2067,7 +2067,7 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
TaskSummary result;
|
||||
try {
|
||||
taskanaEngine.openConnection();
|
||||
checkOpenAndReadPermissionForSpecifiedWorkbaskets();
|
||||
checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets();
|
||||
setupAccessIds();
|
||||
setupJoinAndOrderParameters();
|
||||
TaskSummaryImpl taskSummaryImpl =
|
||||
|
|
@ -2092,7 +2092,7 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
Long rowCount;
|
||||
try {
|
||||
taskanaEngine.openConnection();
|
||||
checkOpenAndReadPermissionForSpecifiedWorkbaskets();
|
||||
checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets();
|
||||
setupAccessIds();
|
||||
setupJoinAndOrderParameters();
|
||||
rowCount = taskanaEngine.getSqlSession().selectOne(getLinkToCounterTaskScript(), this);
|
||||
|
|
@ -2223,7 +2223,7 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
}
|
||||
}
|
||||
|
||||
private void checkOpenAndReadPermissionForSpecifiedWorkbaskets() {
|
||||
private void checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets() {
|
||||
if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN)) {
|
||||
if (LOGGER.isDebugEnabled()) {
|
||||
LOGGER.debug("Skipping permissions check since user is in role ADMIN or TASK_ADMIN.");
|
||||
|
|
@ -2234,13 +2234,13 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
if (this.workbasketIdIn != null && this.workbasketIdIn.length > 0) {
|
||||
filterByAccessIdIn = false;
|
||||
for (String workbasketId : workbasketIdIn) {
|
||||
checkOpenAndReadPermissionById(workbasketId);
|
||||
checkOpenReadAndReadTasksPermissionById(workbasketId);
|
||||
}
|
||||
}
|
||||
if (workbasketKeyDomainIn != null && workbasketKeyDomainIn.length > 0) {
|
||||
filterByAccessIdIn = false;
|
||||
for (KeyDomain keyDomain : workbasketKeyDomainIn) {
|
||||
checkOpenAndReadPermissionByKeyDomain(keyDomain);
|
||||
checkOpenReadAndReadTasksPermissionByKeyDomain(keyDomain);
|
||||
}
|
||||
}
|
||||
} catch (NotAuthorizedOnWorkbasketException e) {
|
||||
|
|
@ -2248,20 +2248,24 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
}
|
||||
}
|
||||
|
||||
private void checkOpenAndReadPermissionById(String workbasketId)
|
||||
private void checkOpenReadAndReadTasksPermissionById(String workbasketId)
|
||||
throws NotAuthorizedOnWorkbasketException {
|
||||
try {
|
||||
taskanaEngine
|
||||
.getEngine()
|
||||
.getWorkbasketService()
|
||||
.checkAuthorization(workbasketId, WorkbasketPermission.OPEN, WorkbasketPermission.READ);
|
||||
.checkAuthorization(
|
||||
workbasketId,
|
||||
WorkbasketPermission.OPEN,
|
||||
WorkbasketPermission.READ,
|
||||
WorkbasketPermission.READTASKS);
|
||||
} catch (WorkbasketNotFoundException e) {
|
||||
LOGGER.warn(
|
||||
String.format("The workbasket with the ID ' %s ' does not exist.", workbasketId), e);
|
||||
}
|
||||
}
|
||||
|
||||
private void checkOpenAndReadPermissionByKeyDomain(KeyDomain keyDomain)
|
||||
private void checkOpenReadAndReadTasksPermissionByKeyDomain(KeyDomain keyDomain)
|
||||
throws NotAuthorizedOnWorkbasketException {
|
||||
try {
|
||||
taskanaEngine
|
||||
|
|
@ -2271,7 +2275,8 @@ public class TaskQueryImpl implements TaskQuery {
|
|||
keyDomain.getKey(),
|
||||
keyDomain.getDomain(),
|
||||
WorkbasketPermission.OPEN,
|
||||
WorkbasketPermission.READ);
|
||||
WorkbasketPermission.READ,
|
||||
WorkbasketPermission.READTASKS);
|
||||
} catch (WorkbasketNotFoundException e) {
|
||||
LOGGER.warn(
|
||||
String.format(
|
||||
|
|
|
|||
|
|
@ -128,7 +128,8 @@ public class TaskQuerySqlProvider {
|
|||
+ "s.ACCESS_ID IN "
|
||||
+ "(<foreach item='item' collection='accessIdIn' separator=',' >#{item}</foreach>) "
|
||||
+ "and "
|
||||
+ "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 fetch first 1 rows only"
|
||||
+ "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 AND s.perm_readtasks = 1"
|
||||
+ " fetch first 1 rows only"
|
||||
+ "</if>"
|
||||
+ "<if test='accessIdIn == null'> "
|
||||
+ "VALUES(1)"
|
||||
|
|
@ -271,7 +272,8 @@ public class TaskQuerySqlProvider {
|
|||
+ "WHERE s.ACCESS_ID IN "
|
||||
+ "(<foreach item='item' collection='accessIdIn' separator=',' >#{item}</foreach>) "
|
||||
+ "and "
|
||||
+ "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 fetch first 1 rows only "
|
||||
+ "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 AND s.perm_readtasks = 1"
|
||||
+ " fetch first 1 rows only "
|
||||
+ "</if> "
|
||||
+ "<if test='accessIdIn == null'>"
|
||||
+ "VALUES(1)"
|
||||
|
|
@ -387,16 +389,18 @@ public class TaskQuerySqlProvider {
|
|||
+ "FROM ("
|
||||
+ "<choose>"
|
||||
+ "<when test=\"_databaseId == 'db2' || _databaseId == 'oracle'\">"
|
||||
+ "SELECT WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ "
|
||||
+ "SELECT WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, "
|
||||
+ "MAX(PERM_READTASKS) as MAX_READTASKS "
|
||||
+ "</when>"
|
||||
+ "<otherwise>"
|
||||
+ "SELECT WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ "
|
||||
+ "SELECT WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, "
|
||||
+ "MAX(PERM_READTASKS::int) as MAX_READTASKS "
|
||||
+ "</otherwise>"
|
||||
+ "</choose>"
|
||||
+ "FROM WORKBASKET_ACCESS_LIST s where ACCESS_ID IN "
|
||||
+ "(<foreach item='item' collection='accessIdIn' separator=',' >#{item}</foreach>) "
|
||||
+ "GROUP by WORKBASKET_ID) f "
|
||||
+ "WHERE MAX_READ = 1) "
|
||||
+ "WHERE MAX_READ = 1 AND MAX_READTASKS = 1) "
|
||||
+ "</if>";
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -359,12 +359,14 @@ public class TaskServiceImpl implements TaskService {
|
|||
WorkbasketQueryImpl query = (WorkbasketQueryImpl) workbasketService.createWorkbasketQuery();
|
||||
query.setUsedToAugmentTasks(true);
|
||||
String workbasketId = resultTask.getWorkbasketSummary().getId();
|
||||
List<WorkbasketSummary> workbaskets = query.idIn(workbasketId).list();
|
||||
List<WorkbasketSummary> workbaskets =
|
||||
query.idIn(workbasketId).callerHasPermissions(WorkbasketPermission.READTASKS).list();
|
||||
if (workbaskets.isEmpty()) {
|
||||
throw new NotAuthorizedOnWorkbasketException(
|
||||
taskanaEngine.getEngine().getCurrentUserContext().getUserid(),
|
||||
workbasketId,
|
||||
WorkbasketPermission.READ);
|
||||
WorkbasketPermission.READ,
|
||||
WorkbasketPermission.READTASKS);
|
||||
} else {
|
||||
resultTask.setWorkbasketSummary(workbaskets.get(0));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,13 +18,13 @@ public interface WorkbasketQueryMapper {
|
|||
+ "<if test = 'joinWithAccessList'> "
|
||||
+ "<choose>"
|
||||
+ "<when test=\"_databaseId == 'db2' || _databaseId == 'oracle'\">"
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_OPEN) as MAX_OPEN, "
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_READTASKS) as MAX_READTASKS, MAX(PERM_OPEN) as MAX_OPEN, "
|
||||
+ "MAX(PERM_APPEND) as MAX_APPEND, MAX(PERM_TRANSFER) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2) as MAX_CUSTOM_2, "
|
||||
+ "MAX(PERM_CUSTOM_3) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7) as MAX_CUSTOM_7, "
|
||||
+ "MAX(PERM_CUSTOM_8) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12) as MAX_CUSTOM_12 "
|
||||
+ "</when>"
|
||||
+ "<otherwise>"
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_OPEN::int) as MAX_OPEN, "
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_READTASKS::int) as MAX_READTASKS, MAX(PERM_OPEN::int) as MAX_OPEN, "
|
||||
+ "MAX(PERM_APPEND::int) as MAX_APPEND, MAX(PERM_TRANSFER::int) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE::int) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1::int) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2::int) as MAX_CUSTOM_2, "
|
||||
+ "MAX(PERM_CUSTOM_3::int) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4::int) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5::int) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6::int) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7::int) as MAX_CUSTOM_7, "
|
||||
+ "MAX(PERM_CUSTOM_8::int) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9::int) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10::int) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11::int) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12::int) as MAX_CUSTOM_12 "
|
||||
|
|
@ -74,6 +74,7 @@ public interface WorkbasketQueryMapper {
|
|||
+ "</if> "
|
||||
+ "<foreach item='permission' collection='permissions' separator=' AND ' >"
|
||||
+ "<if test=\"permission.name() == 'READ'\">a.MAX_READ</if> "
|
||||
+ "<if test=\"permission.name() == 'READTASKS'\">a.MAX_READTASKS</if> "
|
||||
+ "<if test=\"permission.name() == 'OPEN'\">a.MAX_OPEN</if> "
|
||||
+ "<if test=\"permission.name() == 'APPEND'\">a.MAX_APPEND</if>"
|
||||
+ "<if test=\"permission.name() == 'TRANSFER'\">a.MAX_TRANSFER</if>"
|
||||
|
|
@ -118,7 +119,7 @@ public interface WorkbasketQueryMapper {
|
|||
@Select(
|
||||
"<script>"
|
||||
+ "SELECT "
|
||||
+ "WBA.ID, WORKBASKET_ID, WB.KEY, ACCESS_ID, ACCESS_NAME, PERM_READ, PERM_OPEN, PERM_APPEND, PERM_TRANSFER, PERM_DISTRIBUTE, PERM_CUSTOM_1, PERM_CUSTOM_2, "
|
||||
+ "WBA.ID, WORKBASKET_ID, WB.KEY, ACCESS_ID, ACCESS_NAME, PERM_READ, PERM_READTASKS, PERM_OPEN, PERM_APPEND, PERM_TRANSFER, PERM_DISTRIBUTE, PERM_CUSTOM_1, PERM_CUSTOM_2, "
|
||||
+ "PERM_CUSTOM_3, PERM_CUSTOM_4, PERM_CUSTOM_5, PERM_CUSTOM_6, PERM_CUSTOM_7, PERM_CUSTOM_8, PERM_CUSTOM_9, PERM_CUSTOM_10, PERM_CUSTOM_11, PERM_CUSTOM_12 "
|
||||
+ "from WORKBASKET_ACCESS_LIST WBA "
|
||||
+ "LEFT JOIN WORKBASKET WB ON WORKBASKET_ID = WB.ID"
|
||||
|
|
@ -138,6 +139,7 @@ public interface WorkbasketQueryMapper {
|
|||
@Result(property = "accessId", column = "ACCESS_ID")
|
||||
@Result(property = "accessName", column = "ACCESS_NAME")
|
||||
@Result(property = "permRead", column = "PERM_READ")
|
||||
@Result(property = "permReadTasks", column = "PERM_READTASKS")
|
||||
@Result(property = "permOpen", column = "PERM_OPEN")
|
||||
@Result(property = "permAppend", column = "PERM_APPEND")
|
||||
@Result(property = "permTransfer", column = "PERM_TRANSFER")
|
||||
|
|
@ -163,13 +165,13 @@ public interface WorkbasketQueryMapper {
|
|||
+ "<if test = 'joinWithAccessList'> "
|
||||
+ "<choose>"
|
||||
+ "<when test=\"_databaseId == 'db2' || _databaseId == 'oracle'\">"
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_OPEN) as MAX_OPEN, "
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_READTASKS) as MAX_READTASKS, MAX(PERM_OPEN) as MAX_OPEN, "
|
||||
+ "MAX(PERM_APPEND) as MAX_APPEND, MAX(PERM_TRANSFER) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2) as MAX_CUSTOM_2, "
|
||||
+ "MAX(PERM_CUSTOM_3) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7) as MAX_CUSTOM_7, "
|
||||
+ "MAX(PERM_CUSTOM_8) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12) as MAX_CUSTOM_12 "
|
||||
+ "</when>"
|
||||
+ "<otherwise>"
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_OPEN::int) as MAX_OPEN, "
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_READTASKS::int) as MAX_READTASKS, MAX(PERM_OPEN::int) as MAX_OPEN, "
|
||||
+ "MAX(PERM_APPEND::int) as MAX_APPEND, MAX(PERM_TRANSFER::int) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE::int) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1::int) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2::int) as MAX_CUSTOM_2, "
|
||||
+ "MAX(PERM_CUSTOM_3::int) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4::int) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5::int) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6::int) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7::int) as MAX_CUSTOM_7, "
|
||||
+ "MAX(PERM_CUSTOM_8::int) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9::int) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10::int) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11::int) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12::int) as MAX_CUSTOM_12 "
|
||||
|
|
@ -219,6 +221,7 @@ public interface WorkbasketQueryMapper {
|
|||
+ "</if> "
|
||||
+ "<foreach item='permission' collection='permissions' separator=' AND ' >"
|
||||
+ "<if test=\"permission.name() == 'READ'\">a.MAX_READ</if> "
|
||||
+ "<if test=\"permission.name() == 'READTASKS'\">a.MAX_READTASKS</if> "
|
||||
+ "<if test=\"permission.name() == 'OPEN'\">a.MAX_OPEN</if> "
|
||||
+ "<if test=\"permission.name() == 'APPEND'\">a.MAX_APPEND</if>"
|
||||
+ "<if test=\"permission.name() == 'TRANSFER'\">a.MAX_TRANSFER</if>"
|
||||
|
|
@ -259,13 +262,13 @@ public interface WorkbasketQueryMapper {
|
|||
+ "<if test = 'joinWithAccessList'> "
|
||||
+ "<choose>"
|
||||
+ "<when test=\"_databaseId == 'db2' || _databaseId == 'oracle'\">"
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_OPEN) as MAX_OPEN, "
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_READTASKS) as MAX_READTASKS, MAX(PERM_OPEN) as MAX_OPEN, "
|
||||
+ "MAX(PERM_APPEND) as MAX_APPEND, MAX(PERM_TRANSFER) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2) as MAX_CUSTOM_2, "
|
||||
+ "MAX(PERM_CUSTOM_3) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7) as MAX_CUSTOM_7, "
|
||||
+ "MAX(PERM_CUSTOM_8) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12) as MAX_CUSTOM_12 "
|
||||
+ "</when>"
|
||||
+ "<otherwise>"
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_OPEN::int) as MAX_OPEN, "
|
||||
+ "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_READTASKS::int) as MAX_READTASKS, MAX(PERM_OPEN::int) as MAX_OPEN, "
|
||||
+ "MAX(PERM_APPEND::int) as MAX_APPEND, MAX(PERM_TRANSFER::int) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE::int) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1::int) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2::int) as MAX_CUSTOM_2, "
|
||||
+ "MAX(PERM_CUSTOM_3::int) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4::int) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5::int) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6::int) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7::int) as MAX_CUSTOM_7, "
|
||||
+ "MAX(PERM_CUSTOM_8::int) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9::int) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10::int) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11::int) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12::int) as MAX_CUSTOM_12 "
|
||||
|
|
@ -316,6 +319,7 @@ public interface WorkbasketQueryMapper {
|
|||
+ "</if> "
|
||||
+ "<foreach item='permission' collection='permissions' separator=' AND ' >"
|
||||
+ "<if test=\"permission.name() == 'READ'\">a.MAX_READ</if> "
|
||||
+ "<if test=\"permission.name() == 'READTASKS'\">a.MAX_READTASKS</if> "
|
||||
+ "<if test=\"permission.name() == 'OPEN'\">a.MAX_OPEN</if> "
|
||||
+ "<if test=\"permission.name() == 'APPEND'\">a.MAX_APPEND</if>"
|
||||
+ "<if test=\"permission.name() == 'TRANSFER'\">a.MAX_TRANSFER</if>"
|
||||
|
|
|
|||
|
|
@ -219,6 +219,25 @@ class CreateWorkbasketAccTest extends AbstractAccTest {
|
|||
.isEqualTo("Karl Napf");
|
||||
}
|
||||
|
||||
@WithAccessId(user = "businessadmin")
|
||||
@Test
|
||||
void should_SetReadTask_When_CreatingWorkbasketAccessItem() throws Exception {
|
||||
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
|
||||
|
||||
WorkbasketAccessItem wbai =
|
||||
workbasketService.newWorkbasketAccessItem(
|
||||
"WBI:100000000000000000000000000000000001", "test-id");
|
||||
wbai.setPermission(WorkbasketPermission.READTASKS, true);
|
||||
workbasketService.createWorkbasketAccessItem(wbai);
|
||||
|
||||
List<WorkbasketAccessItem> accessItems =
|
||||
workbasketService.getWorkbasketAccessItems("WBI:100000000000000000000000000000000001");
|
||||
WorkbasketAccessItem item =
|
||||
accessItems.stream().filter(t -> wbai.getId().equals(t.getId())).findFirst().orElse(null);
|
||||
assertThat(item).isNotNull();
|
||||
assertThat(item.getPermission(WorkbasketPermission.READTASKS)).isEqualTo(true);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "businessadmin")
|
||||
@Test
|
||||
void testCreateDuplicateWorkbasketAccessListFails() throws Exception {
|
||||
|
|
|
|||
|
|
@ -97,6 +97,20 @@ class QueryWorkbasketByPermissionAccTest extends AbstractAccTest {
|
|||
assertThat(results).hasSize(4);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "businessadmin")
|
||||
@Test
|
||||
void should_GetAllWorkbasketsForUserAndGroup_When_QueryingForReadTasksPermissions()
|
||||
throws Exception {
|
||||
List<WorkbasketSummary> results =
|
||||
WORKBASKET_SERVICE
|
||||
.createWorkbasketQuery()
|
||||
.accessIdsHavePermissions(
|
||||
List.of(WorkbasketPermission.READTASKS), "user-1-1", GROUP_1_DN)
|
||||
.list();
|
||||
|
||||
assertThat(results).hasSize(7);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "businessadmin")
|
||||
@Test
|
||||
void should_GetAllTransferTargetsForUserAndGroup_When_QueryingForSortedByNameAscending()
|
||||
|
|
@ -160,6 +174,18 @@ class QueryWorkbasketByPermissionAccTest extends AbstractAccTest {
|
|||
assertThat(results).hasSize(1);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "user-1-1")
|
||||
@Test
|
||||
void should_GetAllWorkbasketsForSubjectUser_When_QueryingForReadTasksPermission() {
|
||||
List<WorkbasketSummary> results =
|
||||
WORKBASKET_SERVICE
|
||||
.createWorkbasketQuery()
|
||||
.callerHasPermissions(WorkbasketPermission.READTASKS)
|
||||
.list();
|
||||
|
||||
assertThat(results).hasSize(1);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "teamlead-1")
|
||||
@Test
|
||||
void should_GetAllTransferTargetsForSubjectUser_When_QueryingForMultiplePermission() {
|
||||
|
|
|
|||
|
|
@ -173,6 +173,32 @@ class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest {
|
|||
assertThatThrownBy(call).isInstanceOf(NotAuthorizedToQueryWorkbasketException.class);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "businessadmin")
|
||||
@Test
|
||||
void should_setReadTasksPerm() throws Exception {
|
||||
final WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
|
||||
String wbId = "WBI:100000000000000000000000000000000006";
|
||||
|
||||
List<WorkbasketAccessItem> accessItems = workbasketService.getWorkbasketAccessItems(wbId);
|
||||
WorkbasketAccessItem theAccessItem =
|
||||
accessItems.stream()
|
||||
.filter(x -> "user-1-1".equalsIgnoreCase(x.getAccessId()))
|
||||
.findFirst()
|
||||
.orElse(null);
|
||||
assertThat(theAccessItem).isNotNull();
|
||||
theAccessItem.setPermission(WorkbasketPermission.READTASKS, false);
|
||||
workbasketService.updateWorkbasketAccessItem(theAccessItem);
|
||||
|
||||
List<WorkbasketAccessItem> accessItems2 = workbasketService.getWorkbasketAccessItems(wbId);
|
||||
WorkbasketAccessItem item =
|
||||
accessItems2.stream()
|
||||
.filter(t -> theAccessItem.getId().equals(t.getId()))
|
||||
.findFirst()
|
||||
.orElse(null);
|
||||
assertThat(item).isNotNull();
|
||||
assertThat(theAccessItem.getPermission(WorkbasketPermission.READTASKS)).isEqualTo(false);
|
||||
}
|
||||
|
||||
@WithAccessId(user = "businessadmin")
|
||||
@Test
|
||||
void testUpdatedAccessItemList() throws Exception {
|
||||
|
|
|
|||
|
|
@ -68,6 +68,7 @@ class TaskBuilderTest {
|
|||
.accessId("user-1-1")
|
||||
.permission(WorkbasketPermission.APPEND)
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.buildAndStore(workbasketService);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@ class TaskCommentBuilderTest {
|
|||
newWorkbasketAccessItem()
|
||||
.workbasketId(workbasket.getId())
|
||||
.permission(WorkbasketPermission.READ)
|
||||
.permission(WorkbasketPermission.READTASKS)
|
||||
.accessId("user-1-1")
|
||||
.buildAndStore(workbasketService);
|
||||
task =
|
||||
|
|
|
|||
Loading…
Reference in New Issue