nosu
/
taskana
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

TSK-1192 Introduced new Task-Admin Role

This commit is contained in:
Jörg Heffner 2020-04-16 15:19:01 +02:00
parent 75a340ccf3
commit eb73c0670f
34 changed files with 525 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/taskana-core/src/main/java/pro/taskana/common/api/TaskanaRole.java
View File

@ -11,7 +11,8 @@ public enum TaskanaRole {
USER("taskana.roles.user"),
BUSINESS_ADMIN("taskana.roles.businessadmin"),
ADMIN("taskana.roles.admin"),
MONITOR("taskana.roles.monitor");
MONITOR("taskana.roles.monitor"),
TASK_ADMIN("taskana.roles.taskadmin");
private final String propertyName;

6
lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java
View File

@ -70,7 +70,8 @@ class TaskCommentServiceImpl {
taskService.getTask(taskCommentImplToUpdate.getTaskId());
if (taskCommentToUpdate.getCreator().equals(userId)
|| taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN)) {
|| taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN)
|| taskanaEngine.getEngine().isUserInRole(TaskanaRole.TASK_ADMIN)) {
TaskComment oldTaskComment = getTaskComment(taskCommentImplToUpdate.getId());
@ -142,7 +143,8 @@ class TaskCommentServiceImpl {
TaskComment taskCommentToDelete = getTaskComment(taskCommentId);
if (taskCommentToDelete.getCreator().equals(userId)
|| taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN)) {
|| taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN)
|| taskanaEngine.getEngine().isUserInRole(TaskanaRole.TASK_ADMIN)) {
taskCommentMapper.delete(taskCommentId);

7
lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java
View File

@ -1655,7 +1655,8 @@ public class TaskQueryImpl implements TaskQuery {
}
private void setupAccessIds() {
if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN) || !filterByAccessIdIn) {
if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN)
|| !filterByAccessIdIn) {
this.accessIdIn = null;
} else if (this.accessIdIn == null) {
String[] accessIds = new String[0];
@ -1670,8 +1671,8 @@ public class TaskQueryImpl implements TaskQuery {
}
private void checkOpenAndReadPermissionForSpecifiedWorkbaskets() {
if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN)) {
LOGGER.debug("Skipping permissions check since user is in role ADMIN.");
if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN)) {
LOGGER.debug("Skipping permissions check since user is in role ADMIN or TASK_ADMIN.");
return;
}
try {

7
lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java
View File

@ -787,6 +787,9 @@ public class TaskServiceImpl implements TaskService {
public Task terminateTask(String taskId)
throws TaskNotFoundException, InvalidStateException, NotAuthorizedException {
LOGGER.debug("entry to terminateTask(task = {})", taskId);
taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN);
try {
taskanaEngine.openConnection();
return terminateCancelCommonActions(taskId, TaskState.TERMINATED);
@ -939,8 +942,8 @@ public class TaskServiceImpl implements TaskService {
Pair<List<MinimalTaskSummary>, BulkLog> filterTasksAuthorizedForAndLogErrorsForNotAuthorized(
List<MinimalTaskSummary> existingTasks) {
BulkLog bulkLog = new BulkLog();
// check authorization only for non-admin users
if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN)) {
// check authorization only for non-admin or task-admin users
if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN)) {
return new Pair<>(existingTasks, bulkLog);
} else {
List<String> taskIds =

16
lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryImpl.java
View File

@ -179,7 +179,9 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
public WorkbasketQuery accessIdsHavePermission(
WorkbasketPermission permission, String... accessIds)
throws InvalidArgumentException, NotAuthorizedException {
taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN);
taskanaEngine
.getEngine()
.checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN, TaskanaRole.TASK_ADMIN);
// Checking pre-conditions
if (permission == null) {
throw new InvalidArgumentException("Permission can´t be null.");
@ -654,8 +656,9 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
if (!callerRolesAndAccessIdsAlreadyHandled) {
callerRolesAndAccessIdsAlreadyHandled = true;
// if user is admin or businessadmin, don't check read permission on workbasket.
// in addition, if user is admin or businessadmin and no accessIds were specified, don't join
// if user is admin, taskadmin or businessadmin, don't check read permission on workbasket.
// in addition, if user is admin, taskadmin or businessadmin and no accessIds were specified,
// don't join
// with access
// list
// if this query is used to augment task or a permission is given as filter criteria,
@ -663,12 +666,13 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
//
// (joinWithAccessList,checkReadPermission) can assume the following combinations:
// (t,t) -> query performed by user
// (f,f) -> admin queries w/o access ids specified
// (t,f) -> admin queries with access ids specified or permissions given
// (f,f) -> admin/task admin queries w/o access ids specified
// (t,f) -> business admin queries with access ids specified or permissions given
// (f,t) -> cannot happen, cannot be matched to meaningful query
joinWithAccessList = true;
checkReadPermission = true;
if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN) && accessId == null) {
if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN)
&& accessId == null) {
checkReadPermission = false;
joinWithAccessList = false;
} else if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.BUSINESS_ADMIN)

26
lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java
View File

@ -75,7 +75,9 @@ public class WorkbasketServiceImpl implements WorkbasketService {
throw new WorkbasketNotFoundException(
workbasketId, "Workbasket with id " + workbasketId + " was not found.");
}
if (!taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN)) {
if (!taskanaEngine
.getEngine()
.isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN, TaskanaRole.TASK_ADMIN)) {
this.checkAuthorization(workbasketId, WorkbasketPermission.READ);
}
return result;
@ -99,7 +101,9 @@ public class WorkbasketServiceImpl implements WorkbasketService {
domain,
"Workbasket with key " + workbasketKey + " and domain " + domain + " was not found.");
}
if (!taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN)) {
if (!taskanaEngine
.getEngine()
.isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN, TaskanaRole.TASK_ADMIN)) {
this.checkAuthorization(workbasketKey, domain, WorkbasketPermission.READ);
}
return result;
@ -311,7 +315,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
workbasketId, "Workbasket with id " + workbasketId + " was not found.");
}
if (skipAuthorizationCheck()) {
if (skipAuthorizationCheck(requestedPermissions)) {
return;
}
@ -363,7 +367,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
domain,
"Workbasket with key " + workbasketKey + " and domain " + domain + " was not found");
}
if (skipAuthorizationCheck()) {
if (skipAuthorizationCheck(requestedPermissions)) {
return;
}
List<String> accessIds = CurrentUserContext.getAccessIds();
@ -904,16 +908,22 @@ public class WorkbasketServiceImpl implements WorkbasketService {
.count();
}
private boolean skipAuthorizationCheck() {
private boolean skipAuthorizationCheck(WorkbasketPermission... requestedPermissions) {
// Skip permission check is security is not enabled
// Skip permission check if security is not enabled
if (!taskanaEngine.getEngine().getConfiguration().isSecurityEnabled()) {
LOGGER.debug("Skipping permissions check since security is disabled.");
return true;
}
if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN)) {
LOGGER.debug("Skipping permissions check since user is in role ADMIN.");
if (Arrays.stream(requestedPermissions).anyMatch(WorkbasketPermission.READ::equals)) {
if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN)) {
LOGGER.debug("Skipping read permissions check since user is in role ADMIN");
return true;
}
} else if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN)) {
LOGGER.debug("Skipping permissions check since user is in role ADMIN or TASK_ADMIN.");
return true;
}

15
lib/taskana-core/src/test/java/acceptance/classification/CreateClassificationAccTest.java
View File

@ -4,6 +4,7 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import acceptance.AbstractAccTest;
import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
@ -266,4 +267,18 @@ class CreateClassificationAccTest extends AbstractAccTest {
assertThat(newClassification.getId()).isNotNull();
assertThat(newClassification.getId()).isNotEqualTo(oldClassification.getId());
}
@WithAccessId(user = "taskadmin")
@Test
void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToCreateClassification() {
ClassificationImpl classification =
(ClassificationImpl) classificationService.newClassification("newKey718", "", "TASK");
ThrowingCallable createClassificationCall =
() -> {
classificationService.createClassification(classification);
};
assertThatThrownBy(createClassificationCall).isInstanceOf(NotAuthorizedException.class);
}
}

17
lib/taskana-core/src/test/java/acceptance/classification/DeleteClassificationAccTest.java
View File

@ -47,6 +47,23 @@ class DeleteClassificationAccTest extends AbstractAccTest {
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin")
@Test
void
should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToDelClassificationByKeyDomain() {
ThrowingCallable call = () -> classificationService.deleteClassification("L140101", "DOMAIN_A");
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin")
@Test
void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToDeleteClassificationById() {
ThrowingCallable call =
() ->
classificationService.deleteClassification("CLI:000000000000000000000000000000000009");
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(
user = "teamlead_1",
groups = {"group_1", "businessadmin"})

15
lib/taskana-core/src/test/java/acceptance/classification/UpdateClassificationAccTest.java
View File

@ -110,6 +110,21 @@ public class UpdateClassificationAccTest extends AbstractAccTest {
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin")
@Test
public void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToUpdateClassification()
throws ClassificationNotFoundException {
Classification classification = classificationService.getClassification("T2100", "DOMAIN_A");
classification.setApplicationEntryPoint("updated EntryPoint");
classification.setName("updated Name");
ThrowingCallable updateClassificationCall =
() -> classificationService.updateClassification(classification);
assertThatThrownBy(updateClassificationCall).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(
user = "teamlead_1",
groups = {"group_1", "businessadmin"})

11
lib/taskana-core/src/test/java/acceptance/config/TaskanaRoleConfigAccTest.java
View File

@ -46,6 +46,9 @@ class TaskanaRoleConfigAccTest extends TaskanaEngineImpl {
Set<String> admins = getConfiguration().getRoleMap().get(TaskanaRole.ADMIN);
assertThat(admins).contains("name=konrad,organisation=novatec", "admin");
Set<String> taskAdmins = getConfiguration().getRoleMap().get(TaskanaRole.TASK_ADMIN);
assertThat(taskAdmins).contains("taskadmin", "peter");
Set<String> businessAdmins = getConfiguration().getRoleMap().get(TaskanaRole.BUSINESS_ADMIN);
assertThat(businessAdmins).contains("max", "moritz");
@ -70,6 +73,10 @@ class TaskanaRoleConfigAccTest extends TaskanaEngineImpl {
Set<String> businessAdmins = getConfiguration().getRoleMap().get(TaskanaRole.BUSINESS_ADMIN);
assertThat(businessAdmins).containsOnly("ebe", "konstantin");
Set<String> taskAdmins = getConfiguration().getRoleMap().get(TaskanaRole.TASK_ADMIN);
assertThat(taskAdmins).contains("taskadmin", "peter");
} finally {
deleteFile(propertiesFileName);
}
@ -94,6 +101,10 @@ class TaskanaRoleConfigAccTest extends TaskanaEngineImpl {
Set<String> businessAdmins = getConfiguration().getRoleMap().get(TaskanaRole.BUSINESS_ADMIN);
assertThat(businessAdmins).containsOnly("name=ebe, ou = bpm", "konstantin");
Set<String> taskAdmins = getConfiguration().getRoleMap().get(TaskanaRole.TASK_ADMIN);
assertThat(taskAdmins).contains("taskadmin", "peter");
} finally {
deleteFile(propertiesFileName);
}

20
lib/taskana-core/src/test/java/acceptance/security/TaskEngineAccTest.java
View File

@ -23,7 +23,7 @@ class TaskEngineAccTest extends AbstractAccTest {
}
@Test
void testUnauthenticated() {
void should_ThrowException_When_AccessIdIsUnauthenticated() {
assertThat(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN)).isFalse();
assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isFalse();
ThrowingCallable call = () -> taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN);
@ -32,7 +32,8 @@ class TaskEngineAccTest extends AbstractAccTest {
@WithAccessId(user = "user_1_1", groups = "businessadmin")
@Test
void testRunAsAdminIsOnlyTemporary() throws NoSuchFieldException, IllegalAccessException {
void should_RunAsAdminOnlyTemorarily_When_RunAsAdminMethodIsCalled()
throws NoSuchFieldException, IllegalAccessException {
assertThat(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN)).isTrue();
assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isFalse();
@ -45,7 +46,7 @@ class TaskEngineAccTest extends AbstractAccTest {
@WithAccessId(user = "user_1_1") // , groupNames = {"businessadmin"})
@Test
void testUser() {
void should_ThrowException_When_CheckingNormalUserForAdminRoles() throws NotAuthorizedException {
assertThat(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN)).isFalse();
assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isFalse();
ThrowingCallable call = () -> taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN);
@ -54,15 +55,24 @@ class TaskEngineAccTest extends AbstractAccTest {
@WithAccessId(user = "user_1_1", groups = "businessadmin")
@Test
void testBusinessAdmin() throws NotAuthorizedException {
void should_ConfirmBusinessAdminRole_When_AccessIdIsBusinessAdmin()
throws NotAuthorizedException {
assertThat(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN)).isTrue();
assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isFalse();
taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN);
}
@WithAccessId(user = "user_1_1", groups = "taskadmin")
@Test
void should_ConfirmTaskAdminRole_When_AccessIdIsTaskAdmin() throws NotAuthorizedException {
assertThat(taskanaEngine.isUserInRole(TaskanaRole.TASK_ADMIN)).isTrue();
assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isFalse();
taskanaEngine.checkRoleMembership(TaskanaRole.TASK_ADMIN);
}
@WithAccessId(user = "user_1_1", groups = "admin")
@Test
void testAdmin() throws NotAuthorizedException {
void should_ConfirmAdminRole_When_AccessIdIsAdmin() throws NotAuthorizedException {
assertThat(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN)).isFalse();
assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isTrue();
taskanaEngine.checkRoleMembership(TaskanaRole.ADMIN);

15
lib/taskana-core/src/test/java/acceptance/task/CancelTaskAccTest.java
View File

@ -17,9 +17,10 @@ import pro.taskana.task.api.TaskService;
import pro.taskana.task.api.TaskState;
import pro.taskana.task.api.exceptions.InvalidStateException;
import pro.taskana.task.api.exceptions.TaskNotFoundException;
import pro.taskana.task.api.models.Task;
import pro.taskana.task.api.models.TaskSummary;
/** Acceptance tests for all claim and complete scenarios. */
/** Acceptance tests for all "cancel task" scenarios. */
@ExtendWith(JaasExtension.class)
class CancelTaskAccTest extends AbstractAccTest {
private TaskService taskService;
@ -55,6 +56,18 @@ class CancelTaskAccTest extends AbstractAccTest {
assertThat(numTasks).isEqualTo(6);
}
@WithAccessId(user = "taskadmin")
@Test
void should_CancelTask_When_NoExplicitPermissionsButUserIsInTaskAdminRole()
throws NotAuthorizedException, TaskNotFoundException, InvalidStateException {
Task tasktoCancel = taskService.getTask("TKI:000000000000000000000000000000000001");
assertThat(tasktoCancel.getState()).isEqualTo(TaskState.CLAIMED);
Task cancelledTask = taskService.cancelTask(tasktoCancel.getId());
assertThat(cancelledTask.getState()).isEqualTo(TaskState.CANCELLED);
}
@WithAccessId(user = "user_1_2", groups = "group_1")
@Test
void testCancelClaimedTask()

16
lib/taskana-core/src/test/java/acceptance/task/CompleteTaskAccTest.java
View File

@ -49,6 +49,22 @@ class CompleteTaskAccTest extends AbstractAccTest {
assertThat(completedTask.getModified()).isNotEqualTo(completedTask.getCreated());
}
@WithAccessId(user = "taskadmin")
@Test
void should_ForceCompleteTask_When_NoExplicitPermissionsButUserIsInTaskAdminRole()
throws TaskNotFoundException, InvalidStateException, InvalidOwnerException,
NotAuthorizedException {
TaskService taskService = taskanaEngine.getTaskService();
assertThat(taskService.getTask("TKI:000000000000000000000000000000000000").getState())
.isEqualTo(TaskState.CLAIMED);
Task completedTask = taskService.forceCompleteTask("TKI:000000000000000000000000000000000000");
assertThat(completedTask).isNotNull();
assertThat(completedTask.getCompleted()).isNotNull();
assertThat(completedTask.getState()).isEqualTo(TaskState.COMPLETED);
assertThat(completedTask.getModified()).isNotEqualTo(completedTask.getCreated());
}
@WithAccessId(user = "user_1_1", groups = "group_1")
@Test
void testCompleteTaskTwice()

18
lib/taskana-core/src/test/java/acceptance/task/CreateTaskAccTest.java
View File

@ -109,6 +109,24 @@ class CreateTaskAccTest extends AbstractAccTest {
assertThat(createdTask.isTransferred()).isFalse();
}
@WithAccessId(user = "taskadmin")
@Test
void should_CreateTask_When_NoExplicitPermissionsButUserIsInTaskAdminRole()
throws TaskAlreadyExistException, InvalidArgumentException, WorkbasketNotFoundException,
NotAuthorizedException, ClassificationNotFoundException {
Task newTask = taskService.newTask("USER_1_1", "DOMAIN_A");
newTask.setClassificationKey("T2100");
ObjectReference objectReference =
createObjectReference("COMPANY_A", "SYSTEM_A", "INSTANCE_A", "VNR", "1234567");
newTask.setPrimaryObjRef(objectReference);
newTask.setOwner("taskadmin");
Task createdTask = taskService.createTask(newTask);
assertThat(createdTask).isNotNull();
assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid());
}
@WithAccessId(user = "user_1_1", groups = "group_1")
@Test
void testCreateTaskWithPlanned()

13
lib/taskana-core/src/test/java/acceptance/task/DeleteTaskAccTest.java
View File

@ -60,6 +60,19 @@ class DeleteTaskAccTest extends AbstractAccTest {
assertThatThrownBy(call).isInstanceOf(TaskNotFoundException.class);
}
@WithAccessId(user = "taskadmin")
@Test
void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToDeleteTask() {
TaskService taskService = taskanaEngine.getTaskService();
ThrowingCallable deleteTaskCall =
() -> {
taskService.deleteTask("TKI:000000000000000000000000000000000041");
};
assertThatThrownBy(deleteTaskCall).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(
user = "user_1_2",
groups = {"group_1", "admin"})

44
lib/taskana-core/src/test/java/acceptance/task/DeleteTaskCommentAccTest.java
View File

@ -53,18 +53,38 @@ public class DeleteTaskCommentAccTest extends AbstractAccTest {
TaskService taskService = taskanaEngine.getTaskService();
List<TaskComment> taskComments =
taskService.getTaskComments("TKI:000000000000000000000000000000000002");
assertThat(taskComments).hasSize(2);
taskService.getTaskComments("TKI:000000000000000000000000000000000000");
assertThat(taskComments).hasSize(3);
ThrowingCallable lambda =
() -> taskService.deleteTaskComment("TCI:000000000000000000000000000000000005");
() -> taskService.deleteTaskComment("TCI:000000000000000000000000000000000000");
assertThatThrownBy(lambda).isInstanceOf(NotAuthorizedException.class);
// make sure the task comment was not deleted
List<TaskComment> taskCommentsAfterDeletion =
taskService.getTaskComments("TKI:000000000000000000000000000000000000");
assertThat(taskCommentsAfterDeletion).hasSize(3);
}
@WithAccessId(user = "taskadmin")
@Test
void should_DeleteTaskComment_When_NoExplicitPermissionsButUserIsInTaskAdminRole()
throws NotAuthorizedException, TaskNotFoundException, TaskCommentNotFoundException,
InvalidArgumentException {
TaskService taskService = taskanaEngine.getTaskService();
List<TaskComment> taskComments =
taskService.getTaskComments("TKI:000000000000000000000000000000000002");
assertThat(taskCommentsAfterDeletion).hasSize(2);
assertThat(taskComments).hasSize(2);
taskService.deleteTaskComment("TCI:000000000000000000000000000000000006");
// make sure the task comment was deleted
List<TaskComment> taskCommentsAfterDeletion =
taskService.getTaskComments("TKI:000000000000000000000000000000000002");
assertThat(taskCommentsAfterDeletion).hasSize(1);
}
@WithAccessId(user = "user_1_1", groups = "group_1")
@ -75,8 +95,8 @@ public class DeleteTaskCommentAccTest extends AbstractAccTest {
TaskService taskService = taskanaEngine.getTaskService();
List<TaskComment> taskComments =
taskService.getTaskComments("TKI:000000000000000000000000000000000002");
assertThat(taskComments).hasSize(2);
taskService.getTaskComments("TKI:000000000000000000000000000000000000");
assertThat(taskComments).hasSize(3);
assertThatThrownBy(() -> taskService.deleteTaskComment(""))
.isInstanceOf(InvalidArgumentException.class);
@ -86,8 +106,8 @@ public class DeleteTaskCommentAccTest extends AbstractAccTest {
// make sure that no task comment was deleted
List<TaskComment> taskCommentsAfterDeletion =
taskService.getTaskComments("TKI:000000000000000000000000000000000002");
assertThat(taskCommentsAfterDeletion).hasSize(2);
taskService.getTaskComments("TKI:000000000000000000000000000000000000");
assertThat(taskCommentsAfterDeletion).hasSize(3);
}
@WithAccessId(user = "user_1_1", groups = "group_1")
@ -98,15 +118,15 @@ public class DeleteTaskCommentAccTest extends AbstractAccTest {
TaskService taskService = taskanaEngine.getTaskService();
List<TaskComment> taskComments =
taskService.getTaskComments("TKI:000000000000000000000000000000000002");
assertThat(taskComments).hasSize(2);
taskService.getTaskComments("TKI:000000000000000000000000000000000000");
assertThat(taskComments).hasSize(3);
ThrowingCallable lambda = () -> taskService.deleteTaskComment("non existing task comment id");
assertThatThrownBy(lambda).isInstanceOf(TaskCommentNotFoundException.class);
// make sure the task comment was not deleted
List<TaskComment> taskCommentsAfterDeletion =
taskService.getTaskComments("TKI:000000000000000000000000000000000002");
assertThat(taskCommentsAfterDeletion).hasSize(2);
taskService.getTaskComments("TKI:000000000000000000000000000000000000");
assertThat(taskCommentsAfterDeletion).hasSize(3);
}
}

29
lib/taskana-core/src/test/java/acceptance/task/GetTaskAccTest.java
View File

@ -28,7 +28,7 @@ class GetTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "user_1_1", groups = "group_1")
@Test
void testGetTaskById()
void should_ReturnTask_When_RequestingTaskByTaskId()
throws TaskNotFoundException, NotAuthorizedException, InvalidArgumentException {
TaskService taskService = taskanaEngine.getTaskService();
@ -81,7 +81,7 @@ class GetTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "user_1_1", groups = "group_1")
@Test
void testGetTaskByIdNotExisting() {
void should_ThrowException_When_RequestedTaskByIdIsNotExisting() {
TaskService taskService = taskanaEngine.getTaskService();
// Assertions.assertThrows(TaskNotFoundException.class, () ->
@ -92,4 +92,29 @@ class GetTaskAccTest extends AbstractAccTest {
};
assertThatThrownBy(call).isInstanceOf(TaskNotFoundException.class);
}
@WithAccessId(user = "user_1_2")
@Test
void should_ThrowException_When_UserIsNotAuthorizedToGetTask()
throws NotAuthorizedException, TaskNotFoundException {
TaskService taskService = taskanaEngine.getTaskService();
ThrowingCallable getTaskCall =
() -> {
taskService.getTask("TKI:000000000000000000000000000000000000");
};
assertThatThrownBy(getTaskCall).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin")
@Test
void should_ReturnTask_When_NoExplicitPermissionsButUserIsInTaskAdminRole()
throws NotAuthorizedException, TaskNotFoundException {
TaskService taskService = taskanaEngine.getTaskService();
Task task = taskService.getTask("TKI:000000000000000000000000000000000000");
assertThat(task).isNotNull();
}
}

2
lib/taskana-core/src/test/java/acceptance/task/SetOwnerAccTest.java
View File

@ -33,7 +33,7 @@ import pro.taskana.task.api.exceptions.TaskNotFoundException;
import pro.taskana.task.api.models.Task;
import pro.taskana.task.api.models.TaskSummary;
/** Acceptance test for all "update task" scenarios. */
/** Acceptance test for all "set owner" scenarios. */
@ExtendWith(JaasExtension.class)
public class SetOwnerAccTest extends AbstractAccTest {

38
lib/taskana-core/src/test/java/acceptance/task/TerminateTaskAccTest.java
View File

@ -20,7 +20,7 @@ import pro.taskana.task.api.exceptions.InvalidStateException;
import pro.taskana.task.api.exceptions.TaskNotFoundException;
import pro.taskana.task.api.models.TaskSummary;
/** Acceptance tests for all claim and complete scenarios. */
/** Acceptance tests for "terminate task" scenarios. */
@ExtendWith(JaasExtension.class)
class TerminateTaskAccTest extends AbstractAccTest {
private static TaskService taskService;
@ -37,7 +37,7 @@ class TerminateTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "user_1_1", groups = "group_1")
@Test
void testQueryTerminatedTasks() {
void should_ReturnAllTerminatedTasks_When_QueryTerminatedState() {
List<TaskSummary> taskSummaries =
taskService.createTaskQuery().stateIn(TaskState.TERMINATED).list();
assertThat(taskSummaries).hasSize(5);
@ -45,7 +45,7 @@ class TerminateTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "admin", groups = "group_1")
@Test
void testTerminateReadyTask()
void should_TerminateTask_When_TaskStateIsReady()
throws NotAuthorizedException, TaskNotFoundException, InvalidStateException {
List<TaskSummary> taskSummaries = taskService.createTaskQuery().stateIn(TaskState.READY).list();
assertThat(taskSummaries).hasSize(47);
@ -56,38 +56,48 @@ class TerminateTaskAccTest extends AbstractAccTest {
assertThat(numTasks).isEqualTo(6);
}
@WithAccessId(user = "user_1_2", groups = "group_1")
@WithAccessId(user = "taskadmin", groups = "group_1")
@Test
void testTerminateClaimedTask()
void should_TerminateTask_When_TaskStateIsClaimed()
throws NotAuthorizedException, TaskNotFoundException, InvalidStateException {
List<TaskSummary> taskSummaries =
taskService.createTaskQuery().stateIn(TaskState.CLAIMED).list();
assertThat(taskSummaries).hasSize(16);
assertThat(taskSummaries.size()).isEqualTo(19);
long numTasksTerminated = taskService.createTaskQuery().stateIn(TaskState.TERMINATED).count();
assertThat(numTasksTerminated).isEqualTo(5);
taskService.terminateTask(taskSummaries.get(0).getId());
long numTasksClaimed = taskService.createTaskQuery().stateIn(TaskState.CLAIMED).count();
assertThat(numTasksClaimed).isEqualTo(15);
assertThat(numTasksClaimed).isEqualTo(18);
numTasksTerminated = taskService.createTaskQuery().stateIn(TaskState.TERMINATED).count();
assertThat(numTasksTerminated).isEqualTo(6);
}
@WithAccessId(user = "user_1_2", groups = "group_1")
@WithAccessId(user = "taskadmin", groups = "group_1")
@Test
void testTerminateCompletedTask() {
void should_ThrowException_When_TerminateTaskWithTaskStateCompleted() {
List<TaskSummary> taskSummaries =
taskService.createTaskQuery().stateIn(TaskState.COMPLETED).list();
assertThat(taskSummaries).hasSize(6);
assertThat(taskSummaries.size()).isEqualTo(7);
ThrowingCallable taskanaCall = () -> taskService.terminateTask(taskSummaries.get(0).getId());
assertThatThrownBy(taskanaCall).isInstanceOf(InvalidStateException.class);
}
@WithAccessId(user = "user_1_2", groups = "group_1")
@WithAccessId(user = "user_1_2")
@Test
void testTerminateTerminatedTask() {
void should_ThrowException_When_UserIsNotAdmin() {
ThrowingCallable taskanaCall =
() -> taskService.terminateTask("TKI:000000000000000000000000000000000000");
assertThatThrownBy(taskanaCall).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin", groups = "group_1")
@Test
void should_ThrowException_When_TerminateTaskWithTaskStateTerminated() {
List<TaskSummary> taskSummaries =
taskService.createTaskQuery().stateIn(TaskState.TERMINATED).list();
assertThat(taskSummaries).hasSize(5);
@ -96,9 +106,9 @@ class TerminateTaskAccTest extends AbstractAccTest {
assertThatThrownBy(taskanaCall).isInstanceOf(InvalidStateException.class);
}
@WithAccessId(user = "user_1_2", groups = "group_1")
@WithAccessId(user = "taskadmin", groups = "group_1")
@Test
void testTerminateCancelledTask() {
void should_ThrowException_When_TerminateTaskWithTaskStateCancelled() {
List<TaskSummary> taskSummaries =
taskService.createTaskQuery().stateIn(TaskState.CANCELLED).list();
assertThat(taskSummaries).hasSize(5);

82
lib/taskana-core/src/test/java/acceptance/task/TransferTaskAccTest.java
View File

@ -28,7 +28,9 @@ import pro.taskana.task.api.models.Task;
import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
import pro.taskana.workbasket.api.models.Workbasket;
/** Acceptance test for all "transfer task" scenarios. */
/**
* Acceptance test for all "transfer task" scenarios.
*/
@ExtendWith(JaasExtension.class)
class TransferTaskAccTest extends AbstractAccTest {
@ -38,9 +40,29 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "teamlead_1", groups = "group_1")
@Test
void testTransferTaskToWorkbasketId()
void should_TransferTaskToWorkbasket_When_WorkbasketIdIsProvided()
throws NotAuthorizedException, WorkbasketNotFoundException, TaskNotFoundException,
InvalidStateException, InvalidOwnerException {
InvalidStateException, InvalidOwnerException {
TaskService taskService = taskanaEngine.getTaskService();
Task task = taskService.getTask("TKI:000000000000000000000000000000000003");
taskService.claim(task.getId());
taskService.setTaskRead(task.getId(), true);
taskService.transfer(task.getId(), "WBI:100000000000000000000000000000000006");
Task transferredTask = taskService.getTask("TKI:000000000000000000000000000000000003");
assertThat(transferredTask).isNotNull();
assertThat(transferredTask.isTransferred()).isTrue();
assertThat(transferredTask.isRead()).isFalse();
assertThat(transferredTask.getState()).isEqualTo(TaskState.READY);
}
@WithAccessId(
user = "taskadmin")
@Test
void should_TransferTask_When_NoExplicitPermissionsButUserIsInTaskAdminRole()
throws NotAuthorizedException, WorkbasketNotFoundException, TaskNotFoundException,
InvalidStateException, InvalidOwnerException {
TaskService taskService = taskanaEngine.getTaskService();
Task task = taskService.getTask("TKI:000000000000000000000000000000000003");
taskService.claim(task.getId());
@ -57,9 +79,9 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "teamlead_1", groups = "group_1")
@Test
void testTransferTaskToWorkbasketKeyDomain()
void should_TransferTaskToWorkbasket_When_WorkbasketKeyAndDomainIsProvided()
throws NotAuthorizedException, WorkbasketNotFoundException, TaskNotFoundException,
InvalidStateException, InvalidOwnerException {
InvalidStateException, InvalidOwnerException {
TaskService taskService = taskanaEngine.getTaskService();
Task task = taskService.getTask("TKI:000000000000000000000000000000000003");
taskService.claim(task.getId());
@ -76,9 +98,9 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "user_1_1", groups = "group_1")
@Test
void testDomainChangingWhenTransferTask()
void should_ChangeDomain_When_TransferingTaskToWorkbasketWithDifferentDomain()
throws NotAuthorizedException, WorkbasketNotFoundException, TaskNotFoundException,
InvalidStateException {
InvalidStateException {
TaskService taskService = taskanaEngine.getTaskService();
Task task = taskService.getTask("TKI:000000000000000000000000000000000000");
String domain1 = task.getDomain();
@ -91,7 +113,7 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "user_1_1", groups = "group_1")
@Test
void testThrowsExceptionIfTransferWithNoTransferAuthorization()
void should_ThrowException_When_UserHasNoTransferAuthorization()
throws NotAuthorizedException, TaskNotFoundException {
TaskService taskService = taskanaEngine.getTaskService();
Task task = taskService.getTask("TKI:000000000000000000000000000000000001");
@ -105,9 +127,9 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "teamlead_1", groups = "group_1")
@Test
void testTransferDestinationWorkbasketDoesNotExist()
void should_ThrowException_When_DestinationWorkbasketDoesNotExist()
throws NotAuthorizedException, TaskNotFoundException, InvalidStateException,
InvalidOwnerException {
InvalidOwnerException {
TaskService taskService = taskanaEngine.getTaskService();
Task task = taskService.getTask("TKI:000000000000000000000000000000000003");
taskService.claim(task.getId());
@ -122,7 +144,7 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "teamlead_1", groups = "group_1")
@Test
void testTransferTaskDoesNotExist() {
void should_ThrowException_When_TaskToTransferDoesNotExist() {
TaskService taskService = taskanaEngine.getTaskService();
ThrowingCallable call =
@ -134,21 +156,7 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "teamlead_1", groups = "teamlead_1")
@Test
void testTransferNotAuthorizationOnWorkbasketTransfer() {
TaskService taskService = taskanaEngine.getTaskService();
ThrowingCallable call =
() -> {
taskService.transfer(
"TKI:200000000000000000000000000000000007",
"WBI:100000000000000000000000000000000006");
};
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "teamlead_1", groups = "group_1")
@Test
void testThrowsExceptionIfTaskIsAlreadyCompleted()
void should_ThrowException_When_TaskToTransferIsAlreadyCompleted()
throws NotAuthorizedException, TaskNotFoundException {
TaskService taskService = taskanaEngine.getTaskService();
Task task = taskService.getTask("TKI:100000000000000000000000000000000006");
@ -162,7 +170,7 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "user_1_1", groups = "group_1")
@Test
void testThrowsExceptionIfTransferWithNoAppendAuthorization()
void should_ThrowException_When_TransferWithNoAppendAuthorization()
throws NotAuthorizedException, TaskNotFoundException {
TaskService taskService = taskanaEngine.getTaskService();
Task task = taskService.getTask("TKI:000000000000000000000000000000000002");
@ -176,9 +184,9 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "teamlead_1", groups = "group_1")
@Test
void testBulkTransferTaskToWorkbasketById()
void should_BulkTransferTasks_When_WorkbasketIdIsProvided()
throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException,
TaskNotFoundException {
TaskNotFoundException {
final Instant before = Instant.now();
TaskService taskService = taskanaEngine.getTaskService();
ArrayList<String> taskIdList = new ArrayList<>();
@ -213,9 +221,9 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "teamlead_1", groups = "group_1")
@Test
void testBulkTransferTaskWithExceptions()
void should_BulkTransferOnlyValidTasks_When_SomeTasksToTransferCauseExceptions()
throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException,
TaskNotFoundException {
TaskNotFoundException {
TaskService taskService = taskanaEngine.getTaskService();
final Workbasket wb =
taskanaEngine.getWorkbasketService().getWorkbasket("USER_1_1", "DOMAIN_A");
@ -273,7 +281,7 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "teamlead_1")
@Test
void testBulkTransferTaskWithoutAppendPermissionOnTarget() {
void should_ThrowException_When_BulkTransferTasksWithoutAppendPermissionOnTarget() {
TaskService taskService = taskanaEngine.getTaskService();
ArrayList<String> taskIdList = new ArrayList<>();
taskIdList.add("TKI:000000000000000000000000000000000006"); // working
@ -290,7 +298,7 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "teamlead_1", groups = "group_1")
@Test
void testTransferTasksWithListNotSupportingRemove()
void should_TransferTasks_When_TransferTasksWithListNotSupportingRemove()
throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException {
TaskService taskService = taskanaEngine.getTaskService();
List<String> taskIds = Collections.singletonList("TKI:000000000000000000000000000000000006");
@ -299,7 +307,7 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "teamlead_1", groups = "group_1")
@Test
void testTransferTasksWithInvalidTasksIdList() {
void should_ThrowException_When_TransferTasksWithInvalidTasksIdList() {
TaskService taskService = taskanaEngine.getTaskService();
// test with invalid list
@ -324,7 +332,7 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "teamlead_1", groups = "group_1")
@Test
void testThrowsExceptionIfEmptyListIsSupplied() {
void should_ThrowException_When_TransferEmptyTaskIdList() {
TaskService taskService = taskanaEngine.getTaskService();
List<String> taskIds = new ArrayList<>();
ThrowingCallable call =
@ -336,9 +344,9 @@ class TransferTaskAccTest extends AbstractAccTest {
@WithAccessId(user = "teamlead_1", groups = "group_1")
@Test
void testBulkTransferByWorkbasketAndDomainByKey()
void should_BulkTransferTasks_When_WorkbasketKeyAndDomainIsProvided()
throws WorkbasketNotFoundException, NotAuthorizedException, InvalidArgumentException,
TaskNotFoundException {
TaskNotFoundException {
final Instant before = Instant.now();
TaskService taskService = taskanaEngine.getTaskService();
List<String> taskIdList = new ArrayList<>();

14
lib/taskana-core/src/test/java/acceptance/workbasket/CreateWorkbasketAccTest.java
View File

@ -76,6 +76,20 @@ class CreateWorkbasketAccTest extends AbstractAccTest {
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin")
@Test
void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToCreateWorkbasket() {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
Workbasket workbasket = workbasketService.newWorkbasket("NT1234", "DOMAIN_A");
workbasket.setName("new workbasket");
workbasket.setType(WorkbasketType.GROUP);
workbasket.setOrgLevel1("company");
ThrowingCallable createWorkbasketCall = () -> workbasketService.createWorkbasket(workbasket);
assertThatThrownBy(createWorkbasketCall).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(
user = "teamlead_1",
groups = {"group_1", "businessadmin"})

27
lib/taskana-core/src/test/java/acceptance/workbasket/DeleteWorkbasketAccTest.java
View File

@ -67,7 +67,32 @@ class DeleteWorkbasketAccTest extends AbstractAccTest {
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "elena")
@WithAccessId(user = "taskadmin")
@Test
void
should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToDeleteWorkbasketByKeyAndDomain() {
ThrowingCallable deleteWorkbasketCall =
() -> {
Workbasket wb = workbasketService.getWorkbasket("TEAMLEAD_2", "DOMAIN_A");
workbasketService.deleteWorkbasket(wb.getId());
};
assertThatThrownBy(deleteWorkbasketCall).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin")
@Test
void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToDeleteWorkbasketById() {
ThrowingCallable deleteWorkbasketCall =
() -> {
Workbasket wb =
workbasketService.getWorkbasket("WBI:100000000000000000000000000000000005");
workbasketService.deleteWorkbasket(wb.getId());
};
assertThatThrownBy(deleteWorkbasketCall).isInstanceOf(NotAuthorizedException.class);
}
@Test
void testGetWorkbasketNotAuthorized() {

56
lib/taskana-core/src/test/java/acceptance/workbasket/DistributionTargetsAccTest.java
View File

@ -308,6 +308,62 @@ class DistributionTargetsAccTest extends AbstractAccTest {
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin")
@Test
void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToGetWorkbasketDistTargets() {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
ThrowingCallable retrieveWorkbasketDistributionTargetsCall =
() -> {
List<WorkbasketSummary> ws =
workbasketService.getDistributionSources("WBI:100000000000000000000000000000000004");
};
assertThatThrownBy(retrieveWorkbasketDistributionTargetsCall)
.isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin")
@Test
void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToSetWorkbasketDistTargets() {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
ThrowingCallable call =
() -> {
workbasketService.setDistributionTargets(
"WBI:100000000000000000000000000000000004",
Arrays.asList("WBI:100000000000000000000000000000000002"));
};
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin")
@Test
void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToAddWorkbasketDistTarget() {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
ThrowingCallable call =
() -> {
workbasketService.addDistributionTarget(
"WBI:100000000000000000000000000000000004",
"WBI:100000000000000000000000000000000002");
};
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin")
@Test
void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToRemoveWorkbasketDistTarget() {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
ThrowingCallable call =
() -> {
workbasketService.removeDistributionTarget(
"WBI:100000000000000000000000000000000004",
"WBI:100000000000000000000000000000000002");
};
assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(
user = "user_2_2",
groups = {"group_1", "group_2"})

27
lib/taskana-core/src/test/java/acceptance/workbasket/GetWorkbasketAccTest.java
View File

@ -51,6 +51,33 @@ class GetWorkbasketAccTest extends AbstractAccTest {
assertThat(workbasket.getCustom4()).isEqualTo("custom4");
}
@WithAccessId(user = "taskadmin")
@Test
void should_ReturnWorkbasketByKeyAndDomain_When_NoExplicitPermissionsButUserIsInTaskAdminRole()
throws NotAuthorizedException, WorkbasketNotFoundException {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
Workbasket retrievedWorkbasket =
workbasketService.getWorkbasket("WBI:100000000000000000000000000000000007");
assertThat(retrievedWorkbasket).isNotNull();
assertThat(retrievedWorkbasket.getOwner()).isEqualTo("Peter Maier");
}
@WithAccessId(user = "taskadmin")
@Test
void should_ReturnWorkbasketById_When_NoExplicitPermissionsButUserIsInTaskAdminRole()
throws NotAuthorizedException, WorkbasketNotFoundException {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
Workbasket retrievedWorkbasket = workbasketService.getWorkbasket("USER_1_2", "DOMAIN_A");
assertThat(retrievedWorkbasket.getOwner()).isEqualTo("Peter Maier");
assertThat(retrievedWorkbasket).isNotNull();
}
@WithAccessId(user = "user_1_1", groups = "group_1")
@Test
void testGetWorkbasketByKeyAndDomain()

14
lib/taskana-core/src/test/java/acceptance/workbasket/UpdateWorkbasketAccTest.java
View File

@ -111,4 +111,18 @@ public class UpdateWorkbasketAccTest extends AbstractAccTest {
assertThatThrownBy(() -> workbasketService.updateWorkbasket(workbasket))
.isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin")
@Test
public void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToUpdateWorkbasket()
throws NotAuthorizedException, WorkbasketNotFoundException {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
Workbasket workbasket = workbasketService.getWorkbasket("USER_1_1", "DOMAIN_A");
workbasket.setName("updated workbasket name");
assertThatThrownBy(() -> workbasketService.updateWorkbasket(workbasket))
.isInstanceOf(NotAuthorizedException.class);
}
}

78
lib/taskana-core/src/test/java/acceptance/workbasket/UpdateWorkbasketAuthorizationsAccTest.java
View File

@ -28,7 +28,9 @@ import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
import pro.taskana.workbasket.api.models.WorkbasketAccessItem;
import pro.taskana.workbasket.internal.models.WorkbasketAccessItemImpl;
/** Acceptance test for all "update workbasket" scenarios. */
/**
* Acceptance test for all "update workbasket" scenarios.
*/
@ExtendWith(JaasExtension.class)
class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest {
@ -36,13 +38,81 @@ class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest {
super();
}
@WithAccessId(user = "taskadmin")
@Test
public void should_ThrowException_When_TaskAdminTriesToGetWorkbasketAccItem() {
final WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
ThrowingCallable retrieveWorkbasketAccessItemCall =
() -> {
workbasketService.getWorkbasketAccessItems("WBI:100000000000000000000000000000000008");
};
assertThatThrownBy(retrieveWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin")
@Test
public void should_ThrowException_When_TaskAdminTriesToDeleteWorkbasketAccItemById() {
final WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
ThrowingCallable deleteWorkbasketAccessItemCall =
() -> {
workbasketService.deleteWorkbasketAccessItemsForAccessId("group_1");
};
assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin")
@Test
public void should_ThrowException_When_TaskAdminTriesToDeleteWorkbasketAccessItemByAccessId() {
final WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
WorkbasketAccessItem workbasketAccessItem =
workbasketService.newWorkbasketAccessItem(
"WBI:100000000000000000000000000000000008", "newAccessIdForUpdate");
workbasketAccessItem.setPermCustom1(true);
ThrowingCallable deleteWorkbasketAccessItemCall =
() -> {
workbasketService.deleteWorkbasketAccessItem(workbasketAccessItem.getId());
};
assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(user = "taskadmin")
@Test
public void should_ThrowException_When_TaskAdminTriesToUpdateWorkbasketAccItem() {
final WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
WorkbasketAccessItem workbasketAccessItem =
workbasketService.newWorkbasketAccessItem(
"WBI:100000000000000000000000000000000008", "newAccessIdForUpdate");
workbasketAccessItem.setPermCustom1(true);
ThrowingCallable updateWorkbasketAccessItemCall =
() -> {
workbasketService.updateWorkbasketAccessItem(workbasketAccessItem);
};
assertThatThrownBy(updateWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class);
}
@WithAccessId(
user = "teamlead_1",
groups = {"group_1", "businessadmin"})
@Test
void testUpdateWorkbasketAccessItemSucceeds()
throws InvalidArgumentException, NotAuthorizedException, WorkbasketNotFoundException,
WorkbasketAccessItemAlreadyExistException {
WorkbasketAccessItemAlreadyExistException {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
WorkbasketAccessItem accessItem =
workbasketService.newWorkbasketAccessItem(
@ -78,7 +148,7 @@ class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest {
@Test
void testUpdateWorkbasketAccessItemRejected()
throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException,
WorkbasketAccessItemAlreadyExistException {
WorkbasketAccessItemAlreadyExistException {
WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
WorkbasketAccessItem accessItem =
workbasketService.newWorkbasketAccessItem(
@ -127,7 +197,7 @@ class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest {
@Test
void testUpdatedAccessItemLeadsToNotAuthorizedException()
throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException,
ClassificationNotFoundException, TaskAlreadyExistException {
ClassificationNotFoundException, TaskAlreadyExistException {
TaskService taskService = taskanaEngine.getTaskService();
final WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();

1
lib/taskana-core/src/test/resources/taskana.properties
View File

@ -2,6 +2,7 @@ taskana.roles.user=group1 | group2|teamlead_1 | teamlead_2 |user_1_1| user_1_1|
taskana.roles.Admin=name=konrad,Organisation=novatec|admin
taskana.roles.businessadmin=max|Moritz|businessadmin
taskana.roles.monitor=john|teamlead_2 | monitor
taskana.roles.taskadmin=peter | taskadmin
taskana.domains=Domain_A , DOMAIN_B
taskana.classification.types=TASK , document
taskana.classification.categories.task=EXTERNAL, manual, autoMAtic, Process

1
lib/taskana-data/src/main/resources/sql/test-data/task.sql
View File

@ -46,6 +46,7 @@ INSERT INTO TASK VALUES('TKI:000000000000000000000000000000000037', 'ETI:0000000
INSERT INTO TASK VALUES('TKI:000000000000000000000000000000000038', 'ETI:000000000000000000000000000000000038', '2018-01-29 15:55:24', '2018-01-30 15:55:24', '2018-01-30 16:55:24', '2018-01-30 16:55:24', '2018-01-29 15:55:00', '2018-01-30 15:55:00', 'Widerruf' , 'creator_user_id' , 'Widerruf' , null , 2 , 'COMPLETED' , 'EXTERN' , 'L1050' , 'CLI:100000000000000000000000000000000003', 'WBI:100000000000000000000000000000000007' , 'USER_1_2' , 'DOMAIN_A', 'PI_0000000000038' , 'DOC_0000000000000000038' , 'user_1_2' , '00' , 'PASystem' , '00' , 'SDNR' , '00011122' , true , false , null , 'NONE' , null , null , null , null , null , 'al' , '11' , null , null , null , null , null , null , null , 'abc' , null , null );
INSERT INTO TASK VALUES('TKI:000000000000000000000000000000000039', 'ETI:000000000000000000000000000000000039', '2018-01-29 15:55:24', '2018-01-30 15:55:24', '2018-01-30 16:55:24', '2018-01-30 16:55:24', '2018-01-29 15:55:00', '2018-01-30 15:55:00', 'Widerruf' , 'creator_user_id' , 'Widerruf' , null , 2 , 'COMPLETED' , 'EXTERN' , 'L1050' , 'CLI:100000000000000000000000000000000003', 'WBI:100000000000000000000000000000000007' , 'USER_1_2' , 'DOMAIN_A', 'PI_0000000000039' , 'DOC_0000000000000000039' , 'user_1_2' , '00' , 'PASystem' , '00' , 'SDNR' , '00011122' , true , false , null , 'NONE' , null , null , null , null , null , null , null , null , null , null , null , null , null , null , 'abc' , null , null );
INSERT INTO TASK VALUES('TKI:000000000000000000000000000000000040', 'ETI:000000000000000000000000000000000040', '2018-01-29 15:55:24', '2018-01-30 15:55:24', '2018-01-30 16:55:24', '2018-01-30 16:55:24', '2018-01-29 15:55:00', '2018-01-30 15:55:00', 'Widerruf' , 'creator_user_id' , 'Widerruf' , null , 2 , 'COMPLETED' , 'EXTERN' , 'L1050' , 'CLI:100000000000000000000000000000000003', 'WBI:100000000000000000000000000000000007' , 'USER_1_2' , 'DOMAIN_A', 'PI_0000000000040' , 'DOC_0000000000000000040' , 'user_1_2' , '00' , 'PASystem' , '00' , 'SDNR' , '00011122' , true , false , null , 'NONE' , null , null , null , null , null , null , null , null , null , null , null , null , null , null , 'abc' , null , null );
-- Tasks for QueryTasksWithSortingTest
INSERT INTO TASK VALUES('TKI:000000000000000000000000000000000041', 'ETI:000000000000000000000000000000000041', '2018-01-29 15:55:00', '2018-01-30 15:55:00', null , '2018-01-30 15:55:00', '2018-01-29 15:55:00', '2018-01-30 15:55:00', 'Task99' , 'creator_user_id' , 'Lorem ipsum was n Quatsch dolor sit amet.', 'Some custom Note' , 1 , 'CLAIMED' , 'AUTOMATIC' , 'T6310' , 'CLI:000000000000000000000000000000000011', 'WBI:100000000000000000000000000000000015' , 'USER_3_2' , 'DOMAIN_B', 'BPI21' , 'PBPI21' , 'user_3_1' , 'MyCompany1', 'MySystem1', 'MyInstance1' , 'MyType1', 'MyValue1' , true , false , null , 'NONE' , null , null , null , null , null , null , null , null , null , null , null , null , null , null , 'abc' , null , null );
INSERT INTO TASK VALUES('TKI:000000000000000000000000000000000042', 'ETI:000000000000000000000000000000000042', '2018-01-29 15:55:01', '2018-01-30 15:55:00', null , '2018-01-30 15:55:01', '2018-01-29 15:55:00', '2018-01-30 15:55:00', 'Task01' , 'creator_user_id' , 'Lorem ipsum was n Quatsch dolor sit amet.', 'Some custom Note' , 2 , 'CLAIMED' , 'EXTERN' , 'L110102' , 'CLI:100000000000000000000000000000000005', 'WBI:100000000000000000000000000000000015' , 'USER_3_2' , 'DOMAIN_B', 'BPI21' , 'PBPI21' , 'user_3_1' , 'MyCompany1', 'MySystem1', 'MyInstance1' , 'MyType1', 'MyValue1' , true , false , null , 'NONE' , null , null , null , null , null , null , null , null , null , null , null , null , null , null , 'abc' , null , null );

1
lib/taskana-spring-example/src/main/resources/taskana.properties
View File

@ -1,6 +1,7 @@
taskana.roles.user = group1 | group2|teamlead_1 | teamlead_2 |user_1_1| user_1_1| user_1_2| user_2_1| user_2_2| max|elena|simone
taskana.roles.Admin=name=konrad,Organisation=novatec|admin
taskana.roles.businessadmin=max|Moritz|businessadmin
taskana.roles.taskadmin=peter | taskadmin
taskana.domains= Domain_A , DOMAIN_B
taskana.classification.types= TASK , document

1
rest/taskana-rest-spring-example-boot/src/main/resources/taskana.properties
View File

@ -2,6 +2,7 @@ taskana.roles.user = group1 | group2|teamlead_1 |teamlead_2 |user_1_1| user_1_1|
taskana.roles.Admin=name=konrad,Organisation=novatec|admin
taskana.roles.businessadmin=max|Moritz|businessadmin
taskana.roles.monitor=john|teamlead_2 | monitor
taskana.roles.taskadmin=peter | taskadmin
taskana.domains=DOMAIN_A,DOMAIN_B,DOMAIN_C
taskana.classification.types=TASK,DOCUMENT
taskana.classification.categories.task= EXTERNAL, manual, autoMAtic, Process

1
rest/taskana-rest-spring-example-common/src/test/resources/taskana.properties
View File

@ -2,6 +2,7 @@ taskana.roles.user = group1 | group2|teamlead_1 |teamlead_2 |user_1_1| user_1_1|
taskana.roles.Admin=name=konrad,Organisation=novatec|admin
taskana.roles.businessadmin=max|Moritz|businessadmin
taskana.roles.monitor=john|teamlead_2 | monitor
taskana.roles.taskadmin=peter | taskadmin
taskana.domains=DOMAIN_A,DOMAIN_B,DOMAIN_C
taskana.classification.types=TASK,DOCUMENT
taskana.classification.categories.task= EXTERNAL, manual, autoMAtic, Process

1
rest/taskana-rest-spring-example-wildfly/src/main/resources/taskana.properties
View File

@ -2,6 +2,7 @@ taskana.roles.user = group1 | group2|teamlead_1 |teamlead_2 |user_1_1| user_1_1|
taskana.roles.Admin=name=konrad,Organisation=novatec|admin|demo
taskana.roles.businessadmin=max|Moritz|businessadmin|demo
taskana.roles.monitor=john|teamlead_2 | monitor
taskana.roles.taskadmin=peter | taskadmin
taskana.domains=DOMAIN_A,DOMAIN_B,DOMAIN_C,DEFAULT_DOMAIN
taskana.classification.types=TASK,DOCUMENT
taskana.classification.categories.task= EXTERNAL, manual, autoMAtic, Process

1
rest/taskana-rest-spring-example-wildfly/src/test/resources/taskana.properties
View File

@ -2,6 +2,7 @@ taskana.roles.user = group1 | group2|teamlead_1 |teamlead_2 |user_1_1| user_1_1|
taskana.roles.Admin=name=konrad,Organisation=novatec|admin
taskana.roles.businessadmin=max|Moritz|businessadmin
taskana.roles.monitor=john|teamlead_2 | monitor
taskana.roles.taskadmin=peter | taskadmin
taskana.domains=DOMAIN_A,DOMAIN_B,DOMAIN_C
taskana.classification.types=TASK,DOCUMENT
taskana.classification.categories.task= EXTERNAL, manual, autoMAtic, Process

1
rest/taskana-rest-spring/src/test/resources/taskana.properties
View File

@ -2,6 +2,7 @@ taskana.roles.user = group1 | group2|teamlead_1 |teamlead_2 |user_1_1| user_1_1|
taskana.roles.Admin=name=konrad,Organisation=novatec|admin
taskana.roles.businessadmin=max|Moritz|businessadmin
taskana.roles.monitor=john|teamlead_2 | monitor
taskana.roles.taskadmin=peter | taskadmin
taskana.domains=DOMAIN_A,DOMAIN_B,DOMAIN_C
taskana.classification.types=TASK,DOCUMENT
taskana.classification.categories.task= EXTERNAL, manual, autoMAtic, Process