diff --git a/lib/taskana-core/src/main/java/pro/taskana/common/api/TaskanaRole.java b/lib/taskana-core/src/main/java/pro/taskana/common/api/TaskanaRole.java index b903974dd..3f59a2b0e 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/common/api/TaskanaRole.java +++ b/lib/taskana-core/src/main/java/pro/taskana/common/api/TaskanaRole.java @@ -11,7 +11,8 @@ public enum TaskanaRole { USER("taskana.roles.user"), BUSINESS_ADMIN("taskana.roles.businessadmin"), ADMIN("taskana.roles.admin"), - MONITOR("taskana.roles.monitor"); + MONITOR("taskana.roles.monitor"), + TASK_ADMIN("taskana.roles.taskadmin"); private final String propertyName; diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java index 3ddafa684..6703e90a8 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java @@ -70,7 +70,8 @@ class TaskCommentServiceImpl { taskService.getTask(taskCommentImplToUpdate.getTaskId()); if (taskCommentToUpdate.getCreator().equals(userId) - || taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN)) { + || taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN) + || taskanaEngine.getEngine().isUserInRole(TaskanaRole.TASK_ADMIN)) { TaskComment oldTaskComment = getTaskComment(taskCommentImplToUpdate.getId()); @@ -142,7 +143,8 @@ class TaskCommentServiceImpl { TaskComment taskCommentToDelete = getTaskComment(taskCommentId); if (taskCommentToDelete.getCreator().equals(userId) - || taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN)) { + || taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN) + || taskanaEngine.getEngine().isUserInRole(TaskanaRole.TASK_ADMIN)) { taskCommentMapper.delete(taskCommentId); diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java index 13180e976..a43de51cb 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java @@ -1655,7 +1655,8 @@ public class TaskQueryImpl implements TaskQuery { } private void setupAccessIds() { - if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN) || !filterByAccessIdIn) { + if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN) + || !filterByAccessIdIn) { this.accessIdIn = null; } else if (this.accessIdIn == null) { String[] accessIds = new String[0]; @@ -1670,8 +1671,8 @@ public class TaskQueryImpl implements TaskQuery { } private void checkOpenAndReadPermissionForSpecifiedWorkbaskets() { - if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN)) { - LOGGER.debug("Skipping permissions check since user is in role ADMIN."); + if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN)) { + LOGGER.debug("Skipping permissions check since user is in role ADMIN or TASK_ADMIN."); return; } try { diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java index 76bcdf49e..e9b35c376 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java @@ -787,6 +787,9 @@ public class TaskServiceImpl implements TaskService { public Task terminateTask(String taskId) throws TaskNotFoundException, InvalidStateException, NotAuthorizedException { LOGGER.debug("entry to terminateTask(task = {})", taskId); + + taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN); + try { taskanaEngine.openConnection(); return terminateCancelCommonActions(taskId, TaskState.TERMINATED); @@ -939,8 +942,8 @@ public class TaskServiceImpl implements TaskService { Pair, BulkLog> filterTasksAuthorizedForAndLogErrorsForNotAuthorized( List existingTasks) { BulkLog bulkLog = new BulkLog(); - // check authorization only for non-admin users - if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN)) { + // check authorization only for non-admin or task-admin users + if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN)) { return new Pair<>(existingTasks, bulkLog); } else { List taskIds = diff --git a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryImpl.java b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryImpl.java index 7813cb335..c52e51a89 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryImpl.java @@ -179,7 +179,9 @@ public class WorkbasketQueryImpl implements WorkbasketQuery { public WorkbasketQuery accessIdsHavePermission( WorkbasketPermission permission, String... accessIds) throws InvalidArgumentException, NotAuthorizedException { - taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN); + taskanaEngine + .getEngine() + .checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN, TaskanaRole.TASK_ADMIN); // Checking pre-conditions if (permission == null) { throw new InvalidArgumentException("Permission canĀ“t be null."); @@ -654,8 +656,9 @@ public class WorkbasketQueryImpl implements WorkbasketQuery { if (!callerRolesAndAccessIdsAlreadyHandled) { callerRolesAndAccessIdsAlreadyHandled = true; - // if user is admin or businessadmin, don't check read permission on workbasket. - // in addition, if user is admin or businessadmin and no accessIds were specified, don't join + // if user is admin, taskadmin or businessadmin, don't check read permission on workbasket. + // in addition, if user is admin, taskadmin or businessadmin and no accessIds were specified, + // don't join // with access // list // if this query is used to augment task or a permission is given as filter criteria, @@ -663,12 +666,13 @@ public class WorkbasketQueryImpl implements WorkbasketQuery { // // (joinWithAccessList,checkReadPermission) can assume the following combinations: // (t,t) -> query performed by user - // (f,f) -> admin queries w/o access ids specified - // (t,f) -> admin queries with access ids specified or permissions given + // (f,f) -> admin/task admin queries w/o access ids specified + // (t,f) -> business admin queries with access ids specified or permissions given // (f,t) -> cannot happen, cannot be matched to meaningful query joinWithAccessList = true; checkReadPermission = true; - if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN) && accessId == null) { + if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN) + && accessId == null) { checkReadPermission = false; joinWithAccessList = false; } else if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.BUSINESS_ADMIN) diff --git a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java index 0ffac1345..bbc34a492 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java @@ -75,7 +75,9 @@ public class WorkbasketServiceImpl implements WorkbasketService { throw new WorkbasketNotFoundException( workbasketId, "Workbasket with id " + workbasketId + " was not found."); } - if (!taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN)) { + if (!taskanaEngine + .getEngine() + .isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN, TaskanaRole.TASK_ADMIN)) { this.checkAuthorization(workbasketId, WorkbasketPermission.READ); } return result; @@ -99,7 +101,9 @@ public class WorkbasketServiceImpl implements WorkbasketService { domain, "Workbasket with key " + workbasketKey + " and domain " + domain + " was not found."); } - if (!taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN)) { + if (!taskanaEngine + .getEngine() + .isUserInRole(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN, TaskanaRole.TASK_ADMIN)) { this.checkAuthorization(workbasketKey, domain, WorkbasketPermission.READ); } return result; @@ -311,7 +315,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { workbasketId, "Workbasket with id " + workbasketId + " was not found."); } - if (skipAuthorizationCheck()) { + if (skipAuthorizationCheck(requestedPermissions)) { return; } @@ -363,7 +367,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { domain, "Workbasket with key " + workbasketKey + " and domain " + domain + " was not found"); } - if (skipAuthorizationCheck()) { + if (skipAuthorizationCheck(requestedPermissions)) { return; } List accessIds = CurrentUserContext.getAccessIds(); @@ -904,16 +908,22 @@ public class WorkbasketServiceImpl implements WorkbasketService { .count(); } - private boolean skipAuthorizationCheck() { + private boolean skipAuthorizationCheck(WorkbasketPermission... requestedPermissions) { - // Skip permission check is security is not enabled + // Skip permission check if security is not enabled if (!taskanaEngine.getEngine().getConfiguration().isSecurityEnabled()) { LOGGER.debug("Skipping permissions check since security is disabled."); return true; } - if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN)) { - LOGGER.debug("Skipping permissions check since user is in role ADMIN."); + if (Arrays.stream(requestedPermissions).anyMatch(WorkbasketPermission.READ::equals)) { + + if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN)) { + LOGGER.debug("Skipping read permissions check since user is in role ADMIN"); + return true; + } + } else if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN)) { + LOGGER.debug("Skipping permissions check since user is in role ADMIN or TASK_ADMIN."); return true; } diff --git a/lib/taskana-core/src/test/java/acceptance/classification/CreateClassificationAccTest.java b/lib/taskana-core/src/test/java/acceptance/classification/CreateClassificationAccTest.java index 28409ad32..1496a4822 100644 --- a/lib/taskana-core/src/test/java/acceptance/classification/CreateClassificationAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/classification/CreateClassificationAccTest.java @@ -4,6 +4,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; import acceptance.AbstractAccTest; +import org.assertj.core.api.ThrowableAssert.ThrowingCallable; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; @@ -266,4 +267,18 @@ class CreateClassificationAccTest extends AbstractAccTest { assertThat(newClassification.getId()).isNotNull(); assertThat(newClassification.getId()).isNotEqualTo(oldClassification.getId()); } + + @WithAccessId(user = "taskadmin") + @Test + void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToCreateClassification() { + ClassificationImpl classification = + (ClassificationImpl) classificationService.newClassification("newKey718", "", "TASK"); + + ThrowingCallable createClassificationCall = + () -> { + classificationService.createClassification(classification); + }; + + assertThatThrownBy(createClassificationCall).isInstanceOf(NotAuthorizedException.class); + } } diff --git a/lib/taskana-core/src/test/java/acceptance/classification/DeleteClassificationAccTest.java b/lib/taskana-core/src/test/java/acceptance/classification/DeleteClassificationAccTest.java index 9f0e93780..420e1ed9e 100644 --- a/lib/taskana-core/src/test/java/acceptance/classification/DeleteClassificationAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/classification/DeleteClassificationAccTest.java @@ -47,6 +47,23 @@ class DeleteClassificationAccTest extends AbstractAccTest { assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class); } + @WithAccessId(user = "taskadmin") + @Test + void + should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToDelClassificationByKeyDomain() { + ThrowingCallable call = () -> classificationService.deleteClassification("L140101", "DOMAIN_A"); + assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class); + } + + @WithAccessId(user = "taskadmin") + @Test + void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToDeleteClassificationById() { + ThrowingCallable call = + () -> + classificationService.deleteClassification("CLI:000000000000000000000000000000000009"); + assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class); + } + @WithAccessId( user = "teamlead_1", groups = {"group_1", "businessadmin"}) diff --git a/lib/taskana-core/src/test/java/acceptance/classification/UpdateClassificationAccTest.java b/lib/taskana-core/src/test/java/acceptance/classification/UpdateClassificationAccTest.java index f15ab068a..f4617b63f 100644 --- a/lib/taskana-core/src/test/java/acceptance/classification/UpdateClassificationAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/classification/UpdateClassificationAccTest.java @@ -110,6 +110,21 @@ public class UpdateClassificationAccTest extends AbstractAccTest { assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class); } + @WithAccessId(user = "taskadmin") + @Test + public void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToUpdateClassification() + throws ClassificationNotFoundException { + + Classification classification = classificationService.getClassification("T2100", "DOMAIN_A"); + + classification.setApplicationEntryPoint("updated EntryPoint"); + classification.setName("updated Name"); + + ThrowingCallable updateClassificationCall = + () -> classificationService.updateClassification(classification); + assertThatThrownBy(updateClassificationCall).isInstanceOf(NotAuthorizedException.class); + } + @WithAccessId( user = "teamlead_1", groups = {"group_1", "businessadmin"}) diff --git a/lib/taskana-core/src/test/java/acceptance/config/TaskanaRoleConfigAccTest.java b/lib/taskana-core/src/test/java/acceptance/config/TaskanaRoleConfigAccTest.java index d87075159..031871929 100644 --- a/lib/taskana-core/src/test/java/acceptance/config/TaskanaRoleConfigAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/config/TaskanaRoleConfigAccTest.java @@ -46,6 +46,9 @@ class TaskanaRoleConfigAccTest extends TaskanaEngineImpl { Set admins = getConfiguration().getRoleMap().get(TaskanaRole.ADMIN); assertThat(admins).contains("name=konrad,organisation=novatec", "admin"); + Set taskAdmins = getConfiguration().getRoleMap().get(TaskanaRole.TASK_ADMIN); + assertThat(taskAdmins).contains("taskadmin", "peter"); + Set businessAdmins = getConfiguration().getRoleMap().get(TaskanaRole.BUSINESS_ADMIN); assertThat(businessAdmins).contains("max", "moritz"); @@ -70,6 +73,10 @@ class TaskanaRoleConfigAccTest extends TaskanaEngineImpl { Set businessAdmins = getConfiguration().getRoleMap().get(TaskanaRole.BUSINESS_ADMIN); assertThat(businessAdmins).containsOnly("ebe", "konstantin"); + + Set taskAdmins = getConfiguration().getRoleMap().get(TaskanaRole.TASK_ADMIN); + assertThat(taskAdmins).contains("taskadmin", "peter"); + } finally { deleteFile(propertiesFileName); } @@ -94,6 +101,10 @@ class TaskanaRoleConfigAccTest extends TaskanaEngineImpl { Set businessAdmins = getConfiguration().getRoleMap().get(TaskanaRole.BUSINESS_ADMIN); assertThat(businessAdmins).containsOnly("name=ebe, ou = bpm", "konstantin"); + + Set taskAdmins = getConfiguration().getRoleMap().get(TaskanaRole.TASK_ADMIN); + assertThat(taskAdmins).contains("taskadmin", "peter"); + } finally { deleteFile(propertiesFileName); } diff --git a/lib/taskana-core/src/test/java/acceptance/security/TaskEngineAccTest.java b/lib/taskana-core/src/test/java/acceptance/security/TaskEngineAccTest.java index 9ac02a2ca..a2dd22211 100644 --- a/lib/taskana-core/src/test/java/acceptance/security/TaskEngineAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/security/TaskEngineAccTest.java @@ -23,7 +23,7 @@ class TaskEngineAccTest extends AbstractAccTest { } @Test - void testUnauthenticated() { + void should_ThrowException_When_AccessIdIsUnauthenticated() { assertThat(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN)).isFalse(); assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isFalse(); ThrowingCallable call = () -> taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN); @@ -32,7 +32,8 @@ class TaskEngineAccTest extends AbstractAccTest { @WithAccessId(user = "user_1_1", groups = "businessadmin") @Test - void testRunAsAdminIsOnlyTemporary() throws NoSuchFieldException, IllegalAccessException { + void should_RunAsAdminOnlyTemorarily_When_RunAsAdminMethodIsCalled() + throws NoSuchFieldException, IllegalAccessException { assertThat(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN)).isTrue(); assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isFalse(); @@ -45,7 +46,7 @@ class TaskEngineAccTest extends AbstractAccTest { @WithAccessId(user = "user_1_1") // , groupNames = {"businessadmin"}) @Test - void testUser() { + void should_ThrowException_When_CheckingNormalUserForAdminRoles() throws NotAuthorizedException { assertThat(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN)).isFalse(); assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isFalse(); ThrowingCallable call = () -> taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN); @@ -54,15 +55,24 @@ class TaskEngineAccTest extends AbstractAccTest { @WithAccessId(user = "user_1_1", groups = "businessadmin") @Test - void testBusinessAdmin() throws NotAuthorizedException { + void should_ConfirmBusinessAdminRole_When_AccessIdIsBusinessAdmin() + throws NotAuthorizedException { assertThat(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN)).isTrue(); assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isFalse(); taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN); } + @WithAccessId(user = "user_1_1", groups = "taskadmin") + @Test + void should_ConfirmTaskAdminRole_When_AccessIdIsTaskAdmin() throws NotAuthorizedException { + assertThat(taskanaEngine.isUserInRole(TaskanaRole.TASK_ADMIN)).isTrue(); + assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isFalse(); + taskanaEngine.checkRoleMembership(TaskanaRole.TASK_ADMIN); + } + @WithAccessId(user = "user_1_1", groups = "admin") @Test - void testAdmin() throws NotAuthorizedException { + void should_ConfirmAdminRole_When_AccessIdIsAdmin() throws NotAuthorizedException { assertThat(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN)).isFalse(); assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isTrue(); taskanaEngine.checkRoleMembership(TaskanaRole.ADMIN); diff --git a/lib/taskana-core/src/test/java/acceptance/task/CancelTaskAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/CancelTaskAccTest.java index bb6d38214..c556c4ba5 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/CancelTaskAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/CancelTaskAccTest.java @@ -17,9 +17,10 @@ import pro.taskana.task.api.TaskService; import pro.taskana.task.api.TaskState; import pro.taskana.task.api.exceptions.InvalidStateException; import pro.taskana.task.api.exceptions.TaskNotFoundException; +import pro.taskana.task.api.models.Task; import pro.taskana.task.api.models.TaskSummary; -/** Acceptance tests for all claim and complete scenarios. */ +/** Acceptance tests for all "cancel task" scenarios. */ @ExtendWith(JaasExtension.class) class CancelTaskAccTest extends AbstractAccTest { private TaskService taskService; @@ -55,6 +56,18 @@ class CancelTaskAccTest extends AbstractAccTest { assertThat(numTasks).isEqualTo(6); } + @WithAccessId(user = "taskadmin") + @Test + void should_CancelTask_When_NoExplicitPermissionsButUserIsInTaskAdminRole() + throws NotAuthorizedException, TaskNotFoundException, InvalidStateException { + + Task tasktoCancel = taskService.getTask("TKI:000000000000000000000000000000000001"); + assertThat(tasktoCancel.getState()).isEqualTo(TaskState.CLAIMED); + + Task cancelledTask = taskService.cancelTask(tasktoCancel.getId()); + assertThat(cancelledTask.getState()).isEqualTo(TaskState.CANCELLED); + } + @WithAccessId(user = "user_1_2", groups = "group_1") @Test void testCancelClaimedTask() diff --git a/lib/taskana-core/src/test/java/acceptance/task/CompleteTaskAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/CompleteTaskAccTest.java index 08819b991..7c22ff957 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/CompleteTaskAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/CompleteTaskAccTest.java @@ -49,6 +49,22 @@ class CompleteTaskAccTest extends AbstractAccTest { assertThat(completedTask.getModified()).isNotEqualTo(completedTask.getCreated()); } + @WithAccessId(user = "taskadmin") + @Test + void should_ForceCompleteTask_When_NoExplicitPermissionsButUserIsInTaskAdminRole() + throws TaskNotFoundException, InvalidStateException, InvalidOwnerException, + NotAuthorizedException { + TaskService taskService = taskanaEngine.getTaskService(); + + assertThat(taskService.getTask("TKI:000000000000000000000000000000000000").getState()) + .isEqualTo(TaskState.CLAIMED); + Task completedTask = taskService.forceCompleteTask("TKI:000000000000000000000000000000000000"); + assertThat(completedTask).isNotNull(); + assertThat(completedTask.getCompleted()).isNotNull(); + assertThat(completedTask.getState()).isEqualTo(TaskState.COMPLETED); + assertThat(completedTask.getModified()).isNotEqualTo(completedTask.getCreated()); + } + @WithAccessId(user = "user_1_1", groups = "group_1") @Test void testCompleteTaskTwice() diff --git a/lib/taskana-core/src/test/java/acceptance/task/CreateTaskAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/CreateTaskAccTest.java index 408c5e7d4..02270ce19 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/CreateTaskAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/CreateTaskAccTest.java @@ -109,6 +109,24 @@ class CreateTaskAccTest extends AbstractAccTest { assertThat(createdTask.isTransferred()).isFalse(); } + @WithAccessId(user = "taskadmin") + @Test + void should_CreateTask_When_NoExplicitPermissionsButUserIsInTaskAdminRole() + throws TaskAlreadyExistException, InvalidArgumentException, WorkbasketNotFoundException, + NotAuthorizedException, ClassificationNotFoundException { + + Task newTask = taskService.newTask("USER_1_1", "DOMAIN_A"); + newTask.setClassificationKey("T2100"); + ObjectReference objectReference = + createObjectReference("COMPANY_A", "SYSTEM_A", "INSTANCE_A", "VNR", "1234567"); + newTask.setPrimaryObjRef(objectReference); + newTask.setOwner("taskadmin"); + Task createdTask = taskService.createTask(newTask); + + assertThat(createdTask).isNotNull(); + assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + } + @WithAccessId(user = "user_1_1", groups = "group_1") @Test void testCreateTaskWithPlanned() diff --git a/lib/taskana-core/src/test/java/acceptance/task/DeleteTaskAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/DeleteTaskAccTest.java index cf4e5824d..596bc9360 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/DeleteTaskAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/DeleteTaskAccTest.java @@ -60,6 +60,19 @@ class DeleteTaskAccTest extends AbstractAccTest { assertThatThrownBy(call).isInstanceOf(TaskNotFoundException.class); } + @WithAccessId(user = "taskadmin") + @Test + void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToDeleteTask() { + + TaskService taskService = taskanaEngine.getTaskService(); + + ThrowingCallable deleteTaskCall = + () -> { + taskService.deleteTask("TKI:000000000000000000000000000000000041"); + }; + assertThatThrownBy(deleteTaskCall).isInstanceOf(NotAuthorizedException.class); + } + @WithAccessId( user = "user_1_2", groups = {"group_1", "admin"}) diff --git a/lib/taskana-core/src/test/java/acceptance/task/DeleteTaskCommentAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/DeleteTaskCommentAccTest.java index 09610c41a..2b81bfdc8 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/DeleteTaskCommentAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/DeleteTaskCommentAccTest.java @@ -53,18 +53,38 @@ public class DeleteTaskCommentAccTest extends AbstractAccTest { TaskService taskService = taskanaEngine.getTaskService(); List taskComments = - taskService.getTaskComments("TKI:000000000000000000000000000000000002"); - assertThat(taskComments).hasSize(2); + taskService.getTaskComments("TKI:000000000000000000000000000000000000"); + assertThat(taskComments).hasSize(3); ThrowingCallable lambda = - () -> taskService.deleteTaskComment("TCI:000000000000000000000000000000000005"); + () -> taskService.deleteTaskComment("TCI:000000000000000000000000000000000000"); assertThatThrownBy(lambda).isInstanceOf(NotAuthorizedException.class); // make sure the task comment was not deleted List taskCommentsAfterDeletion = + taskService.getTaskComments("TKI:000000000000000000000000000000000000"); + assertThat(taskCommentsAfterDeletion).hasSize(3); + } + + @WithAccessId(user = "taskadmin") + @Test + void should_DeleteTaskComment_When_NoExplicitPermissionsButUserIsInTaskAdminRole() + throws NotAuthorizedException, TaskNotFoundException, TaskCommentNotFoundException, + InvalidArgumentException { + + TaskService taskService = taskanaEngine.getTaskService(); + + List taskComments = taskService.getTaskComments("TKI:000000000000000000000000000000000002"); - assertThat(taskCommentsAfterDeletion).hasSize(2); + assertThat(taskComments).hasSize(2); + + taskService.deleteTaskComment("TCI:000000000000000000000000000000000006"); + + // make sure the task comment was deleted + List taskCommentsAfterDeletion = + taskService.getTaskComments("TKI:000000000000000000000000000000000002"); + assertThat(taskCommentsAfterDeletion).hasSize(1); } @WithAccessId(user = "user_1_1", groups = "group_1") @@ -75,8 +95,8 @@ public class DeleteTaskCommentAccTest extends AbstractAccTest { TaskService taskService = taskanaEngine.getTaskService(); List taskComments = - taskService.getTaskComments("TKI:000000000000000000000000000000000002"); - assertThat(taskComments).hasSize(2); + taskService.getTaskComments("TKI:000000000000000000000000000000000000"); + assertThat(taskComments).hasSize(3); assertThatThrownBy(() -> taskService.deleteTaskComment("")) .isInstanceOf(InvalidArgumentException.class); @@ -86,8 +106,8 @@ public class DeleteTaskCommentAccTest extends AbstractAccTest { // make sure that no task comment was deleted List taskCommentsAfterDeletion = - taskService.getTaskComments("TKI:000000000000000000000000000000000002"); - assertThat(taskCommentsAfterDeletion).hasSize(2); + taskService.getTaskComments("TKI:000000000000000000000000000000000000"); + assertThat(taskCommentsAfterDeletion).hasSize(3); } @WithAccessId(user = "user_1_1", groups = "group_1") @@ -98,15 +118,15 @@ public class DeleteTaskCommentAccTest extends AbstractAccTest { TaskService taskService = taskanaEngine.getTaskService(); List taskComments = - taskService.getTaskComments("TKI:000000000000000000000000000000000002"); - assertThat(taskComments).hasSize(2); + taskService.getTaskComments("TKI:000000000000000000000000000000000000"); + assertThat(taskComments).hasSize(3); ThrowingCallable lambda = () -> taskService.deleteTaskComment("non existing task comment id"); assertThatThrownBy(lambda).isInstanceOf(TaskCommentNotFoundException.class); // make sure the task comment was not deleted List taskCommentsAfterDeletion = - taskService.getTaskComments("TKI:000000000000000000000000000000000002"); - assertThat(taskCommentsAfterDeletion).hasSize(2); + taskService.getTaskComments("TKI:000000000000000000000000000000000000"); + assertThat(taskCommentsAfterDeletion).hasSize(3); } } diff --git a/lib/taskana-core/src/test/java/acceptance/task/GetTaskAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/GetTaskAccTest.java index 3edd3b8a2..8bc6e7462 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/GetTaskAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/GetTaskAccTest.java @@ -28,7 +28,7 @@ class GetTaskAccTest extends AbstractAccTest { @WithAccessId(user = "user_1_1", groups = "group_1") @Test - void testGetTaskById() + void should_ReturnTask_When_RequestingTaskByTaskId() throws TaskNotFoundException, NotAuthorizedException, InvalidArgumentException { TaskService taskService = taskanaEngine.getTaskService(); @@ -81,7 +81,7 @@ class GetTaskAccTest extends AbstractAccTest { @WithAccessId(user = "user_1_1", groups = "group_1") @Test - void testGetTaskByIdNotExisting() { + void should_ThrowException_When_RequestedTaskByIdIsNotExisting() { TaskService taskService = taskanaEngine.getTaskService(); // Assertions.assertThrows(TaskNotFoundException.class, () -> @@ -92,4 +92,29 @@ class GetTaskAccTest extends AbstractAccTest { }; assertThatThrownBy(call).isInstanceOf(TaskNotFoundException.class); } + + @WithAccessId(user = "user_1_2") + @Test + void should_ThrowException_When_UserIsNotAuthorizedToGetTask() + throws NotAuthorizedException, TaskNotFoundException { + + TaskService taskService = taskanaEngine.getTaskService(); + + ThrowingCallable getTaskCall = + () -> { + taskService.getTask("TKI:000000000000000000000000000000000000"); + }; + assertThatThrownBy(getTaskCall).isInstanceOf(NotAuthorizedException.class); + } + + @WithAccessId(user = "taskadmin") + @Test + void should_ReturnTask_When_NoExplicitPermissionsButUserIsInTaskAdminRole() + throws NotAuthorizedException, TaskNotFoundException { + + TaskService taskService = taskanaEngine.getTaskService(); + + Task task = taskService.getTask("TKI:000000000000000000000000000000000000"); + assertThat(task).isNotNull(); + } } diff --git a/lib/taskana-core/src/test/java/acceptance/task/SetOwnerAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/SetOwnerAccTest.java index 6aae4dc18..c9b09347d 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/SetOwnerAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/SetOwnerAccTest.java @@ -33,7 +33,7 @@ import pro.taskana.task.api.exceptions.TaskNotFoundException; import pro.taskana.task.api.models.Task; import pro.taskana.task.api.models.TaskSummary; -/** Acceptance test for all "update task" scenarios. */ +/** Acceptance test for all "set owner" scenarios. */ @ExtendWith(JaasExtension.class) public class SetOwnerAccTest extends AbstractAccTest { diff --git a/lib/taskana-core/src/test/java/acceptance/task/TerminateTaskAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/TerminateTaskAccTest.java index ff9f3ed40..03dbf0c13 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/TerminateTaskAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/TerminateTaskAccTest.java @@ -20,7 +20,7 @@ import pro.taskana.task.api.exceptions.InvalidStateException; import pro.taskana.task.api.exceptions.TaskNotFoundException; import pro.taskana.task.api.models.TaskSummary; -/** Acceptance tests for all claim and complete scenarios. */ +/** Acceptance tests for "terminate task" scenarios. */ @ExtendWith(JaasExtension.class) class TerminateTaskAccTest extends AbstractAccTest { private static TaskService taskService; @@ -37,7 +37,7 @@ class TerminateTaskAccTest extends AbstractAccTest { @WithAccessId(user = "user_1_1", groups = "group_1") @Test - void testQueryTerminatedTasks() { + void should_ReturnAllTerminatedTasks_When_QueryTerminatedState() { List taskSummaries = taskService.createTaskQuery().stateIn(TaskState.TERMINATED).list(); assertThat(taskSummaries).hasSize(5); @@ -45,7 +45,7 @@ class TerminateTaskAccTest extends AbstractAccTest { @WithAccessId(user = "admin", groups = "group_1") @Test - void testTerminateReadyTask() + void should_TerminateTask_When_TaskStateIsReady() throws NotAuthorizedException, TaskNotFoundException, InvalidStateException { List taskSummaries = taskService.createTaskQuery().stateIn(TaskState.READY).list(); assertThat(taskSummaries).hasSize(47); @@ -56,38 +56,48 @@ class TerminateTaskAccTest extends AbstractAccTest { assertThat(numTasks).isEqualTo(6); } - @WithAccessId(user = "user_1_2", groups = "group_1") + @WithAccessId(user = "taskadmin", groups = "group_1") @Test - void testTerminateClaimedTask() + void should_TerminateTask_When_TaskStateIsClaimed() throws NotAuthorizedException, TaskNotFoundException, InvalidStateException { List taskSummaries = taskService.createTaskQuery().stateIn(TaskState.CLAIMED).list(); - assertThat(taskSummaries).hasSize(16); + assertThat(taskSummaries.size()).isEqualTo(19); long numTasksTerminated = taskService.createTaskQuery().stateIn(TaskState.TERMINATED).count(); assertThat(numTasksTerminated).isEqualTo(5); taskService.terminateTask(taskSummaries.get(0).getId()); long numTasksClaimed = taskService.createTaskQuery().stateIn(TaskState.CLAIMED).count(); - assertThat(numTasksClaimed).isEqualTo(15); + assertThat(numTasksClaimed).isEqualTo(18); numTasksTerminated = taskService.createTaskQuery().stateIn(TaskState.TERMINATED).count(); assertThat(numTasksTerminated).isEqualTo(6); } - @WithAccessId(user = "user_1_2", groups = "group_1") + @WithAccessId(user = "taskadmin", groups = "group_1") @Test - void testTerminateCompletedTask() { + void should_ThrowException_When_TerminateTaskWithTaskStateCompleted() { List taskSummaries = taskService.createTaskQuery().stateIn(TaskState.COMPLETED).list(); - assertThat(taskSummaries).hasSize(6); + assertThat(taskSummaries.size()).isEqualTo(7); ThrowingCallable taskanaCall = () -> taskService.terminateTask(taskSummaries.get(0).getId()); assertThatThrownBy(taskanaCall).isInstanceOf(InvalidStateException.class); } - @WithAccessId(user = "user_1_2", groups = "group_1") + @WithAccessId(user = "user_1_2") @Test - void testTerminateTerminatedTask() { + void should_ThrowException_When_UserIsNotAdmin() { + + ThrowingCallable taskanaCall = + () -> taskService.terminateTask("TKI:000000000000000000000000000000000000"); + + assertThatThrownBy(taskanaCall).isInstanceOf(NotAuthorizedException.class); + } + + @WithAccessId(user = "taskadmin", groups = "group_1") + @Test + void should_ThrowException_When_TerminateTaskWithTaskStateTerminated() { List taskSummaries = taskService.createTaskQuery().stateIn(TaskState.TERMINATED).list(); assertThat(taskSummaries).hasSize(5); @@ -96,9 +106,9 @@ class TerminateTaskAccTest extends AbstractAccTest { assertThatThrownBy(taskanaCall).isInstanceOf(InvalidStateException.class); } - @WithAccessId(user = "user_1_2", groups = "group_1") + @WithAccessId(user = "taskadmin", groups = "group_1") @Test - void testTerminateCancelledTask() { + void should_ThrowException_When_TerminateTaskWithTaskStateCancelled() { List taskSummaries = taskService.createTaskQuery().stateIn(TaskState.CANCELLED).list(); assertThat(taskSummaries).hasSize(5); diff --git a/lib/taskana-core/src/test/java/acceptance/task/TransferTaskAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/TransferTaskAccTest.java index 3f988ac69..fcd271563 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/TransferTaskAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/TransferTaskAccTest.java @@ -28,7 +28,9 @@ import pro.taskana.task.api.models.Task; import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException; import pro.taskana.workbasket.api.models.Workbasket; -/** Acceptance test for all "transfer task" scenarios. */ +/** + * Acceptance test for all "transfer task" scenarios. + */ @ExtendWith(JaasExtension.class) class TransferTaskAccTest extends AbstractAccTest { @@ -38,9 +40,29 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "teamlead_1", groups = "group_1") @Test - void testTransferTaskToWorkbasketId() + void should_TransferTaskToWorkbasket_When_WorkbasketIdIsProvided() throws NotAuthorizedException, WorkbasketNotFoundException, TaskNotFoundException, - InvalidStateException, InvalidOwnerException { + InvalidStateException, InvalidOwnerException { + TaskService taskService = taskanaEngine.getTaskService(); + Task task = taskService.getTask("TKI:000000000000000000000000000000000003"); + taskService.claim(task.getId()); + taskService.setTaskRead(task.getId(), true); + + taskService.transfer(task.getId(), "WBI:100000000000000000000000000000000006"); + + Task transferredTask = taskService.getTask("TKI:000000000000000000000000000000000003"); + assertThat(transferredTask).isNotNull(); + assertThat(transferredTask.isTransferred()).isTrue(); + assertThat(transferredTask.isRead()).isFalse(); + assertThat(transferredTask.getState()).isEqualTo(TaskState.READY); + } + + @WithAccessId( + user = "taskadmin") + @Test + void should_TransferTask_When_NoExplicitPermissionsButUserIsInTaskAdminRole() + throws NotAuthorizedException, WorkbasketNotFoundException, TaskNotFoundException, + InvalidStateException, InvalidOwnerException { TaskService taskService = taskanaEngine.getTaskService(); Task task = taskService.getTask("TKI:000000000000000000000000000000000003"); taskService.claim(task.getId()); @@ -57,9 +79,9 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "teamlead_1", groups = "group_1") @Test - void testTransferTaskToWorkbasketKeyDomain() + void should_TransferTaskToWorkbasket_When_WorkbasketKeyAndDomainIsProvided() throws NotAuthorizedException, WorkbasketNotFoundException, TaskNotFoundException, - InvalidStateException, InvalidOwnerException { + InvalidStateException, InvalidOwnerException { TaskService taskService = taskanaEngine.getTaskService(); Task task = taskService.getTask("TKI:000000000000000000000000000000000003"); taskService.claim(task.getId()); @@ -76,9 +98,9 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "user_1_1", groups = "group_1") @Test - void testDomainChangingWhenTransferTask() + void should_ChangeDomain_When_TransferingTaskToWorkbasketWithDifferentDomain() throws NotAuthorizedException, WorkbasketNotFoundException, TaskNotFoundException, - InvalidStateException { + InvalidStateException { TaskService taskService = taskanaEngine.getTaskService(); Task task = taskService.getTask("TKI:000000000000000000000000000000000000"); String domain1 = task.getDomain(); @@ -91,7 +113,7 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "user_1_1", groups = "group_1") @Test - void testThrowsExceptionIfTransferWithNoTransferAuthorization() + void should_ThrowException_When_UserHasNoTransferAuthorization() throws NotAuthorizedException, TaskNotFoundException { TaskService taskService = taskanaEngine.getTaskService(); Task task = taskService.getTask("TKI:000000000000000000000000000000000001"); @@ -105,9 +127,9 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "teamlead_1", groups = "group_1") @Test - void testTransferDestinationWorkbasketDoesNotExist() + void should_ThrowException_When_DestinationWorkbasketDoesNotExist() throws NotAuthorizedException, TaskNotFoundException, InvalidStateException, - InvalidOwnerException { + InvalidOwnerException { TaskService taskService = taskanaEngine.getTaskService(); Task task = taskService.getTask("TKI:000000000000000000000000000000000003"); taskService.claim(task.getId()); @@ -122,7 +144,7 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "teamlead_1", groups = "group_1") @Test - void testTransferTaskDoesNotExist() { + void should_ThrowException_When_TaskToTransferDoesNotExist() { TaskService taskService = taskanaEngine.getTaskService(); ThrowingCallable call = @@ -134,21 +156,7 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "teamlead_1", groups = "teamlead_1") @Test - void testTransferNotAuthorizationOnWorkbasketTransfer() { - TaskService taskService = taskanaEngine.getTaskService(); - - ThrowingCallable call = - () -> { - taskService.transfer( - "TKI:200000000000000000000000000000000007", - "WBI:100000000000000000000000000000000006"); - }; - assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class); - } - - @WithAccessId(user = "teamlead_1", groups = "group_1") - @Test - void testThrowsExceptionIfTaskIsAlreadyCompleted() + void should_ThrowException_When_TaskToTransferIsAlreadyCompleted() throws NotAuthorizedException, TaskNotFoundException { TaskService taskService = taskanaEngine.getTaskService(); Task task = taskService.getTask("TKI:100000000000000000000000000000000006"); @@ -162,7 +170,7 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "user_1_1", groups = "group_1") @Test - void testThrowsExceptionIfTransferWithNoAppendAuthorization() + void should_ThrowException_When_TransferWithNoAppendAuthorization() throws NotAuthorizedException, TaskNotFoundException { TaskService taskService = taskanaEngine.getTaskService(); Task task = taskService.getTask("TKI:000000000000000000000000000000000002"); @@ -176,9 +184,9 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "teamlead_1", groups = "group_1") @Test - void testBulkTransferTaskToWorkbasketById() + void should_BulkTransferTasks_When_WorkbasketIdIsProvided() throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException, - TaskNotFoundException { + TaskNotFoundException { final Instant before = Instant.now(); TaskService taskService = taskanaEngine.getTaskService(); ArrayList taskIdList = new ArrayList<>(); @@ -213,9 +221,9 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "teamlead_1", groups = "group_1") @Test - void testBulkTransferTaskWithExceptions() + void should_BulkTransferOnlyValidTasks_When_SomeTasksToTransferCauseExceptions() throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException, - TaskNotFoundException { + TaskNotFoundException { TaskService taskService = taskanaEngine.getTaskService(); final Workbasket wb = taskanaEngine.getWorkbasketService().getWorkbasket("USER_1_1", "DOMAIN_A"); @@ -273,7 +281,7 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "teamlead_1") @Test - void testBulkTransferTaskWithoutAppendPermissionOnTarget() { + void should_ThrowException_When_BulkTransferTasksWithoutAppendPermissionOnTarget() { TaskService taskService = taskanaEngine.getTaskService(); ArrayList taskIdList = new ArrayList<>(); taskIdList.add("TKI:000000000000000000000000000000000006"); // working @@ -290,7 +298,7 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "teamlead_1", groups = "group_1") @Test - void testTransferTasksWithListNotSupportingRemove() + void should_TransferTasks_When_TransferTasksWithListNotSupportingRemove() throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException { TaskService taskService = taskanaEngine.getTaskService(); List taskIds = Collections.singletonList("TKI:000000000000000000000000000000000006"); @@ -299,7 +307,7 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "teamlead_1", groups = "group_1") @Test - void testTransferTasksWithInvalidTasksIdList() { + void should_ThrowException_When_TransferTasksWithInvalidTasksIdList() { TaskService taskService = taskanaEngine.getTaskService(); // test with invalid list @@ -324,7 +332,7 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "teamlead_1", groups = "group_1") @Test - void testThrowsExceptionIfEmptyListIsSupplied() { + void should_ThrowException_When_TransferEmptyTaskIdList() { TaskService taskService = taskanaEngine.getTaskService(); List taskIds = new ArrayList<>(); ThrowingCallable call = @@ -336,9 +344,9 @@ class TransferTaskAccTest extends AbstractAccTest { @WithAccessId(user = "teamlead_1", groups = "group_1") @Test - void testBulkTransferByWorkbasketAndDomainByKey() + void should_BulkTransferTasks_When_WorkbasketKeyAndDomainIsProvided() throws WorkbasketNotFoundException, NotAuthorizedException, InvalidArgumentException, - TaskNotFoundException { + TaskNotFoundException { final Instant before = Instant.now(); TaskService taskService = taskanaEngine.getTaskService(); List taskIdList = new ArrayList<>(); diff --git a/lib/taskana-core/src/test/java/acceptance/workbasket/CreateWorkbasketAccTest.java b/lib/taskana-core/src/test/java/acceptance/workbasket/CreateWorkbasketAccTest.java index 98296df55..1370f2d27 100644 --- a/lib/taskana-core/src/test/java/acceptance/workbasket/CreateWorkbasketAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/workbasket/CreateWorkbasketAccTest.java @@ -76,6 +76,20 @@ class CreateWorkbasketAccTest extends AbstractAccTest { assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class); } + @WithAccessId(user = "taskadmin") + @Test + void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToCreateWorkbasket() { + WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); + + Workbasket workbasket = workbasketService.newWorkbasket("NT1234", "DOMAIN_A"); + workbasket.setName("new workbasket"); + workbasket.setType(WorkbasketType.GROUP); + workbasket.setOrgLevel1("company"); + + ThrowingCallable createWorkbasketCall = () -> workbasketService.createWorkbasket(workbasket); + assertThatThrownBy(createWorkbasketCall).isInstanceOf(NotAuthorizedException.class); + } + @WithAccessId( user = "teamlead_1", groups = {"group_1", "businessadmin"}) diff --git a/lib/taskana-core/src/test/java/acceptance/workbasket/DeleteWorkbasketAccTest.java b/lib/taskana-core/src/test/java/acceptance/workbasket/DeleteWorkbasketAccTest.java index c9a892c51..c79ccf21c 100644 --- a/lib/taskana-core/src/test/java/acceptance/workbasket/DeleteWorkbasketAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/workbasket/DeleteWorkbasketAccTest.java @@ -67,7 +67,32 @@ class DeleteWorkbasketAccTest extends AbstractAccTest { assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class); } - @WithAccessId(user = "elena") + @WithAccessId(user = "taskadmin") + @Test + void + should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToDeleteWorkbasketByKeyAndDomain() { + + ThrowingCallable deleteWorkbasketCall = + () -> { + Workbasket wb = workbasketService.getWorkbasket("TEAMLEAD_2", "DOMAIN_A"); + workbasketService.deleteWorkbasket(wb.getId()); + }; + assertThatThrownBy(deleteWorkbasketCall).isInstanceOf(NotAuthorizedException.class); + } + + @WithAccessId(user = "taskadmin") + @Test + void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToDeleteWorkbasketById() { + + ThrowingCallable deleteWorkbasketCall = + () -> { + Workbasket wb = + workbasketService.getWorkbasket("WBI:100000000000000000000000000000000005"); + workbasketService.deleteWorkbasket(wb.getId()); + }; + assertThatThrownBy(deleteWorkbasketCall).isInstanceOf(NotAuthorizedException.class); + } + @Test void testGetWorkbasketNotAuthorized() { diff --git a/lib/taskana-core/src/test/java/acceptance/workbasket/DistributionTargetsAccTest.java b/lib/taskana-core/src/test/java/acceptance/workbasket/DistributionTargetsAccTest.java index d0e722656..3168632ba 100644 --- a/lib/taskana-core/src/test/java/acceptance/workbasket/DistributionTargetsAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/workbasket/DistributionTargetsAccTest.java @@ -308,6 +308,62 @@ class DistributionTargetsAccTest extends AbstractAccTest { assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class); } + @WithAccessId(user = "taskadmin") + @Test + void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToGetWorkbasketDistTargets() { + WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); + + ThrowingCallable retrieveWorkbasketDistributionTargetsCall = + () -> { + List ws = + workbasketService.getDistributionSources("WBI:100000000000000000000000000000000004"); + }; + assertThatThrownBy(retrieveWorkbasketDistributionTargetsCall) + .isInstanceOf(NotAuthorizedException.class); + } + + @WithAccessId(user = "taskadmin") + @Test + void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToSetWorkbasketDistTargets() { + WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); + + ThrowingCallable call = + () -> { + workbasketService.setDistributionTargets( + "WBI:100000000000000000000000000000000004", + Arrays.asList("WBI:100000000000000000000000000000000002")); + }; + assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class); + } + + @WithAccessId(user = "taskadmin") + @Test + void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToAddWorkbasketDistTarget() { + WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); + + ThrowingCallable call = + () -> { + workbasketService.addDistributionTarget( + "WBI:100000000000000000000000000000000004", + "WBI:100000000000000000000000000000000002"); + }; + assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class); + } + + @WithAccessId(user = "taskadmin") + @Test + void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToRemoveWorkbasketDistTarget() { + WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); + + ThrowingCallable call = + () -> { + workbasketService.removeDistributionTarget( + "WBI:100000000000000000000000000000000004", + "WBI:100000000000000000000000000000000002"); + }; + assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class); + } + @WithAccessId( user = "user_2_2", groups = {"group_1", "group_2"}) diff --git a/lib/taskana-core/src/test/java/acceptance/workbasket/GetWorkbasketAccTest.java b/lib/taskana-core/src/test/java/acceptance/workbasket/GetWorkbasketAccTest.java index 2d1e14571..97020c5fd 100644 --- a/lib/taskana-core/src/test/java/acceptance/workbasket/GetWorkbasketAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/workbasket/GetWorkbasketAccTest.java @@ -51,6 +51,33 @@ class GetWorkbasketAccTest extends AbstractAccTest { assertThat(workbasket.getCustom4()).isEqualTo("custom4"); } + @WithAccessId(user = "taskadmin") + @Test + void should_ReturnWorkbasketByKeyAndDomain_When_NoExplicitPermissionsButUserIsInTaskAdminRole() + throws NotAuthorizedException, WorkbasketNotFoundException { + + WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); + + Workbasket retrievedWorkbasket = + workbasketService.getWorkbasket("WBI:100000000000000000000000000000000007"); + + assertThat(retrievedWorkbasket).isNotNull(); + assertThat(retrievedWorkbasket.getOwner()).isEqualTo("Peter Maier"); + } + + @WithAccessId(user = "taskadmin") + @Test + void should_ReturnWorkbasketById_When_NoExplicitPermissionsButUserIsInTaskAdminRole() + throws NotAuthorizedException, WorkbasketNotFoundException { + + WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); + + Workbasket retrievedWorkbasket = workbasketService.getWorkbasket("USER_1_2", "DOMAIN_A"); + assertThat(retrievedWorkbasket.getOwner()).isEqualTo("Peter Maier"); + + assertThat(retrievedWorkbasket).isNotNull(); + } + @WithAccessId(user = "user_1_1", groups = "group_1") @Test void testGetWorkbasketByKeyAndDomain() diff --git a/lib/taskana-core/src/test/java/acceptance/workbasket/UpdateWorkbasketAccTest.java b/lib/taskana-core/src/test/java/acceptance/workbasket/UpdateWorkbasketAccTest.java index 36c8ca0f3..749606ed3 100644 --- a/lib/taskana-core/src/test/java/acceptance/workbasket/UpdateWorkbasketAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/workbasket/UpdateWorkbasketAccTest.java @@ -111,4 +111,18 @@ public class UpdateWorkbasketAccTest extends AbstractAccTest { assertThatThrownBy(() -> workbasketService.updateWorkbasket(workbasket)) .isInstanceOf(NotAuthorizedException.class); } + + @WithAccessId(user = "taskadmin") + @Test + public void should_ThrowException_When_UserIsTaskAdminAndNotAuthorizedToUpdateWorkbasket() + throws NotAuthorizedException, WorkbasketNotFoundException { + + WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); + Workbasket workbasket = workbasketService.getWorkbasket("USER_1_1", "DOMAIN_A"); + + workbasket.setName("updated workbasket name"); + + assertThatThrownBy(() -> workbasketService.updateWorkbasket(workbasket)) + .isInstanceOf(NotAuthorizedException.class); + } } diff --git a/lib/taskana-core/src/test/java/acceptance/workbasket/UpdateWorkbasketAuthorizationsAccTest.java b/lib/taskana-core/src/test/java/acceptance/workbasket/UpdateWorkbasketAuthorizationsAccTest.java index 9fd4323ac..e7e4bfb6b 100644 --- a/lib/taskana-core/src/test/java/acceptance/workbasket/UpdateWorkbasketAuthorizationsAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/workbasket/UpdateWorkbasketAuthorizationsAccTest.java @@ -28,7 +28,9 @@ import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException; import pro.taskana.workbasket.api.models.WorkbasketAccessItem; import pro.taskana.workbasket.internal.models.WorkbasketAccessItemImpl; -/** Acceptance test for all "update workbasket" scenarios. */ +/** + * Acceptance test for all "update workbasket" scenarios. + */ @ExtendWith(JaasExtension.class) class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest { @@ -36,13 +38,81 @@ class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest { super(); } + @WithAccessId(user = "taskadmin") + @Test + public void should_ThrowException_When_TaskAdminTriesToGetWorkbasketAccItem() { + + final WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); + + ThrowingCallable retrieveWorkbasketAccessItemCall = + () -> { + workbasketService.getWorkbasketAccessItems("WBI:100000000000000000000000000000000008"); + }; + + assertThatThrownBy(retrieveWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class); + } + + @WithAccessId(user = "taskadmin") + @Test + public void should_ThrowException_When_TaskAdminTriesToDeleteWorkbasketAccItemById() { + + final WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); + + ThrowingCallable deleteWorkbasketAccessItemCall = + () -> { + workbasketService.deleteWorkbasketAccessItemsForAccessId("group_1"); + }; + + assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class); + } + + @WithAccessId(user = "taskadmin") + @Test + public void should_ThrowException_When_TaskAdminTriesToDeleteWorkbasketAccessItemByAccessId() { + + final WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); + + WorkbasketAccessItem workbasketAccessItem = + workbasketService.newWorkbasketAccessItem( + "WBI:100000000000000000000000000000000008", "newAccessIdForUpdate"); + + workbasketAccessItem.setPermCustom1(true); + + ThrowingCallable deleteWorkbasketAccessItemCall = + () -> { + workbasketService.deleteWorkbasketAccessItem(workbasketAccessItem.getId()); + }; + + assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class); + } + + @WithAccessId(user = "taskadmin") + @Test + public void should_ThrowException_When_TaskAdminTriesToUpdateWorkbasketAccItem() { + + final WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); + + WorkbasketAccessItem workbasketAccessItem = + workbasketService.newWorkbasketAccessItem( + "WBI:100000000000000000000000000000000008", "newAccessIdForUpdate"); + + workbasketAccessItem.setPermCustom1(true); + + ThrowingCallable updateWorkbasketAccessItemCall = + () -> { + workbasketService.updateWorkbasketAccessItem(workbasketAccessItem); + }; + + assertThatThrownBy(updateWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class); + } + @WithAccessId( user = "teamlead_1", groups = {"group_1", "businessadmin"}) @Test void testUpdateWorkbasketAccessItemSucceeds() throws InvalidArgumentException, NotAuthorizedException, WorkbasketNotFoundException, - WorkbasketAccessItemAlreadyExistException { + WorkbasketAccessItemAlreadyExistException { WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); WorkbasketAccessItem accessItem = workbasketService.newWorkbasketAccessItem( @@ -78,7 +148,7 @@ class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest { @Test void testUpdateWorkbasketAccessItemRejected() throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException, - WorkbasketAccessItemAlreadyExistException { + WorkbasketAccessItemAlreadyExistException { WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); WorkbasketAccessItem accessItem = workbasketService.newWorkbasketAccessItem( @@ -127,7 +197,7 @@ class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest { @Test void testUpdatedAccessItemLeadsToNotAuthorizedException() throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException, - ClassificationNotFoundException, TaskAlreadyExistException { + ClassificationNotFoundException, TaskAlreadyExistException { TaskService taskService = taskanaEngine.getTaskService(); final WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); diff --git a/lib/taskana-core/src/test/resources/taskana.properties b/lib/taskana-core/src/test/resources/taskana.properties index 73712b866..253ee3eea 100644 --- a/lib/taskana-core/src/test/resources/taskana.properties +++ b/lib/taskana-core/src/test/resources/taskana.properties @@ -2,6 +2,7 @@ taskana.roles.user=group1 | group2|teamlead_1 | teamlead_2 |user_1_1| user_1_1| taskana.roles.Admin=name=konrad,Organisation=novatec|admin taskana.roles.businessadmin=max|Moritz|businessadmin taskana.roles.monitor=john|teamlead_2 | monitor +taskana.roles.taskadmin=peter | taskadmin taskana.domains=Domain_A , DOMAIN_B taskana.classification.types=TASK , document taskana.classification.categories.task=EXTERNAL, manual, autoMAtic, Process diff --git a/lib/taskana-data/src/main/resources/sql/test-data/task.sql b/lib/taskana-data/src/main/resources/sql/test-data/task.sql index 6ae79f111..d0ff6e94e 100644 --- a/lib/taskana-data/src/main/resources/sql/test-data/task.sql +++ b/lib/taskana-data/src/main/resources/sql/test-data/task.sql @@ -46,6 +46,7 @@ INSERT INTO TASK VALUES('TKI:000000000000000000000000000000000037', 'ETI:0000000 INSERT INTO TASK VALUES('TKI:000000000000000000000000000000000038', 'ETI:000000000000000000000000000000000038', '2018-01-29 15:55:24', '2018-01-30 15:55:24', '2018-01-30 16:55:24', '2018-01-30 16:55:24', '2018-01-29 15:55:00', '2018-01-30 15:55:00', 'Widerruf' , 'creator_user_id' , 'Widerruf' , null , 2 , 'COMPLETED' , 'EXTERN' , 'L1050' , 'CLI:100000000000000000000000000000000003', 'WBI:100000000000000000000000000000000007' , 'USER_1_2' , 'DOMAIN_A', 'PI_0000000000038' , 'DOC_0000000000000000038' , 'user_1_2' , '00' , 'PASystem' , '00' , 'SDNR' , '00011122' , true , false , null , 'NONE' , null , null , null , null , null , 'al' , '11' , null , null , null , null , null , null , null , 'abc' , null , null ); INSERT INTO TASK VALUES('TKI:000000000000000000000000000000000039', 'ETI:000000000000000000000000000000000039', '2018-01-29 15:55:24', '2018-01-30 15:55:24', '2018-01-30 16:55:24', '2018-01-30 16:55:24', '2018-01-29 15:55:00', '2018-01-30 15:55:00', 'Widerruf' , 'creator_user_id' , 'Widerruf' , null , 2 , 'COMPLETED' , 'EXTERN' , 'L1050' , 'CLI:100000000000000000000000000000000003', 'WBI:100000000000000000000000000000000007' , 'USER_1_2' , 'DOMAIN_A', 'PI_0000000000039' , 'DOC_0000000000000000039' , 'user_1_2' , '00' , 'PASystem' , '00' , 'SDNR' , '00011122' , true , false , null , 'NONE' , null , null , null , null , null , null , null , null , null , null , null , null , null , null , 'abc' , null , null ); INSERT INTO TASK VALUES('TKI:000000000000000000000000000000000040', 'ETI:000000000000000000000000000000000040', '2018-01-29 15:55:24', '2018-01-30 15:55:24', '2018-01-30 16:55:24', '2018-01-30 16:55:24', '2018-01-29 15:55:00', '2018-01-30 15:55:00', 'Widerruf' , 'creator_user_id' , 'Widerruf' , null , 2 , 'COMPLETED' , 'EXTERN' , 'L1050' , 'CLI:100000000000000000000000000000000003', 'WBI:100000000000000000000000000000000007' , 'USER_1_2' , 'DOMAIN_A', 'PI_0000000000040' , 'DOC_0000000000000000040' , 'user_1_2' , '00' , 'PASystem' , '00' , 'SDNR' , '00011122' , true , false , null , 'NONE' , null , null , null , null , null , null , null , null , null , null , null , null , null , null , 'abc' , null , null ); + -- Tasks for QueryTasksWithSortingTest INSERT INTO TASK VALUES('TKI:000000000000000000000000000000000041', 'ETI:000000000000000000000000000000000041', '2018-01-29 15:55:00', '2018-01-30 15:55:00', null , '2018-01-30 15:55:00', '2018-01-29 15:55:00', '2018-01-30 15:55:00', 'Task99' , 'creator_user_id' , 'Lorem ipsum was n Quatsch dolor sit amet.', 'Some custom Note' , 1 , 'CLAIMED' , 'AUTOMATIC' , 'T6310' , 'CLI:000000000000000000000000000000000011', 'WBI:100000000000000000000000000000000015' , 'USER_3_2' , 'DOMAIN_B', 'BPI21' , 'PBPI21' , 'user_3_1' , 'MyCompany1', 'MySystem1', 'MyInstance1' , 'MyType1', 'MyValue1' , true , false , null , 'NONE' , null , null , null , null , null , null , null , null , null , null , null , null , null , null , 'abc' , null , null ); INSERT INTO TASK VALUES('TKI:000000000000000000000000000000000042', 'ETI:000000000000000000000000000000000042', '2018-01-29 15:55:01', '2018-01-30 15:55:00', null , '2018-01-30 15:55:01', '2018-01-29 15:55:00', '2018-01-30 15:55:00', 'Task01' , 'creator_user_id' , 'Lorem ipsum was n Quatsch dolor sit amet.', 'Some custom Note' , 2 , 'CLAIMED' , 'EXTERN' , 'L110102' , 'CLI:100000000000000000000000000000000005', 'WBI:100000000000000000000000000000000015' , 'USER_3_2' , 'DOMAIN_B', 'BPI21' , 'PBPI21' , 'user_3_1' , 'MyCompany1', 'MySystem1', 'MyInstance1' , 'MyType1', 'MyValue1' , true , false , null , 'NONE' , null , null , null , null , null , null , null , null , null , null , null , null , null , null , 'abc' , null , null ); diff --git a/lib/taskana-spring-example/src/main/resources/taskana.properties b/lib/taskana-spring-example/src/main/resources/taskana.properties index 17f46765d..1963bfae7 100644 --- a/lib/taskana-spring-example/src/main/resources/taskana.properties +++ b/lib/taskana-spring-example/src/main/resources/taskana.properties @@ -1,6 +1,7 @@ taskana.roles.user = group1 | group2|teamlead_1 | teamlead_2 |user_1_1| user_1_1| user_1_2| user_2_1| user_2_2| max|elena|simone taskana.roles.Admin=name=konrad,Organisation=novatec|admin taskana.roles.businessadmin=max|Moritz|businessadmin +taskana.roles.taskadmin=peter | taskadmin taskana.domains= Domain_A , DOMAIN_B taskana.classification.types= TASK , document diff --git a/rest/taskana-rest-spring-example-boot/src/main/resources/taskana.properties b/rest/taskana-rest-spring-example-boot/src/main/resources/taskana.properties index 965a11482..10d4943e2 100644 --- a/rest/taskana-rest-spring-example-boot/src/main/resources/taskana.properties +++ b/rest/taskana-rest-spring-example-boot/src/main/resources/taskana.properties @@ -2,6 +2,7 @@ taskana.roles.user = group1 | group2|teamlead_1 |teamlead_2 |user_1_1| user_1_1| taskana.roles.Admin=name=konrad,Organisation=novatec|admin taskana.roles.businessadmin=max|Moritz|businessadmin taskana.roles.monitor=john|teamlead_2 | monitor +taskana.roles.taskadmin=peter | taskadmin taskana.domains=DOMAIN_A,DOMAIN_B,DOMAIN_C taskana.classification.types=TASK,DOCUMENT taskana.classification.categories.task= EXTERNAL, manual, autoMAtic, Process diff --git a/rest/taskana-rest-spring-example-common/src/test/resources/taskana.properties b/rest/taskana-rest-spring-example-common/src/test/resources/taskana.properties index 965a11482..10d4943e2 100644 --- a/rest/taskana-rest-spring-example-common/src/test/resources/taskana.properties +++ b/rest/taskana-rest-spring-example-common/src/test/resources/taskana.properties @@ -2,6 +2,7 @@ taskana.roles.user = group1 | group2|teamlead_1 |teamlead_2 |user_1_1| user_1_1| taskana.roles.Admin=name=konrad,Organisation=novatec|admin taskana.roles.businessadmin=max|Moritz|businessadmin taskana.roles.monitor=john|teamlead_2 | monitor +taskana.roles.taskadmin=peter | taskadmin taskana.domains=DOMAIN_A,DOMAIN_B,DOMAIN_C taskana.classification.types=TASK,DOCUMENT taskana.classification.categories.task= EXTERNAL, manual, autoMAtic, Process diff --git a/rest/taskana-rest-spring-example-wildfly/src/main/resources/taskana.properties b/rest/taskana-rest-spring-example-wildfly/src/main/resources/taskana.properties index 6ccf9ebbc..46d270dd1 100644 --- a/rest/taskana-rest-spring-example-wildfly/src/main/resources/taskana.properties +++ b/rest/taskana-rest-spring-example-wildfly/src/main/resources/taskana.properties @@ -2,6 +2,7 @@ taskana.roles.user = group1 | group2|teamlead_1 |teamlead_2 |user_1_1| user_1_1| taskana.roles.Admin=name=konrad,Organisation=novatec|admin|demo taskana.roles.businessadmin=max|Moritz|businessadmin|demo taskana.roles.monitor=john|teamlead_2 | monitor +taskana.roles.taskadmin=peter | taskadmin taskana.domains=DOMAIN_A,DOMAIN_B,DOMAIN_C,DEFAULT_DOMAIN taskana.classification.types=TASK,DOCUMENT taskana.classification.categories.task= EXTERNAL, manual, autoMAtic, Process diff --git a/rest/taskana-rest-spring-example-wildfly/src/test/resources/taskana.properties b/rest/taskana-rest-spring-example-wildfly/src/test/resources/taskana.properties index 965a11482..10d4943e2 100644 --- a/rest/taskana-rest-spring-example-wildfly/src/test/resources/taskana.properties +++ b/rest/taskana-rest-spring-example-wildfly/src/test/resources/taskana.properties @@ -2,6 +2,7 @@ taskana.roles.user = group1 | group2|teamlead_1 |teamlead_2 |user_1_1| user_1_1| taskana.roles.Admin=name=konrad,Organisation=novatec|admin taskana.roles.businessadmin=max|Moritz|businessadmin taskana.roles.monitor=john|teamlead_2 | monitor +taskana.roles.taskadmin=peter | taskadmin taskana.domains=DOMAIN_A,DOMAIN_B,DOMAIN_C taskana.classification.types=TASK,DOCUMENT taskana.classification.categories.task= EXTERNAL, manual, autoMAtic, Process diff --git a/rest/taskana-rest-spring/src/test/resources/taskana.properties b/rest/taskana-rest-spring/src/test/resources/taskana.properties index 965a11482..10d4943e2 100644 --- a/rest/taskana-rest-spring/src/test/resources/taskana.properties +++ b/rest/taskana-rest-spring/src/test/resources/taskana.properties @@ -2,6 +2,7 @@ taskana.roles.user = group1 | group2|teamlead_1 |teamlead_2 |user_1_1| user_1_1| taskana.roles.Admin=name=konrad,Organisation=novatec|admin taskana.roles.businessadmin=max|Moritz|businessadmin taskana.roles.monitor=john|teamlead_2 | monitor +taskana.roles.taskadmin=peter | taskadmin taskana.domains=DOMAIN_A,DOMAIN_B,DOMAIN_C taskana.classification.types=TASK,DOCUMENT taskana.classification.categories.task= EXTERNAL, manual, autoMAtic, Process