TSK-484: removed wrong authorization check from addDistributionTarget.

2018-05-09 16:31:04 +02:00 · 2018-05-09 16:31:04 +02:00 · f2460cd074
parent 31e24d8965
commit f2460cd074
2 changed files with 27 additions and 2 deletions
--- a/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketServiceImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketServiceImpl.java
@ -721,9 +721,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
            taskanaEngine.openConnection();
            // check existence of source workbasket
            WorkbasketImpl sourceWorkbasket = (WorkbasketImpl) getWorkbasket(sourceWorkbasketId);
-            // check esistence of target workbasket
+            // check existence of target workbasket
            getWorkbasket(targetWorkbasketId);
-            checkAuthorization(sourceWorkbasketId, WorkbasketPermission.READ);
            // check whether the target is already set as target
            int numOfDistTargets = distributionTargetMapper.getNumberOfDistributionTargets(sourceWorkbasketId,
                targetWorkbasketId);
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/DistributionTargetsAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/DistributionTargetsAccTest.java
@ -195,6 +195,32 @@ public class DistributionTargetsAccTest extends AbstractAccTest {

    }

+    @WithAccessId(
+        userName = "user_2_2",
+        groupNames = {"businessadmin"})
+    @Test
+    public void testAddAndRemoveDistributionTargetsOnWorkbasketWithoutReadPermission()
+        throws NotAuthorizedException, WorkbasketNotFoundException, InvalidWorkbasketException {
+        WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
+        Workbasket workbasket = workbasketService.getWorkbasket("GPK_B_KSC_2", "DOMAIN_B");
+
+        List<WorkbasketSummary> distributionTargets = workbasketService.getDistributionTargets(workbasket.getId());
+        assertEquals(0, distributionTargets.size());
+
+        // add a new distribution target
+        Workbasket newTarget = workbasketService.getWorkbasket("GPK_KSC_1", "DOMAIN_A");
+        workbasketService.addDistributionTarget(workbasket.getId(), newTarget.getId());
+
+        distributionTargets = workbasketService.getDistributionTargets(workbasket.getId());
+        assertEquals(1, distributionTargets.size());
+
+        // remove the new target
+        workbasketService.removeDistributionTarget(workbasket.getId(), newTarget.getId());
+        distributionTargets = workbasketService.getDistributionTargets(workbasket.getId());
+        assertEquals(0, distributionTargets.size());
+
+    }
+
    @WithAccessId(
        userName = "user_2_2",
        groupNames = {"group_1", "group_2"})