Closes #2269 - Implement READTASKS Permission

lib/taskana-core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java

@@ -45,6 +45,7 @@ void setup() throws Exception {
         .accessId("businessadmin")
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService, "admin");
   }

lib/taskana-core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java

@@ -134,6 +134,7 @@ private String createTaskWithExistingClassification(ClassificationSummary classi
         .accessId(currentUserContext.getUserid())
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService, "businessadmin");
 
@@ -156,6 +157,7 @@ private List<String> createTasksWithExistingClassificationInAttachment(
         .accessId(currentUserContext.getUserid())
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService, "businessadmin");
     ClassificationSummary classificationSummaryWithSpecifiedServiceLevel =

lib/taskana-core-test/src/test/java/acceptance/task/ServiceLevelOfAllTasksAccTest.java

@@ -79,6 +79,7 @@ void setup() throws Exception {
         .accessId("user-1-1")
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
   }

lib/taskana-core-test/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java

@@ -59,6 +59,7 @@ void setup() throws Exception {
         .accessId("user-1-2")
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
 

lib/taskana-core-test/src/test/java/acceptance/task/claim/SetOwnerAccTest.java

@@ -56,6 +56,7 @@ void setup() throws Exception {
         .accessId("user-1-2")
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
 

lib/taskana-core-test/src/test/java/acceptance/task/complete/CancelTaskAccTest.java

@@ -58,6 +58,7 @@ void setup() throws Exception {
         .accessId("user-1-2")
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
 

lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java

@@ -76,6 +76,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
         .workbasketId(defaultWorkbasketSummary.getId())
         .accessId("user-1-1")
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
 

lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskWithSpiAccTest.java

@@ -54,6 +54,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
         .workbasketId(defaultWorkbasketSummary.getId())
         .accessId("user-1-1")
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
 

lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskAccTest.java

@@ -85,6 +85,7 @@ void setup() throws Exception {
         .accessId("user-1-2")
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
     defaultObjectReference = defaultTestObjectReference().build();

lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskWithSorAccTest.java

@@ -56,6 +56,7 @@ void setup() throws Exception {
         .accessId("user-1-1")
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
     defaultObjectReference = defaultTestObjectReference().build();

lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskAccTest.java

@@ -52,8 +52,10 @@ class GetTaskAccTest {
 
   ClassificationSummary defaultClassificationSummary;
   WorkbasketSummary defaultWorkbasketSummary;
+  WorkbasketSummary wbWithoutReadTasksPerm;
   ObjectReference defaultObjectReference;
   Task task;
+  Task task2;
   Map<String, String> callbackInfo;
 
   @WithAccessId(user = "admin")
@@ -62,6 +64,7 @@ void setup() throws Exception {
     defaultClassificationSummary =
         defaultTestClassification().buildAndStoreAsSummary(classificationService);
     defaultWorkbasketSummary = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
+    wbWithoutReadTasksPerm = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
     defaultObjectReference = defaultTestObjectReference().build();
     callbackInfo = createSimpleCustomPropertyMap(3);
 
@@ -70,6 +73,14 @@ void setup() throws Exception {
         .accessId("user-1-1")
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
+        .permission(WorkbasketPermission.APPEND)
+        .buildAndStore(workbasketService);
+    WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
+        .workbasketId(wbWithoutReadTasksPerm.getId())
+        .accessId("user-1-1")
+        .permission(WorkbasketPermission.OPEN)
+        .permission(WorkbasketPermission.READ)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
 
@@ -123,6 +134,13 @@ void setup() throws Exception {
             .workbasketSummary(defaultWorkbasketSummary)
             .primaryObjRef(defaultObjectReference)
             .buildAndStore(taskService);
+
+    task2 =
+        TaskBuilder.newTask()
+            .workbasketSummary(wbWithoutReadTasksPerm)
+            .classificationSummary(defaultClassificationSummary)
+            .primaryObjRef(defaultObjectReference)
+            .buildAndStore(taskService);
   }
 
   @WithAccessId(user = "user-1-1")
@@ -182,6 +200,20 @@ void should_ReturnTask_When_RequestingTaskByTaskId() throws Exception {
     assertThat(readTask).hasNoNullFieldsOrPropertiesExcept("ownerLongName", "completed");
   }
 
+  @WithAccessId(user = "user-1-1")
+  @Test
+  void should_ThrowException_When_NoReadTasksPerm() {
+    ThrowingCallable call = () -> taskService.getTask(task2.getId());
+
+    NotAuthorizedOnWorkbasketException e =
+        catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
+
+    assertThat(e.getRequiredPermissions())
+        .containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
+    assertThat(e.getCurrentUserId()).isEqualTo("user-1-1");
+    assertThat(e.getWorkbasketId()).isEqualTo(wbWithoutReadTasksPerm.getId());
+  }
+
   @WithAccessId(user = "user-1-1")
   @Test
   void should_ThrowException_When_RequestedTaskByIdIsNotExisting() {

lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskWithSorAccTest.java

@@ -45,6 +45,7 @@ void setup() throws Exception {
         .accessId("user-1-1")
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
     defaultObjectReference = defaultTestObjectReference().build();

lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java

@@ -47,6 +47,7 @@
 import pro.taskana.testapi.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedToQueryWorkbasketException;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
 
 @TaskanaIntegrationTest
@@ -93,6 +94,7 @@ private void persistPermission(WorkbasketSummary workbasketSummary) throws Excep
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
         .permission(WorkbasketPermission.APPEND)
+        .permission(WorkbasketPermission.READTASKS)
         .buildAndStore(workbasketService, "businessadmin");
   }
 
@@ -273,15 +275,30 @@ void should_ResolveUnderScore_When_UsingAnyLikeQuery() throws Exception {
     class TaskId {
 
       WorkbasketSummary wb;
+      WorkbasketSummary wbWithoutReadTasksPerm;
       TaskSummary taskSummary1;
       TaskSummary taskSummary2;
+      TaskSummary taskSummary3;
 
       @WithAccessId(user = "user-1-1")
       @BeforeAll
       void setup() throws Exception {
         wb = createWorkbasketWithPermission();
+        wbWithoutReadTasksPerm =
+            defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin");
+
+        WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
+            .workbasketId(wbWithoutReadTasksPerm.getId())
+            .accessId(currentUserContext.getUserid())
+            .permission(WorkbasketPermission.OPEN)
+            .permission(WorkbasketPermission.READ)
+            .permission(WorkbasketPermission.APPEND)
+            .buildAndStore(workbasketService, "businessadmin");
+
         taskSummary1 = taskInWorkbasket(wb).buildAndStoreAsSummary(taskService);
         taskSummary2 = taskInWorkbasket(wb).buildAndStoreAsSummary(taskService);
+        taskSummary3 =
+            taskInWorkbasket(wbWithoutReadTasksPerm).buildAndStoreAsSummary(taskService, "admin");
       }
 
       @WithAccessId(user = "user-1-1")
@@ -309,6 +326,13 @@ void should_FilterByTaskId_When_QueryingForIdNotIn() {
 
         assertThat(list).containsExactly(taskSummary2);
       }
+
+      @WithAccessId(user = "user-1-1")
+      @Test
+      void should_ReturnNothing_When_WorkbasketHasOfTaskHasNoReadTasksPerm() {
+        List<TaskSummary> list = taskService.createTaskQuery().idIn(taskSummary3.getId()).list();
+        assertThat(list.isEmpty());
+      }
     }
 
     @Nested
@@ -1458,16 +1482,30 @@ class WorkbasketId {
 
       WorkbasketSummary wb1;
       WorkbasketSummary wb2;
+      WorkbasketSummary wbWithoutReadTasksPerm;
       TaskSummary taskSummary1;
       TaskSummary taskSummary2;
+      TaskSummary taskSummary3;
 
       @WithAccessId(user = "user-1-1")
       @BeforeAll
       void setup() throws Exception {
         wb1 = createWorkbasketWithPermission();
         wb2 = createWorkbasketWithPermission();
+        wbWithoutReadTasksPerm =
+            defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "admin");
+
+        WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
+            .workbasketId(wbWithoutReadTasksPerm.getId())
+            .accessId(currentUserContext.getUserid())
+            .permission(WorkbasketPermission.OPEN)
+            .permission(WorkbasketPermission.READ)
+            .buildAndStore(workbasketService, "businessadmin");
+
         taskSummary1 = taskInWorkbasket(wb1).buildAndStoreAsSummary(taskService);
         taskSummary2 = taskInWorkbasket(wb2).buildAndStoreAsSummary(taskService);
+        taskSummary3 =
+            taskInWorkbasket(wbWithoutReadTasksPerm).buildAndStoreAsSummary(taskService, "admin");
       }
 
       @WithAccessId(user = "user-1-1")
@@ -1490,6 +1528,18 @@ void should_ApplyFilter_When_QueryingForIdNotIn() {
 
         assertThat(list).containsExactly(taskSummary2);
       }
+
+      @WithAccessId(user = "user-1-1")
+      @Test
+      void should_ThrowException_When_WorkBasketHasOpenReadButNoReadTasksPermission() {
+        assertThatThrownBy(
+                () ->
+                    taskService
+                        .createTaskQuery()
+                        .workbasketIdIn(wbWithoutReadTasksPerm.getId())
+                        .list())
+            .isInstanceOf(NotAuthorizedToQueryWorkbasketException.class);
+      }
     }
 
     @Nested

lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java

@@ -55,6 +55,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
         .workbasketId(defaultWorkbasketSummary.getId())
         .accessId("user-1-1")
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
 

lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithAfterSpiAccTest.java

@@ -60,6 +60,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
         .workbasketId(defaultWorkbasketSummary.getId())
         .accessId("user-1-1")
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .permission(WorkbasketPermission.TRANSFER)
         .buildAndStore(workbasketService);
@@ -68,6 +69,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
         .workbasketId(newWorkbasket.getId())
         .accessId("user-1-1")
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
 

lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithBeforeSpiAccTest.java

@@ -57,6 +57,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
         .workbasketId(defaultWorkbasketSummary.getId())
         .accessId("user-1-1")
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .permission(WorkbasketPermission.TRANSFER)
         .buildAndStore(workbasketService);

lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java

@@ -55,6 +55,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
         .workbasketId(defaultWorkbasketSummary.getId())
         .accessId("user-1-1")
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
 

lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithAfterSpiAccTest.java

@@ -61,6 +61,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
         .workbasketId(defaultWorkbasketSummary.getId())
         .accessId("user-1-1")
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .permission(WorkbasketPermission.TRANSFER)
         .buildAndStore(workbasketService);
@@ -69,6 +70,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
         .workbasketId(newWorkbasket.getId())
         .accessId("user-1-1")
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
 

lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithBeforeSpiAccTest.java

@@ -58,6 +58,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
         .workbasketId(defaultWorkbasketSummary.getId())
         .accessId("user-1-1")
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .permission(WorkbasketPermission.TRANSFER)
         .buildAndStore(workbasketService);

lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityAccTest.java

@@ -53,6 +53,7 @@ void setup() throws Exception {
         .accessId("user-1-1")
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
     defaultObjectReference = defaultTestObjectReference().build();

lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityWithSpiAccTest.java

@@ -74,6 +74,7 @@ void setup() throws Exception {
           .accessId("user-1-1")
           .permission(WorkbasketPermission.OPEN)
           .permission(WorkbasketPermission.READ)
+          .permission(WorkbasketPermission.READTASKS)
           .permission(WorkbasketPermission.APPEND)
           .buildAndStore(workbasketService);
       defaultObjectReference = defaultTestObjectReference().build();

lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateTaskWithSorAccTest.java

@@ -46,6 +46,7 @@ void setup() throws Exception {
         .accessId("user-1-1")
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
     defaultObjectReference = defaultTestObjectReference().build();

lib/taskana-core-test/src/test/java/acceptance/taskcomment/create/CreateTaskCommentAccTest.java

@@ -50,6 +50,7 @@ void setup() throws Exception {
         .accessId("user-1-1")
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
 

lib/taskana-core-test/src/test/java/acceptance/taskcomment/get/GetTaskCommentAccTest.java

@@ -61,6 +61,7 @@ void setup() throws Exception {
         .accessId("user-1-1")
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
     task1 =

lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java

@@ -53,6 +53,7 @@ void setup() throws Exception {
         .accessId("user-1-1")
         .permission(WorkbasketPermission.OPEN)
         .permission(WorkbasketPermission.READ)
+        .permission(WorkbasketPermission.READTASKS)
         .permission(WorkbasketPermission.APPEND)
         .buildAndStore(workbasketService);
     defaultObjectReference = defaultTestObjectReference().build();