diff --git a/lib/taskana-core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java index 07bffb8759..49042e5b71 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java @@ -45,6 +45,7 @@ void setup() throws Exception { .accessId("businessadmin") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService, "admin"); } diff --git a/lib/taskana-core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java index 64bcc46aea..9567993e15 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java @@ -134,6 +134,7 @@ private String createTaskWithExistingClassification(ClassificationSummary classi .accessId(currentUserContext.getUserid()) .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService, "businessadmin"); @@ -156,6 +157,7 @@ private List createTasksWithExistingClassificationInAttachment( .accessId(currentUserContext.getUserid()) .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService, "businessadmin"); ClassificationSummary classificationSummaryWithSpecifiedServiceLevel = diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/ServiceLevelOfAllTasksAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/ServiceLevelOfAllTasksAccTest.java index b28c0853fd..5e0ca19c92 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/ServiceLevelOfAllTasksAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/ServiceLevelOfAllTasksAccTest.java @@ -79,6 +79,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); } diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java index b176d41fb6..22ad74d194 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java @@ -59,6 +59,7 @@ void setup() throws Exception { .accessId("user-1-2") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/claim/SetOwnerAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/claim/SetOwnerAccTest.java index 9a3a16bc41..86a705d3c4 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/claim/SetOwnerAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/claim/SetOwnerAccTest.java @@ -56,6 +56,7 @@ void setup() throws Exception { .accessId("user-1-2") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CancelTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CancelTaskAccTest.java index 99ba22a414..e2aa6cacd4 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CancelTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CancelTaskAccTest.java @@ -58,6 +58,7 @@ void setup() throws Exception { .accessId("user-1-2") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java index 77065f6045..f39c0d087e 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java @@ -76,6 +76,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskWithSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskWithSpiAccTest.java index ccba830e0e..03fccdd96f 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskWithSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskWithSpiAccTest.java @@ -54,6 +54,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskAccTest.java index 64d1548b19..617ff0b091 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskAccTest.java @@ -85,6 +85,7 @@ void setup() throws Exception { .accessId("user-1-2") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskWithSorAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskWithSorAccTest.java index b309fe3572..263f45b4e2 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskWithSorAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskWithSorAccTest.java @@ -56,6 +56,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskAccTest.java index ddb7640372..2b9f97e1d1 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskAccTest.java @@ -52,8 +52,10 @@ class GetTaskAccTest { ClassificationSummary defaultClassificationSummary; WorkbasketSummary defaultWorkbasketSummary; + WorkbasketSummary wbWithoutReadTasksPerm; ObjectReference defaultObjectReference; Task task; + Task task2; Map callbackInfo; @WithAccessId(user = "admin") @@ -62,6 +64,7 @@ void setup() throws Exception { defaultClassificationSummary = defaultTestClassification().buildAndStoreAsSummary(classificationService); defaultWorkbasketSummary = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService); + wbWithoutReadTasksPerm = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); callbackInfo = createSimpleCustomPropertyMap(3); @@ -70,6 +73,14 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) + .permission(WorkbasketPermission.APPEND) + .buildAndStore(workbasketService); + WorkbasketAccessItemBuilder.newWorkbasketAccessItem() + .workbasketId(wbWithoutReadTasksPerm.getId()) + .accessId("user-1-1") + .permission(WorkbasketPermission.OPEN) + .permission(WorkbasketPermission.READ) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -123,6 +134,13 @@ void setup() throws Exception { .workbasketSummary(defaultWorkbasketSummary) .primaryObjRef(defaultObjectReference) .buildAndStore(taskService); + + task2 = + TaskBuilder.newTask() + .workbasketSummary(wbWithoutReadTasksPerm) + .classificationSummary(defaultClassificationSummary) + .primaryObjRef(defaultObjectReference) + .buildAndStore(taskService); } @WithAccessId(user = "user-1-1") @@ -182,6 +200,20 @@ void should_ReturnTask_When_RequestingTaskByTaskId() throws Exception { assertThat(readTask).hasNoNullFieldsOrPropertiesExcept("ownerLongName", "completed"); } + @WithAccessId(user = "user-1-1") + @Test + void should_ThrowException_When_NoReadTasksPerm() { + ThrowingCallable call = () -> taskService.getTask(task2.getId()); + + NotAuthorizedOnWorkbasketException e = + catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); + + assertThat(e.getRequiredPermissions()) + .containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); + assertThat(e.getCurrentUserId()).isEqualTo("user-1-1"); + assertThat(e.getWorkbasketId()).isEqualTo(wbWithoutReadTasksPerm.getId()); + } + @WithAccessId(user = "user-1-1") @Test void should_ThrowException_When_RequestedTaskByIdIsNotExisting() { diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskWithSorAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskWithSorAccTest.java index 340fc40296..99d2bb0d94 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskWithSorAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskWithSorAccTest.java @@ -45,6 +45,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java index fb5c8e990c..d9f4952bfe 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java @@ -47,6 +47,7 @@ import pro.taskana.testapi.security.WithAccessId; import pro.taskana.workbasket.api.WorkbasketPermission; import pro.taskana.workbasket.api.WorkbasketService; +import pro.taskana.workbasket.api.exceptions.NotAuthorizedToQueryWorkbasketException; import pro.taskana.workbasket.api.models.WorkbasketSummary; @TaskanaIntegrationTest @@ -93,6 +94,7 @@ private void persistPermission(WorkbasketSummary workbasketSummary) throws Excep .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) .permission(WorkbasketPermission.APPEND) + .permission(WorkbasketPermission.READTASKS) .buildAndStore(workbasketService, "businessadmin"); } @@ -273,15 +275,30 @@ void should_ResolveUnderScore_When_UsingAnyLikeQuery() throws Exception { class TaskId { WorkbasketSummary wb; + WorkbasketSummary wbWithoutReadTasksPerm; TaskSummary taskSummary1; TaskSummary taskSummary2; + TaskSummary taskSummary3; @WithAccessId(user = "user-1-1") @BeforeAll void setup() throws Exception { wb = createWorkbasketWithPermission(); + wbWithoutReadTasksPerm = + defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin"); + + WorkbasketAccessItemBuilder.newWorkbasketAccessItem() + .workbasketId(wbWithoutReadTasksPerm.getId()) + .accessId(currentUserContext.getUserid()) + .permission(WorkbasketPermission.OPEN) + .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.APPEND) + .buildAndStore(workbasketService, "businessadmin"); + taskSummary1 = taskInWorkbasket(wb).buildAndStoreAsSummary(taskService); taskSummary2 = taskInWorkbasket(wb).buildAndStoreAsSummary(taskService); + taskSummary3 = + taskInWorkbasket(wbWithoutReadTasksPerm).buildAndStoreAsSummary(taskService, "admin"); } @WithAccessId(user = "user-1-1") @@ -309,6 +326,13 @@ void should_FilterByTaskId_When_QueryingForIdNotIn() { assertThat(list).containsExactly(taskSummary2); } + + @WithAccessId(user = "user-1-1") + @Test + void should_ReturnNothing_When_WorkbasketHasOfTaskHasNoReadTasksPerm() { + List list = taskService.createTaskQuery().idIn(taskSummary3.getId()).list(); + assertThat(list.isEmpty()); + } } @Nested @@ -1458,16 +1482,30 @@ class WorkbasketId { WorkbasketSummary wb1; WorkbasketSummary wb2; + WorkbasketSummary wbWithoutReadTasksPerm; TaskSummary taskSummary1; TaskSummary taskSummary2; + TaskSummary taskSummary3; @WithAccessId(user = "user-1-1") @BeforeAll void setup() throws Exception { wb1 = createWorkbasketWithPermission(); wb2 = createWorkbasketWithPermission(); + wbWithoutReadTasksPerm = + defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "admin"); + + WorkbasketAccessItemBuilder.newWorkbasketAccessItem() + .workbasketId(wbWithoutReadTasksPerm.getId()) + .accessId(currentUserContext.getUserid()) + .permission(WorkbasketPermission.OPEN) + .permission(WorkbasketPermission.READ) + .buildAndStore(workbasketService, "businessadmin"); + taskSummary1 = taskInWorkbasket(wb1).buildAndStoreAsSummary(taskService); taskSummary2 = taskInWorkbasket(wb2).buildAndStoreAsSummary(taskService); + taskSummary3 = + taskInWorkbasket(wbWithoutReadTasksPerm).buildAndStoreAsSummary(taskService, "admin"); } @WithAccessId(user = "user-1-1") @@ -1490,6 +1528,18 @@ void should_ApplyFilter_When_QueryingForIdNotIn() { assertThat(list).containsExactly(taskSummary2); } + + @WithAccessId(user = "user-1-1") + @Test + void should_ThrowException_When_WorkBasketHasOpenReadButNoReadTasksPermission() { + assertThatThrownBy( + () -> + taskService + .createTaskQuery() + .workbasketIdIn(wbWithoutReadTasksPerm.getId()) + .list()) + .isInstanceOf(NotAuthorizedToQueryWorkbasketException.class); + } } @Nested diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java index d66ec742ed..abba75c27a 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java @@ -55,6 +55,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithAfterSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithAfterSpiAccTest.java index eb1fc7757c..973181f938 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithAfterSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithAfterSpiAccTest.java @@ -60,6 +60,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .permission(WorkbasketPermission.TRANSFER) .buildAndStore(workbasketService); @@ -68,6 +69,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(newWorkbasket.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithBeforeSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithBeforeSpiAccTest.java index e244eed616..77911eb565 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithBeforeSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithBeforeSpiAccTest.java @@ -57,6 +57,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .permission(WorkbasketPermission.TRANSFER) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java index 2b2a2cda12..fc13c70c6c 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java @@ -55,6 +55,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithAfterSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithAfterSpiAccTest.java index 3f70f5a325..94ebf4931f 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithAfterSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithAfterSpiAccTest.java @@ -61,6 +61,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .permission(WorkbasketPermission.TRANSFER) .buildAndStore(workbasketService); @@ -69,6 +70,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(newWorkbasket.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithBeforeSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithBeforeSpiAccTest.java index 234e67e34b..aac442e86d 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithBeforeSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithBeforeSpiAccTest.java @@ -58,6 +58,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .permission(WorkbasketPermission.TRANSFER) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityAccTest.java index 928c2c5256..b01646c350 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityAccTest.java @@ -53,6 +53,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityWithSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityWithSpiAccTest.java index ff084a9085..9d798005c4 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityWithSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityWithSpiAccTest.java @@ -74,6 +74,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateTaskWithSorAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateTaskWithSorAccTest.java index ec22b30658..400fce4ede 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateTaskWithSorAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateTaskWithSorAccTest.java @@ -46,6 +46,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/create/CreateTaskCommentAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/create/CreateTaskCommentAccTest.java index 3e575ced23..b79a463eb7 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/create/CreateTaskCommentAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/create/CreateTaskCommentAccTest.java @@ -50,6 +50,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/get/GetTaskCommentAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/get/GetTaskCommentAccTest.java index 318598b0f6..5c8bde96e3 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/get/GetTaskCommentAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/get/GetTaskCommentAccTest.java @@ -61,6 +61,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); task1 = diff --git a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java index cca3c506bb..99d02c726e 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java @@ -53,6 +53,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java index 78435614a3..7689fce53d 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java @@ -1943,7 +1943,7 @@ public List list() { return taskanaEngine.executeInDatabaseConnection( () -> { checkForIllegalParamCombinations(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupJoinAndOrderParameters(); setupAccessIds(); List tasks = @@ -1959,7 +1959,7 @@ public List list(int offset, int limit) { try { taskanaEngine.openConnection(); checkForIllegalParamCombinations(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupAccessIds(); setupJoinAndOrderParameters(); RowBounds rowBounds = new RowBounds(offset, limit); @@ -1990,7 +1990,7 @@ public List listValues(TaskQueryColumnName columnName, SortDirection sor this.orderBy.clear(); this.addOrderCriteria(columnName.toString(), sortDirection); checkForIllegalParamCombinations(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupAccessIds(); if (columnName.equals(TaskQueryColumnName.CLASSIFICATION_NAME)) { @@ -2026,7 +2026,7 @@ public TaskSummary single() { TaskSummary result; try { taskanaEngine.openConnection(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupAccessIds(); setupJoinAndOrderParameters(); TaskSummaryImpl taskSummaryImpl = @@ -2051,7 +2051,7 @@ public long count() { Long rowCount; try { taskanaEngine.openConnection(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupAccessIds(); setupJoinAndOrderParameters(); rowCount = taskanaEngine.getSqlSession().selectOne(getLinkToCounterTaskScript(), this); @@ -2177,7 +2177,7 @@ private void setupAccessIds() { } } - private void checkOpenAndReadPermissionForSpecifiedWorkbaskets() { + private void checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets() { if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN)) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("Skipping permissions check since user is in role ADMIN or TASK_ADMIN."); @@ -2188,13 +2188,13 @@ private void checkOpenAndReadPermissionForSpecifiedWorkbaskets() { if (this.workbasketIdIn != null && this.workbasketIdIn.length > 0) { filterByAccessIdIn = false; for (String workbasketId : workbasketIdIn) { - checkOpenAndReadPermissionById(workbasketId); + checkOpenReadAndReadTasksPermissionById(workbasketId); } } if (workbasketKeyDomainIn != null && workbasketKeyDomainIn.length > 0) { filterByAccessIdIn = false; for (KeyDomain keyDomain : workbasketKeyDomainIn) { - checkOpenAndReadPermissionByKeyDomain(keyDomain); + checkOpenReadAndReadTasksPermissionByKeyDomain(keyDomain); } } } catch (NotAuthorizedOnWorkbasketException e) { @@ -2202,20 +2202,24 @@ private void checkOpenAndReadPermissionForSpecifiedWorkbaskets() { } } - private void checkOpenAndReadPermissionById(String workbasketId) + private void checkOpenReadAndReadTasksPermissionById(String workbasketId) throws NotAuthorizedOnWorkbasketException { try { taskanaEngine .getEngine() .getWorkbasketService() - .checkAuthorization(workbasketId, WorkbasketPermission.OPEN, WorkbasketPermission.READ); + .checkAuthorization( + workbasketId, + WorkbasketPermission.OPEN, + WorkbasketPermission.READ, + WorkbasketPermission.READTASKS); } catch (WorkbasketNotFoundException e) { LOGGER.warn( String.format("The workbasket with the ID ' %s ' does not exist.", workbasketId), e); } } - private void checkOpenAndReadPermissionByKeyDomain(KeyDomain keyDomain) + private void checkOpenReadAndReadTasksPermissionByKeyDomain(KeyDomain keyDomain) throws NotAuthorizedOnWorkbasketException { try { taskanaEngine @@ -2225,7 +2229,8 @@ private void checkOpenAndReadPermissionByKeyDomain(KeyDomain keyDomain) keyDomain.getKey(), keyDomain.getDomain(), WorkbasketPermission.OPEN, - WorkbasketPermission.READ); + WorkbasketPermission.READ, + WorkbasketPermission.READTASKS); } catch (WorkbasketNotFoundException e) { LOGGER.warn( String.format( diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java index bebeaea3fd..f3d21883c0 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java @@ -117,7 +117,8 @@ public static String queryTaskSummariesDb2() { + "s.ACCESS_ID IN " + "(#{item}) " + "and " - + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 fetch first 1 rows only" + + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 AND s.perm_readtasks = 1" + + " fetch first 1 rows only" + "" + " " + "VALUES(1)" @@ -250,7 +251,8 @@ public static String countQueryTasksDb2() { + "WHERE s.ACCESS_ID IN " + "(#{item}) " + "and " - + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 fetch first 1 rows only " + + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 AND s.perm_readtasks = 1" + + " fetch first 1 rows only " + " " + "" + "VALUES(1)" @@ -366,16 +368,18 @@ private static String checkForAuthorization() { + "FROM (" + "" + "" - + "SELECT WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ " + + "SELECT WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, " + + "MAX(PERM_READTASKS) as MAX_READTASKS " + "" + "" - + "SELECT WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ " + + "SELECT WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, " + + "MAX(PERM_READTASKS::int) as MAX_READTASKS " + "" + "" + "FROM WORKBASKET_ACCESS_LIST s where ACCESS_ID IN " + "(#{item}) " + "GROUP by WORKBASKET_ID) f " - + "WHERE MAX_READ = 1) " + + "WHERE MAX_READ = 1 AND MAX_READTASKS = 1) " + ""; } diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java index 4fe06b386f..ffd2b12502 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java @@ -391,6 +391,15 @@ public Task getTask(String id) throws NotAuthorizedOnWorkbasketException, TaskNo resultTask.setWorkbasketSummary(workbaskets.get(0)); } + TaskSummary resultTaskSummary = createTaskQuery().idIn(id).single(); + if (resultTaskSummary == null) { + throw new NotAuthorizedOnWorkbasketException( + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), + workbasketId, + WorkbasketPermission.READ, + WorkbasketPermission.READTASKS); + } + List attachmentImpls = attachmentMapper.findAttachmentsByTaskId(resultTask.getId()); if (attachmentImpls == null) { diff --git a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryMapper.java b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryMapper.java index 4cea03abb9..4e1500e414 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryMapper.java +++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryMapper.java @@ -18,13 +18,13 @@ public interface WorkbasketQueryMapper { + " " + "" + "" - + "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_OPEN) as MAX_OPEN, " + + "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_READTASKS) as MAX_READTASKS, MAX(PERM_EDITTASKS) as MAX_EDITTASKS, MAX(PERM_OPEN) as MAX_OPEN, " + "MAX(PERM_APPEND) as MAX_APPEND, MAX(PERM_TRANSFER) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2) as MAX_CUSTOM_2, " + "MAX(PERM_CUSTOM_3) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7) as MAX_CUSTOM_7, " + "MAX(PERM_CUSTOM_8) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12) as MAX_CUSTOM_12 " + "" + "" - + "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_OPEN::int) as MAX_OPEN, " + + "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_READTASKS::int) as MAX_READTASKS, MAX(PERM_EDITTASKS::int) as MAX_EDITTASKS, MAX(PERM_OPEN::int) as MAX_OPEN, " + "MAX(PERM_APPEND::int) as MAX_APPEND, MAX(PERM_TRANSFER::int) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE::int) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1::int) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2::int) as MAX_CUSTOM_2, " + "MAX(PERM_CUSTOM_3::int) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4::int) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5::int) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6::int) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7::int) as MAX_CUSTOM_7, " + "MAX(PERM_CUSTOM_8::int) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9::int) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10::int) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11::int) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12::int) as MAX_CUSTOM_12 " @@ -74,6 +74,8 @@ public interface WorkbasketQueryMapper { + " " + "" + "a.MAX_READ " + + "a.MAX_READTASKS " + + "a.MAX_EDITTASKS " + "a.MAX_OPEN " + "a.MAX_APPEND" + "a.MAX_TRANSFER" @@ -118,7 +120,7 @@ public interface WorkbasketQueryMapper { @Select( "