Skip to content

Commit

Permalink
Closes #2269 - Implement READTASKS Permission
Browse files Browse the repository at this point in the history
  • Loading branch information
@jamesrdi
jamesrdi committed Jun 6, 2023
1 parent 696d2de commit f40cfef
Show file tree
Hide file tree
Showing 31 changed files with 228 additions and 26 deletions.
1 change: 1 addition & 0 deletions ...core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ void setup() throws Exception {
.accessId("businessadmin")
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService, "admin");
}
Expand Down
2 changes: 2 additions & 0 deletions ...core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,7 @@ private String createTaskWithExistingClassification(ClassificationSummary classi
.accessId(currentUserContext.getUserid())
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService, "businessadmin");

Expand All @@ -156,6 +157,7 @@ private List<String> createTasksWithExistingClassificationInAttachment(
.accessId(currentUserContext.getUserid())
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService, "businessadmin");
ClassificationSummary classificationSummaryWithSpecifiedServiceLevel =
Expand Down
1 change: 1 addition & 0 deletions lib/taskana-core-test/src/test/java/acceptance/task/ServiceLevelOfAllTasksAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ void setup() throws Exception {
.accessId("user-1-1")
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);
}
Expand Down
1 change: 1 addition & 0 deletions lib/taskana-core-test/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ void setup() throws Exception {
.accessId("user-1-2")
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);

Expand Down
1 change: 1 addition & 0 deletions lib/taskana-core-test/src/test/java/acceptance/task/claim/SetOwnerAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ void setup() throws Exception {
.accessId("user-1-2")
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);

Expand Down
1 change: 1 addition & 0 deletions lib/taskana-core-test/src/test/java/acceptance/task/complete/CancelTaskAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ void setup() throws Exception {
.accessId("user-1-2")
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);

Expand Down
1 change: 1 addition & 0 deletions lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
.workbasketId(defaultWorkbasketSummary.getId())
.accessId("user-1-1")
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);

Expand Down
1 change: 1 addition & 0 deletions lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskWithSpiAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
.workbasketId(defaultWorkbasketSummary.getId())
.accessId("user-1-1")
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);

Expand Down
1 change: 1 addition & 0 deletions lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ void setup() throws Exception {
.accessId("user-1-2")
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);
defaultObjectReference = defaultTestObjectReference().build();
Expand Down
1 change: 1 addition & 0 deletions lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskWithSorAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ void setup() throws Exception {
.accessId("user-1-1")
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);
defaultObjectReference = defaultTestObjectReference().build();
Expand Down
63 changes: 63 additions & 0 deletions lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,12 @@ class GetTaskAccTest {

ClassificationSummary defaultClassificationSummary;
WorkbasketSummary defaultWorkbasketSummary;
WorkbasketSummary wbWithoutReadTasksPerm;
WorkbasketSummary wbWithoutReadPerm;
ObjectReference defaultObjectReference;
Task task;
Task task2;
Task task3;
Map<String, String> callbackInfo;

@WithAccessId(user = "admin")
Expand All @@ -62,6 +66,8 @@ void setup() throws Exception {
defaultClassificationSummary =
defaultTestClassification().buildAndStoreAsSummary(classificationService);
defaultWorkbasketSummary = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
wbWithoutReadTasksPerm = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
wbWithoutReadPerm = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService);
defaultObjectReference = defaultTestObjectReference().build();
callbackInfo = createSimpleCustomPropertyMap(3);

Expand All @@ -70,6 +76,21 @@ void setup() throws Exception {
.accessId("user-1-1")
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
.workbasketId(wbWithoutReadTasksPerm.getId())
.accessId("user-1-1")
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
.workbasketId(wbWithoutReadPerm.getId())
.accessId("user-1-1")
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);

Expand Down Expand Up @@ -123,6 +144,20 @@ void setup() throws Exception {
.workbasketSummary(defaultWorkbasketSummary)
.primaryObjRef(defaultObjectReference)
.buildAndStore(taskService);

task2 =
TaskBuilder.newTask()
.workbasketSummary(wbWithoutReadTasksPerm)
.classificationSummary(defaultClassificationSummary)
.primaryObjRef(defaultObjectReference)
.buildAndStore(taskService);

task3 =
TaskBuilder.newTask()
.workbasketSummary(wbWithoutReadPerm)
.classificationSummary(defaultClassificationSummary)
.primaryObjRef(defaultObjectReference)
.buildAndStore(taskService);
}

@WithAccessId(user = "user-1-1")
Expand Down Expand Up @@ -182,6 +217,34 @@ void should_ReturnTask_When_RequestingTaskByTaskId() throws Exception {
assertThat(readTask).hasNoNullFieldsOrPropertiesExcept("ownerLongName", "completed");
}

@WithAccessId(user = "user-1-1")
@Test
void should_ThrowException_When_NoReadTasksPerm() {
ThrowingCallable call = () -> taskService.getTask(task2.getId());

NotAuthorizedOnWorkbasketException e =
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);

assertThat(e.getRequiredPermissions())
.containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
assertThat(e.getCurrentUserId()).isEqualTo("user-1-1");
assertThat(e.getWorkbasketId()).isEqualTo(wbWithoutReadTasksPerm.getId());
}

@WithAccessId(user = "user-1-1")
@Test
void should_ThrowException_When_UserHasReadTasksButNoReadPerm() {
ThrowingCallable call = () -> taskService.getTask(task3.getId());

NotAuthorizedOnWorkbasketException e =
catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);

assertThat(e.getRequiredPermissions())
.containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS);
assertThat(e.getCurrentUserId()).isEqualTo("user-1-1");
assertThat(e.getWorkbasketId()).isEqualTo(wbWithoutReadPerm.getId());
}

@WithAccessId(user = "user-1-1")
@Test
void should_ThrowException_When_RequestedTaskByIdIsNotExisting() {
Expand Down
1 change: 1 addition & 0 deletions lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskWithSorAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ void setup() throws Exception {
.accessId("user-1-1")
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);
defaultObjectReference = defaultTestObjectReference().build();
Expand Down
93 changes: 93 additions & 0 deletions lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@
import pro.taskana.testapi.security.WithAccessId;
import pro.taskana.workbasket.api.WorkbasketPermission;
import pro.taskana.workbasket.api.WorkbasketService;
import pro.taskana.workbasket.api.exceptions.NotAuthorizedToQueryWorkbasketException;
import pro.taskana.workbasket.api.models.WorkbasketSummary;

@TaskanaIntegrationTest
Expand Down Expand Up @@ -93,6 +94,7 @@ private void persistPermission(WorkbasketSummary workbasketSummary) throws Excep
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.APPEND)
.permission(WorkbasketPermission.READTASKS)
.buildAndStore(workbasketService, "businessadmin");
}

Expand All @@ -102,11 +104,17 @@ class PermissionsTest {
WorkbasketSummary wb1;
WorkbasketSummary wb2;
WorkbasketSummary wbWithoutPermissions;
WorkbasketSummary wbWithoutReadTasksPerm;
WorkbasketSummary wbWithoutReadPerm;
WorkbasketSummary wbWithoutOpenPerm;
TaskSummary taskSummary1;
TaskSummary taskSummary2;
TaskSummary taskSummary3;
TaskSummary taskSummary4;
TaskSummary taskSummary5;
TaskSummary taskSummary6;
TaskSummary taskSummary7;
TaskSummary taskSummary8;

@WithAccessId(user = "user-1-1")
@BeforeAll
Expand All @@ -115,6 +123,34 @@ void setup() throws Exception {
wb2 = createWorkbasketWithPermission();
wbWithoutPermissions =
defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin");
wbWithoutReadTasksPerm =
defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin");
wbWithoutReadPerm =
defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin");
wbWithoutOpenPerm =
defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin");

WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
.workbasketId(wbWithoutReadTasksPerm.getId())
.accessId(currentUserContext.getUserid())
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService, "businessadmin");
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
.workbasketId(wbWithoutReadPerm.getId())
.accessId(currentUserContext.getUserid())
.permission(WorkbasketPermission.OPEN)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService, "businessadmin");
WorkbasketAccessItemBuilder.newWorkbasketAccessItem()
.workbasketId(wbWithoutOpenPerm.getId())
.accessId(currentUserContext.getUserid())
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService, "businessadmin");

taskSummary1 = taskInWorkbasket(wb1).buildAndStoreAsSummary(taskService);
taskSummary2 = taskInWorkbasket(wb2).buildAndStoreAsSummary(taskService);
Expand All @@ -124,6 +160,12 @@ void setup() throws Exception {
taskInWorkbasket(wbWithoutPermissions).buildAndStoreAsSummary(taskService, "admin");
taskSummary5 =
taskInWorkbasket(wbWithoutPermissions).buildAndStoreAsSummary(taskService, "admin");
taskSummary6 =
taskInWorkbasket(wbWithoutReadTasksPerm).buildAndStoreAsSummary(taskService, "admin");
taskSummary7 =
taskInWorkbasket(wbWithoutReadPerm).buildAndStoreAsSummary(taskService, "admin");
taskSummary8 =
taskInWorkbasket(wbWithoutOpenPerm).buildAndStoreAsSummary(taskService, "admin");
}

@WithAccessId(user = "admin")
Expand Down Expand Up @@ -167,6 +209,57 @@ void should_OnlyReturnTasksFromCorrectWorkbaskets_When_UserHasNoPermissionToOneW
.contains(taskSummary1, taskSummary2)
.doesNotContain(taskSummary3, taskSummary4, taskSummary5);
}

@WithAccessId(user = "user-1-1")
@Test
void should_ReturnNothing_When_WorkbasketOfTaskHasNoReadTasksPerm() {
List<TaskSummary> list = taskService.createTaskQuery().idIn(taskSummary3.getId()).list();
assertThat(list.isEmpty());
}

@WithAccessId(user = "user-1-1")
@Test
void should_ThrowException_When_WorkBasketHasOpenReadButNoReadTasksPermission() {
assertThatThrownBy(
() ->
taskService
.createTaskQuery()
.workbasketIdIn(wbWithoutReadTasksPerm.getId())
.list())
.isInstanceOf(NotAuthorizedToQueryWorkbasketException.class);
}

@WithAccessId(user = "user-1-1")
@Test
void should_ThrowException_When_WorkbasketOfTaskHasReadTasksButNoReadPerm() {
List<TaskSummary> list = taskService.createTaskQuery().idIn(taskSummary7.getId()).list();

assertThat(list.isEmpty());
}

@WithAccessId(user = "user-1-1")
@Test
void should_QueryByTaskId_When_WorkbasketHasReadAndReadTasksButNoOpenPerm() {
List<TaskSummary> list = taskService.createTaskQuery().idIn(taskSummary8.getId()).list();

assertThat(list).containsOnly(taskSummary8);
}

@WithAccessId(user = "user-1-1")
@Test
void should_ThrowException_When_QueryByWbIdAndWorkbasketHasReadTasksButNoReadPerm() {
assertThatThrownBy(
() -> taskService.createTaskQuery().workbasketIdIn(wbWithoutReadPerm.getId()).list())
.isInstanceOf(NotAuthorizedToQueryWorkbasketException.class);
}

@WithAccessId(user = "user-1-1")
@Test
void should_ThrowException_When_QueryByWbIdAndWorkbasketHasReadAndReadTasksButNoOpenPerm() {
assertThatThrownBy(
() -> taskService.createTaskQuery().workbasketIdIn(wbWithoutOpenPerm.getId()).list())
.isInstanceOf(NotAuthorizedToQueryWorkbasketException.class);
}
}

@Nested
Expand Down
1 change: 1 addition & 0 deletions ...taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
.workbasketId(defaultWorkbasketSummary.getId())
.accessId("user-1-1")
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);

Expand Down
2 changes: 2 additions & 0 deletions ...-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithAfterSpiAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
.workbasketId(defaultWorkbasketSummary.getId())
.accessId("user-1-1")
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.permission(WorkbasketPermission.TRANSFER)
.buildAndStore(workbasketService);
Expand All @@ -68,6 +69,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
.workbasketId(newWorkbasket.getId())
.accessId("user-1-1")
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);

Expand Down
1 change: 1 addition & 0 deletions ...test/src/test/java/acceptance/task/requestchanges/RequestChangesWithBeforeSpiAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
.workbasketId(defaultWorkbasketSummary.getId())
.accessId("user-1-1")
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.permission(WorkbasketPermission.TRANSFER)
.buildAndStore(workbasketService);
Expand Down
1 change: 1 addition & 0 deletions lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
.workbasketId(defaultWorkbasketSummary.getId())
.accessId("user-1-1")
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);

Expand Down
2 changes: 2 additions & 0 deletions ...re-test/src/test/java/acceptance/task/requestreview/RequestReviewWithAfterSpiAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
.workbasketId(defaultWorkbasketSummary.getId())
.accessId("user-1-1")
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.permission(WorkbasketPermission.TRANSFER)
.buildAndStore(workbasketService);
Expand All @@ -69,6 +70,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
.workbasketId(newWorkbasket.getId())
.accessId("user-1-1")
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.buildAndStore(workbasketService);

Expand Down
1 change: 1 addition & 0 deletions ...e-test/src/test/java/acceptance/task/requestreview/RequestReviewWithBeforeSpiAccTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba
.workbasketId(defaultWorkbasketSummary.getId())
.accessId("user-1-1")
.permission(WorkbasketPermission.READ)
.permission(WorkbasketPermission.READTASKS)
.permission(WorkbasketPermission.APPEND)
.permission(WorkbasketPermission.TRANSFER)
.buildAndStore(workbasketService);
Expand Down
Loading

0 comments on commit f40cfef

Please sign in to comment.