diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java index 24ac7114e..e825e8e76 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java @@ -63,6 +63,7 @@ class TaskCommentServiceImpl { TaskComment originalTaskComment = getTaskComment(taskCommentImplToUpdate.getId()); if (originalTaskComment.getCreator().equals(userId) + && taskCommentImplToUpdate.getCreator().equals(originalTaskComment.getCreator()) || taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN) || taskanaEngine.getEngine().isUserInRole(TaskanaRole.TASK_ADMIN)) { diff --git a/lib/taskana-core/src/test/java/acceptance/task/TaskQueryImplAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/TaskQueryImplAccTest.java index 6a8142676..7dfc86d9f 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/TaskQueryImplAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/TaskQueryImplAccTest.java @@ -39,7 +39,7 @@ import pro.taskana.workbasket.api.models.WorkbasketSummary; import pro.taskana.workbasket.internal.builder.WorkbasketAccessItemBuilder; @TaskanaIntegrationTest -public class TaskQueryImplAccTest { +class TaskQueryImplAccTest { @TaskanaInject TaskService taskService; @TaskanaInject WorkbasketService workbasketService; diff --git a/lib/taskana-core/src/test/java/acceptance/task/UpdateTaskCommentAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/UpdateTaskCommentAccTest.java index 9380738aa..b718ab0da 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/UpdateTaskCommentAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/UpdateTaskCommentAccTest.java @@ -1,119 +1,139 @@ package acceptance.task; +import static acceptance.DefaultTestEntities.defaultTestClassification; +import static acceptance.DefaultTestEntities.defaultTestObjectReference; +import static acceptance.DefaultTestEntities.defaultTestWorkbasket; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; -import acceptance.AbstractAccTest; import java.util.List; import org.assertj.core.api.ThrowableAssert.ThrowingCallable; +import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; +import testapi.TaskanaInject; +import testapi.TaskanaIntegrationTest; +import pro.taskana.classification.api.ClassificationService; +import pro.taskana.classification.api.models.ClassificationSummary; import pro.taskana.common.api.exceptions.ConcurrencyException; import pro.taskana.common.api.exceptions.NotAuthorizedException; -import pro.taskana.common.test.security.JaasExtension; import pro.taskana.common.test.security.WithAccessId; import pro.taskana.task.api.TaskService; +import pro.taskana.task.api.models.ObjectReference; +import pro.taskana.task.api.models.Task; import pro.taskana.task.api.models.TaskComment; +import pro.taskana.task.internal.builder.TaskBuilder; +import pro.taskana.task.internal.builder.TaskCommentBuilder; import pro.taskana.task.internal.models.TaskCommentImpl; +import pro.taskana.workbasket.api.WorkbasketPermission; +import pro.taskana.workbasket.api.WorkbasketService; +import pro.taskana.workbasket.api.models.WorkbasketSummary; +import pro.taskana.workbasket.internal.builder.WorkbasketAccessItemBuilder; -@ExtendWith(JaasExtension.class) -class UpdateTaskCommentAccTest extends AbstractAccTest { +@TaskanaIntegrationTest +class UpdateTaskCommentAccTest { - @WithAccessId(user = "user-1-2") - @Test - void should_UpdateTaskComment_For_TaskComment() throws Exception { + @TaskanaInject TaskService taskService; + @TaskanaInject WorkbasketService workbasketService; + @TaskanaInject ClassificationService classificationService; - TaskService taskService = taskanaEngine.getTaskService(); + ClassificationSummary defaultClassificationSummary; + WorkbasketSummary defaultWorkbasketSummary; + ObjectReference defaultObjectReference; - List taskComments = - taskService.getTaskComments("TKI:000000000000000000000000000000000025"); - assertThat(taskComments).hasSize(1); - assertThat(taskComments.get(0).getTextField()).isEqualTo("some text in textfield"); + @WithAccessId(user = "businessadmin") + @BeforeAll + void setup() throws Exception { + defaultClassificationSummary = + defaultTestClassification().buildAndStoreAsSummary(classificationService); + defaultWorkbasketSummary = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService); - TaskComment taskComment = - taskService.getTaskComment("TCI:000000000000000000000000000000000003"); - taskComment.setTextField("updated textfield"); - - taskService.updateTaskComment(taskComment); - - List taskCommentsAfterUpdate = - taskService.getTaskComments("TKI:000000000000000000000000000000000025"); - assertThat(taskCommentsAfterUpdate.get(0).getTextField()).isEqualTo("updated textfield"); + WorkbasketAccessItemBuilder.newWorkbasketAccessItem() + .workbasketId(defaultWorkbasketSummary.getId()) + .accessId("user-1-1") + .permission(WorkbasketPermission.OPEN) + .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.APPEND) + .buildAndStore(workbasketService); + defaultObjectReference = defaultTestObjectReference().build(); } @WithAccessId(user = "user-1-1") @Test - void should_FailToUpdateTaskComment_When_UserHasNoAuthorization() throws Exception { - - TaskService taskService = taskanaEngine.getTaskService(); - - List taskComments = - taskService.getTaskComments("TKI:000000000000000000000000000000000000"); - assertThat(taskComments).hasSize(3); - assertThat(taskComments.get(0).getTextField()).isEqualTo("some text in textfield"); - + void should_UpdateTaskComment_For_TaskComment() throws Exception { + Task task = createDefaultTask().buildAndStore(taskService); TaskComment taskComment = - taskService.getTaskComment("TCI:000000000000000000000000000000000001"); + TaskCommentBuilder.newTaskComment() + .taskId(task.getId()) + .textField("some text in textfield") + .buildAndStore(taskService); + + taskComment.setTextField("updated textfield"); + taskService.updateTaskComment(taskComment); + + List taskCommentsAfterUpdate = taskService.getTaskComments(task.getId()); + assertThat(taskCommentsAfterUpdate) + .extracting(TaskComment::getTextField) + .containsExactly("updated textfield"); + } + + @WithAccessId(user = "user-1-2") + @Test + void should_FailToUpdateTaskComment_When_UserHasNoAuthorization() throws Exception { + Task task = createDefaultTask().buildAndStore(taskService, "user-1-1"); + TaskComment taskComment = + TaskCommentBuilder.newTaskComment() + .taskId(task.getId()) + .textField("some text in textfield") + .buildAndStore(taskService, "user-1-1"); taskComment.setTextField("updated textfield"); assertThatThrownBy(() -> taskService.updateTaskComment(taskComment)) .isInstanceOf(NotAuthorizedException.class); - - // make sure the task comment wasn't updated - List taskCommentsAfterUpdateAttempt = - taskService.getTaskComments("TKI:000000000000000000000000000000000000"); - assertThat(taskCommentsAfterUpdateAttempt.get(0).getTextField()) - .isEqualTo("some text in textfield"); } @WithAccessId(user = "user-1-1") @Test - void should_FailToUpdateTaskComment_When_UserTriesToUpdateTaskByManipulatingOwner() - throws Exception { + void should_FailToUpdateTaskComment_When_ChangingCreator() throws Exception { + Task task = createDefaultTask().buildAndStore(taskService); + TaskCommentImpl taskComment = + (TaskCommentImpl) + TaskCommentBuilder.newTaskComment() + .taskId(task.getId()) + .textField("some text in textfield") + .buildAndStore(taskService); - TaskService taskService = taskanaEngine.getTaskService(); + taskComment.setCreator("user-1-2"); - TaskCommentImpl taskCommentToUpdate = - (TaskCommentImpl) taskService.getTaskComment("TCI:000000000000000000000000000000000001"); - - taskCommentToUpdate.setTextField("updated textfield"); - taskCommentToUpdate.setCreator("user-1-2"); - - ThrowingCallable updateTaskCommentCall = - () -> { - taskService.updateTaskComment(taskCommentToUpdate); - }; + ThrowingCallable updateTaskCommentCall = () -> taskService.updateTaskComment(taskComment); assertThatThrownBy(updateTaskCommentCall).isInstanceOf(NotAuthorizedException.class); } @WithAccessId(user = "user-1-1") @Test void should_FailToUpdateTaskComment_When_TaskCommentWasModifiedConcurrently() throws Exception { - - TaskService taskService = taskanaEngine.getTaskService(); - - List taskComments = - taskService.getTaskComments("TKI:000000000000000000000000000000000000"); - assertThat(taskComments).hasSize(3); - assertThat(taskComments.get(2).getTextField()).isEqualTo("some other text in textfield"); - + Task task = createDefaultTask().buildAndStore(taskService); TaskComment taskCommentToUpdate = - taskService.getTaskComment("TCI:000000000000000000000000000000000002"); - taskCommentToUpdate.setTextField("updated textfield"); + TaskCommentBuilder.newTaskComment() + .taskId(task.getId()) + .textField("some text in textfield") + .buildAndStore(taskService); + taskCommentToUpdate.setTextField("updated textfield"); TaskComment concurrentTaskCommentToUpdate = - taskService.getTaskComment("TCI:000000000000000000000000000000000002"); + taskService.getTaskComment(taskCommentToUpdate.getId()); concurrentTaskCommentToUpdate.setTextField("concurrently updated textfield"); taskService.updateTaskComment(taskCommentToUpdate); assertThatThrownBy(() -> taskService.updateTaskComment(concurrentTaskCommentToUpdate)) .isInstanceOf(ConcurrencyException.class); + } - // make sure the task comment wasn't updated - List taskCommentsAfterUpdateAttempt = - taskService.getTaskComments("TKI:000000000000000000000000000000000000"); - assertThat(taskCommentsAfterUpdateAttempt.get(2).getTextField()).isEqualTo("updated textfield"); + private TaskBuilder createDefaultTask() { + return (TaskBuilder.newTask() + .classificationSummary(defaultClassificationSummary) + .workbasketSummary(defaultWorkbasketSummary) + .primaryObjRef(defaultObjectReference)); } }