From 66bdaab7cf23e691d27708d5241580cfee348a08 Mon Sep 17 00:00:00 2001 From: Holger Hagen <19706592+holgerhagen@users.noreply.github.com> Date: Mon, 14 May 2018 13:42:49 +0200 Subject: [PATCH] TSK-408: APPEND permission is checked in transferTasks. --- .../java/pro/taskana/impl/TaskServiceImpl.java | 6 +++++- .../security/WorkbasketQueryAccTest.java | 4 ++-- .../acceptance/task/TransferTaskAccTest.java | 18 ++++++++++++++++++ .../workbasket/QueryWorkbasketAccTest.java | 16 ++++++++-------- .../QueryWorkbasketAccessItemsAccTest.java | 2 +- .../QueryWorkbasketsWithPaginationAccTest.java | 12 ++++++------ .../resources/sql/workbasket-access-list.sql | 2 ++ .../src/test/resources/sql/workbasket.sql | 1 + 8 files changed, 43 insertions(+), 18 deletions(-) diff --git a/lib/taskana-core/src/main/java/pro/taskana/impl/TaskServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/impl/TaskServiceImpl.java index a916917c0..b0d09d4ba 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/impl/TaskServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/impl/TaskServiceImpl.java @@ -525,7 +525,11 @@ public class TaskServiceImpl implements TaskService { } private BulkOperationResults transferTasks(List taskIdsToBeTransferred, - Workbasket destinationWorkbasket) throws InvalidArgumentException { + Workbasket destinationWorkbasket) + throws InvalidArgumentException, WorkbasketNotFoundException, NotAuthorizedException { + + workbasketService.checkAuthorization(destinationWorkbasket.getId(), WorkbasketPermission.APPEND); + // Check pre-conditions with trowing Exceptions if (taskIdsToBeTransferred == null) { throw new InvalidArgumentException("TaskIds must not be null."); diff --git a/lib/taskana-core/src/test/java/acceptance/security/WorkbasketQueryAccTest.java b/lib/taskana-core/src/test/java/acceptance/security/WorkbasketQueryAccTest.java index ec5de4d34..5ac3a1636 100644 --- a/lib/taskana-core/src/test/java/acceptance/security/WorkbasketQueryAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/security/WorkbasketQueryAccTest.java @@ -80,7 +80,7 @@ public class WorkbasketQueryAccTest extends AbstractAccTest { List results = workbasketService.createWorkbasketQuery() .nameLike("%") .list(); - Assert.assertEquals(24L, results.size()); + Assert.assertEquals(25L, results.size()); results = workbasketService.createWorkbasketQuery() .nameLike("%") @@ -101,7 +101,7 @@ public class WorkbasketQueryAccTest extends AbstractAccTest { List results = workbasketService.createWorkbasketQuery() .nameLike("%") .list(); - Assert.assertEquals(24L, results.size()); + Assert.assertEquals(25L, results.size()); results = workbasketService.createWorkbasketQuery() .nameLike("%") diff --git a/lib/taskana-core/src/test/java/acceptance/task/TransferTaskAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/TransferTaskAccTest.java index 0664fea15..5ab15f893 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/TransferTaskAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/TransferTaskAccTest.java @@ -238,6 +238,24 @@ public class TransferTaskAccTest extends AbstractAccTest { assertEquals("TEAMLEAD_1", transferredTask.getWorkbasketKey()); } + @WithAccessId(userName = "teamlead_1") + @Test(expected = NotAuthorizedException.class) + public void testBulkTransferTaskWithoutAppendPermissionOnTarget() + throws InvalidArgumentException, WorkbasketNotFoundException, TaskNotFoundException, NotAuthorizedException { + TaskService taskService = taskanaEngine.getTaskService(); + ArrayList taskIdList = new ArrayList<>(); + taskIdList.add("TKI:000000000000000000000000000000000006"); // working + taskIdList.add("TKI:000000000000000000000000000000000041"); // NotAuthorized READ + + try { + taskService + .transferTasks("WBI:100000000000000000000000000000000010", taskIdList); + } catch (NotAuthorizedException e) { + assertTrue(e.getMessage().contains("APPEND")); + throw e; + } + } + @WithAccessId( userName = "teamlead_1", groupNames = {"group_1"}) diff --git a/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketAccTest.java b/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketAccTest.java index ebf801e6b..9177cbdc1 100644 --- a/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketAccTest.java @@ -44,7 +44,7 @@ public class QueryWorkbasketAccTest extends AbstractAccTest { WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); WorkbasketQuery query = workbasketService.createWorkbasketQuery(); long count = query.count(); - assertEquals(3, count); + assertEquals(4, count); List workbaskets = query.list(); assertNotNull(workbaskets); assertEquals(count, workbaskets.size()); @@ -61,7 +61,7 @@ public class QueryWorkbasketAccTest extends AbstractAccTest { WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); WorkbasketQuery query = workbasketService.createWorkbasketQuery(); long count = query.count(); - assertTrue(count == 24); + assertTrue(count == 25); List workbaskets = query.list(); assertNotNull(workbaskets); assertEquals(count, workbaskets.size()); @@ -78,7 +78,7 @@ public class QueryWorkbasketAccTest extends AbstractAccTest { WorkbasketService workbasketService = taskanaEngine.getWorkbasketService(); WorkbasketQuery query = workbasketService.createWorkbasketQuery(); long count = query.count(); - assertTrue(count == 24); + assertTrue(count == 25); List workbaskets = query.list(); assertNotNull(workbaskets); assertEquals(count, workbaskets.size()); @@ -96,14 +96,14 @@ public class QueryWorkbasketAccTest extends AbstractAccTest { List columnValueList = workbasketService.createWorkbasketQuery() .listValues("NAME", null); assertNotNull(columnValueList); - assertEquals(9, columnValueList.size()); + assertEquals(10, columnValueList.size()); columnValueList = workbasketService.createWorkbasketQuery() .nameLike("%korb%") .orderByName(asc) .listValues("NAME", SortDirection.DESCENDING); // will override assertNotNull(columnValueList); - assertEquals(3, columnValueList.size()); + assertEquals(4, columnValueList.size()); } @WithAccessId( @@ -395,7 +395,7 @@ public class QueryWorkbasketAccTest extends AbstractAccTest { List results = workbasketService.createWorkbasketQuery() .createdWithin(todaysInterval()) .list(); - Assert.assertEquals(8L, results.size()); + Assert.assertEquals(9L, results.size()); } @WithAccessId( @@ -408,7 +408,7 @@ public class QueryWorkbasketAccTest extends AbstractAccTest { List results = workbasketService.createWorkbasketQuery() .modifiedWithin(todaysInterval()) .list(); - Assert.assertEquals(8L, results.size()); + Assert.assertEquals(9L, results.size()); } @WithAccessId( @@ -422,7 +422,7 @@ public class QueryWorkbasketAccTest extends AbstractAccTest { .nameLike("%") .orderByName(desc) .list(); - Assert.assertEquals(24L, results.size()); + Assert.assertEquals(25L, results.size()); // check sort order is correct WorkbasketSummary previousSummary = null; for (WorkbasketSummary wbSummary : results) { diff --git a/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketAccessItemsAccTest.java b/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketAccessItemsAccTest.java index 165f3a3dd..c47e1ea1e 100644 --- a/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketAccessItemsAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketAccessItemsAccTest.java @@ -44,7 +44,7 @@ public class QueryWorkbasketAccessItemsAccTest extends AbstractAccTest { List columnValueList = workbasketService.createWorkbasketAccessItemQuery() .listValues("WORKBASKET_ID", null); assertNotNull(columnValueList); - assertEquals(23, columnValueList.size()); + assertEquals(24, columnValueList.size()); columnValueList = workbasketService.createWorkbasketAccessItemQuery() .listValues("ACCESS_ID", null); diff --git a/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketsWithPaginationAccTest.java b/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketsWithPaginationAccTest.java index a0ef158e0..68898671e 100644 --- a/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketsWithPaginationAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/workbasket/QueryWorkbasketsWithPaginationAccTest.java @@ -52,7 +52,7 @@ public class QueryWorkbasketsWithPaginationAccTest extends AbstractAccTest { List results = workbasketService.createWorkbasketQuery() .domainIn("DOMAIN_A") .list(5, 5); - assertThat(results.size(), equalTo(3)); + assertThat(results.size(), equalTo(4)); } @WithAccessId( @@ -110,7 +110,7 @@ public class QueryWorkbasketsWithPaginationAccTest extends AbstractAccTest { results = workbasketService.createWorkbasketQuery() .domainIn("DOMAIN_A") .listPage(pageNumber, pageSize); - assertThat(results.size(), equalTo(8)); + assertThat(results.size(), equalTo(9)); // Getting last results on multiple pages pageNumber = 2; @@ -118,7 +118,7 @@ public class QueryWorkbasketsWithPaginationAccTest extends AbstractAccTest { results = workbasketService.createWorkbasketQuery() .domainIn("DOMAIN_A") .listPage(pageNumber, pageSize); - assertThat(results.size(), equalTo(3)); + assertThat(results.size(), equalTo(4)); } @WithAccessId( @@ -151,7 +151,7 @@ public class QueryWorkbasketsWithPaginationAccTest extends AbstractAccTest { results = workbasketService.createWorkbasketQuery() .domainIn("DOMAIN_A") .listPage(pageNumber, pageSize); - assertThat(results.size(), equalTo(8)); + assertThat(results.size(), equalTo(9)); } /** @@ -184,7 +184,7 @@ public class QueryWorkbasketsWithPaginationAccTest extends AbstractAccTest { long count = workbasketService.createWorkbasketQuery() .domainIn("DOMAIN_A") .count(); - assertThat(count, equalTo(8L)); + assertThat(count, equalTo(9L)); } @WithAccessId( @@ -197,7 +197,7 @@ public class QueryWorkbasketsWithPaginationAccTest extends AbstractAccTest { List result = workbasketService.createWorkbasketQuery() .domainIn("DOMAIN_A") .list(); - assertThat(result.size(), equalTo(8)); + assertThat(result.size(), equalTo(9)); } } diff --git a/lib/taskana-core/src/test/resources/sql/workbasket-access-list.sql b/lib/taskana-core/src/test/resources/sql/workbasket-access-list.sql index da5b7c714..3a04f5742 100644 --- a/lib/taskana-core/src/test/resources/sql/workbasket-access-list.sql +++ b/lib/taskana-core/src/test/resources/sql/workbasket-access-list.sql @@ -27,6 +27,8 @@ INSERT INTO TASKANA.WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000 -- Cross team GPK access INSERT INTO TASKANA.WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000021', 'WBI:100000000000000000000000000000000001', 'teamlead_1', true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true); INSERT INTO TASKANA.WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000022', 'WBI:100000000000000000000000000000000001', 'teamlead_2', true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true); +-- TPK access +INSERT INTO TASKANA.WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000123', 'WBI:100000000000000000000000000000000010', 'teamlead_1', true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false); -- Access to other domains INSERT INTO TASKANA.WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000023', 'WBI:100000000000000000000000000000000012', 'group_1', true, false, true, true, false, false, false, false, false, false, false, false, false, false, false, false, false); diff --git a/lib/taskana-core/src/test/resources/sql/workbasket.sql b/lib/taskana-core/src/test/resources/sql/workbasket.sql index c60e3cdbe..5a06cad01 100644 --- a/lib/taskana-core/src/test/resources/sql/workbasket.sql +++ b/lib/taskana-core/src/test/resources/sql/workbasket.sql @@ -8,6 +8,7 @@ INSERT INTO TASKANA.WORKBASKET VALUES ('WBI:100000000000000000000000000000000006 INSERT INTO TASKANA.WORKBASKET VALUES ('WBI:100000000000000000000000000000000007', 'USER_1_2', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 'PPK User 2 KSC 1', 'DOMAIN_A', 'PERSONAL', 'PPK User 2 KSC 1', 'Peter Maier', '', '', '', '', 'Versicherung', '', '', ''); INSERT INTO TASKANA.WORKBASKET VALUES ('WBI:100000000000000000000000000000000008', 'USER_2_1', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 'PPK User 1 KSC 2', 'DOMAIN_A', 'PERSONAL', 'PPK User 1 KSC 2', '', '', '', '', '', '', '', '', ''); INSERT INTO TASKANA.WORKBASKET VALUES ('WBI:100000000000000000000000000000000009', 'USER_2_2', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 'PPK User 2 KSC 2', 'DOMAIN_A', 'PERSONAL', 'PPK User 2 KSC 2', '', '', '', '', '', '', '', '', ''); +INSERT INTO TASKANA.WORKBASKET VALUES ('WBI:100000000000000000000000000000000010', 'TPK_VIP', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 'Themenpostkorb VIP', 'DOMAIN_A', 'TOPIC', 'Themenpostkorb VIP', '', '', '', '', '', '', '', '', ''); -- KSC workbaskets Domain_B INSERT INTO TASKANA.WORKBASKET VALUES ('WBI:100000000000000000000000000000000011', 'GPK_B_KSC', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 'Gruppenpostkorb KSC B', 'DOMAIN_B', 'GROUP', 'Gruppenpostkorb KSC', '', '', '', '', '', '', '', '', '');