Closes Taskana#2563 - Add assignment of workbasket access item via pe…

…rmissions

common/taskana-common-test/src/test/java/pro/taskana/common/test/security/JaasExtensionTest.java

@@ -141,6 +141,7 @@ void should_NotSetJaasSubject_When_AnnotationIsMissing_On_Test() {
   void should_SetJaasSubject_When_AnnotationExists_On_Test() {
     assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("user");
     assertThat(CURRENT_USER_CONTEXT.getGroupIds()).isEmpty();
+    assertThat(CURRENT_USER_CONTEXT.getPermissionIds()).isEmpty();
   }
 
   @WithAccessId(
@@ -150,6 +151,30 @@ void should_SetJaasSubject_When_AnnotationExists_On_Test() {
   void should_SetJaasSubjectWithGroups_When_AnnotationExistsWithGroups_On_Test() {
     assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("user");
     assertThat(CURRENT_USER_CONTEXT.getGroupIds()).containsExactlyInAnyOrder("group1", "group2");
+    assertThat(CURRENT_USER_CONTEXT.getPermissionIds()).isEmpty();
+  }
+
+  @WithAccessId(
+      user = "user",
+      permissions = {"permission1", "permission2"})
+  @Test
+  void should_SetJaasSubjectWithPermissions_When_AnnotationExistsWithPermissions_On_Test() {
+    assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("user");
+    assertThat(CURRENT_USER_CONTEXT.getGroupIds()).isEmpty();
+    assertThat(CURRENT_USER_CONTEXT.getPermissionIds())
+        .containsExactlyInAnyOrder("permission1", "permission2");
+  }
+
+  @WithAccessId(
+      user = "user",
+      groups = {"group1", "group2"},
+      permissions = {"permission1", "permission2"})
+  @Test
+  void should_SetJaasSubjectWithGroupsAndPerms_When_AnnotationExistsWithGroupsAndPerms_On_Test() {
+    assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("user");
+    assertThat(CURRENT_USER_CONTEXT.getGroupIds()).containsExactlyInAnyOrder("group1", "group2");
+    assertThat(CURRENT_USER_CONTEXT.getPermissionIds())
+        .containsExactlyInAnyOrder("permission1", "permission2");
   }
 
   @WithAccessId(user = "user")
@@ -215,11 +240,12 @@ void should_SetMultipleJaasSubjects_When_MultipleAnnotationsExist_On_TestTemplat
     assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(accessId.user());
   }
 
-  @WithAccessId(user = "testtemplate1", groups = "abc")
+  @WithAccessId(user = "testtemplate1", groups = "abc", permissions = "perm")
   @TestTemplate
   void should_InjectCorrectAccessId_When_AnnotationExists_On_TestTemplate(WithAccessId accessId) {
     assertThat(accessId.user()).isEqualTo("testtemplate1");
     assertThat(accessId.groups()).containsExactly("abc");
+    assertThat(accessId.permissions()).containsExactly("perm");
   }
 
   // endregion

rest/taskana-rest-spring/src/test/java/pro/taskana/common/rest/ldap/LdapClientTest.java

@@ -22,6 +22,9 @@
 import java.util.stream.Stream;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.Spy;
@@ -32,6 +35,7 @@
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.SystemException;
+import pro.taskana.common.internal.util.Pair;
 import pro.taskana.common.rest.models.AccessIdRepresentationModel;
 
 @ExtendWith(MockitoExtension.class)
@@ -45,50 +49,21 @@ class LdapClientTest {
 
   @Spy @InjectMocks LdapClient cut;
 
-  @Test
-  void should_SearchGroupByDn_For_LdapCall() {
-    setUpEnvMock();
-    cut.init();
-
-    cut.searchAccessIdByDn("cn=developersgroup,ou=groups,o=taskanatest");
-
-    verify(ldapTemplate)
-        .lookup(eq("cn=developersgroup,ou=groups"), any(), any(LdapClient.DnContextMapper.class));
-  }
-
-  @Test
-  void should_SearchPermissionByDn_For_LdapCall() {
-    setUpEnvMock();
-    cut.init();
-
-    cut.searchAccessIdByDn("permission=developerspermission,cn=permissions,o=taskanatest");
-
-    verify(ldapTemplate)
-        .lookup(eq("permission=developerspermission,cn=permissions"), any(),
-            any(LdapClient.DnContextMapper.class));
-  }
-
-  @Test
-  void should_ConvertAccessIdToLowercase_When_SearchingGroupByDn() {
-    setUpEnvMock();
-    cut.init();
-
-    cut.searchAccessIdByDn("cn=Developersgroup,ou=groups,o=taskanatest");
-
-    verify(ldapTemplate)
-        .lookup(eq("cn=developersgroup,ou=groups"), any(), any(LdapClient.DnContextMapper.class));
-  }
-
-  @Test
-  void should_ConvertAccessIdToLowercase_When_SearchingPermissionByDn() {
+  @ParameterizedTest
+  @CsvSource(value = {
+      "cn=developersgroup,ou=groups,o=taskanatest:cn=developersgroup,ou=groups",
+      "permission=developerspermission,cn=permissions:permission=developerspermission,cn=permissions",
+      "cn=Developersgroup,ou=groups,o=taskanatest:cn=developersgroup,ou=groups",
+      "permission=DevelopersPermission,cn=permissions,o=taskanatest:permission=developerspermission,cn=permissions"
+    }, delimiter = ':')
+  void should_SearchGroupOrPermissionByDnAndConvertAccessIdToLowercase_For_LdapCall(String arg1, String arg2) {
     setUpEnvMock();
     cut.init();
 
-    cut.searchAccessIdByDn("permission=DevelopersPermission,cn=permissions,o=taskanatest");
+    cut.searchAccessIdByDn(arg1);
 
     verify(ldapTemplate)
-        .lookup(eq("permission=developerspermission,cn=permissions"), any(),
-            any(LdapClient.DnContextMapper.class));
+        .lookup(eq(arg2), any(), any(LdapClient.DnContextMapper.class));
   }
 
   @Test
@@ -171,8 +146,8 @@ void testLdap_getNameWithoutBaseDnForPermission() {
 
     setUpEnvMock();
     cut.init();
-    assertThat(cut.getNameWithoutBaseDn("permission=developerspermission,cn=permissions,o=taskanatest"))
-        .isEqualTo("permission=developerspermission,cn=permissions");
+    assertThat(cut.getNameWithoutBaseDn("permission=otherpermission,cn=permissions,o=taskanatest"))
+        .isEqualTo("permission=otherpermission,cn=permissions");
   }
 
   @Test

web/src/app/shared/store/access-items-management-store/access-items-management.state.ts

@@ -56,25 +56,25 @@ export class AccessItemsManagementState implements NgxsAfterBootstrap {
     );
   }
 
-    @Action(GetPermissionsByAccessId)
-    getPermissionsByAccessId(
-      ctx: StateContext<AccessItemsManagementStateModel>,
-      action: GetPermissionsByAccessId
-    ): Observable<any> {
-      return this.accessIdsService.getPermissionsByAccessId(action.accessId).pipe(
-        take(1),
-        tap(
-          (permissions: AccessId[]) => {
-            ctx.patchState({
-              permissions
-            });
-          },
-          () => {
-            this.requestInProgressService.setRequestInProgress(false);
-          }
-        )
-      );
-    }
+  @Action(GetPermissionsByAccessId)
+  getPermissionsByAccessId(
+    ctx: StateContext<AccessItemsManagementStateModel>,
+    action: GetPermissionsByAccessId
+  ): Observable<any> {
+    return this.accessIdsService.getPermissionsByAccessId(action.accessId).pipe(
+      take(1),
+      tap(
+        (permissions: AccessId[]) => {
+          ctx.patchState({
+            permissions
+          });
+        },
+        () => {
+          this.requestInProgressService.setRequestInProgress(false);
+        }
+      )
+    );
+  }
 
   @Action(GetAccessItems)
   getAccessItems(ctx: StateContext<AccessItemsManagementStateModel>, action: GetAccessItems): Observable<any> {