Closes Taskana#2563 - Add assignment of workbasket access item via pe…

…rmissions

common/taskana-common-data/src/main/resources/sql/sample-data/workbasket-access-list.sql

@@ -68,6 +68,6 @@ INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:00000000000000000000000000000000
 
 -- authorizations                         (ID                                        , WB_ID                                     , ACCESS_ID                                                                                    , ACCESS_NAME         , READ , OPEN , APPEND, TRANSFER, DISTRIBUTE, C1   , C2   , C3   , C4   , C5   , C6   , C7   , C8   , C9   , C10  , C11  , C12  ,READTASKS, EDITTASKS)
 -- permissions
-INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:200000000000000000000000000000000002', 'WBI:100000000000000000000000000000000005', 'cn=perm-userleads,cn=permissions,ou=test,o=taskana'                                          , 'PERM_1'           , true , true , true  , false   , true      , false, false, false, false, false, false, false, false, false, false, false, false, true   , false);
-INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:200000000000000000000000000000000003', 'WBI:100000000000000000000000000000000006', 'cn=perm-userleads,cn=permissions,ou=test,o=taskana'                                          , 'PERM_1'           , true , false, true  , true    , false     , false, false, false, false, false, false, false, false, false, false, false, false, true   , true );
-INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:200000000000000000000000000000000005', 'WBI:100000000000000000000000000000000012', 'cn=perm-userleads,cn=permissions,ou=test,o=taskana'                                          , 'PERM_1'           , true , false, true  , false   , false     , false, false, false, false, false, false, false, false, false, false, false, false, false  , false);
+INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:200000000000000000000000000000000002', 'WBI:100000000000000000000000000000000005', 'permission=perm-userleads,cn=permissions,ou=test,o=taskana'                                          , 'PERM_1'           , true , true , true  , false   , true      , false, false, false, false, false, false, false, false, false, false, false, false, true   , false);
+INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:200000000000000000000000000000000003', 'WBI:100000000000000000000000000000000006', 'permission=perm-userleads,cn=permissions,ou=test,o=taskana'                                          , 'PERM_1'           , true , false, true  , true    , false     , false, false, false, false, false, false, false, false, false, false, false, false, true   , true );
+INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:200000000000000000000000000000000005', 'WBI:100000000000000000000000000000000012', 'permission=perm-userleads,cn=permissions,ou=test,o=taskana'                                          , 'PERM_1'           , true , false, true  , false   , false     , false, false, false, false, false, false, false, false, false, false, false, false, false  , false);

common/taskana-common-data/src/main/resources/sql/test-data/workbasket-access-list.sql

@@ -55,6 +55,6 @@ INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:00000000000000000000000000000000
 
 -- authorizations                         (ID                                        , WB_ID                                     , ACCESS_ID                                                                                    , ACCESS_NAME         , READ , OPEN , APPEND, TRANSFER, DISTRIBUTE, C1   , C2   , C3   , C4   , C5   , C6   , C7   , C8   , C9   , C10  , C11  , C12  ,READTASKS, EDITTASKS)
 -- permissions
-INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:200000000000000000000000000000000002', 'WBI:100000000000000000000000000000000005', 'cn=perm-userleads,cn=permissions,ou=test,o=taskana'                                          , 'PERM_1'           , true , true , true  , false   , true      , false, false, false, false, false, false, false, false, false, false, false, false, true   , false);
-INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:200000000000000000000000000000000003', 'WBI:100000000000000000000000000000000006', 'cn=perm-userleads,cn=permissions,ou=test,o=taskana'                                          , 'PERM_1'           , true , false, true  , true    , false     , false, false, false, false, false, false, false, false, false, false, false, false, true   , true );
-INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:200000000000000000000000000000000005', 'WBI:100000000000000000000000000000000012', 'cn=perm-userleads,cn=permissions,ou=test,o=taskana'                                          , 'PERM_1'           , true , false, true  , false   , false     , false, false, false, false, false, false, false, false, false, false, false, false, false  , false);
+INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:200000000000000000000000000000000002', 'WBI:100000000000000000000000000000000005', 'permission=perm-userleads,cn=permissions,ou=test,o=taskana'                                          , 'PERM_1'           , true , true , true  , false   , true      , false, false, false, false, false, false, false, false, false, false, false, false, true   , false);
+INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:200000000000000000000000000000000003', 'WBI:100000000000000000000000000000000006', 'permission=perm-userleads,cn=permissions,ou=test,o=taskana'                                          , 'PERM_1'           , true , false, true  , true    , false     , false, false, false, false, false, false, false, false, false, false, false, false, true   , true );
+INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:200000000000000000000000000000000005', 'WBI:100000000000000000000000000000000012', 'permission=perm-userleads,cn=permissions,ou=test,o=taskana'                                          , 'PERM_1'           , true , false, true  , false   , false     , false, false, false, false, false, false, false, false, false, false, false, false, false  , false);

common/taskana-common-security/src/main/java/pro/taskana/common/internal/security/CurrentUserContextImpl.java

@@ -68,6 +68,7 @@ public List<String> getGroupIds() {
   }
 
   @Override
+  @SuppressWarnings("removal")
   public List<String> getPermissionIds() {
     // TODO replace with Subject.current() when migrating to newer Version than 17
     Subject subject = Subject.getSubject(AccessController.getContext());

history/taskana-simplehistory-rest-spring/src/test/resources/application.properties

@@ -37,9 +37,8 @@ taskana.ldap.groupsOfUser=memberUid
 taskana.ldap.permissionSearchBase=cn=permissions
 taskana.ldap.permissionSearchFilterName=objectclass
 taskana.ldap.permissionSearchFilterValue=permissionOfUniqueNames
-taskana.ldap.permissionNameAttribute=cn
+taskana.ldap.permissionNameAttribute=permission
 taskana.ldap.permissionsOfUser=uniquemember
-taskana.ldap.userMemberOfPermissionAttribute=memberOf
 # Embedded Spring LDAP server
 spring.ldap.embedded.base-dn=OU=Test,O=TASKANA
 spring.ldap.embedded.credential.username=uid=admin

lib/taskana-core/src/test/java/acceptance/AbstractAccTest.java

@@ -39,7 +39,8 @@ public abstract class AbstractAccTest {
       "cn=Organisationseinheit KSC 1,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA";
   public static final String GROUP_2_DN =
       "cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA";
-  public static final String PERM_1_DN = "cn=perm-userleads,cn=permissions,ou=test,o=taskana";
+  public static final String PERM_1_DN =
+      "permission=perm-userleads,cn=permissions,ou=test,o=taskana";
 
   protected static TaskanaConfiguration taskanaConfiguration;
   protected static TaskanaEngine taskanaEngine;

rest/taskana-rest-spring-example-boot/src/main/resources/application.properties

@@ -82,10 +82,8 @@ taskana.ldap.groupsOfUser=uniquemember
 taskana.ldap.permissionSearchBase=cn=permissions
 taskana.ldap.permissionSearchFilterName=objectclass
 taskana.ldap.permissionSearchFilterValue=permissionOfUniqueNames
-taskana.ldap.permissionNameAttribute=cn
+taskana.ldap.permissionNameAttribute=permission
 taskana.ldap.permissionsOfUser=uniquemember
-taskana.ldap.permissionsOfUser.type=
-taskana.ldap.userMemberOfPermissionAttribute=memberOf
 # Embedded Spring LDAP server
 spring.ldap.embedded.base-dn=OU=Test,O=TASKANA
 spring.ldap.embedded.credential.username=uid=admin

rest/taskana-rest-spring-example-common/src/main/resources/taskana-example.ldif

@@ -114,8 +114,6 @@ sn: Toll
 ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 1
 cn: Titus Toll
 userPassword: teamlead-1
-permission: organize
-permission: inet
 
 dn: uid=user-1-1,cn=users,OU=Test,O=TASKANA
 objectclass: inetorgperson
@@ -131,8 +129,6 @@ sn: Mustermann
 ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 1
 cn: Max Mustermann
 userPassword: user-1-1
-permission: organize
-permission: inet
 
 dn: uid=user-1-2,cn=users,OU=Test,O=TASKANA
 objectclass: inetorgperson
@@ -142,17 +138,14 @@ objectclass: top
 givenName: Elena
 description: desc
 memberOf: cn=ksc-users,cn=groups,OU=Test,O=TASKANA
-memberOf: cn=perm-userleads,cn=permissions,OU=Test,O=TASKANA
-memberOf: cn=perm-other,cn=permissions,OU=Test,O=TASKANA
+permission: perm-userleads
+permission: perm-other
 memberOf: cn=Organisationseinheit KSC 1,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
 uid: user-1-2
 sn: Eifrig
 ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 1
 cn: Elena Eifrig
 userPassword: user-1-2
-permission: organize
-permission: inet
-permission: program
 
 dn: uid=user-1-3,cn=users,OU=Test,O=TASKANA
 objectclass: inetorgperson
@@ -196,7 +189,7 @@ givenName: Simone
 description: desc
 memberOf: cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
 memberOf: cn=ksc-users,cn=groups,OU=Test,O=TASKANA
-memberOf: cn=perm-userleads,cn=permissions,OU=Test,O=TASKANA
+permission: perm-userleads
 uid: user-2-1
 sn: Müller
 ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 2
@@ -231,9 +224,6 @@ sn: Bach
 ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 2
 cn: Thomas Bach
 userPassword: user-2-3
-permission: organize
-permission: inet
-permission: program
 
 dn: uid=user-2-4,cn=users,OU=Test,O=TASKANA
 objectclass: inetorgperson
@@ -290,9 +280,6 @@ sn: Meyer
 ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 2
 cn: Wiebke Meyer
 userPassword: user-2-7
-permission: organize
-permission: inet
-permission: manage
 
 dn: uid=user-2-8,cn=users,OU=Test,O=TASKANA
 objectclass: inetorgperson
@@ -378,10 +365,6 @@ sn: Bio
 ou: Organisationseinheit/Organisationseinheit B
 cn: Brunhilde Bio
 userPassword: user-b-2
-permission: organize
-permission: inet
-permission: siegen
-permission: frieden
 
 ########################
 # Users in other cn
@@ -438,16 +421,16 @@ objectclass: top
 # Permissions
 ########################
 
-dn: cn=perm-userleads,cn=permissions,OU=Test,O=TASKANA
+dn: permission=perm-userleads,cn=permissions,OU=Test,O=TASKANA
 uniquemember: uid=user-1-2,cn=users,OU=Test,O=TASKANA
 uniquemember: uid=user-2-1,cn=users,OU=Test,O=TASKANA
-cn: perm-userleads
+permission: perm-userleads
 objectclass: permissionofuniquenames
 objectclass: top
 
-dn: cn=perm-other,cn=permissions,OU=Test,O=TASKANA
+dn: permission=perm-other,cn=permissions,OU=Test,O=TASKANA
 uniquemember: uid=user-1-2,cn=users,OU=Test,O=TASKANA
-cn: perm-other
+permission: perm-other
 objectclass: permissionofuniquenames
 objectclass: top
 

rest/taskana-rest-spring-example-common/src/test/java/pro/taskana/example/ldap/LdapEmptySearchRootsTest.java

@@ -31,8 +31,8 @@ void should_FindPermissionsForUser_When_UserIdIsProvided() throws Exception {
         ldapClient.searchPermissionsAccessIdIsMemberOf("user-1-2");
     assertThat(permissions)
         .extracting(AccessIdRepresentationModel::getAccessId)
-        .containsExactlyInAnyOrder("cn=perm-userleads,cn=permissions,ou=test,o=taskana",
-            "cn=perm-other,cn=permissions,ou=test,o=taskana");
+        .containsExactlyInAnyOrder("permission=perm-userleads,cn=permissions,ou=test,o=taskana",
+            "permission=perm-other,cn=permissions,ou=test,o=taskana");
   }
 
   @Test

rest/taskana-rest-spring-example-common/src/test/java/pro/taskana/example/ldap/LdapTest.java

@@ -27,7 +27,7 @@ void should_FindAllUsersAndGroupAndPermissions_When_SearchWithSubstringOfName()
         .extracting(AccessIdRepresentationModel::getAccessId)
         .containsExactlyInAnyOrder(
             "teamlead-1", "teamlead-2", "cn=ksc-teamleads,cn=groups,ou=test,o=taskana",
-            "cn=perm-userleads,cn=permissions,ou=test,o=taskana");
+            "permission=perm-userleads,cn=permissions,ou=test,o=taskana");
   }
 
   @Test
@@ -55,8 +55,8 @@ void should_FindPermissionsForUser_When_UserIdIsProvided() throws Exception {
         ldapClient.searchPermissionsAccessIdIsMemberOf("user-1-2");
     assertThat(permissions)
         .extracting(AccessIdRepresentationModel::getAccessId)
-        .containsExactlyInAnyOrder("cn=perm-other,cn=permissions,ou=test,o=taskana",
-            "cn=perm-userleads,cn=permissions,ou=test,o=taskana");
+        .containsExactlyInAnyOrder("permission=perm-other,cn=permissions,ou=test,o=taskana",
+            "permission=perm-userleads,cn=permissions,ou=test,o=taskana");
   }
 
   @Test

rest/taskana-rest-spring-example-common/src/test/resources/application.properties

@@ -41,7 +41,7 @@ taskana.ldap.userMemberOfPermissionAttribute=memberOf
 taskana.ldap.permissionSearchBase=cn=permissions
 taskana.ldap.permissionSearchFilterName=objectclass
 taskana.ldap.permissionSearchFilterValue=permissionOfUniqueNames
-taskana.ldap.permissionNameAttribute=cn
+taskana.ldap.permissionNameAttribute=permission
 taskana.ldap.permissionsOfUser=uniquemember
 taskana.ldap.userPermissionsAttribute=permission
 # Embedded Spring LDAP server

rest/taskana-rest-spring-example-wildfly/src/main/resources/application.properties

@@ -27,9 +27,8 @@ taskana.ldap.groupsOfUser=uniquemember
 taskana.ldap.permissionSearchBase=cn=permissions
 taskana.ldap.permissionSearchFilterName=objectclass
 taskana.ldap.permissionSearchFilterValue=permissionOfUniqueNames
-taskana.ldap.permissionNameAttribute=cn
+taskana.ldap.permissionNameAttribute=permission
 taskana.ldap.permissionsOfUser=uniquemember
-taskana.ldap.userMemberOfPermissionAttribute=memberOf
 
 ####### JobScheduler cron expression that specifies when the JobSchedler runs
 taskana.jobscheduler.async.cron=0 * * * * *

rest/taskana-rest-spring-example-wildfly/src/test/resources/application-with-additional-user-config.properties

@@ -34,7 +34,7 @@ taskana.ldap.groupsOfUser=uniquemember
 taskana.ldap.permissionSearchBase=cn=permissions
 taskana.ldap.permissionSearchFilterName=objectclass
 taskana.ldap.permissionSearchFilterValue=permissionOfUniqueNames
-taskana.ldap.permissionNameAttribute=cn
+taskana.ldap.permissionNameAttribute=permission
 taskana.ldap.permissionsOfUser=uniquemember
 taskana.ldap.userMemberOfPermissionAttribute=memberOf
 ####### JobScheduler cron expression that specifies when the JobSchedler runs

rest/taskana-rest-spring-example-wildfly/src/test/resources/application.properties

@@ -32,9 +32,8 @@ taskana.ldap.groupsOfUser=uniquemember
 taskana.ldap.permissionSearchBase=cn=permissions
 taskana.ldap.permissionSearchFilterName=objectclass
 taskana.ldap.permissionSearchFilterValue=permissionOfUniqueNames
-taskana.ldap.permissionNameAttribute=cn
+taskana.ldap.permissionNameAttribute=permission
 taskana.ldap.permissionsOfUser=uniquemember
-taskana.ldap.userMemberOfPermissionAttribute=memberOf
 ####### JobScheduler cron expression that specifies when the JobSchedler runs
 taskana.jobscheduler.async.cron=0 * * * * *
 ####### cache static resources propertiesgit add --

rest/taskana-rest-spring-example-wildfly/src/test/resources/taskana-test.ldif

@@ -138,8 +138,8 @@ objectclass: top
 givenName: Elena
 description: desc
 memberOf: cn=ksc-users,cn=groups,OU=Test,O=TASKANA
-memberOf: cn=perm-userleads,cn=permissions,OU=Test,O=TASKANA
-memberOf: cn=perm-other,cn=permissions,OU=Test,O=TASKANA
+permission: perm-userleads
+permission: perm-other
 memberOf: cn=Organisationseinheit KSC 1,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
 uid: user-1-2
 sn: Eifrig
@@ -189,7 +189,7 @@ givenName: Simone
 description: desc
 memberOf: cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
 memberOf: cn=ksc-users,cn=groups,OU=Test,O=TASKANA
-memberOf: cn=perm-userleads,cn=permissions,OU=Test,O=TASKANA
+permission: perm-userleads
 uid: user-2-1
 sn: Müller
 ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 2
@@ -421,16 +421,16 @@ objectclass: top
 # Permissions
 ########################
 
-dn: cn=perm-userleads,cn=permissions,OU=Test,O=TASKANA
+dn: permission=perm-userleads,cn=permissions,OU=Test,O=TASKANA
 uniquemember: uid=user-1-2,cn=users,OU=Test,O=TASKANA
 uniquemember: uid=user-2-1,cn=users,OU=Test,O=TASKANA
-cn: perm-userleads
+permission: perm-userleads
 objectclass: permissionofuniquenames
 objectclass: top
 
-dn: cn=perm-other,cn=permissions,OU=Test,O=TASKANA
+dn: permission=perm-other,cn=permissions,OU=Test,O=TASKANA
 uniquemember: uid=user-1-2,cn=users,OU=Test,O=TASKANA
-cn: perm-other
+permission: perm-other
 objectclass: permissionofuniquenames
 objectclass: top
 

rest/taskana-rest-spring-test-lib/src/main/resources/taskana-test.ldif

@@ -114,8 +114,6 @@ sn: Toll
 ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 1
 cn: Titus Toll
 userPassword: teamlead-1
-permission: organize
-permission: inet
 
 dn: uid=user-1-1,cn=users,OU=Test,O=TASKANA
 objectclass: inetorgperson
@@ -131,8 +129,6 @@ sn: Mustermann
 ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 1
 cn: Max Mustermann
 userPassword: user-1-1
-permission: organize
-permission: inet
 
 dn: uid=user-1-2,cn=users,OU=Test,O=TASKANA
 objectclass: inetorgperson
@@ -142,17 +138,14 @@ objectclass: top
 givenName: Elena
 description: desc
 memberOf: cn=ksc-users,cn=groups,OU=Test,O=TASKANA
-memberOf: cn=perm-userleads,cn=permissions,OU=Test,O=TASKANA
-memberOf: cn=perm-other,cn=permissions,OU=Test,O=TASKANA
+permission: perm-userleads
+permission: perm-other
 memberOf: cn=Organisationseinheit KSC 1,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
 uid: user-1-2
 sn: Eifrig
 ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 1
 cn: Elena Eifrig
 userPassword: user-1-2
-permission: organize
-permission: inet
-permission: program
 
 dn: uid=user-1-3,cn=users,OU=Test,O=TASKANA
 objectclass: inetorgperson
@@ -196,7 +189,7 @@ givenName: Simone
 description: desc
 memberOf: cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
 memberOf: cn=ksc-users,cn=groups,OU=Test,O=TASKANA
-memberOf: cn=perm-userleads,cn=permissions,OU=Test,O=TASKANA
+permission: perm-userleads
 uid: user-2-1
 sn: Müller
 ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 2
@@ -231,9 +224,6 @@ sn: Bach
 ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 2
 cn: Thomas Bach
 userPassword: user-2-3
-permission: organize
-permission: inet
-permission: program
 
 dn: uid=user-2-4,cn=users,OU=Test,O=TASKANA
 objectclass: inetorgperson
@@ -290,9 +280,6 @@ sn: Meyer
 ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 2
 cn: Wiebke Meyer
 userPassword: user-2-7
-permission: organize
-permission: inet
-permission: manage
 
 dn: uid=user-2-8,cn=users,OU=Test,O=TASKANA
 objectclass: inetorgperson
@@ -378,10 +365,6 @@ sn: Bio
 ou: Organisationseinheit/Organisationseinheit B
 cn: Brunhilde Bio
 userPassword: user-b-2
-permission: organize
-permission: inet
-permission: siegen
-permission: frieden
 
 ########################
 # Users in other cn
@@ -438,16 +421,16 @@ objectclass: top
 # Permissions
 ########################
 
-dn: cn=perm-userleads,cn=permissions,OU=Test,O=TASKANA
+dn: permission=perm-userleads,cn=permissions,OU=Test,O=TASKANA
 uniquemember: uid=user-1-2,cn=users,OU=Test,O=TASKANA
 uniquemember: uid=user-2-1,cn=users,OU=Test,O=TASKANA
-cn: perm-userleads
+permission: perm-userleads
 objectclass: permissionofuniquenames
 objectclass: top
 
-dn: cn=perm-other,cn=permissions,OU=Test,O=TASKANA
+dn: permission=perm-other,cn=permissions,OU=Test,O=TASKANA
 uniquemember: uid=user-1-2,cn=users,OU=Test,O=TASKANA
-cn: perm-other
+permission: perm-other
 objectclass: permissionofuniquenames
 objectclass: top