From 23a1a42739516a120ac54581432e0f4aafc0b81d Mon Sep 17 00:00:00 2001 From: Elena Mokeeva Date: Tue, 16 May 2023 14:50:11 +0200 Subject: [PATCH 1/7] Closes #2240 - write update scripts for adding READTASKS --- .../db2/taskana_schema_update_5.10.0_to_6.2.0_db2.sql | 9 +++++++++ .../sql/h2/taskana_schema_update_5.10.0_to_6.2.0_h2.sql | 9 +++++++++ .../taskana_schema_update_5.10.0_to_6.2.0_oracle.sql | 9 +++++++++ .../taskana_schema_update_5.10.0_to_6.2.0_postgres.sql | 9 +++++++++ 4 files changed, 36 insertions(+) create mode 100644 common/taskana-common/src/main/resources/sql/db2/taskana_schema_update_5.10.0_to_6.2.0_db2.sql create mode 100644 common/taskana-common/src/main/resources/sql/h2/taskana_schema_update_5.10.0_to_6.2.0_h2.sql create mode 100644 common/taskana-common/src/main/resources/sql/oracle/taskana_schema_update_5.10.0_to_6.2.0_oracle.sql create mode 100644 common/taskana-common/src/main/resources/sql/postgres/taskana_schema_update_5.10.0_to_6.2.0_postgres.sql diff --git a/common/taskana-common/src/main/resources/sql/db2/taskana_schema_update_5.10.0_to_6.2.0_db2.sql b/common/taskana-common/src/main/resources/sql/db2/taskana_schema_update_5.10.0_to_6.2.0_db2.sql new file mode 100644 index 0000000000..cca775475e --- /dev/null +++ b/common/taskana-common/src/main/resources/sql/db2/taskana_schema_update_5.10.0_to_6.2.0_db2.sql @@ -0,0 +1,9 @@ +-- this script updates the TASKANA database schema from version 5.10.0 to version 6.2.0. +SET SCHEMA %schemaName%; + +INSERT INTO TASKANA_SCHEMA_VERSION (ID, VERSION, CREATED) +VALUES (TASKANA_SCHEMA_VERSION_ID_SEQ.NEXTVAL, '6.2.0', CURRENT_TIMESTAMP); + +ALTER TABLE WORKBASKET_ACCESS_LIST ADD COLUMN PERM_READTASKS SMALLINT NOT NULL DEFAULT 0; + +UPDATE WORKBASKET_ACCESS_LIST SET PERM_READTASKS=PERM_READ; diff --git a/common/taskana-common/src/main/resources/sql/h2/taskana_schema_update_5.10.0_to_6.2.0_h2.sql b/common/taskana-common/src/main/resources/sql/h2/taskana_schema_update_5.10.0_to_6.2.0_h2.sql new file mode 100644 index 0000000000..3726b25de3 --- /dev/null +++ b/common/taskana-common/src/main/resources/sql/h2/taskana_schema_update_5.10.0_to_6.2.0_h2.sql @@ -0,0 +1,9 @@ +-- this script updates the TASKANA database schema from version 5.10.0 to version 6.2.0. +SET SCHEMA %schemaName%; + +INSERT INTO TASKANA_SCHEMA_VERSION (ID, VERSION, CREATED) +VALUES (nextval('TASKANA_SCHEMA_VERSION_ID_SEQ'), '6.2.0', CURRENT_TIMESTAMP); + +ALTER TABLE WORKBASKET_ACCESS_LIST ADD COLUMN PERM_READTASKS SMALLINT NOT NULL DEFAULT 0; + +UPDATE WORKBASKET_ACCESS_LIST SET PERM_READTASKS=PERM_READ; \ No newline at end of file diff --git a/common/taskana-common/src/main/resources/sql/oracle/taskana_schema_update_5.10.0_to_6.2.0_oracle.sql b/common/taskana-common/src/main/resources/sql/oracle/taskana_schema_update_5.10.0_to_6.2.0_oracle.sql new file mode 100644 index 0000000000..77b2a929ee --- /dev/null +++ b/common/taskana-common/src/main/resources/sql/oracle/taskana_schema_update_5.10.0_to_6.2.0_oracle.sql @@ -0,0 +1,9 @@ +-- this script updates the TASKANA database schema from version 5.10.0 to version 6.2.0. +ALTER SESSION SET CURRENT_SCHEMA = %schemaName%; + +INSERT INTO TASKANA_SCHEMA_VERSION (ID, VERSION, CREATED) +VALUES (TASKANA_SCHEMA_VERSION_ID_SEQ.NEXTVAL, '6.2.0', CURRENT_TIMESTAMP); + +ALTER TABLE WORKBASKET_ACCESS_LIST ADD PERM_READTASKS NUMBER(1) DEFAULT 0 NOT NULL CHECK (PERM_READTASKS IN (0,1)); + +UPDATE WORKBASKET_ACCESS_LIST SET PERM_READTASKS=PERM_READ; diff --git a/common/taskana-common/src/main/resources/sql/postgres/taskana_schema_update_5.10.0_to_6.2.0_postgres.sql b/common/taskana-common/src/main/resources/sql/postgres/taskana_schema_update_5.10.0_to_6.2.0_postgres.sql new file mode 100644 index 0000000000..3b2b611e31 --- /dev/null +++ b/common/taskana-common/src/main/resources/sql/postgres/taskana_schema_update_5.10.0_to_6.2.0_postgres.sql @@ -0,0 +1,9 @@ +-- this script updates the TASKANA database schema from version 5.10.0 to version 6.2.0. +SET search_path = %schemaName%; + +INSERT INTO TASKANA_SCHEMA_VERSION (ID, VERSION, CREATED) +VALUES (nextval('TASKANA_SCHEMA_VERSION_ID_SEQ'), '6.2.0', CURRENT_TIMESTAMP); + +ALTER TABLE WORKBASKET_ACCESS_LIST ADD COLUMN PERM_READTASKS BOOLEAN NOT NULL DEFAULT FALSE; + +UPDATE WORKBASKET_ACCESS_LIST SET PERM_READTASKS=PERM_READ; From 105bca5dbddde6f6f265de92b02bd78996a711ed Mon Sep 17 00:00:00 2001 From: jamesrdi Date: Fri, 26 May 2023 13:39:36 +0200 Subject: [PATCH 2/7] Closes #2273 - write update scripts for adding EDITTASKS --- .../sql/db2/taskana_schema_update_5.10.0_to_6.2.0_db2.sql | 4 ++++ .../sql/h2/taskana_schema_update_5.10.0_to_6.2.0_h2.sql | 6 +++++- .../oracle/taskana_schema_update_5.10.0_to_6.2.0_oracle.sql | 4 ++++ .../taskana_schema_update_5.10.0_to_6.2.0_postgres.sql | 4 ++++ 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/common/taskana-common/src/main/resources/sql/db2/taskana_schema_update_5.10.0_to_6.2.0_db2.sql b/common/taskana-common/src/main/resources/sql/db2/taskana_schema_update_5.10.0_to_6.2.0_db2.sql index cca775475e..2b3169c155 100644 --- a/common/taskana-common/src/main/resources/sql/db2/taskana_schema_update_5.10.0_to_6.2.0_db2.sql +++ b/common/taskana-common/src/main/resources/sql/db2/taskana_schema_update_5.10.0_to_6.2.0_db2.sql @@ -7,3 +7,7 @@ VALUES (TASKANA_SCHEMA_VERSION_ID_SEQ.NEXTVAL, '6.2.0', CURRENT_TIMESTAMP); ALTER TABLE WORKBASKET_ACCESS_LIST ADD COLUMN PERM_READTASKS SMALLINT NOT NULL DEFAULT 0; UPDATE WORKBASKET_ACCESS_LIST SET PERM_READTASKS=PERM_READ; + +ALTER TABLE WORKBASKET_ACCESS_LIST ADD COLUMN PERM_EDITTASKS SMALLINT NOT NULL DEFAULT 0; + +UPDATE WORKBASKET_ACCESS_LIST SET PERM_EDITTASKS=PERM_READ; diff --git a/common/taskana-common/src/main/resources/sql/h2/taskana_schema_update_5.10.0_to_6.2.0_h2.sql b/common/taskana-common/src/main/resources/sql/h2/taskana_schema_update_5.10.0_to_6.2.0_h2.sql index 3726b25de3..42d6bae9be 100644 --- a/common/taskana-common/src/main/resources/sql/h2/taskana_schema_update_5.10.0_to_6.2.0_h2.sql +++ b/common/taskana-common/src/main/resources/sql/h2/taskana_schema_update_5.10.0_to_6.2.0_h2.sql @@ -6,4 +6,8 @@ VALUES (nextval('TASKANA_SCHEMA_VERSION_ID_SEQ'), '6.2.0', CURRENT_TIMESTAMP); ALTER TABLE WORKBASKET_ACCESS_LIST ADD COLUMN PERM_READTASKS SMALLINT NOT NULL DEFAULT 0; -UPDATE WORKBASKET_ACCESS_LIST SET PERM_READTASKS=PERM_READ; \ No newline at end of file +UPDATE WORKBASKET_ACCESS_LIST SET PERM_READTASKS=PERM_READ; + +ALTER TABLE WORKBASKET_ACCESS_LIST ADD COLUMN PERM_EDITTASKS SMALLINT NOT NULL DEFAULT 0; + +UPDATE WORKBASKET_ACCESS_LIST SET PERM_EDITTASKS=PERM_READ; diff --git a/common/taskana-common/src/main/resources/sql/oracle/taskana_schema_update_5.10.0_to_6.2.0_oracle.sql b/common/taskana-common/src/main/resources/sql/oracle/taskana_schema_update_5.10.0_to_6.2.0_oracle.sql index 77b2a929ee..08499cdaeb 100644 --- a/common/taskana-common/src/main/resources/sql/oracle/taskana_schema_update_5.10.0_to_6.2.0_oracle.sql +++ b/common/taskana-common/src/main/resources/sql/oracle/taskana_schema_update_5.10.0_to_6.2.0_oracle.sql @@ -7,3 +7,7 @@ VALUES (TASKANA_SCHEMA_VERSION_ID_SEQ.NEXTVAL, '6.2.0', CURRENT_TIMESTAMP); ALTER TABLE WORKBASKET_ACCESS_LIST ADD PERM_READTASKS NUMBER(1) DEFAULT 0 NOT NULL CHECK (PERM_READTASKS IN (0,1)); UPDATE WORKBASKET_ACCESS_LIST SET PERM_READTASKS=PERM_READ; + +ALTER TABLE WORKBASKET_ACCESS_LIST ADD PERM_EDITTASKS NUMBER(1) DEFAULT 0 NOT NULL CHECK (PERM_EDITTASKS IN (0,1)); + +UPDATE WORKBASKET_ACCESS_LIST SET PERM_EDITTASKS=PERM_READ; diff --git a/common/taskana-common/src/main/resources/sql/postgres/taskana_schema_update_5.10.0_to_6.2.0_postgres.sql b/common/taskana-common/src/main/resources/sql/postgres/taskana_schema_update_5.10.0_to_6.2.0_postgres.sql index 3b2b611e31..9f3af8c84b 100644 --- a/common/taskana-common/src/main/resources/sql/postgres/taskana_schema_update_5.10.0_to_6.2.0_postgres.sql +++ b/common/taskana-common/src/main/resources/sql/postgres/taskana_schema_update_5.10.0_to_6.2.0_postgres.sql @@ -7,3 +7,7 @@ VALUES (nextval('TASKANA_SCHEMA_VERSION_ID_SEQ'), '6.2.0', CURRENT_TIMESTAMP); ALTER TABLE WORKBASKET_ACCESS_LIST ADD COLUMN PERM_READTASKS BOOLEAN NOT NULL DEFAULT FALSE; UPDATE WORKBASKET_ACCESS_LIST SET PERM_READTASKS=PERM_READ; + +ALTER TABLE WORKBASKET_ACCESS_LIST ADD COLUMN PERM_EDITTASKS BOOLEAN NOT NULL DEFAULT FALSE; + +UPDATE WORKBASKET_ACCESS_LIST SET PERM_EDITTASKS=PERM_READ; From 11233d3d393387b9192f6cd284365ea3989f032d Mon Sep 17 00:00:00 2001 From: jamesrdi Date: Tue, 30 May 2023 17:12:00 +0200 Subject: [PATCH 3/7] Closes #2283 - Extend models and data for READTASKS AND EDITTASKS --- .../sample-data/workbasket-access-list.sql | 102 +++++++++--------- .../sql/test-data/workbasket-access-list.sql | 80 +++++++------- .../resources/sql/db2/taskana-schema-db2.sql | 4 +- .../resources/sql/h2/taskana-schema-h2.sql | 4 +- .../sql/oracle/taskana-schema-oracle.sql | 4 +- .../sql/postgres/taskana-schema-postgres.sql | 4 +- .../workbasket/api/WorkbasketPermission.java | 2 + .../internal/WorkbasketAccessMapper.java | 10 ++ .../internal/WorkbasketAccessSqlProvider.java | 2 + .../models/WorkbasketAccessItemImpl.java | 38 +++++++ 10 files changed, 155 insertions(+), 95 deletions(-) diff --git a/common/taskana-common-data/src/main/resources/sql/sample-data/workbasket-access-list.sql b/common/taskana-common-data/src/main/resources/sql/sample-data/workbasket-access-list.sql index 1e3a3182c4..3c173fdbae 100644 --- a/common/taskana-common-data/src/main/resources/sql/sample-data/workbasket-access-list.sql +++ b/common/taskana-common-data/src/main/resources/sql/sample-data/workbasket-access-list.sql @@ -1,66 +1,66 @@ -- sample-data is used for rest tests and for the example application ---SERT INTO WORKBASKET_ACCESS_LIST VALUES (ID , WB_ID , ACCESS_ID , ACCESS_NAME , READ , OPEN , APPEND, TRANSFER, DISTRIBUTE, C1 , C2 , C3 , C4 , C5 , C6 , C7 , C8 , C9 , C10 , C11 , C12 ) +--SERT INTO WORKBASKET_ACCESS_LIST VALUES (ID , WB_ID , ACCESS_ID , ACCESS_NAME , READ , OPEN , APPEND, TRANSFER, DISTRIBUTE, C1 , C2 , C3 , C4 , C5 , C6 , C7 , C8 , C9 , C10 , C11 , C12 , READTASKS, EDITTASKS) -- KSC authorizations -- PPKs -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000001', 'WBI:100000000000000000000000000000000004', 'teamlead-1' , 'Titus Toll' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000002', 'WBI:100000000000000000000000000000000005', 'teamlead-2' , 'Frauke Faul' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000003', 'WBI:100000000000000000000000000000000006', 'user-1-1' , 'Max Mustermann' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000004', 'WBI:100000000000000000000000000000000007', 'user-1-2' , 'Elena Eifrig' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000005', 'WBI:100000000000000000000000000000000008', 'user-2-1' , 'Simone Müller' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000006', 'WBI:100000000000000000000000000000000009', 'user-2-2' , 'Tim Schläfrig' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016201', 'WBI:100000000000000000000000000000000016', 'user-2-1' , 'Simone Müller' , true , true , true , true , true , true , false , false , false , false , false , false , false , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016202', 'WBI:100000000000000000000000000000000016', 'user-2-2' , 'Tim Schläfrig' , true , true , true , true , true , false , true , false , false , false , false , false , false , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016203', 'WBI:100000000000000000000000000000000016', 'user-2-3' , 'Thomas Bach' , true , true , true , true , true , false , false , true , false , false , false , false , false , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016204', 'WBI:100000000000000000000000000000000016', 'user-2-4' , 'Rolf Wieland' , true , true , true , true , true , false , false , false , true , false , false , false , false , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016205', 'WBI:100000000000000000000000000000000016', 'user-2-5' , 'Heike Schmidt' , true , true , true , true , true , false , false , false , false , true , false , false , false , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016206', 'WBI:100000000000000000000000000000000016', 'user-2-6' , 'Kurt Maier' , true , true , true , true , true , false , false , false , false , false , true , false , false , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016207', 'WBI:100000000000000000000000000000000016', 'user-2-7' , 'Wiebke Meyer' , true , true , true , true , true , false , false , false , false , false , false , true , false , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016208', 'WBI:100000000000000000000000000000000016', 'user-2-8' , 'Jana Heeg' , true , true , true , true , true , false , false , false , false , false , false , false , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016209', 'WBI:100000000000000000000000000000000016', 'user-2-9' , 'Nathalie Fuchs' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016210', 'WBI:100000000000000000000000000000000016', 'user-2-10' , 'Johannes Renz' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:B00000000000000000000000000000000014', 'WBI:100000000000000000000000000000000014', 'user-b-1' , 'Bernd Bern' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:B00000000000000000000000000000000015', 'WBI:100000000000000000000000000000000015', 'user-b-2' , 'Brundhilde Bio' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000001', 'WBI:100000000000000000000000000000000004', 'teamlead-1' , 'Titus Toll' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000002', 'WBI:100000000000000000000000000000000005', 'teamlead-2' , 'Frauke Faul' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000003', 'WBI:100000000000000000000000000000000006', 'user-1-1' , 'Max Mustermann' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000004', 'WBI:100000000000000000000000000000000007', 'user-1-2' , 'Elena Eifrig' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000005', 'WBI:100000000000000000000000000000000008', 'user-2-1' , 'Simone Müller' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000006', 'WBI:100000000000000000000000000000000009', 'user-2-2' , 'Tim Schläfrig' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016201', 'WBI:100000000000000000000000000000000016', 'user-2-1' , 'Simone Müller' , true , true , true , true , true , true , false , false , false , false , false , false , false , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016202', 'WBI:100000000000000000000000000000000016', 'user-2-2' , 'Tim Schläfrig' , true , true , true , true , true , false , true , false , false , false , false , false , false , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016203', 'WBI:100000000000000000000000000000000016', 'user-2-3' , 'Thomas Bach' , true , true , true , true , true , false , false , true , false , false , false , false , false , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016204', 'WBI:100000000000000000000000000000000016', 'user-2-4' , 'Rolf Wieland' , true , true , true , true , true , false , false , false , true , false , false , false , false , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016205', 'WBI:100000000000000000000000000000000016', 'user-2-5' , 'Heike Schmidt' , true , true , true , true , true , false , false , false , false , true , false , false , false , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016206', 'WBI:100000000000000000000000000000000016', 'user-2-6' , 'Kurt Maier' , true , true , true , true , true , false , false , false , false , false , true , false , false , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016207', 'WBI:100000000000000000000000000000000016', 'user-2-7' , 'Wiebke Meyer' , true , true , true , true , true , false , false , false , false , false , false , true , false , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016208', 'WBI:100000000000000000000000000000000016', 'user-2-8' , 'Jana Heeg' , true , true , true , true , true , false , false , false , false , false , false , false , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016209', 'WBI:100000000000000000000000000000000016', 'user-2-9' , 'Nathalie Fuchs' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000016210', 'WBI:100000000000000000000000000000000016', 'user-2-10' , 'Johannes Renz' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:B00000000000000000000000000000000014', 'WBI:100000000000000000000000000000000014', 'user-b-1' , 'Bernd Bern' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:B00000000000000000000000000000000015', 'WBI:100000000000000000000000000000000015', 'user-b-2' , 'Brundhilde Bio' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -- group internal access -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000007', 'WBI:100000000000000000000000000000000004', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 1', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000008', 'WBI:100000000000000000000000000000000005', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000009', 'WBI:100000000000000000000000000000000006', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 1', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000010', 'WBI:100000000000000000000000000000000007', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 1', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000011', 'WBI:100000000000000000000000000000000008', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000012', 'WBI:100000000000000000000000000000000009', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000007', 'WBI:100000000000000000000000000000000004', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 1', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ,true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000008', 'WBI:100000000000000000000000000000000005', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ,true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000009', 'WBI:100000000000000000000000000000000006', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 1', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ,true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000010', 'WBI:100000000000000000000000000000000007', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 1', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ,true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000011', 'WBI:100000000000000000000000000000000008', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ,true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000012', 'WBI:100000000000000000000000000000000009', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ,true , true); -- teamlead substitution -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000013', 'WBI:100000000000000000000000000000000004', 'teamlead-2' , 'Frauke Faul' , true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000014', 'WBI:100000000000000000000000000000000005', 'teamlead-1' , 'Titus Toll' , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false , false ); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000013', 'WBI:100000000000000000000000000000000004', 'teamlead-2' , 'Frauke Faul' , true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ,true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000014', 'WBI:100000000000000000000000000000000005', 'teamlead-1' , 'Titus Toll' , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false , false ,true , true); -- cross team tranfers -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000015', 'WBI:100000000000000000000000000000000006', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , false, true , false , false , false , false , false , false , false , false , false , false , false , false , false , false ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000016', 'WBI:100000000000000000000000000000000007', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , false, true , false , false , false , false , false , false , false , false , false , false , false , false , false , false ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000017', 'WBI:100000000000000000000000000000000008', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 1', true , false, false , false , false , false , false , false , false , false , false , false , false , false , false , false , false ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000018', 'WBI:100000000000000000000000000000000009', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 1', true , false, true , false , false , false , false , false , false , false , false , false , false , false , false , false , false ); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000015', 'WBI:100000000000000000000000000000000006', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , false, true , false , false , false , false , false , false , false , false , false , false , false , false , false , false ,true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000016', 'WBI:100000000000000000000000000000000007', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , false, true , false , false , false , false , false , false , false , false , false , false , false , false , false , false ,true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000017', 'WBI:100000000000000000000000000000000008', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 1', true , false, false , false , false , false , false , false , false , false , false , false , false , false , false , false , false ,true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000018', 'WBI:100000000000000000000000000000000009', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 1', true , false, true , false , false , false , false , false , false , false , false , false , false , false , false , false , false ,true , true); ---SERT INTO WORKBASKET_ACCESS_LIST VALUES (ID , WB_ID , ACCESS_ID , ACCESS_NAME , READ , OPEN , APPEND, TRANSFER, DISTRIBUTE, C1 , C2 , C3 , C4 , C5 , C6 , C7 , C8 , C9 , C10 , C11 , C12 ) +--SERT INTO WORKBASKET_ACCESS_LIST VALUES (ID , WB_ID , ACCESS_ID , ACCESS_NAME , READ , OPEN , APPEND, TRANSFER, DISTRIBUTE, C1 , C2 , C3 , C4 , C5 , C6 , C7 , C8 , C9 , C10 , C11 , C12 ,READTASKS, EDITTASKS) -- Team GPK access -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000019', 'WBI:100000000000000000000000000000000002', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 1', true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000020', 'WBI:100000000000000000000000000000000003', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000019', 'WBI:100000000000000000000000000000000002', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 1', true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000020', 'WBI:100000000000000000000000000000000003', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -- Cross team GPK access -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000021', 'WBI:100000000000000000000000000000000001', 'teamlead-1' , 'Titus Toll' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000022', 'WBI:100000000000000000000000000000000001', 'teamlead-2' , 'Frauke Faul' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000021', 'WBI:100000000000000000000000000000000001', 'teamlead-1' , 'Titus Toll' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000022', 'WBI:100000000000000000000000000000000001', 'teamlead-2' , 'Frauke Faul' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -- TPK access -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000123', 'WBI:100000000000000000000000000000000010', 'teamlead-1' , 'Titus Toll' , true , false, false , false , false , false , false , false , false , false , false , false , false , false , false , false , false ); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000123', 'WBI:100000000000000000000000000000000010', 'teamlead-1' , 'Titus Toll' , true , false, false , false , false , false , false , false , false , false , false , false , false , false , false , false , false, true , true); -- Access to other domains -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000023', 'WBI:100000000000000000000000000000000012', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 1', true , false, true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000024', 'WBI:100000000000000000000000000000000013', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , false, true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000025', 'WBI:100000000000000000000000000000000014', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000026', 'WBI:100000000000000000000000000000000015', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false ); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000023', 'WBI:100000000000000000000000000000000012', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 1', true , false, true , true , false , false , false , false , false , false , false , false , false , false , false , false , false, true , true ); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000024', 'WBI:100000000000000000000000000000000013', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , false, true , true , false , false , false , false , false , false , false , false , false , false , false , false , false, true , true ); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000025', 'WBI:100000000000000000000000000000000014', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false, true , true ); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000026', 'WBI:100000000000000000000000000000000015', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'Organisationseinheit KSC 2', true , true , true , true , false , false , false , false , false , false , false , false , false , false , false , false , false, true , true ); -- Access to workbaskets for sorting test -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000900', 'WBI:000000000000000000000000000000000900', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000901', 'WBI:000000000000000000000000000000000901', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000902', 'WBI:000000000000000000000000000000000902', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000903', 'WBI:000000000000000000000000000000000903', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000904', 'WBI:000000000000000000000000000000000904', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000905', 'WBI:000000000000000000000000000000000905', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000906', 'WBI:000000000000000000000000000000000906', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000907', 'WBI:000000000000000000000000000000000907', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000908', 'WBI:000000000000000000000000000000000908', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000909', 'WBI:000000000000000000000000000000000909', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000900', 'WBI:000000000000000000000000000000000900', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true ); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000901', 'WBI:000000000000000000000000000000000901', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000902', 'WBI:000000000000000000000000000000000902', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000903', 'WBI:000000000000000000000000000000000903', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000904', 'WBI:000000000000000000000000000000000904', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000905', 'WBI:000000000000000000000000000000000905', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000906', 'WBI:000000000000000000000000000000000906', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000907', 'WBI:000000000000000000000000000000000907', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000908', 'WBI:000000000000000000000000000000000908', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000909', 'WBI:000000000000000000000000000000000909', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); diff --git a/common/taskana-common-data/src/main/resources/sql/test-data/workbasket-access-list.sql b/common/taskana-common-data/src/main/resources/sql/test-data/workbasket-access-list.sql index ee47dcdf85..6a3f8edf91 100644 --- a/common/taskana-common-data/src/main/resources/sql/test-data/workbasket-access-list.sql +++ b/common/taskana-common-data/src/main/resources/sql/test-data/workbasket-access-list.sql @@ -1,53 +1,53 @@ -- test-data is used for all tests except for the rest tests --- KSC authorizations (ID , WB_ID , ACCESS_ID , ACCESS_NAME , READ , OPEN , APPEND, TRANSFER, DISTRIBUTE, C1 , C2 , C3 , C4 , C5 , C6 , C7 , C8 , C9 , C10 , C11 , C12) +-- KSC authorizations (ID , WB_ID , ACCESS_ID , ACCESS_NAME , READ , OPEN , APPEND, TRANSFER, DISTRIBUTE, C1 , C2 , C3 , C4 , C5 , C6 , C7 , C8 , C9 , C10 , C11 , C12 ,READTASKS, EDITTASKS) -- PPKs -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000001', 'WBI:100000000000000000000000000000000004', 'teamlead-1' , 'Titus Toll' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000002', 'WBI:100000000000000000000000000000000005', 'teamlead-2' , 'Frauke Faul' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000003', 'WBI:100000000000000000000000000000000006', 'user-1-1' , 'Max Mustermann' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000004', 'WBI:100000000000000000000000000000000007', 'user-1-2' , 'Elena Eifrig' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000005', 'WBI:100000000000000000000000000000000008', 'user-2-1' , 'Simone Müller' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000006', 'WBI:100000000000000000000000000000000009', 'user-2-2' , 'Tim Schläfrig' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:B00000000000000000000000000000000014', 'WBI:100000000000000000000000000000000014', 'user-b-1' , 'Bernd Bern' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:B00000000000000000000000000000000015', 'WBI:100000000000000000000000000000000015', 'user-b-2' , 'Brundhilde Bio' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000001', 'WBI:100000000000000000000000000000000004', 'teamlead-1' , 'Titus Toll' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000002', 'WBI:100000000000000000000000000000000005', 'teamlead-2' , 'Frauke Faul' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000003', 'WBI:100000000000000000000000000000000006', 'user-1-1' , 'Max Mustermann' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000004', 'WBI:100000000000000000000000000000000007', 'user-1-2' , 'Elena Eifrig' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000005', 'WBI:100000000000000000000000000000000008', 'user-2-1' , 'Simone Müller' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000006', 'WBI:100000000000000000000000000000000009', 'user-2-2' , 'Tim Schläfrig' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:B00000000000000000000000000000000014', 'WBI:100000000000000000000000000000000014', 'user-b-1' , 'Bernd Bern' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:B00000000000000000000000000000000015', 'WBI:100000000000000000000000000000000015', 'user-b-2' , 'Brundhilde Bio' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -- group internal access -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000007', 'WBI:100000000000000000000000000000000004', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 1' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000008', 'WBI:100000000000000000000000000000000005', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000009', 'WBI:100000000000000000000000000000000006', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 1' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000010', 'WBI:100000000000000000000000000000000007', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 1' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000011', 'WBI:100000000000000000000000000000000008', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000012', 'WBI:100000000000000000000000000000000009', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000007', 'WBI:100000000000000000000000000000000004', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 1' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000008', 'WBI:100000000000000000000000000000000005', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000009', 'WBI:100000000000000000000000000000000006', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 1' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000010', 'WBI:100000000000000000000000000000000007', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 1' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000011', 'WBI:100000000000000000000000000000000008', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000012', 'WBI:100000000000000000000000000000000009', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); -- teamlead substitution -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000013', 'WBI:100000000000000000000000000000000004', 'teamlead-2' , 'Frauke Faul' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000014', 'WBI:100000000000000000000000000000000005', 'teamlead-1' , 'Titus Toll' , true , true , true , false , false , false, false, false, false, false, false, false, false, false, false, false, false); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000013', 'WBI:100000000000000000000000000000000004', 'teamlead-2' , 'Frauke Faul' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000014', 'WBI:100000000000000000000000000000000005', 'teamlead-1' , 'Titus Toll' , true , true , true , false , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); -- cross team tranfers -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000015', 'WBI:100000000000000000000000000000000006', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , false, true , false , false , false, false, false, false, false, false, false, false, false, false, false, false); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000016', 'WBI:100000000000000000000000000000000007', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , false, true , false , false , false, false, false, false, false, false, false, false, false, false, false, false); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000017', 'WBI:100000000000000000000000000000000008', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 1' , true , false, false , false , false , false, false, false, false, false, false, false, false, false, false, false, false); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000018', 'WBI:100000000000000000000000000000000009', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 1' , true , false, true , false , false , false, false, false, false, false, false, false, false, false, false, false, false); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000015', 'WBI:100000000000000000000000000000000006', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , false, true , false , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000016', 'WBI:100000000000000000000000000000000007', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , false, true , false , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000017', 'WBI:100000000000000000000000000000000008', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 1' , true , false, false , false , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000018', 'WBI:100000000000000000000000000000000009', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 1' , true , false, true , false , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); -- Team GPK access -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000019', 'WBI:100000000000000000000000000000000002', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 1' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000020', 'WBI:100000000000000000000000000000000003', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000019', 'WBI:100000000000000000000000000000000002', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 1' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000020', 'WBI:100000000000000000000000000000000003', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -- Cross team GPK access -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000021', 'WBI:100000000000000000000000000000000001', 'teamlead-1' , 'Titus Toll' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000022', 'WBI:100000000000000000000000000000000001', 'teamlead-2' , 'Frauke Faul' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000021', 'WBI:100000000000000000000000000000000001', 'teamlead-1' , 'Titus Toll' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000022', 'WBI:100000000000000000000000000000000001', 'teamlead-2' , 'Frauke Faul' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -- TPK access -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000123', 'WBI:100000000000000000000000000000000010', 'teamlead-1' , 'Titus Toll' , true , false, false , false , false , false, false, false, false, false, false, false, false, false, false, false, false); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000123', 'WBI:100000000000000000000000000000000010', 'teamlead-1' , 'Titus Toll' , true , false, false , false , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); -- Access to other domains -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000023', 'WBI:100000000000000000000000000000000012', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 1' , true , false, true , true , false , false, false, false, false, false, false, false, false, false, false, false, false); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000024', 'WBI:100000000000000000000000000000000013', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , false, true , true , false , false, false, false, false, false, false, false, false, false, false, false, false); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000025', 'WBI:100000000000000000000000000000000014', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000026', 'WBI:100000000000000000000000000000000015', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000023', 'WBI:100000000000000000000000000000000012', 'cn=organisationseinheit ksc 1,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 1' , true , false, true , true , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000024', 'WBI:100000000000000000000000000000000013', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , false, true , true , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000025', 'WBI:100000000000000000000000000000000014', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WAI:100000000000000000000000000000000026', 'WBI:100000000000000000000000000000000015', 'cn=organisationseinheit ksc 2,cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana', 'KSC 2' , true , true , true , true , false , false, false, false, false, false, false, false, false, false, false, false, false, true , true); -- Access to workbaskets for sorting test -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000900', 'WBI:000000000000000000000000000000000900', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000901', 'WBI:000000000000000000000000000000000901', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000902', 'WBI:000000000000000000000000000000000902', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000903', 'WBI:000000000000000000000000000000000903', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000904', 'WBI:000000000000000000000000000000000904', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000905', 'WBI:000000000000000000000000000000000905', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000906', 'WBI:000000000000000000000000000000000906', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000907', 'WBI:000000000000000000000000000000000907', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000908', 'WBI:000000000000000000000000000000000908', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); -INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000909', 'WBI:000000000000000000000000000000000909', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000900', 'WBI:000000000000000000000000000000000900', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000901', 'WBI:000000000000000000000000000000000901', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000902', 'WBI:000000000000000000000000000000000902', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000903', 'WBI:000000000000000000000000000000000903', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000904', 'WBI:000000000000000000000000000000000904', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000905', 'WBI:000000000000000000000000000000000905', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000906', 'WBI:000000000000000000000000000000000906', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000907', 'WBI:000000000000000000000000000000000907', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000908', 'WBI:000000000000000000000000000000000908', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); +INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('WBI:000000000000000000000000000000000909', 'WBI:000000000000000000000000000000000909', 'user-b-1' , 'Bern, Bernd' , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true , true); diff --git a/common/taskana-common/src/main/resources/sql/db2/taskana-schema-db2.sql b/common/taskana-common/src/main/resources/sql/db2/taskana-schema-db2.sql index 98425dbd8c..61b2069f37 100644 --- a/common/taskana-common/src/main/resources/sql/db2/taskana-schema-db2.sql +++ b/common/taskana-common/src/main/resources/sql/db2/taskana-schema-db2.sql @@ -167,6 +167,8 @@ CREATE TABLE WORKBASKET_ACCESS_LIST PERM_CUSTOM_10 SMALLINT NOT NULL, PERM_CUSTOM_11 SMALLINT NOT NULL, PERM_CUSTOM_12 SMALLINT NOT NULL, + PERM_READTASKS SMALLINT NOT NULL, + PERM_EDITTASKS SMALLINT NOT NULL, PRIMARY KEY (ID), CONSTRAINT UC_ACCESSID_WBID UNIQUE (ACCESS_ID, WORKBASKET_ID), CONSTRAINT ACCESS_LIST_WB FOREIGN KEY (WORKBASKET_ID) REFERENCES WORKBASKET ON DELETE CASCADE @@ -446,4 +448,4 @@ COMMIT WORK ; CREATE INDEX IDX_OBJECT_REFERE_ACCESS_LIST ON OBJECT_REFERENCE (VALUE ASC, TYPE ASC, SYSTEM_INSTANCE ASC, SYSTEM ASC, COMPANY ASC, ID ASC) ALLOW REVERSE SCANS COLLECT SAMPLED DETAILED STATISTICS; -COMMIT WORK ; \ No newline at end of file +COMMIT WORK ; diff --git a/common/taskana-common/src/main/resources/sql/h2/taskana-schema-h2.sql b/common/taskana-common/src/main/resources/sql/h2/taskana-schema-h2.sql index a447f2e220..0402ec4a34 100644 --- a/common/taskana-common/src/main/resources/sql/h2/taskana-schema-h2.sql +++ b/common/taskana-common/src/main/resources/sql/h2/taskana-schema-h2.sql @@ -174,6 +174,8 @@ CREATE TABLE WORKBASKET_ACCESS_LIST PERM_CUSTOM_10 SMALLINT NOT NULL, PERM_CUSTOM_11 SMALLINT NOT NULL, PERM_CUSTOM_12 SMALLINT NOT NULL, + PERM_READTASKS SMALLINT NOT NULL, + PERM_EDITTASKS SMALLINT NOT NULL, PRIMARY KEY (ID), CONSTRAINT UC_ACCESSID_WBID UNIQUE (ACCESS_ID, WORKBASKET_ID), CONSTRAINT ACCESS_LIST_WB FOREIGN KEY (WORKBASKET_ID) REFERENCES WORKBASKET ON DELETE CASCADE @@ -445,4 +447,4 @@ CREATE INDEX IDX_OBJECT_REFERE_FK_TASK_ID ON OBJECT_REFERENCE COMMIT WORK ; CREATE INDEX IDX_OBJECT_REFERE_ACCESS_LIST ON OBJECT_REFERENCE (VALUE ASC, TYPE ASC, SYSTEM_INSTANCE ASC, SYSTEM ASC, COMPANY ASC, ID ASC); -COMMIT WORK ; \ No newline at end of file +COMMIT WORK ; diff --git a/common/taskana-common/src/main/resources/sql/oracle/taskana-schema-oracle.sql b/common/taskana-common/src/main/resources/sql/oracle/taskana-schema-oracle.sql index 15f70aebaf..4248be6872 100644 --- a/common/taskana-common/src/main/resources/sql/oracle/taskana-schema-oracle.sql +++ b/common/taskana-common/src/main/resources/sql/oracle/taskana-schema-oracle.sql @@ -166,6 +166,8 @@ CREATE TABLE WORKBASKET_ACCESS_LIST PERM_CUSTOM_10 NUMBER(1) NOT NULL CHECK (PERM_CUSTOM_10 IN (0,1)), PERM_CUSTOM_11 NUMBER(1) NOT NULL CHECK (PERM_CUSTOM_11 IN (0,1)), PERM_CUSTOM_12 NUMBER(1) NOT NULL CHECK (PERM_CUSTOM_12 IN (0,1)), + PERM_READTASKS NUMBER(1) NOT NULL CHECK (PERM_READTASKS IN (0,1)), + PERM_EDITTASKS NUMBER(1) NOT NULL CHECK (PERM_EDITTASKS IN (0,1)), CONSTRAINT WORKBASKET_ACCESS_LIST_PKEY PRIMARY KEY (ID), CONSTRAINT UC_ACCESSID_WBID UNIQUE (ACCESS_ID, WORKBASKET_ID), CONSTRAINT ACCESS_LIST_WB FOREIGN KEY (WORKBASKET_ID) REFERENCES WORKBASKET(ID) ON DELETE CASCADE @@ -444,4 +446,4 @@ CREATE INDEX IDX_OBJECT_REFERE_FK_TASK_ID ON OBJECT_REFERENCE COMMIT WORK ; CREATE INDEX IDX_OBJECT_REFERE_ACCESS_LIST ON OBJECT_REFERENCE (VALUE ASC, TYPE ASC, SYSTEM_INSTANCE ASC, SYSTEM ASC, COMPANY ASC, ID ASC); -COMMIT WORK ; \ No newline at end of file +COMMIT WORK ; diff --git a/common/taskana-common/src/main/resources/sql/postgres/taskana-schema-postgres.sql b/common/taskana-common/src/main/resources/sql/postgres/taskana-schema-postgres.sql index 8af466a996..de19e76c5c 100644 --- a/common/taskana-common/src/main/resources/sql/postgres/taskana-schema-postgres.sql +++ b/common/taskana-common/src/main/resources/sql/postgres/taskana-schema-postgres.sql @@ -170,6 +170,8 @@ CREATE TABLE WORKBASKET_ACCESS_LIST PERM_CUSTOM_10 BOOLEAN NOT NULL, PERM_CUSTOM_11 BOOLEAN NOT NULL, PERM_CUSTOM_12 BOOLEAN NOT NULL, + PERM_READTASKS BOOLEAN NOT NULL, + PERM_EDITTASKS BOOLEAN NOT NULL, PRIMARY KEY (ID), CONSTRAINT UC_ACCESSID_WBID UNIQUE (ACCESS_ID, WORKBASKET_ID), CONSTRAINT ACCESS_LIST_WB FOREIGN KEY (WORKBASKET_ID) REFERENCES WORKBASKET ON DELETE CASCADE @@ -441,4 +443,4 @@ CREATE INDEX IDX_OBJECT_REFERE_FK_TASK_ID ON OBJECT_REFERENCE COMMIT WORK ; CREATE INDEX IDX_OBJECT_REFERE_ACCESS_LIST ON OBJECT_REFERENCE (VALUE ASC, TYPE ASC, SYSTEM_INSTANCE ASC, SYSTEM ASC, COMPANY ASC, ID ASC); -COMMIT WORK ; \ No newline at end of file +COMMIT WORK ; diff --git a/lib/taskana-core/src/main/java/pro/taskana/workbasket/api/WorkbasketPermission.java b/lib/taskana-core/src/main/java/pro/taskana/workbasket/api/WorkbasketPermission.java index 9c75d5a390..86d75e8f6d 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/api/WorkbasketPermission.java +++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/api/WorkbasketPermission.java @@ -5,6 +5,8 @@ /** This enum contains all permission values for the {@linkplain Workbasket Workbaskets}. */ public enum WorkbasketPermission { READ, + READTASKS, + EDITTASKS, OPEN, APPEND, TRANSFER, diff --git a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketAccessMapper.java b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketAccessMapper.java index e8b0e2b4e9..c24279d16b 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketAccessMapper.java +++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketAccessMapper.java @@ -20,6 +20,8 @@ public interface WorkbasketAccessMapper { @Result(property = "accessId", column = "ACCESS_ID") @Result(property = "accessName", column = "ACCESS_NAME") @Result(property = "permRead", column = "PERM_READ") + @Result(property = "permReadTasks", column = "PERM_READTASKS") + @Result(property = "permEditTasks", column = "PERM_EDITTASKS") @Result(property = "permOpen", column = "PERM_OPEN") @Result(property = "permAppend", column = "PERM_APPEND") @Result(property = "permTransfer", column = "PERM_TRANSFER") @@ -45,6 +47,8 @@ public interface WorkbasketAccessMapper { @Result(property = "accessId", column = "ACCESS_ID") @Result(property = "accessName", column = "ACCESS_NAME") @Result(property = "permRead", column = "PERM_READ") + @Result(property = "permReadTasks", column = "PERM_READTASKS") + @Result(property = "permEditTasks", column = "PERM_EDITTASKS") @Result(property = "permOpen", column = "PERM_OPEN") @Result(property = "permAppend", column = "PERM_APPEND") @Result(property = "permTransfer", column = "PERM_TRANSFER") @@ -70,6 +74,8 @@ public interface WorkbasketAccessMapper { @Result(property = "accessId", column = "ACCESS_ID") @Result(property = "accessName", column = "ACCESS_NAME") @Result(property = "permRead", column = "PERM_READ") + @Result(property = "permReadTasks", column = "PERM_READTASKS") + @Result(property = "permEditTasks", column = "PERM_EDITTASKS") @Result(property = "permOpen", column = "PERM_OPEN") @Result(property = "permAppend", column = "PERM_APPEND") @Result(property = "permTransfer", column = "PERM_TRANSFER") @@ -112,6 +118,8 @@ public interface WorkbasketAccessMapper { @Result(property = "accessId", column = "ACCESS_ID") @Result(property = "accessName", column = "ACCESS_NAME") @Result(property = "permRead", column = "PERM_READ") + @Result(property = "permReadTasks", column = "PERM_READTASKS") + @Result(property = "permEditTasks", column = "PERM_EDITTASKS") @Result(property = "permOpen", column = "PERM_OPEN") @Result(property = "permAppend", column = "PERM_APPEND") @Result(property = "permTransfer", column = "PERM_TRANSFER") @@ -138,6 +146,8 @@ WorkbasketAccessItemImpl findByWorkbasketAndAccessId( @Result(property = "accessId", column = "ACCESS_ID") @Result(property = "accessName", column = "ACCESS_NAME") @Result(property = "permRead", column = "PERM_READ") + @Result(property = "permReadTasks", column = "PERM_READTASKS") + @Result(property = "permEditTasks", column = "PERM_EDITTASKS") @Result(property = "permOpen", column = "PERM_OPEN") @Result(property = "permAppend", column = "PERM_APPEND") @Result(property = "permTransfer", column = "PERM_TRANSFER") diff --git a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketAccessSqlProvider.java b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketAccessSqlProvider.java index 60d233a1be..73e73107ab 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketAccessSqlProvider.java +++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketAccessSqlProvider.java @@ -21,6 +21,8 @@ public class WorkbasketAccessSqlProvider { private static final List> PERMISSIONS = Arrays.asList( Pair.of("PERM_READ", "#{workbasketAccessItem.permRead}"), + Pair.of("PERM_READTASKS", "#{workbasketAccessItem.permReadTasks}"), + Pair.of("PERM_EDITTASKS", "#{workbasketAccessItem.permEditTasks}"), Pair.of("PERM_OPEN", "#{workbasketAccessItem.permOpen}"), Pair.of("PERM_APPEND", "#{workbasketAccessItem.permAppend}"), Pair.of("PERM_TRANSFER", "#{workbasketAccessItem.permTransfer}"), diff --git a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/models/WorkbasketAccessItemImpl.java b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/models/WorkbasketAccessItemImpl.java index 1133ad8c0b..276c2271c3 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/models/WorkbasketAccessItemImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/models/WorkbasketAccessItemImpl.java @@ -14,6 +14,8 @@ public class WorkbasketAccessItemImpl implements WorkbasketAccessItem { private String accessId; private String accessName; private boolean permRead; + private boolean permReadTasks; + private boolean permEditTasks; private boolean permOpen; private boolean permAppend; private boolean permTransfer; @@ -39,6 +41,8 @@ private WorkbasketAccessItemImpl(WorkbasketAccessItemImpl copyFrom) { accessId = copyFrom.accessId; accessName = copyFrom.accessName; permRead = copyFrom.permRead; + permReadTasks = copyFrom.permReadTasks; + permEditTasks = copyFrom.permEditTasks; permOpen = copyFrom.permOpen; permAppend = copyFrom.permAppend; permTransfer = copyFrom.permTransfer; @@ -109,6 +113,12 @@ public void setPermission(WorkbasketPermission permission, boolean value) { case READ: permRead = value; break; + case READTASKS: + permReadTasks = value; + break; + case EDITTASKS: + permEditTasks = value; + break; case OPEN: permOpen = value; break; @@ -167,6 +177,10 @@ public boolean getPermission(WorkbasketPermission permission) { switch (permission) { case READ: return permRead; + case READTASKS: + return permReadTasks; + case EDITTASKS: + return permEditTasks; case OPEN: return permOpen; case APPEND: @@ -212,6 +226,22 @@ public void setPermRead(boolean permRead) { this.permRead = permRead; } + public boolean isPermReadTasks() { + return permReadTasks; + } + + public void setPermReadTasks(boolean permReadTasks) { + this.permReadTasks = permReadTasks; + } + + public boolean isPermEditTasks() { + return permEditTasks; + } + + public void setPermEditTasks(boolean permEditTasks) { + this.permEditTasks = permEditTasks; + } + public boolean isPermOpen() { return permOpen; } @@ -354,6 +384,8 @@ public int hashCode() { accessId, accessName, permRead, + permReadTasks, + permEditTasks, permOpen, permAppend, permTransfer, @@ -382,6 +414,8 @@ public boolean equals(Object obj) { } WorkbasketAccessItemImpl other = (WorkbasketAccessItemImpl) obj; return permRead == other.permRead + && permReadTasks == other.permReadTasks + && permEditTasks == other.permEditTasks && permOpen == other.permOpen && permAppend == other.permAppend && permTransfer == other.permTransfer @@ -417,6 +451,10 @@ public String toString() { + this.accessId + ", permRead=" + this.permRead + + ", permReadTasks=" + + this.permReadTasks + + ", permEditTasks=" + + this.permEditTasks + ", permOpen=" + this.permOpen + ", permAppend=" From 1e2b94b2768162bd1cffa3c553009337cfb5f3a5 Mon Sep 17 00:00:00 2001 From: Elena Mokeeva Date: Tue, 13 Jun 2023 15:44:30 +0200 Subject: [PATCH 4/7] Closes #2286 - adjust REST with READTASKS and EDITTASKS --- ...ccessItemRepresentationModelAssembler.java | 4 ++++ ...rkbasketAccessItemRepresentationModel.java | 20 +++++++++++++++++++ ...sItemRepresentationModelAssemblerTest.java | 10 ++++++++++ 3 files changed, 34 insertions(+) diff --git a/rest/taskana-rest-spring/src/main/java/pro/taskana/workbasket/rest/assembler/WorkbasketAccessItemRepresentationModelAssembler.java b/rest/taskana-rest-spring/src/main/java/pro/taskana/workbasket/rest/assembler/WorkbasketAccessItemRepresentationModelAssembler.java index b2e6206fe2..1283b0e379 100644 --- a/rest/taskana-rest-spring/src/main/java/pro/taskana/workbasket/rest/assembler/WorkbasketAccessItemRepresentationModelAssembler.java +++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/workbasket/rest/assembler/WorkbasketAccessItemRepresentationModelAssembler.java @@ -55,8 +55,10 @@ public WorkbasketAccessItemRepresentationModel toModel(@NonNull WorkbasketAccess repModel.setAccessItemId(wbAccItem.getId()); repModel.setAccessName(wbAccItem.getAccessName()); repModel.setPermRead(wbAccItem.getPermission(WorkbasketPermission.READ)); + repModel.setPermReadTasks(wbAccItem.getPermission(WorkbasketPermission.READTASKS)); repModel.setPermOpen(wbAccItem.getPermission(WorkbasketPermission.OPEN)); repModel.setPermAppend(wbAccItem.getPermission(WorkbasketPermission.APPEND)); + repModel.setPermEditTasks(wbAccItem.getPermission(WorkbasketPermission.EDITTASKS)); repModel.setPermTransfer(wbAccItem.getPermission(WorkbasketPermission.TRANSFER)); repModel.setPermDistribute(wbAccItem.getPermission(WorkbasketPermission.DISTRIBUTE)); repModel.setPermCustom1(wbAccItem.getPermission(WorkbasketPermission.CUSTOM_1)); @@ -82,8 +84,10 @@ public WorkbasketAccessItem toEntityModel(WorkbasketAccessItemRepresentationMode wbAccItemModel.setWorkbasketKey(repModel.getWorkbasketKey()); wbAccItemModel.setAccessName(repModel.getAccessName()); wbAccItemModel.setPermission(WorkbasketPermission.READ, repModel.isPermRead()); + wbAccItemModel.setPermission(WorkbasketPermission.READTASKS, repModel.isPermReadTasks()); wbAccItemModel.setPermission(WorkbasketPermission.OPEN, repModel.isPermOpen()); wbAccItemModel.setPermission(WorkbasketPermission.APPEND, repModel.isPermAppend()); + wbAccItemModel.setPermission(WorkbasketPermission.EDITTASKS, repModel.isPermEditTasks()); wbAccItemModel.setPermission(WorkbasketPermission.TRANSFER, repModel.isPermTransfer()); wbAccItemModel.setPermission(WorkbasketPermission.DISTRIBUTE, repModel.isPermDistribute()); wbAccItemModel.setPermission(WorkbasketPermission.CUSTOM_1, repModel.isPermCustom1()); diff --git a/rest/taskana-rest-spring/src/main/java/pro/taskana/workbasket/rest/models/WorkbasketAccessItemRepresentationModel.java b/rest/taskana-rest-spring/src/main/java/pro/taskana/workbasket/rest/models/WorkbasketAccessItemRepresentationModel.java index 8bff0061fc..97e75cd2b0 100644 --- a/rest/taskana-rest-spring/src/main/java/pro/taskana/workbasket/rest/models/WorkbasketAccessItemRepresentationModel.java +++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/workbasket/rest/models/WorkbasketAccessItemRepresentationModel.java @@ -19,12 +19,16 @@ public class WorkbasketAccessItemRepresentationModel private String accessName; /** The permission to read the information about the workbasket. */ private boolean permRead; + /** The permission to access a task from the workbasket. */ + private boolean permReadTasks; /** The permission to view the content (the tasks) of a workbasket. */ private boolean permOpen; /** * The permission to add tasks to the workbasket. Required for creation and transferring of tasks. */ private boolean permAppend; + /** The permission to edit a task from the workbasket. */ + private boolean permEditTasks; /** The permission to transfer tasks (out of the current workbasket). */ private boolean permTransfer; /** The permission to distribute tasks from the workbasket. */ @@ -102,6 +106,14 @@ public void setPermRead(boolean permRead) { this.permRead = permRead; } + public boolean isPermReadTasks() { + return permReadTasks; + } + + public void setPermReadTasks(boolean permReadTasks) { + this.permReadTasks = permReadTasks; + } + public boolean isPermOpen() { return permOpen; } @@ -118,6 +130,14 @@ public void setPermAppend(boolean permAppend) { this.permAppend = permAppend; } + public boolean isPermEditTasks() { + return permEditTasks; + } + + public void setPermEditTasks(boolean permEditTasks) { + this.permEditTasks = permEditTasks; + } + public boolean isPermTransfer() { return permTransfer; } diff --git a/rest/taskana-rest-spring/src/test/java/pro/taskana/workbasket/rest/assembler/WorkbasketAccessItemRepresentationModelAssemblerTest.java b/rest/taskana-rest-spring/src/test/java/pro/taskana/workbasket/rest/assembler/WorkbasketAccessItemRepresentationModelAssemblerTest.java index e1b37803de..fb8a77222b 100644 --- a/rest/taskana-rest-spring/src/test/java/pro/taskana/workbasket/rest/assembler/WorkbasketAccessItemRepresentationModelAssemblerTest.java +++ b/rest/taskana-rest-spring/src/test/java/pro/taskana/workbasket/rest/assembler/WorkbasketAccessItemRepresentationModelAssemblerTest.java @@ -15,8 +15,10 @@ import static pro.taskana.workbasket.api.WorkbasketPermission.CUSTOM_8; import static pro.taskana.workbasket.api.WorkbasketPermission.CUSTOM_9; import static pro.taskana.workbasket.api.WorkbasketPermission.DISTRIBUTE; +import static pro.taskana.workbasket.api.WorkbasketPermission.EDITTASKS; import static pro.taskana.workbasket.api.WorkbasketPermission.OPEN; import static pro.taskana.workbasket.api.WorkbasketPermission.READ; +import static pro.taskana.workbasket.api.WorkbasketPermission.READTASKS; import static pro.taskana.workbasket.api.WorkbasketPermission.TRANSFER; import org.junit.jupiter.api.Test; @@ -51,8 +53,10 @@ void should_ReturnRepresentationModel_When_ConvertingEntityToRepresentationModel accessItem.setAccessName("accessName"); accessItem.setWorkbasketKey("workbasketKey"); accessItem.setPermission(READ, false); + accessItem.setPermission(READTASKS, false); accessItem.setPermission(OPEN, true); accessItem.setPermission(APPEND, false); + accessItem.setPermission(EDITTASKS, false); accessItem.setPermission(DISTRIBUTE, false); accessItem.setPermission(TRANSFER, true); accessItem.setPermission(CUSTOM_1, false); @@ -84,7 +88,9 @@ void should_Equal_When_ComparingEntityWithConvertedEntity() { accessItem.setAccessName("accessName"); accessItem.setPermission(OPEN, true); accessItem.setPermission(READ, false); + accessItem.setPermission(READTASKS, false); accessItem.setPermission(APPEND, false); + accessItem.setPermission(EDITTASKS, false); accessItem.setPermission(TRANSFER, true); accessItem.setPermission(DISTRIBUTE, false); accessItem.setPermission(CUSTOM_1, false); @@ -120,7 +126,9 @@ void should_ReturnEntity_When_ConvertingRepresentationModelToEntity() { repModel.setWorkbasketId("1"); repModel.setAccessName("accessName"); repModel.setPermRead(true); + repModel.setPermReadTasks(true); repModel.setPermAppend(false); + repModel.setPermEditTasks(true); repModel.setPermDistribute(false); repModel.setPermOpen(false); repModel.setPermTransfer(true); @@ -152,8 +160,10 @@ private void testEquality( assertThat(repModel.getAccessId()).isEqualTo(accessItem.getAccessId()); assertThat(repModel.getAccessName()).isEqualTo(accessItem.getAccessName()); assertThat(repModel.isPermRead()).isEqualTo(accessItem.getPermission(READ)); + assertThat(repModel.isPermReadTasks()).isEqualTo(accessItem.getPermission(READTASKS)); assertThat(repModel.isPermOpen()).isEqualTo(accessItem.getPermission(OPEN)); assertThat(repModel.isPermAppend()).isEqualTo(accessItem.getPermission(APPEND)); + assertThat(repModel.isPermEditTasks()).isEqualTo(accessItem.getPermission(EDITTASKS)); assertThat(repModel.isPermTransfer()).isEqualTo(accessItem.getPermission(TRANSFER)); assertThat(repModel.isPermDistribute()).isEqualTo(accessItem.getPermission(DISTRIBUTE)); assertThat(repModel.isPermCustom1()).isEqualTo(accessItem.getPermission(CUSTOM_1)); From 548d319788d735e974eb30fc55c891ae7a07ef46 Mon Sep 17 00:00:00 2001 From: jamesrdi Date: Fri, 2 Jun 2023 13:12:19 +0200 Subject: [PATCH 5/7] Closes #2269 - Implement READTASKS Permission --- .../delete/DeleteClassificationAccTest.java | 1 + .../update/UpdateClassificationAccTest.java | 2 + .../TaskUpdatePriorityWorkerAccTest.java | 1 + .../task/ServiceLevelOfAllTasksAccTest.java | 1 + .../task/claim/ClaimTaskAccTest.java | 7 +- .../task/claim/SetOwnerAccTest.java | 4 +- .../task/complete/CancelTaskAccTest.java | 4 +- .../task/complete/CompleteTaskAccTest.java | 4 +- .../complete/CompleteTaskWithSpiAccTest.java | 1 + .../task/create/CreateTaskAccTest.java | 1 + .../task/create/CreateTaskWithSorAccTest.java | 1 + .../task/delete/DeleteTaskAccTest.java | 1 + .../task/delete/DeleteTaskWithSorAccTest.java | 1 + .../acceptance/task/get/GetTaskAccTest.java | 63 +++++++++++ .../task/get/GetTaskWithSorAccTest.java | 1 + .../task/query/TaskQueryImplAccTest.java | 106 ++++++++++++++++++ .../requestchanges/RequestChangesAccTest.java | 4 +- .../RequestChangesWithAfterSpiAccTest.java | 2 + .../RequestChangesWithBeforeSpiAccTest.java | 1 + .../requestreview/RequestReviewAccTest.java | 4 +- .../RequestReviewWithAfterSpiAccTest.java | 2 + .../RequestReviewWithBeforeSpiAccTest.java | 1 + .../update/UpdateManualPriorityAccTest.java | 1 + .../UpdateManualPriorityWithSpiAccTest.java | 1 + .../task/update/UpdateTaskWithSorAccTest.java | 1 + .../create/CreateTaskCommentAccTest.java | 4 +- .../get/GetTaskCommentAccTest.java | 7 +- .../update/UpdateTaskCommentAccTest.java | 1 + .../taskana/task/internal/TaskQueryImpl.java | 29 +++-- .../task/internal/TaskQuerySqlProvider.java | 14 ++- .../task/internal/TaskServiceImpl.java | 6 +- .../internal/WorkbasketQueryMapper.java | 18 +-- .../create/CreateWorkbasketAccTest.java | 19 ++++ .../QueryWorkbasketByPermissionAccTest.java | 26 +++++ ...UpdateWorkbasketAuthorizationsAccTest.java | 26 +++++ .../testapi/builder/TaskBuilderTest.java | 1 + .../builder/TaskCommentBuilderTest.java | 1 + 37 files changed, 332 insertions(+), 36 deletions(-) diff --git a/lib/taskana-core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java index 07bffb8759..49042e5b71 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java @@ -45,6 +45,7 @@ void setup() throws Exception { .accessId("businessadmin") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService, "admin"); } diff --git a/lib/taskana-core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java index 64bcc46aea..9567993e15 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java @@ -134,6 +134,7 @@ private String createTaskWithExistingClassification(ClassificationSummary classi .accessId(currentUserContext.getUserid()) .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService, "businessadmin"); @@ -156,6 +157,7 @@ private List createTasksWithExistingClassificationInAttachment( .accessId(currentUserContext.getUserid()) .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService, "businessadmin"); ClassificationSummary classificationSummaryWithSpecifiedServiceLevel = diff --git a/lib/taskana-core-test/src/test/java/acceptance/jobs/helper/TaskUpdatePriorityWorkerAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/jobs/helper/TaskUpdatePriorityWorkerAccTest.java index 416ffd2b8a..21b58091c7 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/jobs/helper/TaskUpdatePriorityWorkerAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/jobs/helper/TaskUpdatePriorityWorkerAccTest.java @@ -65,6 +65,7 @@ void setUp(ClassificationService classificationService, WorkbasketService workba .workbasketId(workbasketSummary.getId()) .accessId("whatever") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .buildAndStore(workbasketService); TaskBuilder taskBuilder = diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/ServiceLevelOfAllTasksAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/ServiceLevelOfAllTasksAccTest.java index b28c0853fd..5e0ca19c92 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/ServiceLevelOfAllTasksAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/ServiceLevelOfAllTasksAccTest.java @@ -79,6 +79,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); } diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java index b176d41fb6..65996ed8ee 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java @@ -59,6 +59,7 @@ void setup() throws Exception { .accessId("user-1-2") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -257,7 +258,8 @@ void should_ThrowNotAuthorizedException_When_UserHasNoReadPermissionAndTaskIsRea catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); assertThat(e.getCurrentUserId()).isEqualTo("user-taskrouter"); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId()); - assertThat(e.getRequiredPermissions()).containsExactlyInAnyOrder(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); ; } @@ -280,7 +282,8 @@ void should_ThrowNotAuthorizedException_When_UserHasNoReadPermissionAndTaskIsRea catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); assertThat(e.getCurrentUserId()).isEqualTo("user-taskrouter"); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId()); - assertThat(e.getRequiredPermissions()).containsExactlyInAnyOrder(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); } @WithAccessId(user = "user-1-2") diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/claim/SetOwnerAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/claim/SetOwnerAccTest.java index 9a3a16bc41..65d6f0a586 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/claim/SetOwnerAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/claim/SetOwnerAccTest.java @@ -56,6 +56,7 @@ void setup() throws Exception { .accessId("user-1-2") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -117,7 +118,8 @@ void should_ThrowException_When_SetOwnerViaUpdateTaskIsNotAuthorizedOnWorkbasket catchThrowableOfType(call2, NotAuthorizedOnWorkbasketException.class); assertThat(e2.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId()); assertThat(e2.getCurrentUserId()).isEqualTo("user-1-1"); - assertThat(e2.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e2.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); } @WithAccessId(user = "user-1-2") diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CancelTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CancelTaskAccTest.java index 99ba22a414..eab92363cc 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CancelTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CancelTaskAccTest.java @@ -58,6 +58,7 @@ void setup() throws Exception { .accessId("user-1-2") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -130,7 +131,8 @@ void should_ThrowException_When_UserNotAuthorized() throws Exception { NotAuthorizedOnWorkbasketException e = catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); - assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); assertThat(e.getCurrentUserId()).isEqualTo("user-taskrouter"); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId()); } diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java index 77065f6045..2bcfa54965 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java @@ -76,6 +76,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -217,7 +218,8 @@ void should_ThrowException_When_UserIsNotAuthorizedOnTask() throws Exception { assertThat(e.getCurrentUserId()).isEqualTo(currentUserContext.getUserid()); WorkbasketSummary workbasket = claimedTask.getWorkbasketSummary(); assertThat(e.getWorkbasketId()).isEqualTo(workbasket.getId()); - assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); } @WithAccessId(user = "user-1-1") diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskWithSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskWithSpiAccTest.java index ccba830e0e..03fccdd96f 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskWithSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskWithSpiAccTest.java @@ -54,6 +54,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskAccTest.java index 1bd2592874..cc54ccea4e 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskAccTest.java @@ -85,6 +85,7 @@ void setup() throws Exception { .accessId("user-1-2") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskWithSorAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskWithSorAccTest.java index b309fe3572..263f45b4e2 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskWithSorAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/create/CreateTaskWithSorAccTest.java @@ -56,6 +56,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskAccTest.java index 068b36f7e5..440e243e8c 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskAccTest.java @@ -64,6 +64,7 @@ void setup() throws Exception { .accessId("user-1-2") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); task1 = diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskWithSorAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskWithSorAccTest.java index c7ba3c291b..e5f3e1525e 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskWithSorAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/delete/DeleteTaskWithSorAccTest.java @@ -56,6 +56,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskAccTest.java index 674c94c1ad..3a62b94a7e 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskAccTest.java @@ -52,8 +52,12 @@ class GetTaskAccTest { ClassificationSummary defaultClassificationSummary; WorkbasketSummary defaultWorkbasketSummary; + WorkbasketSummary wbWithoutReadTasksPerm; + WorkbasketSummary wbWithoutReadPerm; ObjectReference defaultObjectReference; Task task; + Task task2; + Task task3; Map callbackInfo; @WithAccessId(user = "admin") @@ -62,6 +66,8 @@ void setup() throws Exception { defaultClassificationSummary = defaultTestClassification().buildAndStoreAsSummary(classificationService); defaultWorkbasketSummary = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService); + wbWithoutReadTasksPerm = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService); + wbWithoutReadPerm = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); callbackInfo = createSimpleCustomPropertyMap(3); @@ -70,6 +76,21 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) + .permission(WorkbasketPermission.APPEND) + .buildAndStore(workbasketService); + WorkbasketAccessItemBuilder.newWorkbasketAccessItem() + .workbasketId(wbWithoutReadTasksPerm.getId()) + .accessId("user-1-1") + .permission(WorkbasketPermission.OPEN) + .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.APPEND) + .buildAndStore(workbasketService); + WorkbasketAccessItemBuilder.newWorkbasketAccessItem() + .workbasketId(wbWithoutReadPerm.getId()) + .accessId("user-1-1") + .permission(WorkbasketPermission.OPEN) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -123,6 +144,20 @@ void setup() throws Exception { .workbasketSummary(defaultWorkbasketSummary) .primaryObjRef(defaultObjectReference) .buildAndStore(taskService); + + task2 = + TaskBuilder.newTask() + .workbasketSummary(wbWithoutReadTasksPerm) + .classificationSummary(defaultClassificationSummary) + .primaryObjRef(defaultObjectReference) + .buildAndStore(taskService); + + task3 = + TaskBuilder.newTask() + .workbasketSummary(wbWithoutReadPerm) + .classificationSummary(defaultClassificationSummary) + .primaryObjRef(defaultObjectReference) + .buildAndStore(taskService); } @WithAccessId(user = "user-1-1") @@ -183,6 +218,34 @@ void should_ReturnTask_When_RequestingTaskByTaskId() throws Exception { .hasNoNullFieldsOrPropertiesExcept("ownerLongName", "completed", "groupByCount"); } + @WithAccessId(user = "user-1-1") + @Test + void should_ThrowException_When_NoReadTasksPerm() { + ThrowingCallable call = () -> taskService.getTask(task2.getId()); + + NotAuthorizedOnWorkbasketException e = + catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); + + assertThat(e.getRequiredPermissions()) + .containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); + assertThat(e.getCurrentUserId()).isEqualTo("user-1-1"); + assertThat(e.getWorkbasketId()).isEqualTo(wbWithoutReadTasksPerm.getId()); + } + + @WithAccessId(user = "user-1-1") + @Test + void should_ThrowException_When_UserHasReadTasksButNoReadPerm() { + ThrowingCallable call = () -> taskService.getTask(task3.getId()); + + NotAuthorizedOnWorkbasketException e = + catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); + + assertThat(e.getRequiredPermissions()) + .containsExactlyInAnyOrder(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); + assertThat(e.getCurrentUserId()).isEqualTo("user-1-1"); + assertThat(e.getWorkbasketId()).isEqualTo(wbWithoutReadPerm.getId()); + } + @WithAccessId(user = "user-1-1") @Test void should_ThrowException_When_RequestedTaskByIdIsNotExisting() { diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskWithSorAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskWithSorAccTest.java index 340fc40296..99d2bb0d94 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskWithSorAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/get/GetTaskWithSorAccTest.java @@ -45,6 +45,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java index f2514cfe78..01b493b186 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/query/TaskQueryImplAccTest.java @@ -47,6 +47,7 @@ import pro.taskana.testapi.security.WithAccessId; import pro.taskana.workbasket.api.WorkbasketPermission; import pro.taskana.workbasket.api.WorkbasketService; +import pro.taskana.workbasket.api.exceptions.NotAuthorizedToQueryWorkbasketException; import pro.taskana.workbasket.api.models.WorkbasketSummary; @TaskanaIntegrationTest @@ -93,6 +94,7 @@ private void persistPermission(WorkbasketSummary workbasketSummary) throws Excep .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) .permission(WorkbasketPermission.APPEND) + .permission(WorkbasketPermission.READTASKS) .buildAndStore(workbasketService, "businessadmin"); } @@ -102,11 +104,17 @@ class PermissionsTest { WorkbasketSummary wb1; WorkbasketSummary wb2; WorkbasketSummary wbWithoutPermissions; + WorkbasketSummary wbWithoutReadTasksPerm; + WorkbasketSummary wbWithoutReadPerm; + WorkbasketSummary wbWithoutOpenPerm; TaskSummary taskSummary1; TaskSummary taskSummary2; TaskSummary taskSummary3; TaskSummary taskSummary4; TaskSummary taskSummary5; + TaskSummary taskSummary6; + TaskSummary taskSummary7; + TaskSummary taskSummary8; @WithAccessId(user = "user-1-1") @BeforeAll @@ -115,6 +123,34 @@ void setup() throws Exception { wb2 = createWorkbasketWithPermission(); wbWithoutPermissions = defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin"); + wbWithoutReadTasksPerm = + defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin"); + wbWithoutReadPerm = + defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin"); + wbWithoutOpenPerm = + defaultTestWorkbasket().buildAndStoreAsSummary(workbasketService, "businessadmin"); + + WorkbasketAccessItemBuilder.newWorkbasketAccessItem() + .workbasketId(wbWithoutReadTasksPerm.getId()) + .accessId(currentUserContext.getUserid()) + .permission(WorkbasketPermission.OPEN) + .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.APPEND) + .buildAndStore(workbasketService, "businessadmin"); + WorkbasketAccessItemBuilder.newWorkbasketAccessItem() + .workbasketId(wbWithoutReadPerm.getId()) + .accessId(currentUserContext.getUserid()) + .permission(WorkbasketPermission.OPEN) + .permission(WorkbasketPermission.READTASKS) + .permission(WorkbasketPermission.APPEND) + .buildAndStore(workbasketService, "businessadmin"); + WorkbasketAccessItemBuilder.newWorkbasketAccessItem() + .workbasketId(wbWithoutOpenPerm.getId()) + .accessId(currentUserContext.getUserid()) + .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) + .permission(WorkbasketPermission.APPEND) + .buildAndStore(workbasketService, "businessadmin"); taskSummary1 = taskInWorkbasket(wb1).buildAndStoreAsSummary(taskService); taskSummary2 = taskInWorkbasket(wb2).buildAndStoreAsSummary(taskService); @@ -124,6 +160,12 @@ void setup() throws Exception { taskInWorkbasket(wbWithoutPermissions).buildAndStoreAsSummary(taskService, "admin"); taskSummary5 = taskInWorkbasket(wbWithoutPermissions).buildAndStoreAsSummary(taskService, "admin"); + taskSummary6 = + taskInWorkbasket(wbWithoutReadTasksPerm).buildAndStoreAsSummary(taskService, "admin"); + taskSummary7 = + taskInWorkbasket(wbWithoutReadPerm).buildAndStoreAsSummary(taskService, "admin"); + taskSummary8 = + taskInWorkbasket(wbWithoutOpenPerm).buildAndStoreAsSummary(taskService, "admin"); } @WithAccessId(user = "admin") @@ -167,6 +209,70 @@ void should_OnlyReturnTasksFromCorrectWorkbaskets_When_UserHasNoPermissionToOneW .contains(taskSummary1, taskSummary2) .doesNotContain(taskSummary3, taskSummary4, taskSummary5); } + + @WithAccessId(user = "user-1-1") + @Test + void should_ReturnEmptyList_When_WorkbasketOfTaskHasNoReadTasksPerm() { + List list = taskService.createTaskQuery().idIn(taskSummary3.getId()).list(); + + assertThat(list.isEmpty()); + } + + @WithAccessId(user = "user-1-1") + @Test + void should_ThrowException_When_QueryByWorkbasketThatHasOpenReadButNoReadTasksPermission() { + assertThatThrownBy( + () -> + taskService + .createTaskQuery() + .workbasketIdIn(wbWithoutReadTasksPerm.getId()) + .list()) + .isInstanceOf(NotAuthorizedToQueryWorkbasketException.class); + } + + @WithAccessId(user = "user-1-1") + @Test + void should_ReturnEmptyList_When_WorkbasketOfTaskHasReadTasksButNoReadPerm() { + List list = taskService.createTaskQuery().idIn(taskSummary7.getId()).list(); + + assertThat(list).isEmpty(); + } + + @WithAccessId(user = "user-1-1") + @Test + void should_QueryByTaskId_When_WorkbasketHasReadAndReadTasksButNoOpenPerm() { + List list = taskService.createTaskQuery().idIn(taskSummary8.getId()).list(); + + assertThat(list).containsOnly(taskSummary8); + } + + @WithAccessId(user = "user-1-1") + @Test + void should_OnlyReturnTaskFromWorkbasketWithoutOpenPerm_When_OthersHasNoReadOrReadTasksPerm() { + List list = + taskService + .createTaskQuery() + .idIn(taskSummary6.getId(), taskSummary7.getId(), taskSummary8.getId()) + .list(); + + assertThat(list).containsOnly(taskSummary8); + } + + @WithAccessId(user = "user-1-1") + @Test + void should_ThrowException_When_QueryByWbIdAndWorkbasketHasReadTasksButNoReadPerm() { + assertThatThrownBy( + () -> taskService.createTaskQuery().workbasketIdIn(wbWithoutReadPerm.getId()).list()) + .isInstanceOf(NotAuthorizedToQueryWorkbasketException.class); + } + + @WithAccessId(user = "user-1-1") + @Test + void should_ThrowException_When_QueryByWbIdAndWorkbasketHasReadAndReadTasksButNoOpenPerm() { + assertThatThrownBy( + () -> taskService.createTaskQuery().workbasketIdIn(wbWithoutOpenPerm.getId()).list()) + .isInstanceOf(NotAuthorizedToQueryWorkbasketException.class); + } } @Nested diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java index d66ec742ed..a5c191e95e 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java @@ -55,6 +55,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -143,7 +144,8 @@ void should_ThrowException_When_UserHasNoWorkbasketPermission() throws Exception NotAuthorizedOnWorkbasketException e = catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); - assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); assertThat(e.getCurrentUserId()).isEqualTo("user-1-2"); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId()); assertThat(e.getDomain()).isNull(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithAfterSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithAfterSpiAccTest.java index eb1fc7757c..973181f938 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithAfterSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithAfterSpiAccTest.java @@ -60,6 +60,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .permission(WorkbasketPermission.TRANSFER) .buildAndStore(workbasketService); @@ -68,6 +69,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(newWorkbasket.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithBeforeSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithBeforeSpiAccTest.java index e244eed616..77911eb565 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithBeforeSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesWithBeforeSpiAccTest.java @@ -57,6 +57,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .permission(WorkbasketPermission.TRANSFER) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java index 2b2a2cda12..cedf97ff37 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java @@ -55,6 +55,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -172,7 +173,8 @@ void should_ThrowException_When_UserHasNoWorkbasketPermission() throws Exception NotAuthorizedOnWorkbasketException e = catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); - assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); assertThat(e.getCurrentUserId()).isEqualTo("user-1-2"); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId()); assertThat(e.getDomain()).isNull(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithAfterSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithAfterSpiAccTest.java index 3f70f5a325..94ebf4931f 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithAfterSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithAfterSpiAccTest.java @@ -61,6 +61,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .permission(WorkbasketPermission.TRANSFER) .buildAndStore(workbasketService); @@ -69,6 +70,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(newWorkbasket.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithBeforeSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithBeforeSpiAccTest.java index 234e67e34b..aac442e86d 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithBeforeSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewWithBeforeSpiAccTest.java @@ -58,6 +58,7 @@ void setup(ClassificationService classificationService, WorkbasketService workba .workbasketId(defaultWorkbasketSummary.getId()) .accessId("user-1-1") .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .permission(WorkbasketPermission.TRANSFER) .buildAndStore(workbasketService); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityAccTest.java index 928c2c5256..b01646c350 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityAccTest.java @@ -53,6 +53,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityWithSpiAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityWithSpiAccTest.java index ff084a9085..9d798005c4 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityWithSpiAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateManualPriorityWithSpiAccTest.java @@ -74,6 +74,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateTaskWithSorAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateTaskWithSorAccTest.java index ec22b30658..400fce4ede 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateTaskWithSorAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/task/update/UpdateTaskWithSorAccTest.java @@ -46,6 +46,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/create/CreateTaskCommentAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/create/CreateTaskCommentAccTest.java index 3e575ced23..1ac49a834f 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/create/CreateTaskCommentAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/create/CreateTaskCommentAccTest.java @@ -50,6 +50,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); @@ -104,7 +105,8 @@ void should_FailToCreateTaskComment_When_UserHasNoWorkbasketPermission() { catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); assertThat(e.getCurrentUserId()).isEqualTo("user-1-2"); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasket.getId()); - assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); } @WithAccessId(user = "user-1-1") diff --git a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/get/GetTaskCommentAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/get/GetTaskCommentAccTest.java index 318598b0f6..0d04830893 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/get/GetTaskCommentAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/get/GetTaskCommentAccTest.java @@ -61,6 +61,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); task1 = @@ -134,7 +135,8 @@ void should_FailToReturnTaskComments_When_TaskIsNotVisible() { catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); assertThat(e.getCurrentUserId()).isEqualTo("user-1-2"); - assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasket.getId()); } @@ -154,7 +156,8 @@ void should_FailToReturnTaskComment_When_TaskIsNotVisible() throws Exception { catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class); assertThat(e.getCurrentUserId()).isEqualTo("user-1-2"); - assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ); + assertThat(e.getRequiredPermissions()) + .containsExactly(WorkbasketPermission.READ, WorkbasketPermission.READTASKS); assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasket.getId()); } diff --git a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java index cca3c506bb..99d02c726e 100644 --- a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java +++ b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java @@ -53,6 +53,7 @@ void setup() throws Exception { .accessId("user-1-1") .permission(WorkbasketPermission.OPEN) .permission(WorkbasketPermission.READ) + .permission(WorkbasketPermission.READTASKS) .permission(WorkbasketPermission.APPEND) .buildAndStore(workbasketService); defaultObjectReference = defaultTestObjectReference().build(); diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java index 3fbab64c6f..4b13b63897 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java @@ -1983,7 +1983,7 @@ public List list() { return taskanaEngine.executeInDatabaseConnection( () -> { checkForIllegalParamCombinations(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupJoinAndOrderParameters(); setupAccessIds(); List tasks = @@ -1999,7 +1999,7 @@ public List list(int offset, int limit) { try { taskanaEngine.openConnection(); checkForIllegalParamCombinations(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupAccessIds(); setupJoinAndOrderParameters(); RowBounds rowBounds = new RowBounds(offset, limit); @@ -2031,7 +2031,7 @@ public List listValues(TaskQueryColumnName columnName, SortDirection sor this.orderByInner.clear(); this.addOrderCriteria(columnName.toString(), sortDirection); checkForIllegalParamCombinations(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupAccessIds(); if (columnName.equals(TaskQueryColumnName.CLASSIFICATION_NAME)) { @@ -2067,7 +2067,7 @@ public TaskSummary single() { TaskSummary result; try { taskanaEngine.openConnection(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupAccessIds(); setupJoinAndOrderParameters(); TaskSummaryImpl taskSummaryImpl = @@ -2092,7 +2092,7 @@ public long count() { Long rowCount; try { taskanaEngine.openConnection(); - checkOpenAndReadPermissionForSpecifiedWorkbaskets(); + checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets(); setupAccessIds(); setupJoinAndOrderParameters(); rowCount = taskanaEngine.getSqlSession().selectOne(getLinkToCounterTaskScript(), this); @@ -2223,7 +2223,7 @@ private void setupAccessIds() { } } - private void checkOpenAndReadPermissionForSpecifiedWorkbaskets() { + private void checkOpenReadAndReadTasksPermissionForSpecifiedWorkbaskets() { if (taskanaEngine.getEngine().isUserInRole(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN)) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("Skipping permissions check since user is in role ADMIN or TASK_ADMIN."); @@ -2234,13 +2234,13 @@ private void checkOpenAndReadPermissionForSpecifiedWorkbaskets() { if (this.workbasketIdIn != null && this.workbasketIdIn.length > 0) { filterByAccessIdIn = false; for (String workbasketId : workbasketIdIn) { - checkOpenAndReadPermissionById(workbasketId); + checkOpenReadAndReadTasksPermissionById(workbasketId); } } if (workbasketKeyDomainIn != null && workbasketKeyDomainIn.length > 0) { filterByAccessIdIn = false; for (KeyDomain keyDomain : workbasketKeyDomainIn) { - checkOpenAndReadPermissionByKeyDomain(keyDomain); + checkOpenReadAndReadTasksPermissionByKeyDomain(keyDomain); } } } catch (NotAuthorizedOnWorkbasketException e) { @@ -2248,20 +2248,24 @@ private void checkOpenAndReadPermissionForSpecifiedWorkbaskets() { } } - private void checkOpenAndReadPermissionById(String workbasketId) + private void checkOpenReadAndReadTasksPermissionById(String workbasketId) throws NotAuthorizedOnWorkbasketException { try { taskanaEngine .getEngine() .getWorkbasketService() - .checkAuthorization(workbasketId, WorkbasketPermission.OPEN, WorkbasketPermission.READ); + .checkAuthorization( + workbasketId, + WorkbasketPermission.OPEN, + WorkbasketPermission.READ, + WorkbasketPermission.READTASKS); } catch (WorkbasketNotFoundException e) { LOGGER.warn( String.format("The workbasket with the ID ' %s ' does not exist.", workbasketId), e); } } - private void checkOpenAndReadPermissionByKeyDomain(KeyDomain keyDomain) + private void checkOpenReadAndReadTasksPermissionByKeyDomain(KeyDomain keyDomain) throws NotAuthorizedOnWorkbasketException { try { taskanaEngine @@ -2271,7 +2275,8 @@ private void checkOpenAndReadPermissionByKeyDomain(KeyDomain keyDomain) keyDomain.getKey(), keyDomain.getDomain(), WorkbasketPermission.OPEN, - WorkbasketPermission.READ); + WorkbasketPermission.READ, + WorkbasketPermission.READTASKS); } catch (WorkbasketNotFoundException e) { LOGGER.warn( String.format( diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java index 3fda287d3a..867994f952 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQuerySqlProvider.java @@ -128,7 +128,8 @@ public static String queryTaskSummariesDb2() { + "s.ACCESS_ID IN " + "(#{item}) " + "and " - + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 fetch first 1 rows only" + + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 AND s.perm_readtasks = 1" + + " fetch first 1 rows only" + "" + " " + "VALUES(1)" @@ -271,7 +272,8 @@ public static String countQueryTasksDb2() { + "WHERE s.ACCESS_ID IN " + "(#{item}) " + "and " - + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 fetch first 1 rows only " + + "s.WORKBASKET_ID = X.WORKBASKET_ID AND s.perm_read = 1 AND s.perm_readtasks = 1" + + " fetch first 1 rows only " + " " + "" + "VALUES(1)" @@ -387,16 +389,18 @@ private static String checkForAuthorization() { + "FROM (" + "" + "" - + "SELECT WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ " + + "SELECT WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, " + + "MAX(PERM_READTASKS) as MAX_READTASKS " + "" + "" - + "SELECT WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ " + + "SELECT WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, " + + "MAX(PERM_READTASKS::int) as MAX_READTASKS " + "" + "" + "FROM WORKBASKET_ACCESS_LIST s where ACCESS_ID IN " + "(#{item}) " + "GROUP by WORKBASKET_ID) f " - + "WHERE MAX_READ = 1) " + + "WHERE MAX_READ = 1 AND MAX_READTASKS = 1) " + ""; } diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java index ad05fea7b4..c8562fe4e1 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java @@ -359,12 +359,14 @@ public Task getTask(String id) throws NotAuthorizedOnWorkbasketException, TaskNo WorkbasketQueryImpl query = (WorkbasketQueryImpl) workbasketService.createWorkbasketQuery(); query.setUsedToAugmentTasks(true); String workbasketId = resultTask.getWorkbasketSummary().getId(); - List workbaskets = query.idIn(workbasketId).list(); + List workbaskets = + query.idIn(workbasketId).callerHasPermissions(WorkbasketPermission.READTASKS).list(); if (workbaskets.isEmpty()) { throw new NotAuthorizedOnWorkbasketException( taskanaEngine.getEngine().getCurrentUserContext().getUserid(), workbasketId, - WorkbasketPermission.READ); + WorkbasketPermission.READ, + WorkbasketPermission.READTASKS); } else { resultTask.setWorkbasketSummary(workbaskets.get(0)); } diff --git a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryMapper.java b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryMapper.java index 4cea03abb9..156eb1d3ae 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryMapper.java +++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryMapper.java @@ -18,13 +18,13 @@ public interface WorkbasketQueryMapper { + " " + "" + "" - + "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_OPEN) as MAX_OPEN, " + + "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ) as MAX_READ, MAX(PERM_READTASKS) as MAX_READTASKS, MAX(PERM_OPEN) as MAX_OPEN, " + "MAX(PERM_APPEND) as MAX_APPEND, MAX(PERM_TRANSFER) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2) as MAX_CUSTOM_2, " + "MAX(PERM_CUSTOM_3) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7) as MAX_CUSTOM_7, " + "MAX(PERM_CUSTOM_8) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12) as MAX_CUSTOM_12 " + "" + "" - + "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_OPEN::int) as MAX_OPEN, " + + "LEFT OUTER JOIN (select WORKBASKET_ID as WID, MAX(PERM_READ::int) as MAX_READ, MAX(PERM_READTASKS::int) as MAX_READTASKS, MAX(PERM_OPEN::int) as MAX_OPEN, " + "MAX(PERM_APPEND::int) as MAX_APPEND, MAX(PERM_TRANSFER::int) as MAX_TRANSFER, MAX(PERM_DISTRIBUTE::int) as MAX_DISTRIBUTE, MAX(PERM_CUSTOM_1::int) as MAX_CUSTOM_1, MAX(PERM_CUSTOM_2::int) as MAX_CUSTOM_2, " + "MAX(PERM_CUSTOM_3::int) as MAX_CUSTOM_3, MAX(PERM_CUSTOM_4::int) as MAX_CUSTOM_4, MAX(PERM_CUSTOM_5::int) as MAX_CUSTOM_5, MAX(PERM_CUSTOM_6::int) as MAX_CUSTOM_6, MAX(PERM_CUSTOM_7::int) as MAX_CUSTOM_7, " + "MAX(PERM_CUSTOM_8::int) as MAX_CUSTOM_8, MAX(PERM_CUSTOM_9::int) as MAX_CUSTOM_9, MAX(PERM_CUSTOM_10::int) as MAX_CUSTOM_10, MAX(PERM_CUSTOM_11::int) as MAX_CUSTOM_11, MAX(PERM_CUSTOM_12::int) as MAX_CUSTOM_12 " @@ -74,6 +74,7 @@ public interface WorkbasketQueryMapper { + " " + "" + "a.MAX_READ " + + "a.MAX_READTASKS " + "a.MAX_OPEN " + "a.MAX_APPEND" + "a.MAX_TRANSFER" @@ -118,7 +119,7 @@ public interface WorkbasketQueryMapper { @Select( "