[NAE 2441] Event permissions test

src/main/java/com/netgrif/application/engine/workflow/service/CaseSearchService.java

@@ -54,47 +54,54 @@ public class CaseSearchService extends MongoSearchService<Case> {
     private IPetriNetService petriNetService;
 
     public Predicate buildQuery(Map<String, Object> requestQuery, LoggedUser user, Locale locale) {
-        BooleanBuilder builder = new BooleanBuilder();
         LoggedUser loggedOrImpersonated = user.getSelfOrImpersonated();
-
+        List<Predicate> singleQueries = new ArrayList<>();
         if (requestQuery.containsKey(PETRINET)) {
-            builder.and(petriNet(requestQuery.get(PETRINET), loggedOrImpersonated, locale));
+            singleQueries.add(petriNet(requestQuery.get(PETRINET), loggedOrImpersonated, locale));
         }
         if (requestQuery.containsKey(AUTHOR)) {
-            builder.and(author(requestQuery.get(AUTHOR)));
+            singleQueries.add(author(requestQuery.get(AUTHOR)));
         }
         if (requestQuery.containsKey(TRANSITION)) {
-            builder.and(transition(requestQuery.get(TRANSITION)));
+            singleQueries.add(transition(requestQuery.get(TRANSITION)));
         }
         if (requestQuery.containsKey(FULLTEXT)) {
-            builder.and(fullText(requestQuery.getOrDefault(PETRINET, null), (String) requestQuery.get(FULLTEXT)));
+            singleQueries.add(fullText(requestQuery.getOrDefault(PETRINET, null), (String) requestQuery.get(FULLTEXT)));
         }
         if (requestQuery.containsKey(ROLE)) {
-            builder.and(role(requestQuery.get(ROLE)));
+            singleQueries.add(role(requestQuery.get(ROLE)));
         }
         if (requestQuery.containsKey(DATA)) {
-            builder.and(data(requestQuery.get(DATA)));
+            singleQueries.add(data(requestQuery.get(DATA)));
         }
         if (requestQuery.containsKey(TAGS)) {
-            builder.and(tags(requestQuery.get(TAGS)));
+            singleQueries.add(tags(requestQuery.get(TAGS)));
         }
         if (requestQuery.containsKey(CASE_ID)) {
-            builder.and(caseId(requestQuery.get(CASE_ID)));
+            singleQueries.add(caseId(requestQuery.get(CASE_ID)));
         }
         if (requestQuery.containsKey(GROUP)) {
             Predicate groupPredicate = group(requestQuery.get(GROUP), loggedOrImpersonated, locale);
             if (groupPredicate != null) {
-                builder.and(groupPredicate);
+                singleQueries.add(groupPredicate);
             } else {
                 return null;
             }
         }
-        BooleanBuilder permissionConstraints = new BooleanBuilder(buildViewRoleQueryConstraint(loggedOrImpersonated));
-        permissionConstraints.andNot(buildNegativeViewRoleQueryConstraint(loggedOrImpersonated));
-        permissionConstraints.or(buildViewUserQueryConstraint(loggedOrImpersonated));
-        permissionConstraints.andNot(buildNegativeViewUsersQueryConstraint(loggedOrImpersonated));
-        builder.and(permissionConstraints);
-        return builder;
+
+        BooleanBuilder builder = constructPredicateTree(singleQueries, BooleanBuilder::or);
+
+        //        (Rp!=0 & Rn = 0)
+        BooleanBuilder constraints = new BooleanBuilder(buildViewRoleQueryConstraint(loggedOrImpersonated))
+                .andNot(buildNegativeViewRoleQueryConstraint(loggedOrImpersonated));
+
+        //        ((Rp!=0 & Rn = 0) or Up!=0)
+        constraints.or(buildViewUserQueryConstraint(loggedOrImpersonated));
+
+        //        (((Rp!=0 & Rn = 0) or Up!=0) & Un=0) == 1
+        constraints.andNot(buildNegativeViewUsersQueryConstraint(loggedOrImpersonated));
+
+        return builder.and(constraints);
     }
 
     protected Predicate buildViewRoleQueryConstraint(LoggedUser user) {
@@ -103,7 +110,7 @@ protected Predicate buildViewRoleQueryConstraint(LoggedUser user) {
     }
 
     public Predicate viewRoleQuery(String role) {
-        return QCase.case$.viewUserRefs.isEmpty().and(QCase.case$.viewRoles.isEmpty()).or(QCase.case$.viewRoles.contains(role));
+        return QCase.case$.viewRoles.contains(role);
     }
 
     protected Predicate buildViewUserQueryConstraint(LoggedUser user) {
@@ -112,7 +119,7 @@ protected Predicate buildViewUserQueryConstraint(LoggedUser user) {
     }
 
     public Predicate viewUserQuery(String userId) {
-        return QCase.case$.viewUserRefs.isEmpty().and(QCase.case$.viewRoles.isEmpty()).or(QCase.case$.viewUsers.contains(userId));
+        return QCase.case$.viewUsers.contains(userId);
     }
 
     protected Predicate buildNegativeViewRoleQueryConstraint(LoggedUser user) {
@@ -134,22 +141,19 @@ public Predicate negativeViewUserQuery(String userId) {
     }
 
     public Predicate petriNet(Object query, LoggedUser user, Locale locale) {
-        List<PetriNetReference> allowedNets = petriNetService.getReferencesByUsersProcessRoles(user, locale);
         if (query instanceof ArrayList) {
             BooleanBuilder builder = new BooleanBuilder();
-            List<BooleanExpression> expressions = (List<BooleanExpression>) ((ArrayList) query).stream().filter(q -> q instanceof HashMap).map(q -> petriNetObject((HashMap<String, String>) q, allowedNets)).collect(Collectors.toList());
+            List<BooleanExpression> expressions = (List<BooleanExpression>) ((ArrayList) query).stream().filter(q -> q instanceof HashMap).map(q -> petriNetObject((HashMap<String, String>) q)).collect(Collectors.toList());
             expressions.forEach(builder::or);
             return builder;
         } else if (query instanceof HashMap) {
-            return petriNetObject((HashMap<String, String>) query, allowedNets);
+            return petriNetObject((HashMap<String, String>) query);
         }
         return null;
     }
 
-    private static BooleanExpression petriNetObject(HashMap<String, String> query, List<PetriNetReference> allowedNets) {
-        if (query.containsKey(PETRINET_IDENTIFIER) && allowedNets.stream().anyMatch(net -> net.getIdentifier().equalsIgnoreCase(query.get(PETRINET_IDENTIFIER))))
-            return QCase.case$.processIdentifier.equalsIgnoreCase(query.get(PETRINET_IDENTIFIER));
-        return null;
+    private static BooleanExpression petriNetObject(HashMap<String, String> query) {
+        return QCase.case$.processIdentifier.equalsIgnoreCase(query.get(PETRINET_IDENTIFIER));
     }
 
     public Predicate author(Object query) {

src/main/java/com/netgrif/application/engine/workflow/web/WorkflowController.java

@@ -106,17 +106,6 @@ public PagedModel<CaseResource> getAll(Pageable pageable, PagedResourcesAssemble
         return resources;
     }
 
-    @Operation(summary = "Generic case search with QueryDSL predicate", security = {@SecurityRequirement(name = "BasicAuth")})
-    @PostMapping(value = "/case/search2", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaTypes.HAL_JSON_VALUE)
-    public PagedModel<CaseResource> search2(@QuerydslPredicate(root = Case.class) Predicate predicate, Pageable pageable, PagedResourcesAssembler<Case> assembler) {
-        Page<Case> cases = workflowService.search(predicate, pageable);
-        Link selfLink = WebMvcLinkBuilder.linkTo(WebMvcLinkBuilder.methodOn(WorkflowController.class)
-                .search2(predicate, pageable, assembler)).withRel("search2");
-        PagedModel<CaseResource> resources = assembler.toModel(cases, new CaseResourceAssembler(), selfLink);
-        ResourceLinkAssembler.addLinks(resources, Case.class, selfLink.getRel().toString());
-        return resources;
-    }
-
     @Operation(summary = "Generic case search on Elasticsearch database", security = {@SecurityRequirement(name = "BasicAuth")})
     @PostMapping(value = "/case/search", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaTypes.HAL_JSON_VALUE)
     public PagedModel<CaseResource> search(@RequestBody SingleCaseSearchRequestAsList searchBody, @RequestParam(defaultValue = "OR") MergeFilterOperation operation, Pageable pageable, PagedResourcesAssembler<Case> assembler, Authentication auth, Locale locale) {
@@ -131,18 +120,6 @@ public PagedModel<CaseResource> search(@RequestBody SingleCaseSearchRequestAsLis
         return resources;
     }
 
-    @Operation(summary = "Generic case search on Mongo database", security = {@SecurityRequirement(name = "BasicAuth")})
-    @PostMapping(value = "/case/search_mongo", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaTypes.HAL_JSON_VALUE)
-    public PagedModel<CaseResource> searchMongo(@RequestBody Map<String, Object> searchBody, Pageable pageable, PagedResourcesAssembler<Case> assembler, Authentication auth, Locale locale) {
-        Page<Case> cases = workflowService.search(searchBody, pageable, (LoggedUser) auth.getPrincipal(), locale);
-        Link selfLink = WebMvcLinkBuilder.linkTo(WebMvcLinkBuilder.methodOn(WorkflowController.class)
-                .searchMongo(searchBody, pageable, assembler, auth, locale)).withRel("search");
-        PagedModel<CaseResource> resources = assembler.toModel(cases, new CaseResourceAssembler(), selfLink);
-        ResourceLinkAssembler.addLinks(resources, Case.class, selfLink.getRel().toString());
-        return resources;
-    }
-
-
     @Operation(summary = "Get count of the cases", security = {@SecurityRequirement(name = "BasicAuth")})
     @PostMapping(value = "/case/count", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
     public CountResponse count(@RequestBody SingleCaseSearchRequestAsList searchBody, @RequestParam(defaultValue = "OR") MergeFilterOperation operation, Authentication auth, Locale locale) {

src/test/groovy/com/netgrif/application/engine/elastic/DataSearchRequestTest.groovy

@@ -234,7 +234,7 @@ class DataSearchRequestTest {
 
             log.info(String.format("Testing %s == %s", testCase.getKey(), testCase.getValue()))
 
-            Page<Case> result = searchService.search([request] as List, mockService.mockLoggedUser(), PageRequest.of(0, 100), null, false)
+            Page<Case> result = searchService.search([request] as List, superCreator.getLoggedSuper(), PageRequest.of(0, 100), null, false)
             assert result
             assert result.size() == 1
         }