commonTaskQueryOracle doesn't check permissions #2304
Description
commonTaskQueryOracle doesn't have an authorization check. That's why during selectAndClaim, an Exception is thrown except returning an empty Optional. The exception looks like this:
SystemException [errorCode=ErrorCode [key=CRITICAL_SYSTEM_ERROR, messageVariables={}], message=Did not find a Workbasket for task (Id=TKI:0254453f-d8e1-4515-9f0a-734e98371baf,Workbasket=WBI:64f04353-e7c0-4234-8db8-a85a3ba10e82)]
at pro.taskana.task.internal.TaskServiceImpl.addWorkbasketSummariesToTaskSummaries(TaskServiceImpl.java:2012)
at pro.taskana.task.internal.TaskServiceImpl.appendComplexAttributesToTaskSummariesWithoutPartitioning(TaskServiceImpl.java:1168)
The reason for the exception is the following: The query for selectAndClaim returns a Task althjough it shouldn't. Then, TASKANA tries to append a Workbasket to this Task and fails because of missing permission. @arolfes , was it intended that Oracle query doesn't have authorization checks? Could please look into it?