[NAE 2441] Event permissions test

[SamuelPalaj]

Description

• rework of case search query building in CaseSearchService
• removed mongo search endpoints mongo_search and search2 from WorkflowController
• added tests and test nets for create, delete and view case permissions in CasePermissionsTest
• added tests and test nets for assign, cancel and delete task permissions in TaskPermissionsTest

Implements NAE-2441

Blocking Pull requests

Depends on #442

How Has Been This Tested?

Tests included in test files TaskPermissionsTest and CasePermissionsTest

Name	Tested on
OS	windows 11
Runtime	java 11
Dependency Manager	Maven 3.9.9
Framework version	Spring Boot 2.7.18
Run parameters
Other configuration

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• My changes have been checked, personally or remotely, with @...
• I have commented my code, particularly in hard-to-understand areas
• I have resolved all conflicts with the target branch of the PR
• I have updated and synced my code with the target branch
• I have added tests that prove my fix is effective or that my feature works
• New and existing tests pass locally with my changes:
  • Lint test
  • Unit tests
  • Integration tests
• I have checked my contribution with code analysis tools:
  • SonarCloud
  • Snyk
• I have made corresponding changes to the documentation:
  • Developer documentation
  • User Guides
  • Migration Guides

Summary by CodeRabbit

• Removals

  • Deprecated case-search endpoints removed; use the Elasticsearch-based search endpoint.

• Behavior Changes

  • Updated role- and user-based permission handling affecting task/case search results and visibility.
  • Adjusted default role/user assignment logic for imported workflows and permission resolution.

• Tests & Fixtures

  • Added extensive integration tests and many Petri net permission fixtures to validate create/delete/view/assign/finish/cancel scenarios.

[coderabbitai]

Warning

Review limit reached

@SamuelPalaj, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 56 minutes and 35 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: b0ee51ba-4951-4d7a-88ce-69d575a8099c

📥 Commits

Reviewing files that changed from the base of the PR and between 5d31f4b and bd69dbb.

📒 Files selected for processing (3)

• src/test/groovy/com/netgrif/application/engine/elastic/DataSearchRequestTest.groovy
• src/test/resources/all_data.xml
• src/test/resources/petriNets/impersonation_test.xml

Walkthrough

This PR simplifies and consolidates permission query construction and domain permission resolution, removes two legacy case-search endpoints, adjusts importer default-role handling, and adds comprehensive case and task permission integration tests with many Petri net fixtures.

Changes

Permission Logic Simplification and Query Refactoring

Layer / File(s)	Summary
Elasticsearch & QueryDSL Search Service Refactoring src/main/java/com/netgrif/application/engine/elastic/service/ElasticTaskService.java, src/main/java/com/netgrif/application/engine/elastic/service/ElasticViewPermissionService.java, src/main/java/com/netgrif/application/engine/workflow/service/CaseSearchService.java, src/main/java/com/netgrif/application/engine/workflow/service/TaskSearchService.java	Removes role-constraint helper and simplifies permission queries: ElasticTaskService no longer mutates search request roles; ElasticViewPermissionService replaces set-difference/union helpers with direct nested boolean clauses; CaseSearchService and TaskSearchService use direct viewRoles.contains() / viewUsers.contains() predicates and remove allowed-network petriNet filtering helper.
Domain Model & Service Layer Permission Integration src/main/java/com/netgrif/application/engine/workflow/domain/Case.java, src/main/java/com/netgrif/application/engine/workflow/domain/Task.java, src/main/java/com/netgrif/application/engine/importer/service/Importer.java, src/main/java/com/netgrif/application/engine/workflow/service/TaskService.java, src/main/java/com/netgrif/application/engine/workflow/service/WorkflowService.java	Case and Task now populate both viewUsers and negativeViewUsers during resolution; Importer changes default-role assignment to check for presence of role/user refs; TaskService and WorkflowService delegate user-ref permission setup to domain addUsers()/resolveViewUsers() instead of directly managing negativeViewUsers.
API Endpoint Deprecation src/main/java/com/netgrif/application/engine/workflow/web/WorkflowController.java	Removes public search2 and searchMongo endpoints; workflow now routes case searches through Elasticsearch search endpoint and count.
Case Permission Test Coverage src/test/groovy/com/netgrif/application/engine/workflow/CasePermissionsTest.groovy	New integration test suite validates create, delete, and view permissions for cases across multiple users and role configurations using CSV-driven expected results for default-enabled and default-disabled nets.
Task Permission Test Coverage src/test/groovy/com/netgrif/application/engine/workflow/TaskPermissionsTest.groovy	New integration test suite validates view, assign, finish, and cancel permissions for tasks across Elasticsearch and Mongo search pathways, multiple users, and both default-enabled and default-disabled configurations using CSV-driven expectations.
Permission Test Fixtures src/test/resources/petriNets/permissions/*	Adds ~260 XML Petri net test resources enumerating permission combinations for case and task operations across role/default/user true/false/undefined states and default-enabled/disabled configurations.

🎯 4 (Complex) | ⏱️ ~60 minutes

improvement, Large, Medium, breaking change

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@src/test/groovy/com/netgrif/application/engine/workflow/CasePermissionsTest.groovy`:
- Line 311: The FileInputStream created inline in the PetriNet import call is
never closed; update the code in CasePermissionsTest so that the stream passed
to petriNetService.importPetriNet is opened into a local InputStream variable
and closed reliably (use try-with-resources or try/finally) around the call to
petriNetService.importPetriNet(...) so each testNet file's stream is closed
after import; reference the petriNetService.importPetriNet(...) invocation and
ensure the InputStream is closed even when import throws.

In
`@src/test/groovy/com/netgrif/application/engine/workflow/TaskPermissionsTest.groovy`:
- Line 455: The current assertion in TaskPermissionsTest.groovy uses a compound
boolean that obscures which size comparison failed; change it to clearer
assertions by either replacing the single assertTrue(...) with two assertEquals
calls comparing presentInBoth.size() to actualTransitionIds.size() and
presentInBoth.size() to expectedTransitionIds.size(), or keep a single assertion
but add a descriptive message that states the expected and actual sizes
(referencing presentInBoth, actualTransitionIds, expectedTransitionIds) so
failures indicate which comparison broke.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 92b9850e-8337-43a9-86ea-d2f6d10d66d1

📥 Commits

Reviewing files that changed from the base of the PR and between 7dabfe9 and a2e1a98.

⛔ Files ignored due to path filters (4)

• src/test/resources/csv/create case permissions - correct default disabled.csv is excluded by !**/*.csv
• src/test/resources/csv/create case permissions - correct.csv is excluded by !**/*.csv
• src/test/resources/csv/permissions - correct default disabled.csv is excluded by !**/*.csv
• src/test/resources/csv/permissions - correct.csv is excluded by !**/*.csv

📒 Files selected for processing (104)

• src/main/java/com/netgrif/application/engine/elastic/service/ElasticTaskService.java
• src/main/java/com/netgrif/application/engine/elastic/service/ElasticViewPermissionService.java
• src/main/java/com/netgrif/application/engine/importer/service/Importer.java
• src/main/java/com/netgrif/application/engine/workflow/domain/Case.java
• src/main/java/com/netgrif/application/engine/workflow/domain/Task.java
• src/main/java/com/netgrif/application/engine/workflow/service/CaseSearchService.java
• src/main/java/com/netgrif/application/engine/workflow/service/TaskSearchService.java
• src/main/java/com/netgrif/application/engine/workflow/service/TaskService.java
• src/main/java/com/netgrif/application/engine/workflow/service/WorkflowService.java
• src/main/java/com/netgrif/application/engine/workflow/web/WorkflowController.java
• src/test/groovy/com/netgrif/application/engine/workflow/CasePermissionsTest.groovy
• src/test/groovy/com/netgrif/application/engine/workflow/TaskPermissionsTest.groovy
• src/test/resources/petriNets/permissions/assign_permission_combinations.xml
• src/test/resources/petriNets/permissions/assign_permission_combinations_no_default.xml
• src/test/resources/petriNets/permissions/cancel_permission_combinations.xml
• src/test/resources/petriNets/permissions/cancel_permission_combinations_no_default.xml
• src/test/resources/petriNets/permissions/case/default/create/create_case_role_false_default_false.xml
• src/test/resources/petriNets/permissions/case/default/create/create_case_role_false_default_true.xml
• src/test/resources/petriNets/permissions/case/default/create/create_case_role_false_default_undefined.xml
• src/test/resources/petriNets/permissions/case/default/create/create_case_role_true_default_false.xml
• src/test/resources/petriNets/permissions/case/default/create/create_case_role_true_default_true.xml
• src/test/resources/petriNets/permissions/case/default/create/create_case_role_true_default_undefined.xml
• src/test/resources/petriNets/permissions/case/default/create/create_case_role_undefined_default_false.xml
• src/test/resources/petriNets/permissions/case/default/create/create_case_role_undefined_default_true.xml
• src/test/resources/petriNets/permissions/case/default/create/create_case_role_undefined_default_undefined.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_false_default_false_user_false.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_false_default_false_user_true.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_false_default_false_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_false_default_true_user_false.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_false_default_true_user_true.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_false_default_true_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_false_default_undefined_user_false.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_false_default_undefined_user_true.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_false_default_undefined_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_true_default_false_user_false.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_true_default_false_user_true.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_true_default_false_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_true_default_true_user_false.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_true_default_true_user_true.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_true_default_true_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_true_default_undefined_user_false.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_true_default_undefined_user_true.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_true_default_undefined_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_undefined_default_false_user_false.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_undefined_default_false_user_true.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_undefined_default_false_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_undefined_default_true_user_false.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_undefined_default_true_user_true.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_undefined_default_true_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_undefined_default_undefined_user_false.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_undefined_default_undefined_user_true.xml
• src/test/resources/petriNets/permissions/case/default/delete/delete_case_role_undefined_default_undefined_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_false_default_false_user_false.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_false_default_false_user_true.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_false_default_false_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_false_default_true_user_false.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_false_default_true_user_true.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_false_default_true_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_false_default_undefined_user_false.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_false_default_undefined_user_true.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_false_default_undefined_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_true_default_false_user_false.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_true_default_false_user_true.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_true_default_false_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_true_default_true_user_false.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_true_default_true_user_true.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_true_default_true_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_true_default_undefined_user_false.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_true_default_undefined_user_true.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_true_default_undefined_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_undefined_default_false_user_false.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_undefined_default_false_user_true.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_undefined_default_false_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_undefined_default_true_user_false.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_undefined_default_true_user_true.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_undefined_default_true_user_undefined.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_undefined_default_undefined_user_false.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_undefined_default_undefined_user_true.xml
• src/test/resources/petriNets/permissions/case/default/view/view_case_role_undefined_default_undefined_user_undefined.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/create/create_case_role_false.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/create/create_case_role_true.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/create/create_case_role_undefined.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/delete/delete_case_role_false_user_false.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/delete/delete_case_role_false_user_true.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/delete/delete_case_role_false_user_undefined.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/delete/delete_case_role_true_user_false.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/delete/delete_case_role_true_user_true.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/delete/delete_case_role_true_user_undefined.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/delete/delete_case_role_undefined_user_false.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/delete/delete_case_role_undefined_user_true.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/delete/delete_case_role_undefined_user_undefined.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/view/view_case_role_false_user_false.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/view/view_case_role_false_user_true.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/view/view_case_role_false_user_undefined.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/view/view_case_role_true_user_false.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/view/view_case_role_true_user_true.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/view/view_case_role_true_user_undefined.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/view/view_case_role_undefined_user_false.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/view/view_case_role_undefined_user_true.xml
• src/test/resources/petriNets/permissions/case/defaultDisabled/view/view_case_role_undefined_user_undefined.xml
• src/test/resources/petriNets/permissions/finish_permission_combinations.xml
• src/test/resources/petriNets/permissions/finish_permission_combinations_no_default.xml
• src/test/resources/petriNets/permissions/view_permission_combinations.xml
• src/test/resources/petriNets/permissions/view_permission_combinations_no_default.xml

💤 Files with no reviewable changes (2)

• src/main/java/com/netgrif/application/engine/workflow/web/WorkflowController.java
• src/main/java/com/netgrif/application/engine/elastic/service/ElasticTaskService.java

[coderabbitai]

🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Consider adding a descriptive assertion message.

The compound boolean condition makes it harder to diagnose failures. Consider using separate assertEquals calls or adding a descriptive message to explain which comparison failed.

♻️ Proposed improvement

-                assertTrue(presentInBoth.size() == actualTransitionIds.size() && presentInBoth.size() == expectedTransitionIds.size())
+                assertEquals(expectedTransitionIds.size(), actualTransitionIds.size(), 
+                    "Mismatch in transition count for user ${userEmail} ${defaultRoleKey}: expected ${expectedTransitionIds.size()}, got ${actualTransitionIds.size()}")
+                assertEquals(expectedTransitionIds, actualTransitionIds,
+                    "Transition ID mismatch for user ${userEmail} ${defaultRoleKey}")

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/test/groovy/com/netgrif/application/engine/workflow/TaskPermissionsTest.groovy`
at line 455, The current assertion in TaskPermissionsTest.groovy uses a compound
boolean that obscures which size comparison failed; change it to clearer
assertions by either replacing the single assertTrue(...) with two assertEquals
calls comparing presentInBoth.size() to actualTransitionIds.size() and
presentInBoth.size() to expectedTransitionIds.size(), or keep a single assertion
but add a descriptive message that states the expected and actual sizes
(referencing presentInBoth, actualTransitionIds, expectedTransitionIds) so
failures indicate which comparison broke.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

src/test/groovy/com/netgrif/application/engine/workflow/CasePermissionsTest.groovy (2)

327-329: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add null check to prevent cryptic NPE when role is missing.

If a test Petri net doesn't define a role with importId == "process_role", find returns null and the subsequent .stringId call throws an NPE without context.

🛡️ Proposed fix

 void assignRoleToUser(PetriNet net, IUser user) {
-    testUsers.put(user.email, userService.addRole(user, net.roles.values().find { role -> role.importId == "process_role" }.stringId))
+    def role = net.roles.values().find { it.importId == "process_role" }
+    if (role == null) {
+        throw new IllegalStateException("PetriNet '${net.identifier}' is missing required role with importId='process_role'")
+    }
+    testUsers.put(user.email, userService.addRole(user, role.stringId))
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/test/groovy/com/netgrif/application/engine/workflow/CasePermissionsTest.groovy`
around lines 327 - 329, The method assignRoleToUser currently calls
net.roles.values().find { role -> role.importId == "process_role" }.stringId
which will NPE if no role is found; modify assignRoleToUser to first assign the
result of the find to a local variable (e.g., foundRole), check for null, and
either throw an informative IllegalStateException (or IllegalArgumentException)
naming the missing "process_role" and the PetriNet id/name, or handle the
missing role gracefully before calling userService.addRole and putting into
testUsers; update references to use foundRole.stringId only after the null
check.

---

440-440: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add descriptive assertion message for easier debugging.

When this assertion fails in CI, there's no indication of which user or scenario failed. The diagnostic println statements above help, but the assertion message itself should include context.

🔧 Proposed fix

-                assertTrue(presentInBoth.size() == actualNetIdentifiersIds.size() && presentInBoth.size() == expectedNetIdentifiers.size())
+                assertTrue(
+                    presentInBoth.size() == actualNetIdentifiersIds.size() && presentInBoth.size() == expectedNetIdentifiers.size(),
+                    "Mismatch for user '${userEmail}' [${defaultRoleKey}]: unexpected=${presentOnlyInMap}, missing=${presentOnlyInCorrectResultsWithDefaultRoleMap}"
+                )

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/test/groovy/com/netgrif/application/engine/workflow/CasePermissionsTest.groovy`
at line 440, Replace the bare assertion on the three collections with one that
includes a descriptive failure message: update the assertion that currently
references presentInBoth, actualNetIdentifiersIds and expectedNetIdentifiers to
include context (e.g., the tested user/role or test scenario) and the
sizes/contents of those collections so CI failures show which user/scenario and
what values mismatched; locate the assertion line using the variables
presentInBoth, actualNetIdentifiersIds, and expectedNetIdentifiers in
CasePermissionsTest and augment it with a clear message that prints the relevant
identifiers and sizes.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In
`@src/test/groovy/com/netgrif/application/engine/workflow/CasePermissionsTest.groovy`:
- Around line 327-329: The method assignRoleToUser currently calls
net.roles.values().find { role -> role.importId == "process_role" }.stringId
which will NPE if no role is found; modify assignRoleToUser to first assign the
result of the find to a local variable (e.g., foundRole), check for null, and
either throw an informative IllegalStateException (or IllegalArgumentException)
naming the missing "process_role" and the PetriNet id/name, or handle the
missing role gracefully before calling userService.addRole and putting into
testUsers; update references to use foundRole.stringId only after the null
check.
- Line 440: Replace the bare assertion on the three collections with one that
includes a descriptive failure message: update the assertion that currently
references presentInBoth, actualNetIdentifiersIds and expectedNetIdentifiers to
include context (e.g., the tested user/role or test scenario) and the
sizes/contents of those collections so CI failures show which user/scenario and
what values mismatched; locate the assertion line using the variables
presentInBoth, actualNetIdentifiersIds, and expectedNetIdentifiers in
CasePermissionsTest and augment it with a clear message that prints the relevant
identifiers and sizes.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 4240f34a-643e-4fc0-a63f-506aabc4df7a

📥 Commits

Reviewing files that changed from the base of the PR and between a2e1a98 and 5d31f4b.

📒 Files selected for processing (1)

• src/test/groovy/com/netgrif/application/engine/workflow/CasePermissionsTest.groovy

[Retoocs]

there are test failures

2026-06-04T10:57:25.4542513Z [INFO] Results:
2026-06-04T10:57:25.4542854Z [INFO] 
2026-06-04T10:57:25.4544238Z [ERROR] Failures: 
2026-06-04T10:57:25.4551310Z [ERROR]   DataSearchRequestTest.testDatSearchRequests:230 assert result.size() == 1
2026-06-04T10:57:25.4551807Z        |      |      |
2026-06-04T10:57:25.4552036Z        |      0      false
2026-06-04T10:57:25.4552538Z        Page 1 of 0 containing UNKNOWN instances
2026-06-04T10:57:25.4553126Z [ERROR]   ReindexTest.reindexTest:85 assert result.size() == 1
2026-06-04T10:57:25.4553799Z        |      |      |
2026-06-04T10:57:25.4554024Z        []     0      false
2026-06-04T10:57:25.4554802Z [ERROR]   ImpersonationServiceTest.testTaskSearchAssignFinish:213 assert !cases.content.isEmpty()
2026-06-04T10:57:25.4555297Z        ||     |       |
2026-06-04T10:57:25.4555689Z        ||     []      true
2026-06-04T10:57:25.4556013Z        |Page 1 of 0 containing UNKNOWN instances
2026-06-04T10:57:25.4556309Z        false
2026-06-04T10:57:25.4556510Z [INFO] 
2026-06-04T10:57:25.4557080Z [ERROR] Tests run: 423, Failures: 3, Errors: 0, Skipped: 32

The merge-base changed after approval.