#83: Handles tags as source ACL in GET /document/list

docs-core/src/main/java/com/sismics/docs/core/dao/jpa/AclDao.java

@@ -28,7 +28,6 @@ public class AclDao {
      * @param acl ACL
      * @param userId User ID
      * @return New ID
-     * @throws Exception
      */
     public String create(Acl acl, String userId) {
         // Create the UUID
@@ -82,7 +81,7 @@ public class AclDao {
         List<Object[]> l = q.getResultList();
         
         // Assemble results
-        List<AclDto> aclDtoList = new ArrayList<AclDto>();
+        List<AclDto> aclDtoList = new ArrayList<>();
         for (Object[] o : l) {
             int i = 0;
             AclDto aclDto = new AclDto();
@@ -92,7 +91,7 @@ public class AclDao {
             String userName = (String) o[i++];
             String shareId = (String) o[i++];
             String shareName = (String) o[i++];
-            String groupName = (String) o[i++];
+            String groupName = (String) o[i];
             if (userName != null) {
                 aclDto.setTargetName(userName);
                 aclDto.setTargetType(AclTargetType.USER.name());
@@ -114,11 +113,12 @@ public class AclDao {
      * Check if a source is accessible to a target.
      * 
      * @param sourceId ACL source entity ID
-     * @parm perm Necessary permission
-     * @param targetId ACL target entity ID
+     * @param perm Necessary permission
+     * @param targetIdList List of targets
      * @return True if the document is accessible
      */
     public boolean checkPermission(String sourceId, PermType perm, List<String> targetIdList) {
+        // TODO Handle tags as source for ACL
         EntityManager em = ThreadLocalContext.get().getEntityManager();
         Query q = em.createQuery("select a from Acl a where a.sourceId = :sourceId and a.perm = :perm and a.targetId in (:targetIdList) and a.deleteDate is null");
         q.setParameter("sourceId", sourceId);
@@ -126,11 +126,7 @@ public class AclDao {
         q.setParameter("targetIdList", targetIdList);
         
         // We have a matching permission
-        if (q.getResultList().size() > 0) {
-            return true;
-        }
-        
-        return false;
+        return q.getResultList().size() > 0;
     }
 
     /**

docs-core/src/main/java/com/sismics/docs/core/dao/jpa/DocumentDao.java

@@ -40,7 +40,6 @@ public class DocumentDao {
      * @param document Document
      * @param userId User ID
      * @return New ID
-     * @throws Exception
      */
     public String create(Document document, String userId) {
         // Create the UUID
@@ -87,10 +86,11 @@ public class DocumentDao {
      * 
      * @param id Document ID
      * @param perm Permission needed
-     * @param userId User ID
+     * @param targetIdList List of targets
      * @return Document
      */
     public DocumentDto getDocument(String id, PermType perm, List<String> targetIdList) {
+        // TODO Handle tags as source for ACL
         EntityManager em = ThreadLocalContext.get().getEntityManager();
         StringBuilder sb = new StringBuilder("select distinct d.DOC_ID_C, d.DOC_TITLE_C, d.DOC_DESCRIPTION_C, d.DOC_SUBJECT_C, d.DOC_IDENTIFIER_C, d.DOC_PUBLISHER_C, d.DOC_FORMAT_C, d.DOC_SOURCE_C, d.DOC_TYPE_C, d.DOC_COVERAGE_C, d.DOC_RIGHTS_C, d.DOC_CREATEDATE_D, d.DOC_LANGUAGE_C, ");
         sb.append(" (select count(s.SHA_ID_C) from T_SHARE s, T_ACL ac where ac.ACL_SOURCEID_C = d.DOC_ID_C and ac.ACL_TARGETID_C = s.SHA_ID_C and ac.ACL_DELETEDATE_D is null and s.SHA_DELETEDATE_D is null), ");
@@ -106,7 +106,7 @@ public class DocumentDao {
         q.setParameter("perm", perm.name());
         q.setParameter("targetIdList", targetIdList);
         
-        Object[] o = null;
+        Object[] o;
         try {
             o = (Object[]) q.getSingleResult();
         } catch (NoResultException e) {
@@ -130,7 +130,7 @@ public class DocumentDao {
         documentDto.setLanguage((String) o[i++]);
         documentDto.setShared(((Number) o[i++]).intValue() > 0);
         documentDto.setFileCount(((Number) o[i++]).intValue());
-        documentDto.setCreator((String) o[i++]);
+        documentDto.setCreator((String) o[i]);
         return documentDto;
     }
     
@@ -200,12 +200,11 @@ public class DocumentDao {
      * @param paginatedList List of documents (updated by side effects)
      * @param criteria Search criteria
      * @param sortCriteria Sort criteria
-     * @return List of documents
-     * @throws Exception 
+     * @throws Exception
      */
     public void findByCriteria(PaginatedList<DocumentDto> paginatedList, DocumentCriteria criteria, SortCriteria sortCriteria) throws Exception {
-        Map<String, Object> parameterMap = new HashMap<String, Object>();
-        List<String> criteriaList = new ArrayList<String>();
+        Map<String, Object> parameterMap = new HashMap<>();
+        List<String> criteriaList = new ArrayList<>();
         
         StringBuilder sb = new StringBuilder("select distinct d.DOC_ID_C c0, d.DOC_TITLE_C c1, d.DOC_DESCRIPTION_C c2, d.DOC_CREATEDATE_D c3, d.DOC_LANGUAGE_C c4, ");
         sb.append(" (select count(s.SHA_ID_C) from T_SHARE s, T_ACL ac where ac.ACL_SOURCEID_C = d.DOC_ID_C and ac.ACL_TARGETID_C = s.SHA_ID_C and ac.ACL_DELETEDATE_D is null and s.SHA_DELETEDATE_D is null) c5, ");
@@ -215,7 +214,9 @@ public class DocumentDao {
         // Adds search criteria
         if (criteria.getTargetIdList() != null) {
             // Read permission is enough for searching
-            sb.append(" join T_ACL a on a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_TARGETID_C in (:targetIdList) and a.ACL_PERM_C = 'READ' and a.ACL_DELETEDATE_D is null ");
+            sb.append(" left join T_ACL a on a.ACL_TARGETID_C in (:targetIdList) and a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_PERM_C = 'READ' and a.ACL_DELETEDATE_D is null ");
+            sb.append(" left join T_ACL a2 on a2.ACL_TARGETID_C in (:targetIdList) and a2.ACL_SOURCEID_C in (select dta.DOT_IDTAG_C from T_DOCUMENT_TAG dta where dta.DOT_IDDOCUMENT_C = d.DOC_ID_C) and a2.ACL_PERM_C = 'READ' and a2.ACL_DELETEDATE_D is null ");
+            criteriaList.add("(a.ACL_ID_C is not null or a2.ACL_ID_C is not null)");
             parameterMap.put("targetIdList", criteria.getTargetIdList());
         }
         if (!Strings.isNullOrEmpty(criteria.getSearch()) || !Strings.isNullOrEmpty(criteria.getFullSearch())) {
@@ -239,7 +240,7 @@ public class DocumentDao {
         if (criteria.getTagIdList() != null && !criteria.getTagIdList().isEmpty()) {
             int index = 0;
             for (String tagId : criteria.getTagIdList()) {
-                sb.append(" join T_DOCUMENT_TAG dt" + index + " on dt" + index + ".DOT_IDDOCUMENT_C = d.DOC_ID_C and dt" + index + ".DOT_IDTAG_C = :tagId" + index + " and dt" + index + ".DOT_DELETEDATE_D is null ");
+                sb.append(String.format(" join T_DOCUMENT_TAG dt%d on dt%d.DOT_IDDOCUMENT_C = d.DOC_ID_C and dt%d.DOT_IDTAG_C = :tagId%d and dt%d.DOT_DELETEDATE_D is null ", index, index, index, index, index));
                 parameterMap.put("tagId" + index, tagId);
                 index++;
             }
@@ -278,7 +279,7 @@ public class DocumentDao {
             documentDto.setCreateTimestamp(((Timestamp) o[i++]).getTime());
             documentDto.setLanguage((String) o[i++]);
             documentDto.setShared(((Number) o[i++]).intValue() > 0);
-            documentDto.setFileCount(((Number) o[i++]).intValue());
+            documentDto.setFileCount(((Number) o[i]).intValue());
             documentDtoList.add(documentDto);
         }
 

docs-web/src/main/java/com/sismics/docs/rest/resource/AclResource.java

@@ -48,7 +48,7 @@ public class AclResource extends BaseResource {
      * @param sourceId Source ID
      * @param permStr Permission
      * @param targetName Target name
-     * @param type ACL type
+     * @param typeStr ACL type
      * @return Response
      */
     @PUT

docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java

@@ -71,7 +71,7 @@ public class TestAclResource extends BaseJerseyTest {
         String acl2Id = json.getString("id");
         
         // Add an ACL WRITE for acl2 with acl1
-        json = target().path("/acl").request()
+        target().path("/acl").request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
                 .put(Entity.form(new Form()
                         .param("source", document1Id)
@@ -80,7 +80,7 @@ public class TestAclResource extends BaseJerseyTest {
                         .param("type", "USER")), JsonObject.class);
         
         // Add an ACL WRITE for acl2 with acl1 (again)
-        json = target().path("/acl").request()
+        target().path("/acl").request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
                 .put(Entity.form(new Form()
                         .param("source", document1Id)
@@ -99,7 +99,7 @@ public class TestAclResource extends BaseJerseyTest {
         String aclGroup2Id = json.getString("id");
         
         // Add an ACL WRITE for aclGroup2 with acl1
-        json = target().path("/acl").request()
+        target().path("/acl").request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
                 .put(Entity.form(new Form()
                         .param("source", document1Id)

docs-web/src/test/java/com/sismics/docs/rest/TestDocumentResource.java

@@ -87,7 +87,7 @@ public class TestDocumentResource extends BaseJerseyTest {
         Assert.assertNotNull(document2Id);
         
         // Add a file
-        String file1Id = null;
+        String file1Id;
         try (InputStream is = Resources.getResource("file/Einstein-Roosevelt-letter.png").openStream()) {
             StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "Einstein-Roosevelt-letter.png");
             try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
@@ -103,7 +103,7 @@ public class TestDocumentResource extends BaseJerseyTest {
         }
         
         // Share this document
-        json = target().path("/share").request()
+        target().path("/share").request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, document1Token)
                 .put(Entity.form(new Form().param("id", document1Id)), JsonObject.class);
         
@@ -148,7 +148,7 @@ public class TestDocumentResource extends BaseJerseyTest {
         Assert.assertNotNull(document3Id);
         
         // Add a file
-        String file3Id = null;
+        String file3Id;
         try (InputStream is = Resources.getResource("file/Einstein-Roosevelt-letter.png").openStream()) {
             StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "Einstein-Roosevelt-letter.png");
             try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
@@ -393,7 +393,7 @@ public class TestDocumentResource extends BaseJerseyTest {
         Assert.assertNotNull(document1Id);
         
         // Add a PDF file
-        String file1Id = null;
+        String file1Id;
         try (InputStream is = Resources.getResource("file/document.odt").openStream()) {
             StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "document.odt");
             try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
@@ -452,7 +452,7 @@ public class TestDocumentResource extends BaseJerseyTest {
         Assert.assertNotNull(document1Id);
         
         // Add a PDF file
-        String file1Id = null;
+        String file1Id;
         try (InputStream is = Resources.getResource("file/document.docx").openStream()) {
             StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "document.docx");
             try (FormDataMultiPart multiPart = new FormDataMultiPart()) {
@@ -511,7 +511,7 @@ public class TestDocumentResource extends BaseJerseyTest {
         Assert.assertNotNull(document1Id);
         
         // Add a PDF file
-        String file1Id = null;
+        String file1Id;
         try (InputStream is = Resources.getResource("file/wikipedia.pdf").openStream()) {
             StreamDataBodyPart streamDataBodyPart = new StreamDataBodyPart("file", is, "wikipedia.pdf");
             try (FormDataMultiPart multiPart = new FormDataMultiPart()) {