Closes #91: Display ACL inherited from tags in document permissions

docs-web-common/src/main/java/com/sismics/rest/util/AclUtil.java

@@ -3,7 +3,6 @@ package com.sismics.rest.util;
 import com.sismics.docs.core.constant.PermType;
 import com.sismics.docs.core.dao.jpa.AclDao;
 import com.sismics.docs.core.dao.jpa.dto.AclDto;
-import com.sismics.security.IPrincipal;
 
 import javax.json.Json;
 import javax.json.JsonArrayBuilder;

docs-web/src/main/java/com/sismics/docs/rest/resource/DocumentResource.java

@@ -82,14 +82,15 @@ public class DocumentResource extends BaseResource {
                 .add("language", documentDto.getLanguage())
                 .add("shared", documentDto.getShared())
                 .add("file_count", documentDto.getFileCount());
-        
+
+        List<TagDto> tagDtoList = null;
         if (principal.isAnonymous()) {
             // No tags in anonymous mode (sharing)
             document.add("tags", Json.createArrayBuilder());
         } else {
-            // Add tags added by the current user on this document
+            // Add tags visible by the current user on this document
             TagDao tagDao = new TagDao();
-            List<TagDto> tagDtoList = tagDao.findByCriteria(
+            tagDtoList = tagDao.findByCriteria(
                     new TagCriteria()
                             .setTargetIdList(getTargetIdList(shareId))
                             .setDocumentId(documentId),
@@ -117,6 +118,25 @@ public class DocumentResource extends BaseResource {
 
         // Add ACL
         AclUtil.addAcls(document, documentId, getTargetIdList(shareId));
+
+        // Add computed ACL
+        if (tagDtoList != null) {
+            JsonArrayBuilder aclList = Json.createArrayBuilder();
+            for (TagDto tagDto : tagDtoList) {
+                AclDao aclDao = new AclDao();
+                List<AclDto> aclDtoList = aclDao.getBySourceId(tagDto.getId());
+                for (AclDto aclDto : aclDtoList) {
+                    aclList.add(Json.createObjectBuilder()
+                            .add("perm", aclDto.getPerm().name())
+                            .add("source_id", tagDto.getId())
+                            .add("source_name", tagDto.getName())
+                            .add("id", aclDto.getTargetId())
+                            .add("name", JsonUtil.nullable(aclDto.getTargetName()))
+                            .add("type", aclDto.getTargetType()));
+                }
+            }
+            document.add("inherited_acls", aclList);
+        }
         
         // Add contributors
         ContributorDao contributorDao = new ContributorDao();

docs-web/src/main/webapp/src/app/docs/controller/document/DocumentViewPermissions.js

@@ -3,5 +3,11 @@
 /**
  * Document view permissions controller.
  */
-angular.module('docs').controller('DocumentViewPermissions', function() {
+angular.module('docs').controller('DocumentViewPermissions', function($scope) {
+  // Watch for ACLs change and group them for easy displaying
+  $scope.$watch('document.inherited_acls', function(acls) {
+    $scope.inheritedAcls = _.groupBy(acls, function(acl) {
+      return acl.id;
+    });
+  });
 });

docs-web/src/main/webapp/src/partial/docs/directive.acledit.html

@@ -8,12 +8,12 @@
     <tr ng-repeat="(id, acl) in groupedAcls">
       <td><acl data="acl[0]"></acl></td>
       <td>
-              <span class="label label-default" style="margin-right: 6px;" ng-repeat="a in acl | orderBy: 'perm'">
-                {{ a.perm }}
-                <span ng-show="(creator != a.name && a.type == 'USER' || a.type != 'USER') && writable"
-                      class="glyphicon glyphicon-remove pointer"
-                      ng-click="deleteAcl(a)"></span>
-              </span>
+        <span class="label label-default" style="margin-right: 6px;" ng-repeat="a in acl | orderBy: 'perm'">
+          {{ a.perm }}
+          <span ng-show="(creator != a.name && a.type == 'USER' || a.type != 'USER') && writable"
+                class="glyphicon glyphicon-remove pointer"
+                ng-click="deleteAcl(a)"></span>
+        </span>
       </td>
     </tr>
   </table>

docs-web/src/main/webapp/src/partial/docs/document.view.activity.html

@@ -1 +1,3 @@
+<p class="well-sm">Every actions on this document are logged here.</p>
+
 <audit-log logs="logs" />

docs-web/src/main/webapp/src/partial/docs/document.view.permissions.html

@@ -1,4 +1,37 @@
-<acl-edit source="document.id"
-          acls="document.acls"
-          writable="document.writable"
-          creator="document.creator"></acl-edit>
+<p class="well-sm">Permissions can be applied directly to this document, or can come from <a href="#/tag">tags</a>.</p>
+
+<div class="well" ng-show="document.inherited_acls.length > 0">
+  <h3>Permissions inherited by tags</h3>
+
+  <table class="table">
+    <tr>
+      <th style="width: 30%">From</th>
+      <th style="width: 30%">For</th>
+      <th style="width: 30%">Permission</th>
+    </tr>
+
+    <tr ng-repeat="(id, acl) in inheritedAcls">
+      <td>
+        <a href="#/tag/{{ acl[0].source_id }}">
+          <span class="glyphicon glyphicon-tags"></span>&nbsp;
+          {{ acl[0].source_name }}
+        </a>
+      </td>
+      <td><acl data="acl[0]"></acl></td>
+      <td>
+        <span class="label label-default" style="margin-right: 6px;" ng-repeat="a in acl | orderBy: 'perm'">
+          {{ a.perm }}
+        </span>
+      </td>
+    </tr>
+  </table>
+</div>
+
+<div class="well">
+  <h3>Permissions on this document</h3>
+
+  <acl-edit source="document.id"
+            acls="document.acls"
+            writable="document.writable"
+            creator="document.creator"></acl-edit>
+</div>

docs-web/src/main/webapp/src/partial/docs/tag.edit.html

@@ -1,3 +1,7 @@
+<h1>{{ tag.name }}</h1>
+
+<p>Permissions on this tag will also be applied to documents tagged <span class="label label-info">{{ tag.name }}</span></p>
+
 <acl-edit source="tag.id"
           acls="tag.acls"
           writable="tag.writable"

docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java

@@ -365,6 +365,10 @@ public class TestAclResource extends BaseJerseyTest {
         Assert.assertEquals(1, tags.size());
         Assert.assertFalse(json.getBoolean("writable"));
         Assert.assertEquals(tag1Id, tags.getJsonObject(0).getString("id"));
+        JsonArray inheritedAcls = json.getJsonArray("inherited_acls");
+        Assert.assertEquals(3, inheritedAcls.size());
+        Assert.assertEquals("AclTag1", inheritedAcls.getJsonObject(0).getString("source_name"));
+        Assert.assertEquals(tag1Id, inheritedAcls.getJsonObject(0).getString("source_id"));
 
         // acltag2 can see tag1
         json = target().path("/tag/list").request()
@@ -401,6 +405,10 @@ public class TestAclResource extends BaseJerseyTest {
         Assert.assertEquals(1, tags.size());
         Assert.assertTrue(json.getBoolean("writable"));
         Assert.assertEquals(tag1Id, tags.getJsonObject(0).getString("id"));
+        inheritedAcls = json.getJsonArray("inherited_acls");
+        Assert.assertEquals(4, inheritedAcls.size());
+        Assert.assertEquals("AclTag1", inheritedAcls.getJsonObject(0).getString("source_name"));
+        Assert.assertEquals(tag1Id, inheritedAcls.getJsonObject(0).getString("source_id"));
 
         // acltag2 can see and edit tag1
         json = target().path("/tag/" + tag1Id).request()