Closes #257: admin users can see all logs

docs-core/src/main/java/com/sismics/docs/core/dao/AuditLogDao.java

@@ -27,7 +27,6 @@ public class AuditLogDao {
      * 
      * @param auditLog Audit log
      * @return New ID
-     * @throws Exception
      */
     public String create(AuditLog auditLog) {
         // Create the UUID
@@ -47,10 +46,9 @@ public class AuditLogDao {
      * @param paginatedList List of audit logs (updated by side effects)
      * @param criteria Search criteria
      * @param sortCriteria Sort criteria
-     * @return List of audit logs
      */
     public void findByCriteria(PaginatedList<AuditLogDto> paginatedList, AuditLogCriteria criteria, SortCriteria sortCriteria) {
-        Map<String, Object> parameterMap = new HashMap<String, Object>();
+        Map<String, Object> parameterMap = new HashMap<>();
         
         StringBuilder baseQuery = new StringBuilder("select l.LOG_ID_C c0, l.LOG_CREATEDATE_D c1, u.USE_USERNAME_C c2, l.LOG_IDENTITY_C c3, l.LOG_CLASSENTITY_C c4, l.LOG_TYPE_C c5, l.LOG_MESSAGE_C c6 from T_AUDIT_LOG l ");
         baseQuery.append(" join T_USER u on l.LOG_IDUSER_C = u.USE_ID_C ");
@@ -67,18 +65,23 @@ public class AuditLogDao {
         }
         
         if (criteria.getUserId() != null) {
+            if (criteria.isAdmin()) {
+                // For admin users, display all logs except ACL logs
+                queries.add(baseQuery + " where l.LOG_CLASSENTITY_C != 'Acl' ");
+            } else {
                 // Get all logs originating from the user, not necessarly on owned items
                 // Filter out ACL logs
                 queries.add(baseQuery + " where l.LOG_IDUSER_C = :userId and l.LOG_CLASSENTITY_C != 'Acl' ");
                 parameterMap.put("userId", criteria.getUserId());
             }
+        }
         
         // Perform the search
         QueryParam queryParam = new QueryParam(Joiner.on(" union ").join(queries), parameterMap);
         List<Object[]> l = PaginatedLists.executePaginatedQuery(paginatedList, queryParam, sortCriteria);
         
         // Assemble results
-        List<AuditLogDto> auditLogDtoList = new ArrayList<AuditLogDto>();
+        List<AuditLogDto> auditLogDtoList = new ArrayList<>();
         for (Object[] o : l) {
             int i = 0;
             AuditLogDto auditLogDto = new AuditLogDto();

docs-core/src/main/java/com/sismics/docs/core/dao/criteria/AuditLogCriteria.java

@@ -17,6 +17,11 @@ public class AuditLogCriteria {
      */
     private String userId;
 
+    /**
+     * The search is done for an admin user.
+     */
+    private boolean isAdmin = false;
+    
     public String getDocumentId() {
         return documentId;
     }
@@ -32,4 +37,13 @@ public class AuditLogCriteria {
     public void setUserId(String userId) {
         this.userId = userId;
     }
+
+    public boolean isAdmin() {
+        return isAdmin;
+    }
+
+    public AuditLogCriteria setAdmin(boolean admin) {
+        isAdmin = admin;
+        return this;
+    }
 }

docs-web/src/main/java/com/sismics/docs/rest/resource/AuditLogResource.java

@@ -6,6 +6,7 @@ import com.sismics.docs.core.dao.AclDao;
 import com.sismics.docs.core.dao.AuditLogDao;
 import com.sismics.docs.core.dao.criteria.AuditLogCriteria;
 import com.sismics.docs.core.dao.dto.AuditLogDto;
+import com.sismics.docs.core.util.SecurityUtil;
 import com.sismics.docs.core.util.jpa.PaginatedList;
 import com.sismics.docs.core.util.jpa.PaginatedLists;
 import com.sismics.docs.core.util.jpa.SortCriteria;
@@ -65,6 +66,7 @@ public class AuditLogResource extends BaseResource {
         if (Strings.isNullOrEmpty(documentId)) {
             // Search logs for a user
             criteria.setUserId(principal.getId());
+            criteria.setAdmin(SecurityUtil.skipAclCheck(getTargetIdList(null)));
         } else {
             // Check ACL on the document
             AclDao aclDao = new AclDao();

docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java

@@ -680,6 +680,7 @@ public class UserResource extends BaseResource {
      * @apiParam {String} username Username
      * @apiSuccess {String} username Username
      * @apiSuccess {String} email E-mail
+     * @apiSuccess {Boolean} totp_enabled True if TOTP authentication is enabled
      * @apiSuccess {Number} storage_quota Storage quota (in bytes)
      * @apiSuccess {Number} storage_current Quota used (in bytes)
      * @apiSuccess {String[]} groups Groups
@@ -720,6 +721,7 @@ public class UserResource extends BaseResource {
                 .add("username", user.getUsername())
                 .add("groups", groups)
                 .add("email", user.getEmail())
+                .add("totp_enabled", user.getTotpKey() != null)
                 .add("storage_quota", user.getStorageQuota())
                 .add("storage_current", user.getStorageCurrent())
                 .add("disabled", user.getDisableDate() != null);
@@ -739,6 +741,7 @@ public class UserResource extends BaseResource {
      * @apiSuccess {String} users.id ID
      * @apiSuccess {String} users.username Username
      * @apiSuccess {String} users.email E-mail
+     * @apiSuccess {Boolean} users.totp_enabled True if TOTP authentication is enabled
      * @apiSuccess {Number} users.storage_quota Storage quota (in bytes)
      * @apiSuccess {Number} users.storage_current Quota used (in bytes)
      * @apiSuccess {Number} users.create_date Create date (timestamp)
@@ -781,8 +784,8 @@ public class UserResource extends BaseResource {
             users.add(Json.createObjectBuilder()
                     .add("id", userDto.getId())
                     .add("username", userDto.getUsername())
-                    .add("totp_enabled", userDto.getTotpKey() != null)
                     .add("email", userDto.getEmail())
+                    .add("totp_enabled", userDto.getTotpKey() != null)
                     .add("storage_quota", userDto.getStorageQuota())
                     .add("storage_current", userDto.getStorageCurrent())
                     .add("create_date", userDto.getCreateTimestamp())