Closes #313: remove administrators from ACL targets search

This commit is contained in:
Benjamin Gamard 2019-05-03 13:27:23 +02:00
parent 9ea1dad62d
commit f336c7ae53
2 changed files with 12 additions and 6 deletions

View File

@ -228,18 +228,24 @@ public class AclResource extends BaseResource {
SortCriteria sortCriteria = new SortCriteria(1, true); SortCriteria sortCriteria = new SortCriteria(1, true);
List<UserDto> userDtoList = userDao.findByCriteria(new UserCriteria().setSearch(search), sortCriteria); List<UserDto> userDtoList = userDao.findByCriteria(new UserCriteria().setSearch(search), sortCriteria);
for (UserDto userDto : userDtoList) { for (UserDto userDto : userDtoList) {
// No need to add users who will skip ACL check anyways
if (!SecurityUtil.skipAclCheck(Lists.newArrayList(userDto.getId()))) {
users.add(Json.createObjectBuilder() users.add(Json.createObjectBuilder()
.add("name", userDto.getUsername())); .add("name", userDto.getUsername()));
} }
}
// Search groups // Search groups
GroupDao groupDao = new GroupDao(); GroupDao groupDao = new GroupDao();
JsonArrayBuilder groups = Json.createArrayBuilder(); JsonArrayBuilder groups = Json.createArrayBuilder();
List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria().setSearch(search), sortCriteria); List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria().setSearch(search), sortCriteria);
for (GroupDto groupDto : groupDtoList) { for (GroupDto groupDto : groupDtoList) {
// No need to add users who will skip ACL check anyways
if (!SecurityUtil.skipAclCheck(Lists.newArrayList(groupDto.getId()))) {
groups.add(Json.createObjectBuilder() groups.add(Json.createObjectBuilder()
.add("name", groupDto.getName())); .add("name", groupDto.getName()));
} }
}
JsonObjectBuilder response = Json.createObjectBuilder() JsonObjectBuilder response = Json.createObjectBuilder()
.add("users", users) .add("users", users)

View File

@ -263,9 +263,9 @@ public class TestAclResource extends BaseJerseyTest {
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token) .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
.get(JsonObject.class); .get(JsonObject.class);
users = json.getJsonArray("users"); users = json.getJsonArray("users");
Assert.assertEquals(1, users.size()); Assert.assertEquals(0, users.size());
groups = json.getJsonArray("groups"); groups = json.getJsonArray("groups");
Assert.assertEquals(1, groups.size()); Assert.assertEquals(0, groups.size());
} }
@Test @Test