vmario/docs
1
0
Fork 0
mirror of https://github.com/sismics/docs.git synced 2024-11-25 15:17:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Closes #313: remove administrators from ACL targets search

Browse Source
This commit is contained in:
Benjamin Gamard 2019-05-03 13:27:23 +02:00
parent 9ea1dad62d
commit f336c7ae53
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs-web/src/main/java/com/sismics/docs/rest/resource/AclResource.java
View File

@ -228,8 +228,11 @@ public class AclResource extends BaseResource {
SortCriteria sortCriteria = new SortCriteria(1, true); SortCriteria sortCriteria = new SortCriteria(1, true);
List<UserDto> userDtoList = userDao.findByCriteria(new UserCriteria().setSearch(search), sortCriteria); List<UserDto> userDtoList = userDao.findByCriteria(new UserCriteria().setSearch(search), sortCriteria);
for (UserDto userDto : userDtoList) { for (UserDto userDto : userDtoList) {
users.add(Json.createObjectBuilder() // No need to add users who will skip ACL check anyways
.add("name", userDto.getUsername())); if (!SecurityUtil.skipAclCheck(Lists.newArrayList(userDto.getId()))) {
users.add(Json.createObjectBuilder()
.add("name", userDto.getUsername()));
}
} }
// Search groups // Search groups
@ -237,8 +240,11 @@ public class AclResource extends BaseResource {
JsonArrayBuilder groups = Json.createArrayBuilder(); JsonArrayBuilder groups = Json.createArrayBuilder();
List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria().setSearch(search), sortCriteria); List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria().setSearch(search), sortCriteria);
for (GroupDto groupDto : groupDtoList) { for (GroupDto groupDto : groupDtoList) {
groups.add(Json.createObjectBuilder() // No need to add users who will skip ACL check anyways
.add("name", groupDto.getName())); if (!SecurityUtil.skipAclCheck(Lists.newArrayList(groupDto.getId()))) {
groups.add(Json.createObjectBuilder()
.add("name", groupDto.getName()));
}
} }
JsonObjectBuilder response = Json.createObjectBuilder() JsonObjectBuilder response = Json.createObjectBuilder()

4
docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java
View File

@ -263,9 +263,9 @@ public class TestAclResource extends BaseJerseyTest {
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token) .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
.get(JsonObject.class); .get(JsonObject.class);
users = json.getJsonArray("users"); users = json.getJsonArray("users");
Assert.assertEquals(1, users.size()); Assert.assertEquals(0, users.size());
groups = json.getJsonArray("groups"); groups = json.getJsonArray("groups");
Assert.assertEquals(1, groups.size()); Assert.assertEquals(0, groups.size());
} }
@Test @Test