mirror of
https://github.com/sismics/docs.git
synced 2024-11-25 15:17:57 +01:00
Closes #313: remove administrators from ACL targets search
This commit is contained in:
parent
9ea1dad62d
commit
f336c7ae53
@ -228,18 +228,24 @@ public class AclResource extends BaseResource {
|
||||
SortCriteria sortCriteria = new SortCriteria(1, true);
|
||||
List<UserDto> userDtoList = userDao.findByCriteria(new UserCriteria().setSearch(search), sortCriteria);
|
||||
for (UserDto userDto : userDtoList) {
|
||||
// No need to add users who will skip ACL check anyways
|
||||
if (!SecurityUtil.skipAclCheck(Lists.newArrayList(userDto.getId()))) {
|
||||
users.add(Json.createObjectBuilder()
|
||||
.add("name", userDto.getUsername()));
|
||||
}
|
||||
}
|
||||
|
||||
// Search groups
|
||||
GroupDao groupDao = new GroupDao();
|
||||
JsonArrayBuilder groups = Json.createArrayBuilder();
|
||||
List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria().setSearch(search), sortCriteria);
|
||||
for (GroupDto groupDto : groupDtoList) {
|
||||
// No need to add users who will skip ACL check anyways
|
||||
if (!SecurityUtil.skipAclCheck(Lists.newArrayList(groupDto.getId()))) {
|
||||
groups.add(Json.createObjectBuilder()
|
||||
.add("name", groupDto.getName()));
|
||||
}
|
||||
}
|
||||
|
||||
JsonObjectBuilder response = Json.createObjectBuilder()
|
||||
.add("users", users)
|
||||
|
@ -263,9 +263,9 @@ public class TestAclResource extends BaseJerseyTest {
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
|
||||
.get(JsonObject.class);
|
||||
users = json.getJsonArray("users");
|
||||
Assert.assertEquals(1, users.size());
|
||||
Assert.assertEquals(0, users.size());
|
||||
groups = json.getJsonArray("groups");
|
||||
Assert.assertEquals(1, groups.size());
|
||||
Assert.assertEquals(0, groups.size());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
Loading…
Reference in New Issue
Block a user