Closes #313: remove administrators from ACL targets search

docs-web/src/main/java/com/sismics/docs/rest/resource/AclResource.java

@@ -228,18 +228,24 @@ public class AclResource extends BaseResource {
         SortCriteria sortCriteria = new SortCriteria(1, true);
         List<UserDto> userDtoList = userDao.findByCriteria(new UserCriteria().setSearch(search), sortCriteria);
         for (UserDto userDto : userDtoList) {
+            // No need to add users who will skip ACL check anyways
+            if (!SecurityUtil.skipAclCheck(Lists.newArrayList(userDto.getId()))) {
                 users.add(Json.createObjectBuilder()
                         .add("name", userDto.getUsername()));
             }
+        }
         
         // Search groups
         GroupDao groupDao = new GroupDao();
         JsonArrayBuilder groups = Json.createArrayBuilder();
         List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria().setSearch(search), sortCriteria);
         for (GroupDto groupDto : groupDtoList) {
+            // No need to add users who will skip ACL check anyways
+            if (!SecurityUtil.skipAclCheck(Lists.newArrayList(groupDto.getId()))) {
                 groups.add(Json.createObjectBuilder()
                         .add("name", groupDto.getName()));
             }
+        }
         
         JsonObjectBuilder response = Json.createObjectBuilder()
                 .add("users", users)

docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java

@@ -263,9 +263,9 @@ public class TestAclResource extends BaseJerseyTest {
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
                 .get(JsonObject.class);
         users = json.getJsonArray("users");
-        Assert.assertEquals(1, users.size());
+        Assert.assertEquals(0, users.size());
         groups = json.getJsonArray("groups");
-        Assert.assertEquals(1, groups.size());
+        Assert.assertEquals(0, groups.size());
     }
 
     @Test