#18: Group resource, groups handling in ACL, groups returned in users

docs-web-common/src/main/java/com/sismics/security/AnonymousPrincipal.java

@@ -1,10 +1,10 @@
 package com.sismics.security;
 
-import java.util.List;
+import java.util.Set;
 
 import org.joda.time.DateTimeZone;
 
-import com.google.common.collect.Lists;
+import jersey.repackaged.com.google.common.collect.Sets;
 
 /**
  * Anonymous principal.
@@ -56,7 +56,7 @@ public class AnonymousPrincipal implements IPrincipal {
     }
 
     @Override
-    public List<String> getGroupIdList() {
-        return Lists.newArrayList();
+    public Set<String> getGroupIdSet() {
+        return Sets.newHashSet();
     }
 }

docs-web-common/src/main/java/com/sismics/security/IPrincipal.java

@@ -1,7 +1,7 @@
 package com.sismics.security;
 
 import java.security.Principal;
-import java.util.List;
+import java.util.Set;
 
 import org.joda.time.DateTimeZone;
 
@@ -31,7 +31,7 @@ public interface IPrincipal extends Principal {
      * 
      * @return List of group ID
      */
-    public List<String> getGroupIdList();
+    public Set<String> getGroupIdSet();
     
     /**
      * Returns the timezone of the principal.

docs-web-common/src/main/java/com/sismics/security/UserPrincipal.java

@@ -1,12 +1,9 @@
 package com.sismics.security;
 
-import java.util.List;
 import java.util.Set;
 
 import org.joda.time.DateTimeZone;
 
-import jersey.repackaged.com.google.common.collect.Lists;
-
 /**
  * Authenticated users principal.
  * 
@@ -38,6 +35,11 @@ public class UserPrincipal implements IPrincipal {
      */
     private Set<String> baseFunctionSet;
     
+    /**
+     * User groups.
+     */
+    private Set<String> groupIdSet;
+    
     /**
      * Constructor of UserPrincipal.
      * 
@@ -99,8 +101,11 @@ public class UserPrincipal implements IPrincipal {
     }
 
     @Override
-    public List<String> getGroupIdList() {
-        // TODO Real groups
-        return Lists.newArrayList("members");
+    public Set<String> getGroupIdSet() {
+        return groupIdSet;
+    }
+    
+    public void setGroupIdSet(Set<String> groupIdSet) {
+        this.groupIdSet = groupIdSet;
     }
 }

docs-web-common/src/main/java/com/sismics/util/filter/TokenBasedSecurityFilter.java

@@ -3,6 +3,7 @@ package com.sismics.util.filter;
 import java.io.IOException;
 import java.text.MessageFormat;
 import java.util.Date;
+import java.util.List;
 import java.util.Set;
 
 import javax.servlet.Filter;
@@ -20,14 +21,18 @@ import org.slf4j.LoggerFactory;
 
 import com.sismics.docs.core.constant.Constants;
 import com.sismics.docs.core.dao.jpa.AuthenticationTokenDao;
+import com.sismics.docs.core.dao.jpa.GroupDao;
 import com.sismics.docs.core.dao.jpa.RoleBaseFunctionDao;
 import com.sismics.docs.core.dao.jpa.UserDao;
+import com.sismics.docs.core.dao.jpa.criteria.GroupCriteria;
+import com.sismics.docs.core.dao.jpa.dto.GroupDto;
 import com.sismics.docs.core.model.jpa.AuthenticationToken;
 import com.sismics.docs.core.model.jpa.User;
-import com.sismics.docs.core.util.TransactionUtil;
 import com.sismics.security.AnonymousPrincipal;
 import com.sismics.security.UserPrincipal;
 
+import jersey.repackaged.com.google.common.collect.Sets;
+
 /**
  * This filter is used to authenticate the user having an active session via an authentication token stored in database.
  * The filter extracts the authentication token stored in a cookie.
@@ -113,10 +118,6 @@ public class TokenBasedSecurityFilter implements Filter {
                 User user = userDao.getById(authenticationToken.getUserId());
                 if (user != null && user.getDeleteDate() == null) {
                     injectAuthenticatedUser(request, user);
-                    
-                    // Update the last connection date
-                    authenticationTokenDao.updateLastConnectionDate(authenticationToken.getId());
-                    TransactionUtil.commit();
                 } else {
                     injectAnonymousUser(request);
                 }
@@ -158,6 +159,17 @@ public class TokenBasedSecurityFilter implements Filter {
         Set<String> baseFunctionSet = userBaseFuction.findByRoleId(user.getRoleId());
         userPrincipal.setBaseFunctionSet(baseFunctionSet);
         
+        // Add groups
+        GroupDao groupDao = new GroupDao();
+        List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria()
+                .setUserId(user.getId())
+                .setRecursive(true), null);
+        Set<String> groupIdSet = Sets.newHashSet();
+        for (GroupDto groupDto : groupDtoList) {
+            groupIdSet.add(groupDto.getId());
+        }
+        userPrincipal.setGroupIdSet(groupIdSet);
+        
         // Add email
         userPrincipal.setEmail(user.getEmail());
         

docs-web-common/src/test/java/com/sismics/docs/rest/util/ClientUtil.java

@@ -31,22 +31,59 @@ public class ClientUtil {
      * 
      * @param username Username
      */
-    public void createUser(String username) {
+    public void createUser(String username, String... groupNameList) {
         // Login admin to create the user
-        String adminAuthenticationToken = login("admin", "admin", false);
+        String adminToken = login("admin", "admin", false);
         
         // Create the user
-        Form form = new Form();
-        form.param("username", username);
-        form.param("email", username + "@docs.com");
-        form.param("password", "12345678");
-        form.param("storage_quota", "1000000"); // 1MB quota
         resource.path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
-                .put(Entity.form(form), JsonObject.class);
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .put(Entity.form(new Form()
+                        .param("username", username)
+                        .param("email", username + "@docs.com")
+                        .param("password", "12345678")
+                        .param("storage_quota", "1000000")), JsonObject.class); // 1MB quota
+        
+        // Add to groups
+        for (String groupName : groupNameList) {
+            resource.path("/group/" + groupName).request()
+                    .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                    .put(Entity.form(new Form()
+                            .param("username", username)), JsonObject.class);
+        }
         
         // Logout admin
-        logout(adminAuthenticationToken);
+        logout(adminToken);
+    }
+    
+    /**
+     * Creates a group.
+     * 
+     * @param name Name
+     */
+    public void createGroup(String name) {
+        createGroup(name, null);
+    }
+    
+    /**
+     * Creates a group.
+     * 
+     * @param name Name
+     * @param parent Parent
+     */
+    public void createGroup(String name, String parentId) {
+        // Login admin to create the group
+        String adminToken = login("admin", "admin", false);
+        
+        // Create the gorup
+        resource.path("/group").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .put(Entity.form(new Form()
+                        .param("name", name)
+                        .param("parent", parentId)), JsonObject.class);
+        
+        // Logout admin
+        logout(adminToken);
     }
     
     /**