public/docs
1
0
Fork 0
mirror of https://github.com/sismics/docs.git synced 2025-12-29 01:21:49 +00:00
Code Issues Releases Wiki Activity

Closes #313: remove administrators from ACL targets search

Browse Source
This commit is contained in:
Benjamin Gamard
2019-05-03 13:27:23 +02:00
parent 9ea1dad62d
commit f336c7ae53
2 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs-web/src/main/java/com/sismics/docs/rest/resource/AclResource.java
View File

@@ -228,8 +228,11 @@ public class AclResource extends BaseResource {
SortCriteria sortCriteria = new SortCriteria(1, true);
List<UserDto> userDtoList = userDao.findByCriteria(new UserCriteria().setSearch(search), sortCriteria);
for (UserDto userDto : userDtoList) {
users.add(Json.createObjectBuilder()
.add("name", userDto.getUsername()));
// No need to add users who will skip ACL check anyways
if (!SecurityUtil.skipAclCheck(Lists.newArrayList(userDto.getId()))) {
users.add(Json.createObjectBuilder()
.add("name", userDto.getUsername()));
}
}
// Search groups
@@ -237,8 +240,11 @@ public class AclResource extends BaseResource {
JsonArrayBuilder groups = Json.createArrayBuilder();
List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria().setSearch(search), sortCriteria);
for (GroupDto groupDto : groupDtoList) {
groups.add(Json.createObjectBuilder()
.add("name", groupDto.getName()));
// No need to add users who will skip ACL check anyways
if (!SecurityUtil.skipAclCheck(Lists.newArrayList(groupDto.getId()))) {
groups.add(Json.createObjectBuilder()
.add("name", groupDto.getName()));
}
}
JsonObjectBuilder response = Json.createObjectBuilder()