chore: merge branch 'dBucik/fix_filtering_out_res_caps' into 'main'

fix: Entitlements sources - do not ignore res. capabilities See merge request !398

chore: merge branch 'dBucik/fix_filtering_out_res_caps' into 'main'
af764d05 · Pavel Břoušek · 948b33a3 · f14c85e9 · af764d05 · af764d05
Commit af764d05 authored 1 year ago by Pavel Břoušek
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementExtendedClaimSource.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementExtendedClaimSource.java
@@ -47,10 +47,14 @@ public class EntitlementExtendedClaimSource extends EntitlementSource {
    private Set<String> produceEntitlementsExtended(Facility facility, Long userId, PerunAdapter perunAdapter) {
        Set<Group> userGroups = ClaimUtils.getUserGroupsOnFacility(
                facility, userId, perunAdapter, getClaimName(), getGroupEntitlementDisabledAttr());
-        Map<Long, String> groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);
        Set<String> entitlements = new TreeSet<>();
        this.fillUuidEntitlements(userGroups, entitlements);
+
        fillForwardedEntitlements(perunAdapter, userId, entitlements);
+
+        userGroups = ClaimUtils.getUserGroupsOnFacility(
+                facility, userId, perunAdapter, getClaimName(), null);
+        Map<Long, String> groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);
        fillCapabilities(facility, perunAdapter, groupIdToNameMap,entitlements);
        log.trace("{} - UUID entitlements added", getClaimName());
        return entitlements;

--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementSource.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementSource.java
@@ -97,8 +97,7 @@ public class EntitlementSource extends GroupNamesSource {
 		PerunAdapter perunAdapter = pctx.getPerunAdapter();
 		Long userId = pctx.getPerunUserId();
 		Facility facility = pctx.getFacility();
-		Set<Group> userGroups = ClaimUtils.getUserGroupsOnFacility(facility, userId, perunAdapter, groupEntitlementDisabledAttr, getClaimName());
-		Set<String> entitlements = produceEntitlements(facility, userGroups, userId, perunAdapter);
+		Set<String> entitlements = produceEntitlements(facility, userId, perunAdapter);

 		JsonNode result = ClaimUtils.convertResultStringsToJsonArray(entitlements);
 		log.debug("{} - produced value for user({}): '{}'", getClaimName(), userId, result);
@@ -152,18 +151,20 @@ public class EntitlementSource extends GroupNamesSource {
 		}
 	}

-	protected Set<String> produceEntitlements(Facility facility, Set<Group> userGroups,
-											  Long userId, PerunAdapter perunAdapter)
+	protected Set<String> produceEntitlements(Facility facility, Long userId, PerunAdapter perunAdapter)
 	{
 		Set<String> entitlements = new TreeSet<>();
-		Map<Long, String> groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);

+		Set<Group> userGroups = ClaimUtils.getUserGroupsOnFacility(facility, userId, perunAdapter, groupEntitlementDisabledAttr, getClaimName());
+		Map<Long, String> groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);
 		if (groupIdToNameMap != null && !groupIdToNameMap.values().isEmpty()) {
 			this.fillEntitlementsFromGroupNames(new HashSet<>(groupIdToNameMap.values()), entitlements);
 			log.trace("{} - entitlements for group names added", getClaimName());
 		}

 		if (facility != null) {
+			userGroups = ClaimUtils.getUserGroupsOnFacility(facility, userId, perunAdapter, null, getClaimName());
+			groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);
 			this.fillCapabilities(facility, perunAdapter, groupIdToNameMap, entitlements);
 			log.trace("{} - capabilities added", getClaimName());
 		}