diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementExtendedClaimSource.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementExtendedClaimSource.java
index 45b12129f7e7abca481e8001f2f63ac1919691a6..4c8cb22799726a7de781f1272bfc28e6c617e32b 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementExtendedClaimSource.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementExtendedClaimSource.java
@@ -47,10 +47,14 @@ public class EntitlementExtendedClaimSource extends EntitlementSource {
private Set<String> produceEntitlementsExtended(Facility facility, Long userId, PerunAdapter perunAdapter) {
Set<Group> userGroups = ClaimUtils.getUserGroupsOnFacility(
facility, userId, perunAdapter, getClaimName(), getGroupEntitlementDisabledAttr());
- Map<Long, String> groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);
Set<String> entitlements = new TreeSet<>();
this.fillUuidEntitlements(userGroups, entitlements);
+
fillForwardedEntitlements(perunAdapter, userId, entitlements);
+
+ userGroups = ClaimUtils.getUserGroupsOnFacility(
+ facility, userId, perunAdapter, getClaimName(), null);
+ Map<Long, String> groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);
fillCapabilities(facility, perunAdapter, groupIdToNameMap,entitlements);
log.trace("{} - UUID entitlements added", getClaimName());
return entitlements;
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementSource.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementSource.java
index 25582f0a5406b004486ee2e1b4ce42821c490448..779f56e78a76e1b5ca61eeaa5e69b021138ef32f 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementSource.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementSource.java
@@ -97,8 +97,7 @@ public class EntitlementSource extends GroupNamesSource {
PerunAdapter perunAdapter = pctx.getPerunAdapter();
Long userId = pctx.getPerunUserId();
Facility facility = pctx.getFacility();
- Set<Group> userGroups = ClaimUtils.getUserGroupsOnFacility(facility, userId, perunAdapter, groupEntitlementDisabledAttr, getClaimName());
- Set<String> entitlements = produceEntitlements(facility, userGroups, userId, perunAdapter);
+ Set<String> entitlements = produceEntitlements(facility, userId, perunAdapter);
JsonNode result = ClaimUtils.convertResultStringsToJsonArray(entitlements);
log.debug("{} - produced value for user({}): '{}'", getClaimName(), userId, result);
@@ -152,18 +151,20 @@ public class EntitlementSource extends GroupNamesSource {
}
}
- protected Set<String> produceEntitlements(Facility facility, Set<Group> userGroups,
- Long userId, PerunAdapter perunAdapter)
+ protected Set<String> produceEntitlements(Facility facility, Long userId, PerunAdapter perunAdapter)
{
Set<String> entitlements = new TreeSet<>();
- Map<Long, String> groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);
+ Set<Group> userGroups = ClaimUtils.getUserGroupsOnFacility(facility, userId, perunAdapter, groupEntitlementDisabledAttr, getClaimName());
+ Map<Long, String> groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);
if (groupIdToNameMap != null && !groupIdToNameMap.values().isEmpty()) {
this.fillEntitlementsFromGroupNames(new HashSet<>(groupIdToNameMap.values()), entitlements);
log.trace("{} - entitlements for group names added", getClaimName());
}
if (facility != null) {
+ userGroups = ClaimUtils.getUserGroupsOnFacility(facility, userId, perunAdapter, null, getClaimName());
+ groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);
this.fillCapabilities(facility, perunAdapter, groupIdToNameMap, entitlements);
log.trace("{} - capabilities added", getClaimName());
}