Compare revisions

Dominik Frantisek Bucik · Pavel Břoušek · semantic-release-bot · 063b15f9 · 063b15f9 · 063b15f9
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
+## [18.5.2](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/compare/v18.5.1...v18.5.2) (2024-05-17)
+
+
+### Bug Fixes
+
+* 🐛 Entitlements sources - do not ignore res. capabilities ([f14c85e](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/commit/f14c85e9d46f4e3227237064070b18750f8c0e2b))
+
 ## [18.5.1](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/compare/v18.5.0...v18.5.1) (2024-05-15)



--- a/perun-oidc-server-webapp/pom.xml
+++ b/perun-oidc-server-webapp/pom.xml
@@ -21,7 +21,7 @@
 	<parent>
 		<groupId>cz.muni.ics</groupId>
 		<artifactId>perun-oidc-parent</artifactId>
-		<version>18.5.1</version>
+		<version>18.5.2</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>


--- a/perun-oidc-server/pom.xml
+++ b/perun-oidc-server/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>cz.muni.ics</groupId>
 		<artifactId>perun-oidc-parent</artifactId>
-		<version>18.5.1</version>
+		<version>18.5.2</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>


--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementExtendedClaimSource.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementExtendedClaimSource.java
@@ -47,10 +47,14 @@ public class EntitlementExtendedClaimSource extends EntitlementSource {
    private Set<String> produceEntitlementsExtended(Facility facility, Long userId, PerunAdapter perunAdapter) {
        Set<Group> userGroups = ClaimUtils.getUserGroupsOnFacility(
                facility, userId, perunAdapter, getClaimName(), getGroupEntitlementDisabledAttr());
-        Map<Long, String> groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);
        Set<String> entitlements = new TreeSet<>();
        this.fillUuidEntitlements(userGroups, entitlements);
+
        fillForwardedEntitlements(perunAdapter, userId, entitlements);
+
+        userGroups = ClaimUtils.getUserGroupsOnFacility(
+                facility, userId, perunAdapter, getClaimName(), null);
+        Map<Long, String> groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);
        fillCapabilities(facility, perunAdapter, groupIdToNameMap,entitlements);
        log.trace("{} - UUID entitlements added", getClaimName());
        return entitlements;

--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementSource.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/claims/sources/EntitlementSource.java
@@ -97,8 +97,7 @@ public class EntitlementSource extends GroupNamesSource {
 		PerunAdapter perunAdapter = pctx.getPerunAdapter();
 		Long userId = pctx.getPerunUserId();
 		Facility facility = pctx.getFacility();
-		Set<Group> userGroups = ClaimUtils.getUserGroupsOnFacility(facility, userId, perunAdapter, groupEntitlementDisabledAttr, getClaimName());
-		Set<String> entitlements = produceEntitlements(facility, userGroups, userId, perunAdapter);
+		Set<String> entitlements = produceEntitlements(facility, userId, perunAdapter);

 		JsonNode result = ClaimUtils.convertResultStringsToJsonArray(entitlements);
 		log.debug("{} - produced value for user({}): '{}'", getClaimName(), userId, result);
@@ -152,18 +151,20 @@ public class EntitlementSource extends GroupNamesSource {
 		}
 	}

-	protected Set<String> produceEntitlements(Facility facility, Set<Group> userGroups,
-											  Long userId, PerunAdapter perunAdapter)
+	protected Set<String> produceEntitlements(Facility facility, Long userId, PerunAdapter perunAdapter)
 	{
 		Set<String> entitlements = new TreeSet<>();
-		Map<Long, String> groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);

+		Set<Group> userGroups = ClaimUtils.getUserGroupsOnFacility(facility, userId, perunAdapter, groupEntitlementDisabledAttr, getClaimName());
+		Map<Long, String> groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);
 		if (groupIdToNameMap != null && !groupIdToNameMap.values().isEmpty()) {
 			this.fillEntitlementsFromGroupNames(new HashSet<>(groupIdToNameMap.values()), entitlements);
 			log.trace("{} - entitlements for group names added", getClaimName());
 		}

 		if (facility != null) {
+			userGroups = ClaimUtils.getUserGroupsOnFacility(facility, userId, perunAdapter, null, getClaimName());
+			groupIdToNameMap = super.getGroupIdToNameMap(userGroups, false);
 			this.fillCapabilities(facility, perunAdapter, groupIdToNameMap, entitlements);
 			log.trace("{} - capabilities added", getClaimName());
 		}

--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>cz.muni.ics</groupId>
 	<artifactId>perun-oidc-parent</artifactId>
-	<version>18.5.1</version>
+	<version>18.5.2</version>
 	<packaging>pom</packaging>

 	<modules>
No results found