[DLAB-1700] Do not convey to Project_Admin groups of Super_Admin and Project_Admin
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserRoleDaoImpl.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserRoleDaoImpl.java
index 81b7135..5bc845a 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserRoleDaoImpl.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/dao/UserRoleDaoImpl.java
@@ -69,7 +69,6 @@
private static final String EXPLORATORIES_FIELD = "exploratories";
private static final String COMPUTATIONALS_FIELD = "computationals";
private static final String GROUP_INFO = "groupInfo";
- private static final String ADMIN = "admin";
@Override
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java
index 0b05f84..9eb25c3 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/UserGroupServiceImpl.java
@@ -24,6 +24,7 @@
import com.epam.dlab.backendapi.dao.UserRoleDao;
import com.epam.dlab.backendapi.domain.ProjectDTO;
import com.epam.dlab.backendapi.resources.dto.UserGroupDto;
+import com.epam.dlab.backendapi.resources.dto.UserRoleDto;
import com.epam.dlab.backendapi.roles.UserRoles;
import com.epam.dlab.backendapi.service.ProjectService;
import com.epam.dlab.backendapi.service.UserGroupService;
@@ -45,6 +46,8 @@
@Slf4j
public class UserGroupServiceImpl implements UserGroupService {
private static final String ROLE_NOT_FOUND_MSG = "Any of role : %s were not found";
+ private static final String ADMIN = "admin";
+ private static final String PROJECT_ADMIN = "projectAdmin";
@Inject
private UserGroupDao userGroupDao;
@@ -106,13 +109,21 @@
.collect(Collectors.toSet());
return userRoleDao.aggregateRolesByGroup()
.stream()
- .filter(userGroup -> groups.contains(userGroup.getGroup()))
+ .filter(userGroup -> groups.contains(userGroup.getGroup()) && !containsAdministrationPermissions(userGroup))
.collect(Collectors.toList());
} else {
throw new DlabException(String.format("User %s doesn't have appropriate permission", user.getName()));
}
}
+ private boolean containsAdministrationPermissions(UserGroupDto userGroup) {
+ List<String> ids = userGroup.getRoles()
+ .stream()
+ .map(UserRoleDto::getId)
+ .collect(Collectors.toList());
+ return ids.contains(ADMIN) || ids.contains(PROJECT_ADMIN);
+ }
+
private void updateGroup(String group, Set<String> roleIds, Set<String> users) {
log.debug("Updating users for group {}: {}", group, users);
userGroupDao.updateUsers(group, users);
