Merge pull request #15 from topcoder-platform/dev

Fix Sub Groups Permission Check Problem

Author: skyhit

conf/OnlineReview.xml

@@ -5217,6 +5217,9 @@
         <Property name="user_group_membership_url">
             <Value>@topcoder_api_base_url_v3@/groups?memberId=%s&amp;membershipType=User</Value>
         </Property>
+        <Property name="parent_groups_url">
+            <Value>@topcoder_api_base_url_v3@/groups/%s/getParentGroup?oneLevel=false</Value>
+        </Property>
         <Property name="v3jwt_cookie_name">
             <Value>v3jwt</Value>
         </Property>

src/java/main/com/cronos/onlinereview/actions/project/SaveProjectAction.java

@@ -1396,7 +1396,7 @@ private Date parseDatetimeFormProperties(int propertyIndex, String dateProperty,
      * @throws BaseException if any error occurs
      * @return the Set<Long> result contains the group ids
      */
-    private Set<Long> getGroups(HttpServletRequest request, long userId) throws BaseException {
+    private Set<Long> getGroups(long userId) throws BaseException {
     	try {
             DefaultHttpClient httpClient = new DefaultHttpClient();
             String groupEndPoint = String.format(ConfigHelper.getUserGroupMembershipUrl(), userId);
@@ -1422,12 +1422,74 @@ private Set<Long> getGroups(HttpServletRequest request, long userId) throws Base
             for (JsonNode group : groups) {            
                 groupIds.add(group.path("id").asLong());
             }
+
+            Set<Long> allGroupIds = new HashSet<Long>(groupIds);
+            for (Long groupId : groupIds) {
+                allGroupIds.addAll(getParentGroups(groupId));
+            }
 
-            return groupIds;
+            return allGroupIds;
     	} catch (Exception exp) {
     		throw new BaseException(exp.getMessage(), exp);
     	}
-    	
+    }
+
+    /**
+     * Get parent groups for the given group id
+     *
+     * @param request the request to use
+     * @param groupId the user id to use
+     * @throws BaseException if any error occurs
+     * @return the Set<Long> result contains the group ids
+     */
+    private Set<Long> getParentGroups(long groupId) throws BaseException {
+        try {
+            DefaultHttpClient httpClient = new DefaultHttpClient();
+            String parentGroupsEndPoint = String.format(ConfigHelper.getParentGroupsUrl(), groupId);
+            HttpGet getRequest = new HttpGet(parentGroupsEndPoint);
+
+            String v3Token = new JwtTokenUpdater().check().getToken();
+
+            getRequest.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + v3Token);
+
+            getRequest.addHeader(HttpHeaders.ACCEPT, "application/json");
+            HttpResponse httpResponse = httpClient.execute(getRequest);
+
+            HttpEntity entity = httpResponse.getEntity();
+
+            if (httpResponse.getStatusLine().getStatusCode() != HttpStatus.SC_OK) {
+                throw new BaseException("Unable to get groups from the API:" + httpResponse.getStatusLine().getReasonPhrase());
+            }
+
+            JsonNode result = objectMapper.readTree(entity.getContent());
+
+            JsonNode groupNode = result.path("result").path("content");
+            Set<Long> groupIds = parseGroup(groupNode);
+
+            return groupIds;
+        } catch (Exception exp) {
+            throw new BaseException(exp.getMessage(), exp);
+        }
+    }
+
+    /**
+     * Parse the group from the JSON node
+     * @param groupNode the JSON node
+     * @return the group
+     */
+    private Set<Long> parseGroup(JsonNode groupNode) {
+        Set<Long> parentGroupIds = new HashSet<Long>();
+        Long parentGroupId = groupNode.path("id").asLong();
+        if (parentGroupId != 0) {
+            // exclude null node
+            parentGroupIds.add(groupNode.path("id").asLong());
+        }
+
+        if (groupNode.has("parentGroup")) {
+            parentGroupIds.addAll(parseGroup(groupNode.path("parentGroup")));
+        }
+
+        return parentGroupIds;
     }
 
     /**
@@ -1453,7 +1515,7 @@ private boolean checkUserChallengeEligibility(HttpServletRequest request, int re
                     if (challengeGroupInd != null) {
                         if (challengeGroupInd > 0) {
                             Long groupId = groups.get("group_id");
-                            Set<Long> ids = this.getGroups(request, userId);
+                            Set<Long> ids = this.getGroups(userId);
                             if (!ids.contains(groupId)) {
                                 ActionsHelper.addErrorToRequest(request, "resources_name[" + resourceIdx + "]",
                                         "error.com.cronos.onlinereview.actions.editProject.Resource.GroupPermissionDenied");

src/java/main/com/cronos/onlinereview/util/ConfigHelper.java

@@ -566,6 +566,11 @@ public class ConfigHelper {
      * <p>A <code>String</code> providing the name for user group memeber ship url property.</p>
      */
     private static final String USER_GROUP_MEMBERSHIP_URL = "user_group_membership_url";
+
+    /**
+     * <p>A <code>String</code> providing the name for parent groups url property.</p>
+     */
+    private static final String PARENT_GROUPS_URL = "parent_groups_url";
 
     /**
      * <p>A <code>String</code> providing the name for v2 jwt cookie name property.</p>
@@ -943,6 +948,11 @@ public class ConfigHelper {
      * <p>Represents the userGroupMembershipUrl.</p> 
      */
     private static String userGroupMembershipUrl;
+
+    /**
+     * <p>Represents the parentGroupsUrl.</p>
+     */
+    private static String parentGroupsUrl;
 
     /**
      * <p>Represents the v3jwtCookieBame.</p> 
@@ -951,17 +961,17 @@ public class ConfigHelper {
 
     /**
      * <p>Represents the v2jwtCookieBame.</p> 
-     */
+     */
     private static String v2jwtCookieName;
 
     /**
      * <p>Represents the v3jwtAuthorizationUrl.</p> 
-     */
+     */
     private static String v3jwtAuthorizationUrl;
 
     /**
      * <p>Represents the ssoDomainForV3jwtCookie.</p> 
-     */
+     */
     private static String ssoDomainForV3jwtCookie;
 
     static {
@@ -1560,6 +1570,7 @@ public class ConfigHelper {
             }
 
             userGroupMembershipUrl = cfgMgr.getString(ONLINE_REVIEW_CFG_NS, USER_GROUP_MEMBERSHIP_URL);
+            parentGroupsUrl = cfgMgr.getString(ONLINE_REVIEW_CFG_NS, PARENT_GROUPS_URL);
             v3jwtCookieName = cfgMgr.getString(ONLINE_REVIEW_CFG_NS, V3_JWT_COOKIE_NAME);
             v2jwtCookieName = cfgMgr.getString(ONLINE_REVIEW_CFG_NS, V2_JWT_COOKIE_NAME);
             ssoDomainForV3jwtCookie = cfgMgr.getString(ONLINE_REVIEW_CFG_NS, SSO_DOMAIN_FOR_V3_JWT_COOKIE);
@@ -2401,6 +2412,15 @@ public static String getUserGroupMembershipUrl() {
     	return userGroupMembershipUrl;
     }
 
+    /**
+     * Get parent groups url
+     *
+     * @return the parent groups url
+     */
+    public static String getParentGroupsUrl() {
+        return parentGroupsUrl;
+    }
+
     /**
      * Get v3jwt cookie name
      *
@@ -2409,29 +2429,29 @@ public static String getUserGroupMembershipUrl() {
     public static String getV3jwtCookieName() {
     	return v3jwtCookieName;
     }
-
-    /**
-     * Get v2jwtCookieName.
-     * @return the v2jwtCookieName. 
-     */
-    public static String getV2jwtCookieName() {
-        return v2jwtCookieName;
-    }
-
-    /**
-     * Get v3jwtAuthorizationUrl.
-     * @return the v3jwtAuthorizationUrl. 
-     */
-    public static String getV3jwtAuthorizationUrl() {
-        return v3jwtAuthorizationUrl;
-    }
-
-    /**
-     * Get ssoDomainForV3jwtCookie.
-     * @return the ssoDomainForV3jwtCookie. 
-     */
-    public static String getSsoDomainForV3jwtCookie() {
-        return ssoDomainForV3jwtCookie;
-    }
-    
+
+    /**
+     * Get v2jwtCookieName.
+     * @return the v2jwtCookieName. 
+     */
+    public static String getV2jwtCookieName() {
+        return v2jwtCookieName;
+    }
+
+    /**
+     * Get v3jwtAuthorizationUrl.
+     * @return the v3jwtAuthorizationUrl. 
+     */
+    public static String getV3jwtAuthorizationUrl() {
+        return v3jwtAuthorizationUrl;
+    }
+
+    /**
+     * Get ssoDomainForV3jwtCookie.
+     * @return the ssoDomainForV3jwtCookie. 
+     */
+    public static String getSsoDomainForV3jwtCookie() {
+        return ssoDomainForV3jwtCookie;
+    }
+    
 }