Merge pull request #4048 from dBucik/get_groups_by_user_in_vo

feat: 🎸 Filter out embedded groups where user is member + new method groupsManager/getGroupsWhereUserIsActiveMember

Author: bodnara

perun-base/src/main/resources/perun-roles.yml

@@ -2217,6 +2217,15 @@ perun_policies:
     include_policies:
       - default_policy
 
+  getGroupsWhereUserIsActiveMember_User_Vo_policy:
+    policy_roles:
+      - SELF: User
+      - PERUNOBSERVER:
+      - VOOBSERVER: Vo
+      - VOADMIN: Vo
+    include_policies:
+      - default_policy
+
   getRichGroupsAssignedToResourceWithAttributesByNames_Resource_List<String>_policy:
     policy_roles:
       - RESOURCESELFSERVICE: Resource

perun-core/src/main/java/cz/metacentrum/perun/core/api/GroupsManager.java

@@ -1513,4 +1513,14 @@ public interface GroupsManager {
 	 * @throws PrivilegeException if unauthorized
 	 */
 	List<Group> getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo, Vo memberVo) throws VoNotExistsException, PrivilegeException;
+
+	/**
+	 * Returns groups in which the user is active member. Groups are looked up only for the specified VO
+	 * @param session session
+	 * @param user user object
+	 * @param vo VO object
+	 * @return List of groups
+	 */
+	List<Group> getGroupsWhereUserIsActiveMember(PerunSession session, User user, Vo vo) throws VoNotExistsException, UserNotExistsException, PrivilegeException;
+
 }

perun-core/src/main/java/cz/metacentrum/perun/core/bl/GroupsManagerBl.java

@@ -2191,4 +2191,13 @@ public interface GroupsManagerBl {
 	 */
 	List<Group> getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo, Vo memberVo);
 
+	/**
+	 * Returns groups in which the user is active member. Groups are looked up only for the specified VO.
+	 *
+	 * @param sess session
+	 * @param user user object
+	 * @param vo VO object
+	 * @return List of groups
+	 */
+	List<Group> getGroupsWhereUserIsActiveMember(PerunSession sess, User user, Vo vo);
 }

perun-core/src/main/java/cz/metacentrum/perun/core/blImpl/GroupsManagerBlImpl.java

@@ -6084,4 +6084,11 @@ public List<Group> getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo)
 	public List<Group> getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo, Vo memberVo) {
 		return this.groupsManagerImpl.getAllAllowedGroupsToHierarchicalVo(sess, vo, memberVo);
 	}
+
+	@Override
+	public List<Group> getGroupsWhereUserIsActiveMember(PerunSession sess, User user, Vo vo) {
+		List<Group> groups = this.groupsManagerImpl.getGroupsWhereUserIsActiveMember(sess, user, vo);
+		groups.removeIf(g -> VosManager.MEMBERS_GROUP.equals(g.getName()));
+		return groups;
+	}
 }

perun-core/src/main/java/cz/metacentrum/perun/core/entry/GroupsManagerEntry.java

@@ -1746,4 +1746,18 @@ public List<Group> getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo,
 
 		return getGroupsManagerBl().getAllAllowedGroupsToHierarchicalVo(sess, vo, memberVo);
 	}
+
+	@Override
+	public List<Group> getGroupsWhereUserIsActiveMember(PerunSession sess, User user, Vo vo)
+		throws VoNotExistsException, UserNotExistsException, PrivilegeException {
+		Utils.checkPerunSession(sess);
+		getPerunBl().getVosManagerBl().checkVoExists(sess, vo);
+		getPerunBl().getUsersManagerBl().checkUserExists(sess, user);
+
+		if (!AuthzResolver.authorizedInternal(sess, "getGroupsWhereUserIsActiveMember_User_Vo_policy", user, vo)) {
+			throw new PrivilegeException(sess, "getGroupsWhereUserIsActiveMember");
+		}
+
+		return getGroupsManagerBl().getGroupsWhereUserIsActiveMember(sess, user, vo);
+	}
 }

perun-core/src/main/java/cz/metacentrum/perun/core/impl/GroupsManagerImpl.java

@@ -1469,6 +1469,18 @@ public List<Group> getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo,
 		}
 	}
 
+	@Override
+	public List<Group> getGroupsWhereUserIsActiveMember(PerunSession sess, User user, Vo vo) {
+		try {
+			return jdbc.query("SELECT " + groupMappingSelectQuery + " FROM groups WHERE groups.vo_id=? AND groups.id IN " +
+				"(SELECT groups_members.group_id FROM groups_members WHERE groups_members.source_group_status = ? AND groups_members.member_id IN " +
+					"(SELECT members.id FROM members WHERE members.user_id = ? AND members.vo_id = ?))",
+				GROUP_MAPPER, vo.getId(), MemberGroupStatus.VALID.getCode(), user.getId(), vo.getId());
+		}  catch (RuntimeException e) {
+			throw new InternalErrorException(e);
+		}
+	}
+
 	private String getSQLWhereForGroupsPage(GroupsPageQuery query, MapSqlParameterSource namedParams) {
 		if (isEmpty(query.getSearchString())) {
 			return "";

perun-core/src/main/java/cz/metacentrum/perun/core/implApi/GroupsManagerImplApi.java

@@ -1025,4 +1025,15 @@ public interface GroupsManagerImplApi {
 	 * @return list of allowed groups to hierarchical VO
 	 */
 	List<Group> getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo, Vo memberVo);
+
+
+	/**
+	 * Returns groups in which the user is active member. Groups are looked up only for the specified VO.
+	 *
+	 * @param sess session
+	 * @param user user object
+	 * @param vo VO object
+	 * @return List of groups
+	 */
+	List<Group> getGroupsWhereUserIsActiveMember(PerunSession sess, User user, Vo vo);
 }

perun-core/src/test/java/cz/metacentrum/perun/core/entry/GroupsManagerEntryIntegrationTest.java

@@ -18,8 +18,8 @@
 import cz.metacentrum.perun.core.api.MembershipType;
 import cz.metacentrum.perun.core.api.Paginated;
 import cz.metacentrum.perun.core.api.PerunClient;
-import cz.metacentrum.perun.core.api.PerunSession;
 import cz.metacentrum.perun.core.api.PerunPrincipal;
+import cz.metacentrum.perun.core.api.PerunSession;
 import cz.metacentrum.perun.core.api.Resource;
 import cz.metacentrum.perun.core.api.RichGroup;
 import cz.metacentrum.perun.core.api.RichMember;
@@ -35,7 +35,6 @@
 import cz.metacentrum.perun.core.api.exceptions.ExternallyManagedException;
 import cz.metacentrum.perun.core.api.exceptions.GroupExistsException;
 import cz.metacentrum.perun.core.api.exceptions.GroupMoveNotAllowedException;
-import cz.metacentrum.perun.core.api.exceptions.GroupNotAllowedToAutoRegistrationException;
 import cz.metacentrum.perun.core.api.exceptions.GroupNotExistsException;
 import cz.metacentrum.perun.core.api.exceptions.GroupRelationAlreadyExists;
 import cz.metacentrum.perun.core.api.exceptions.GroupRelationCannotBeRemoved;
@@ -54,12 +53,9 @@
 import cz.metacentrum.perun.core.bl.UsersManagerBl;
 import cz.metacentrum.perun.core.impl.PerunSessionImpl;
 import cz.metacentrum.perun.core.implApi.modules.attributes.AbstractMembershipExpirationRulesModule;
-import cz.metacentrum.perun.registrar.model.ApplicationFormItem;
 import org.junit.Before;
 import org.junit.Test;
-import org.mockito.Mockito;
 import org.springframework.util.Assert;
-import org.testcontainers.shaded.com.fasterxml.jackson.databind.annotation.JsonAppend;
 
 import java.time.LocalDate;
 import java.util.ArrayList;
@@ -80,7 +76,6 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 
@@ -6534,6 +6529,63 @@ public void getAllAllowedGroupsToHierarchicalVoWithMemberVo() throws Exception {
 		assertEquals(group2, result.get(0));
 	}
 
+	@Test
+	public void getGroupsWhereUserIsActiveMember() throws Exception {
+		System.out.println(CLASS_NAME + "getGroupsWhereUserIsActiveMember");
+
+		Vo vo = setUpVo();
+		Member member = setUpMember(vo);
+		User user = perun.getUsersManagerBl().getUserById(sess, member.getUserId());
+
+		groupsManager.createGroup(sess, vo, group);
+		groupsManager.createGroup(sess, vo, group2);
+		groupsManager.createGroup(sess, group2, group3);
+		groupsManager.createGroup(sess, group2, group4);
+		groupsManager.createGroup(sess, group3, group5);
+		groupsManager.createGroup(sess, group4, group6);
+
+		groupsManagerBl.addMember(sess, group, member);
+		groupsManagerBl.addMember(sess, group2, member);
+		groupsManagerBl.addMember(sess, group6, member);
+
+		List<Group> result = groupsManager.getGroupsWhereUserIsActiveMember(sess, user, vo);
+
+		assertEquals(4, result.size());
+		assertTrue(result.contains(group));
+		assertTrue(result.contains(group2));
+		assertTrue(result.contains(group4)); //indirect member
+		assertTrue(result.contains(group6));
+	}
+
+	@Test
+	public void getGroupsWhereUserIsActiveMemberInactiveInGroup() throws Exception {
+		System.out.println(CLASS_NAME + "getGroupsWhereUserIsActiveMemberInactiveInGroup");
+
+		Vo vo = setUpVo();
+		Member member = setUpMember(vo);
+		User user = perun.getUsersManagerBl().getUserById(sess, member.getUserId());
+
+		groupsManager.createGroup(sess, vo, group);
+		groupsManager.createGroup(sess, vo, group2);
+		groupsManager.createGroup(sess, group2, group3);
+		groupsManager.createGroup(sess, group2, group4);
+		groupsManager.createGroup(sess, group3, group5);
+		groupsManager.createGroup(sess, group4, group6);
+
+		groupsManagerBl.addMember(sess, group, member);
+		groupsManagerBl.addMember(sess, group2, member);
+		groupsManagerBl.addMember(sess, group6, member);
+		groupsManager.setMemberGroupStatus(sess, member, group6, MemberGroupStatus.EXPIRED);
+
+		List<Group> result = groupsManager.getGroupsWhereUserIsActiveMember(sess, user, vo);
+
+		assertEquals(2, result.size());
+		assertTrue(result.contains(group));
+		assertTrue(result.contains(group2));
+		assertFalse(result.contains(group4)); //indirect member expired
+		assertFalse(result.contains(group6)); //expired member
+	}
+
 	// PRIVATE METHODS -------------------------------------------------------------
 
 	private Vo setUpVo() throws Exception {

perun-openapi/openapi.yml

@@ -13888,7 +13888,6 @@ paths:
           $ref: '#/components/responses/ListOfGroupsResponse'
         default:
           $ref: '#/components/responses/ExceptionResponse'
-
   /json/groupsManager/getGroupsWhereMemberIsActive:
     get:
       tags:
@@ -13902,6 +13901,20 @@ paths:
           $ref: '#/components/responses/ListOfGroupsResponse'
         default:
           $ref: '#/components/responses/ExceptionResponse'
+  /json/groupsManager/getGroupsWhereUserIsActiveMember:
+    get:
+      tags:
+        - GroupsManager
+      operationId: getGroupsWhereUserIsActiveMember
+      summary: Returns list of groups where user is member in active state. Groups are looked up only for the specfied VO.
+      parameters:
+        - $ref: '#/components/parameters/userId'
+        - $ref: '#/components/parameters/voId'
+      responses:
+        '200':
+          $ref: '#/components/responses/ListOfGroupsResponse'
+        default:
+          $ref: '#/components/responses/ExceptionResponse'
 
   #################################################
   #                                               #

perun-registrar-lib/src/main/java/cz/metacentrum/perun/registrar/impl/RegistrarManagerImpl.java

@@ -2997,13 +2997,24 @@ public List<ApplicationFormItemWithPrefilledValue> getFormItemsWithPrefilledValu
 			throw new MissingRequiredDataException("The administrator set up this form wrongly OR you don't match any conditions OR your IDP doesn't provide data required by this application form.", itemsWithMissingData);
 		}
 
-		itemsWithValues.stream()
-			.filter(item -> item.getFormItem().getType() == EMBEDDED_GROUP_APPLICATION)
-			.forEach(item -> setGroupsToCheckBoxForGroups(sess, item, vo, group));
+		Iterator<ApplicationFormItemWithPrefilledValue> itemsIt = itemsWithValues.iterator();
+		while (itemsIt.hasNext()) {
+			ApplicationFormItemWithPrefilledValue item = itemsIt.next();
+			// Process only EMBEDDED_GROUP_APPLICATION items in this block
+			if (item.getFormItem().getType() != EMBEDDED_GROUP_APPLICATION) {
+				continue;
+			}
+			// Generate options for EMBEDDED_GROUP_APPLICATION items.
+			setGroupsToCheckBoxForGroups(sess, item, user, vo, group);
+			// If the item has no options for the user to offer (bcs user is already member in all possible options,
+			// remove it from the form completely
+			if (StringUtils.isBlank(item.getFormItem().getI18n().get(ApplicationFormItem.EN).getOptions())) {
+				it.remove();
+			}
+		}
 
 		// return prefilled form
 		return itemsWithValues;
-
 	}
 
 	private List<Pair<String, String>> getPrincipalsReservedLogins(PerunSession sess) {
@@ -3022,16 +3033,16 @@ private List<Pair<String, String>> getPrincipalsReservedLogins(PerunSession sess
 
 	/**
 	 * To the given EMBEDDED_GROUP_APPLICATION item, sets options of allowed groups.
-	 *
 	 * Example format:
 	 * 111#GroupA|222#GroupB
 	 *
-	 * @param sess session
-	 * @param item item, to which the group options will be set, only EMBEDDED_GROUP_APPLICATION is supported
-	 * @param vo vo, from which the groups for auto registration are taken
+	 * @param sess              session
+	 * @param item              item, to which the group options will be set, only EMBEDDED_GROUP_APPLICATION is supported
+	 * @param user
+	 * @param vo                vo, from which the groups for auto registration are taken
 	 * @param registrationGroup group, from which the subgroups for auto registration are taken - if not null, then it is a group application
 	 */
-	private void setGroupsToCheckBoxForGroups(PerunSession sess, ApplicationFormItemWithPrefilledValue item, Vo vo, Group registrationGroup) {
+	private void setGroupsToCheckBoxForGroups(PerunSession sess, ApplicationFormItemWithPrefilledValue item, User user, Vo vo, Group registrationGroup) {
 		if (item.getFormItem().getType() != EMBEDDED_GROUP_APPLICATION) {
 			throw new InternalErrorException("Group options can be set only to the EMBEDDED_GROUP_APPLICATION item.");
 		}
@@ -3042,10 +3053,18 @@ private void setGroupsToCheckBoxForGroups(PerunSession sess, ApplicationFormItem
 			groups = perun.getGroupsManagerBl().getGroupsForAutoRegistration(sess, vo, item.getFormItem());
 		}
 
-		String groupOptions = groups.stream()
-			.sorted(Comparator.comparing(Group::getName))
-			.map(group -> group.getId() + "#" + group.getName())
-			.collect(Collectors.joining("|"));
+		if (user != null) {
+			List<Group> userGroups = groupsManager.getGroupsWhereUserIsActiveMember(sess, user, vo);
+			groups = groups.stream().filter(g -> !userGroups.contains(g)).collect(Collectors.toList());
+		}
+
+		String groupOptions = null;
+		if (!groups.isEmpty()) {
+			groupOptions = groups.stream()
+				.sorted(Comparator.comparing(Group::getName))
+				.map(group -> group.getId() + "#" + group.getName())
+				.collect(Collectors.joining("|"));
+		}
 
 		if (ApplicationFormItem.CS != null) {
 			item.getFormItem().getI18n().get(ApplicationFormItem.CS).setOptions(groupOptions);