Merge pull request #4005 from sarkapalkovicova/add_member_to_vo_fix_authz

fix(core): filter candidates bases on group related roles

Author: sarkapalkovicova

perun-core/src/main/java/cz/metacentrum/perun/core/entry/VosManagerEntry.java

@@ -368,13 +368,20 @@ private List<MemberCandidate> filterMemberCandidates(PerunSession sess, List<Mem
 				continue;
 			}
 
+			boolean isEligible;
+
 			List<Vo> membersVos = perunBl.getUsersManagerBl().getVosWhereUserIsMember(sess, candidate.getRichUser());
-			boolean isEligible = false;
 			if (membersVos.isEmpty()) {
 				isEligible = AuthzResolver.authorizedInternal(sess, "filter-getCompleteCandidates_policy");
 			} else {
 				isEligible = membersVos.stream().anyMatch(vo -> AuthzResolver.authorizedInternal(sess, "filter-getCompleteCandidates_policy", vo));
 			}
+
+			List<Group> membersGroups = perunBl.getGroupsManagerBl().getUserGroups(sess, candidate.getRichUser());
+			if (!membersGroups.isEmpty() && !isEligible) {
+				isEligible = membersGroups.stream().anyMatch(group -> AuthzResolver.authorizedInternal(sess, "filter-getCompleteCandidates_policy", group));
+			}
+
 			if (isEligible) {
 				eligibleCandidates.add(candidate);
 			}