From 33041f2b06174c0d9ae85980300bdf813afc7208 Mon Sep 17 00:00:00 2001
From: Robert von Burg <eitch@eitchnet.ch>
Date: Thu, 12 Mar 2015 22:59:12 +0100
Subject: [PATCH] [Major] refactored privileges returned on LoginResult

---
 ch.eitchnet.privilege                         |  2 +-
 .../rest/endpoint/AuthenticationService.java  | 18 ++++---
 .../li/strolch/rest/model/LoginResult.java    | 53 +++++++++++++++++--
 3 files changed, 61 insertions(+), 12 deletions(-)

diff --git a/ch.eitchnet.privilege b/ch.eitchnet.privilege
index fa40671b8..7ff8ba677 160000
--- a/ch.eitchnet.privilege
+++ b/ch.eitchnet.privilege
@@ -1 +1 @@
-Subproject commit fa40671b8cc8c1b4f0cefc877d2786edbb77cc88
+Subproject commit 7ff8ba67793b35480b01134003aa5607244382a9
diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
index 3dbb2f5b1..24b3112fb 100644
--- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
@@ -17,8 +17,8 @@ package li.strolch.rest.endpoint;
 
 import java.text.MessageFormat;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.List;
+import java.util.Set;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
@@ -45,6 +45,7 @@ import org.slf4j.LoggerFactory;
 
 import ch.eitchnet.privilege.base.PrivilegeException;
 import ch.eitchnet.privilege.model.Certificate;
+import ch.eitchnet.privilege.model.IPrivilege;
 import ch.eitchnet.privilege.model.PrivilegeContext;
 import ch.eitchnet.utils.helper.StringHelper;
 
@@ -92,15 +93,16 @@ public class AuthenticationService {
 			loginResult.setParameters(certificate.getPropertyMap());
 			loginResult.setRoles(new ArrayList<>(certificate.getUserRoles()));
 
-			// TODO rethink this stupid aggregating of the allow list
-			List<String> allowList = new ArrayList<>();
+			List<LoginResult.Privilege> privileges = new ArrayList<>();
 			for (String name : privilegeContext.getPrivilegeNames()) {
-				allowList.addAll(privilegeContext.getPrivilege(name).getAllowList());
+				IPrivilege privilege = privilegeContext.getPrivilege(name);
+				Set<String> allowSet = privilege.getAllowList();
+				ArrayList<String> allowList = null;
+				if (!allowSet.isEmpty())
+					allowList = new ArrayList<>(allowSet);
+				privileges.add(new LoginResult.Privilege(name, privilege.isAllAllowed(), allowList));
 			}
-			if (allowList.isEmpty())
-				loginResult.setPrivileges(Arrays.asList("*")); //$NON-NLS-1$
-			else
-				loginResult.setPrivileges(allowList);
+			loginResult.setPrivileges(privileges);
 
 			return Response.ok().entity(loginResult)//
 					.header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken())//
diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/model/LoginResult.java b/li.strolch.rest/src/main/java/li/strolch/rest/model/LoginResult.java
index 1cc052516..27ce9e31c 100644
--- a/li.strolch.rest/src/main/java/li/strolch/rest/model/LoginResult.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/model/LoginResult.java
@@ -51,7 +51,7 @@ public class LoginResult {
 	private List<String> roles;
 
 	@XmlElement(name = "privileges")
-	private List<String> privileges;
+	private List<Privilege> privileges;
 
 	private Map<String, String> parameters;
 
@@ -172,7 +172,7 @@ public class LoginResult {
 	/**
 	 * @return the privileges
 	 */
-	public List<String> getPrivileges() {
+	public List<Privilege> getPrivileges() {
 		return this.privileges;
 	}
 
@@ -180,7 +180,54 @@ public class LoginResult {
 	 * @param privileges
 	 *            the privileges to set
 	 */
-	public void setPrivileges(List<String> privileges) {
+	public void setPrivileges(List<Privilege> privileges) {
 		this.privileges = privileges;
 	}
+
+	@XmlRootElement(name = "Privilege")
+	@XmlAccessorType(XmlAccessType.NONE)
+	public static class Privilege {
+
+		@XmlAttribute(name = "name")
+		private String name;
+		@XmlAttribute(name = "allAllowed")
+		private boolean allAllowed;
+		@XmlElement(name = "allowList")
+		private List<String> allowList;
+
+		public Privilege() {
+			// no-arg constructor for JAXB
+		}
+
+		public Privilege(String name, boolean allAllowed, List<String> allowList) {
+			this.name = name;
+			this.allAllowed = allAllowed;
+			this.allowList = allowList;
+		}
+
+		public void setName(String name) {
+			this.name = name;
+		}
+
+		public String getName() {
+			return this.name;
+		}
+
+		public List<String> getAllowList() {
+			return this.allowList;
+		}
+
+		public void setAllowList(List<String> allowList) {
+			this.allowList = allowList;
+		}
+
+		public boolean isAllAllowed() {
+			return this.allAllowed;
+		}
+
+		public void setAllAllowed(boolean allAllowed) {
+			this.allAllowed = allAllowed;
+		}
+
+	}
 }