diff --git a/core/src/org/labkey/core/security/SecurityApiActions.java b/core/src/org/labkey/core/security/SecurityApiActions.java index f60543a0206..6c52e69f4f1 100644 --- a/core/src/org/labkey/core/security/SecurityApiActions.java +++ b/core/src/org/labkey/core/security/SecurityApiActions.java @@ -17,6 +17,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; import org.json.JSONObject; import org.junit.Test; import org.labkey.api.action.ApiResponse; @@ -104,8 +105,19 @@ public class SecurityApiActions { public static class GetGroupPermsForm { + private boolean _includeEmptyPermGroups = true; private boolean _includeSubfolders = false; + public boolean isIncludeEmptyPermGroups() + { + return _includeEmptyPermGroups; + } + + public void setIncludeEmptyPermGroups(boolean includeEmptyPermGroups) + { + _includeEmptyPermGroups = includeEmptyPermGroups; + } + public boolean isIncludeSubfolders() { return _includeSubfolders; @@ -131,21 +143,21 @@ public ApiResponse execute(GetGroupPermsForm form, BindException errors) //from the container's project and pass that down the recursion stack response.put("container", getContainerPerms(container, SecurityManager.getGroups(container.getProject(), true), - form.isIncludeSubfolders())); + form.isIncludeSubfolders(), form.isIncludeEmptyPermGroups())); return response; } - protected Map getContainerPerms(Container container, List groups, boolean recurse) + protected Map getContainerPerms(Container container, @NotNull List groups, boolean includeSubfolders, boolean includeEmptyPermGroups) { Map containerPerms = new HashMap<>(); containerPerms.put("path", container.getPath()); containerPerms.put("id", container.getId()); containerPerms.put("name", container.getName()); containerPerms.put("isInheritingPerms", container.isInheritedAcl()); - containerPerms.put("groups", getGroupPerms(container, groups)); + containerPerms.put("groups", getGroupPerms(container, groups, includeEmptyPermGroups)); - if (recurse && container.hasChildren()) + if (includeSubfolders && container.hasChildren()) { List> childPerms = new ArrayList<>(); for (Container child : container.getChildren()) @@ -154,7 +166,7 @@ protected Map getContainerPerms(Container container, List { childPerms.add(getContainerPerms(child, child.isProject() ? SecurityManager.getGroups(child, true) : groups, - recurse)); + includeSubfolders, includeEmptyPermGroups)); } } @@ -164,15 +176,17 @@ protected Map getContainerPerms(Container container, List return containerPerms; } - protected List> getGroupPerms(Container container, List groups) + protected List> getGroupPerms(Container container, @NotNull List groups, boolean includeEmptyPermGroups) { - if (null == groups) - return null; - List> groupsPerms = new ArrayList<>(); + boolean isAdmin = container.hasPermission(getUser(), AdminPermission.class); for (Group group : groups) { + List effectivePermissions = SecurityManager.getPermissionNames(container, group); + if (effectivePermissions.isEmpty() && !includeEmptyPermGroups) + continue; + Map groupPerms = new HashMap<>(); groupPerms.put("id", group.getUserId()); groupPerms.put("name", SecurityManager.getDisambiguatedGroupName(group)); @@ -183,9 +197,9 @@ protected List> getGroupPerms(Container container, List effectiveRoleList = SecurityManager.getEffectiveRoles(container, group).map(Role::getUniqueName).toList(); groupPerms.put("roles", effectiveRoleList); - groupPerms.put("effectivePermissions", SecurityManager.getPermissionNames(container, group)); + groupPerms.put("effectivePermissions", effectivePermissions); - if (container.hasPermission(getUser(), AdminPermission.class)) + if (isAdmin) { List> parentGroupInfos = new ArrayList<>(); group.getGroups().stream().forEach(parentGroupId -> {