Implement resource member administration

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ResourceMemberDao.java

@@ -15,11 +15,14 @@ package eu.europa.ec.edelivery.smp.data.dao;
 
 import eu.europa.ec.edelivery.smp.data.enums.MembershipRoleType;
 import eu.europa.ec.edelivery.smp.data.model.DBDomain;
+import eu.europa.ec.edelivery.smp.data.model.DBGroup;
 import eu.europa.ec.edelivery.smp.data.model.doc.DBResource;
+import eu.europa.ec.edelivery.smp.data.model.user.DBGroupMember;
 import eu.europa.ec.edelivery.smp.data.model.user.DBResourceMember;
 import eu.europa.ec.edelivery.smp.data.model.user.DBUser;
 import eu.europa.ec.edelivery.smp.logging.SMPLogger;
 import eu.europa.ec.edelivery.smp.logging.SMPLoggerFactory;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Repository;
 
 import javax.persistence.TypedQuery;
@@ -105,4 +108,43 @@ public class ResourceMemberDao extends BaseDao<DBResourceMember> {
     }
 
 
+    public List<DBResourceMember> getResourceMembers(Long resourceId, int iPage, int iPageSize, String filter) {
+        boolean hasFilter = StringUtils.isNotBlank(filter);
+        TypedQuery<DBResourceMember> query = memEManager.createNamedQuery(hasFilter ?
+                QUERY_RESOURCE_MEMBERS_FILTER : QUERY_RESOURCE_MEMBERS, DBResourceMember.class);
+
+        if (iPageSize > -1 && iPage > -1) {
+            query.setFirstResult(iPage * iPageSize);
+        }
+        if (iPageSize > 0) {
+            query.setMaxResults(iPageSize);
+        }
+        query.setParameter(PARAM_RESOURCE_ID, resourceId);
+        if (hasFilter) {
+            query.setParameter(PARAM_USER_FILTER, StringUtils.wrapIfMissing(StringUtils.trim(filter),"%" ));
+        }
+        return query.getResultList();
+    }
+
+    public Long getResourceMemberCount(Long groupId, String filter) {
+        boolean hasFilter = StringUtils.isNotBlank(filter);
+        TypedQuery<Long> query = memEManager.createNamedQuery(hasFilter ? QUERY_RESOURCE_MEMBERS_FILTER_COUNT : QUERY_RESOURCE_MEMBERS_COUNT, Long.class);
+        query.setParameter(PARAM_RESOURCE_ID, groupId);
+        if (hasFilter) {
+            query.setParameter(PARAM_USER_FILTER, StringUtils.wrapIfMissing(StringUtils.trim(filter),"%" ));
+        }
+        return query.getSingleResult();
+    }
+
+
+    public DBResourceMember addMemberToResource(DBResource resource, DBUser user, MembershipRoleType role) {
+        DBResourceMember resourceMember = new DBResourceMember();
+        resourceMember.setRole(role);
+        resourceMember.setUser(user);
+        resourceMember.setResource(resource);
+        resourceMember = merge(resourceMember);
+        return resourceMember;
+    }
+
+
 }

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/model/DBDomain.java

@@ -58,6 +58,19 @@ import static eu.europa.ec.edelivery.smp.data.dao.QueryNames.*;
         " JOIN DBGroupMember gm ON g.id = gm.group.id " +
         " WHERE gm.role in (:membership_roles) and gm.user.id= :user_id")
 
+@NamedQuery(name = QUERY_DOMAIN_BY_USER_RESOURCE_ROLES_COUNT, query = "SELECT count(d) FROM DBDomain d " +
+        " JOIN DBGroup g ON d.id = g.domain.id " +
+        " JOIN DBResource r ON  g.id = r.group.id " +
+        " JOIN DBResourceMember rm ON r.id = rm.resource.id " +
+        " WHERE rm.role in (:membership_roles) and rm.user.id= :user_id")
+
+
+@NamedQuery(name = QUERY_DOMAIN_BY_USER_RESOURCE_ROLES, query = "SELECT d FROM DBDomain d " +
+        " JOIN DBGroup g ON d.id = g.domain.id " +
+        " JOIN DBResource r ON  g.id = r.group.id " +
+        " JOIN DBResourceMember rm ON r.id = rm.resource.id " +
+        " WHERE rm.role in (:membership_roles) and rm.user.id= :user_id")
+
 @org.hibernate.annotations.Table(appliesTo = "SMP_DOMAIN", comment = "SMP can handle multiple domains. This table contains domain specific data")
 public class DBDomain extends BaseEntity {
 

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/model/DBGroup.java

@@ -45,10 +45,15 @@ import static eu.europa.ec.edelivery.smp.data.dao.QueryNames.*;
 @NamedQuery(name = QUERY_GROUP_BY_USER_ROLES_COUNT, query = "SELECT count(c) FROM DBGroup c JOIN DBGroupMember dm ON c.id = dm.group.id " +
         " WHERE dm.role in (:membership_roles) and dm.user.id= :user_id")
 
-@NamedQuery(name = QUERY_GROUP_BY_USER_ROLES, query = "SELECT c FROM DBGroup c JOIN DBGroupMember dm ON c.id = dm.group.id " +
-        " WHERE dm.role in (:membership_roles) and dm.user.id= :user_id")
-@NamedQuery(name = QUERY_GROUP_BY_DOMAIN_USER_ROLES, query = "SELECT c FROM DBGroup c JOIN DBGroupMember dm ON c.id = dm.group.id " +
+@NamedQuery(name = QUERY_GROUP_BY_USER_GROUP_ROLES, query = "SELECT c FROM DBGroup c JOIN DBGroupMember gm ON c.id = gm.group.id " +
+        " WHERE gm.role in (:membership_roles) and gm.user.id= :user_id")
+@NamedQuery(name = QUERY_GROUP_BY_DOMAIN_USER_GROUP_ROLES, query = "SELECT c FROM DBGroup c JOIN DBGroupMember dm ON c.id = dm.group.id " +
         " WHERE c.domain.id = :domain_id AND dm.role in (:membership_roles) and dm.user.id= :user_id")
+@NamedQuery(name = QUERY_GROUP_BY_DOMAIN_USER_RESOURCE_ROLES, query = "SELECT c FROM DBGroup c " +
+        " JOIN DBResource r ON c.id = r.group.id " +
+        " JOIN DBResourceMember rm on r.id = rm.resource.id" +
+        " WHERE c.domain.id = :domain_id AND rm.role in (:membership_roles) and rm.user.id= :user_id")
+
 public class DBGroup extends BaseEntity {
 
     @Id

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/model/user/DBGroupMember.java

@@ -40,8 +40,6 @@ import static eu.europa.ec.edelivery.smp.data.dao.QueryNames.*;
         " WHERE c.group.id = :group_id AND (lower(c.user.fullName) like lower(:user_filter) OR lower(c.user.username) like lower(:user_filter))")
 @NamedQuery(name = QUERY_GROUP_MEMBERS_FILTER, query = "SELECT c FROM DBGroupMember c " +
         " WHERE c.group.id = :group_id  AND (lower(c.user.fullName) like lower(:user_filter) OR lower(c.user.username) like lower(:user_filter))  order by c.user.username")
-
-
 @NamedQuery(name = QUERY_GROUP_MEMBER_BY_USER_DOMAIN_GROUPS_ROLE_COUNT, query = "SELECT count(c) FROM DBGroupMember c " +
         " WHERE c.user.id = :user_id AND c.group.domain.id = :domain_id AND c.role= :membership_role ")
 

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/model/user/DBResourceMember.java

@@ -34,6 +34,14 @@ import static eu.europa.ec.edelivery.smp.data.dao.QueryNames.*;
 @NamedQuery(name = QUERY_RESOURCE_MEMBER_BY_USER_GROUP_RESOURCES_ROLE_COUNT, query = "SELECT count(c) FROM DBResourceMember c " +
         " WHERE c.user.id = :user_id AND c.resource.group.id = :group_id AND c.role= :membership_role ")
 
+@NamedQuery(name = QUERY_RESOURCE_MEMBERS_COUNT, query = "SELECT count(c) FROM DBResourceMember c " +
+        " WHERE c.resource.id = :resource_id")
+@NamedQuery(name = QUERY_RESOURCE_MEMBERS, query = "SELECT c FROM DBResourceMember c " +
+        " WHERE c.resource.id = :resource_id order by c.user.username")
+@NamedQuery(name = QUERY_RESOURCE_MEMBERS_FILTER_COUNT, query = "SELECT count(c) FROM DBResourceMember c " +
+        " WHERE c.resource.id = :resource_id AND (lower(c.user.fullName) like lower(:user_filter) OR lower(c.user.username) like lower(:user_filter))")
+@NamedQuery(name = QUERY_RESOURCE_MEMBERS_FILTER, query = "SELECT c FROM DBResourceMember c " +
+        " WHERE c.resource.id = :resource_id  AND (lower(c.user.fullName) like lower(:user_filter) OR lower(c.user.username) like lower(:user_filter))  order by c.user.username")
 public class DBResourceMember extends BaseEntity {
 
     @Id

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIDomainPublicService.java

@@ -85,6 +85,13 @@ public class UIDomainPublicService extends UIServiceBase<DBDomain, DomainPublicR
                 .collect(Collectors.toList());
     }
 
+    @Transactional
+    public List<DomainRO> getAllDomainsForResourceAdminUser(Long userId) {
+        List<DBDomain> domains = domainDao.getDomainsByUserIdAndResourceRoles(userId, MembershipRoleType.ADMIN);
+        return domains.stream().map(domain -> conversionService.convert(domain, DomainRO.class))
+                .collect(Collectors.toList());
+    }
+
     @Transactional
     public ServiceResult<MemberRO> getDomainMembers(Long domainId, int page, int pageSize,
                                                    String filter) {

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIGroupPublicService.java

@@ -86,17 +86,16 @@ public class UIGroupPublicService extends UIServiceBase<DBGroup, GroupRO> {
     }
 
     @Transactional
-    public List<GroupRO> getAllGroupsForDomainAndUserAndRole(Long domainId, Long userId, MembershipRoleType role) {
-        List<DBGroup> domainGroups = groupDao.getGroupsByDomainUserIdAndRoles(domainId, userId, role);
+    public List<GroupRO> getAllGroupsForDomainAndUserAndGroupRole(Long domainId, Long userId, MembershipRoleType role) {
+        List<DBGroup> domainGroups = groupDao.getGroupsByDomainUserIdAndGroupRoles(domainId, userId, role);
 
         return domainGroups.stream().map(domain -> conversionService.convert(domain, GroupRO.class))
                 .collect(Collectors.toList());
     }
 
     @Transactional
-    public List<GroupRO> getAllGroupsForUser(Long userId, MembershipRoleType role) {
-        List<DBGroup> domainGroups = groupDao.getGroupsByUserIdAndRoles(userId, role);
-
+    public List<GroupRO> getAllGroupsForDomainAndUserAndResourceRole(Long domainId, Long userId, MembershipRoleType role) {
+        List<DBGroup> domainGroups = groupDao.getGroupsByDomainUserIdAndResourceRoles(domainId, userId, role);
         return domainGroups.stream().map(domain -> conversionService.convert(domain, GroupRO.class))
                 .collect(Collectors.toList());
     }
@@ -199,7 +198,7 @@ public class UIGroupPublicService extends UIServiceBase<DBGroup, GroupRO> {
             if (groupMemberDao.isUserGroupMember(user, Collections.singletonList(group))) {
                 throw new SMPRuntimeException(ErrorCode.INVALID_REQUEST, "Add membership", "User [" + memberRO.getUsername() + "] is already a member!");
             }
-            member = groupMemberDao.addMemberToDomain(group, user, memberRO.getRoleType());
+            member = groupMemberDao.addMemberToGroup(group, user, memberRO.getRoleType());
         }
         return conversionService.convert(member, MemberRO.class);
     }

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIResourceService.java

 package eu.europa.ec.edelivery.smp.services.ui;
 
-import eu.europa.ec.edelivery.smp.data.dao.DomainResourceDefDao;
-import eu.europa.ec.edelivery.smp.data.dao.GroupDao;
-import eu.europa.ec.edelivery.smp.data.dao.ResourceDao;
-import eu.europa.ec.edelivery.smp.data.dao.ResourceDefDao;
+import eu.europa.ec.edelivery.smp.data.dao.*;
+import eu.europa.ec.edelivery.smp.data.enums.MembershipRoleType;
 import eu.europa.ec.edelivery.smp.data.model.DBDomainResourceDef;
 import eu.europa.ec.edelivery.smp.data.model.DBGroup;
 import eu.europa.ec.edelivery.smp.data.model.doc.DBDocument;
 import eu.europa.ec.edelivery.smp.data.model.doc.DBResource;
 import eu.europa.ec.edelivery.smp.data.model.doc.DBResourceFilter;
 import eu.europa.ec.edelivery.smp.data.model.ext.DBResourceDef;
+import eu.europa.ec.edelivery.smp.data.model.user.DBGroupMember;
+import eu.europa.ec.edelivery.smp.data.model.user.DBResourceMember;
+import eu.europa.ec.edelivery.smp.data.model.user.DBUser;
+import eu.europa.ec.edelivery.smp.data.ui.MemberRO;
 import eu.europa.ec.edelivery.smp.data.ui.ResourceRO;
 import eu.europa.ec.edelivery.smp.data.ui.ServiceResult;
 import eu.europa.ec.edelivery.smp.exceptions.ErrorCode;
@@ -22,6 +24,7 @@ import org.springframework.core.convert.ConversionService;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
@@ -44,16 +47,20 @@ public class UIResourceService {
 
     private final ResourceDao resourceDao;
     private final GroupDao groupDao;
+    private final ResourceMemberDao resourceMemberDao;
+    private final UserDao userDao;
     private final ResourceDefDao resourceDefDao;
     private final DomainResourceDefDao domainResourceDefDao;
     private final ConversionService conversionService;
     private final SmlConnector smlConnector;
 
-    public UIResourceService(ResourceDao resourceDao, ResourceDefDao resourceDefDao, DomainResourceDefDao domainResourceDefDao, GroupDao groupDao, ConversionService conversionService, SmlConnector smlConnector) {
+    public UIResourceService(ResourceDao resourceDao, ResourceMemberDao resourceMemberDao, ResourceDefDao resourceDefDao, DomainResourceDefDao domainResourceDefDao,  UserDao userDao, GroupDao groupDao, ConversionService conversionService, SmlConnector smlConnector) {
         this.resourceDao = resourceDao;
+        this.resourceMemberDao = resourceMemberDao;
         this.resourceDefDao = resourceDefDao;
         this.domainResourceDefDao = domainResourceDefDao;
         this.groupDao = groupDao;
+        this.userDao = userDao;
         this.conversionService = conversionService;
         this.smlConnector = smlConnector;
     }
@@ -89,6 +96,43 @@ public class UIResourceService {
         return result;
     }
 
+
+    @Transactional
+    public ServiceResult<ResourceRO> getResourcesForUserAndGroup(Long userId, MembershipRoleType role,  Long groupId, int page, int pageSize, String filterValue) {
+
+        DBGroup group = groupDao.find(groupId);
+        if (group == null) {
+            throw new SMPRuntimeException(ErrorCode.INVALID_REQUEST, ACTION_RESOURCE_LIST, "Group does not exist!");
+        }
+        DBUser user = userDao.find(userId);
+        if (user == null) {
+            throw new SMPRuntimeException(ErrorCode.INVALID_REQUEST, ACTION_RESOURCE_LIST, "User does not exist!");
+        }
+
+        DBResourceFilter filter = DBResourceFilter.createBuilder()
+                .user(user)
+                .membershipRoleType(role)
+                .group(group)
+                .identifierFilter(StringUtils.trimToNull(filterValue))
+                .build();
+
+        Long count = resourceDao.getResourcesForFilterCount(filter);
+
+        ServiceResult<ResourceRO> result = new ServiceResult<>();
+        result.setPage(page);
+        result.setPageSize(pageSize);
+        if (count < 1) {
+            result.setCount(0L);
+            return result;
+        }
+        result.setCount(count);
+        List<DBResource> resources = resourceDao.getResourcesForFilter(page, pageSize, filter);
+        List<ResourceRO> resourceROS = resources.stream().map(resource -> conversionService.convert(resource, ResourceRO.class)).collect(Collectors.toList());
+        resourceDao.getResourcesForFilter(page, pageSize, filter);
+        result.getServiceEntities().addAll(resourceROS);
+        return result;
+    }
+
     @Transactional
     public ResourceRO deleteResourceFromGroup(Long resourceId, Long groupId,  Long domainId) {
         DBResource resource = resourceDao.find(resourceId);
@@ -172,6 +216,61 @@ public class UIResourceService {
         return conversionService.convert(resource, ResourceRO.class);
     }
 
+    @Transactional
+    public ServiceResult<MemberRO> getResourceMembers(Long resourceId, int page, int pageSize,
+                                                   String filter) {
+        Long count = resourceMemberDao.getResourceMemberCount(resourceId, filter);
+        ServiceResult<MemberRO> result = new ServiceResult<>();
+        result.setPage(page);
+        result.setPageSize(pageSize);
+        if (count < 1) {
+            result.setCount(0L);
+            return result;
+        }
+        result.setCount(count);
+        List<DBResourceMember> memberROS = resourceMemberDao.getResourceMembers(resourceId, page, pageSize, filter);
+        List<MemberRO> memberList = memberROS.stream().map(member -> conversionService.convert(member, MemberRO.class)).collect(Collectors.toList());
+
+        result.getServiceEntities().addAll(memberList);
+        return result;
+    }
+
+    @Transactional
+    public MemberRO addMemberToResource(Long resourceId, MemberRO memberRO, Long memberId) {
+        LOG.info("Add member [{}] to resource [{}]", memberRO.getUsername(), resourceId);
+        DBUser user = userDao.findUserByUsername(memberRO.getUsername())
+                .orElseThrow(() -> new SMPRuntimeException(ErrorCode.INVALID_REQUEST, "Add/edit membership", "User [" + memberRO.getUsername() + "] does not exists!"));
+
+        DBResourceMember member;
+        if (memberId != null) {
+            member = resourceMemberDao.find(memberId);
+            member.setRole(memberRO.getRoleType());
+        } else {
+            DBResource resource = resourceDao.find(resourceId);
+            if (resourceMemberDao.isUserResourceMember(user, resource)) {
+                throw new SMPRuntimeException(ErrorCode.INVALID_REQUEST, "Add membership", "User [" + memberRO.getUsername() + "] is already a member!");
+            }
+            member = resourceMemberDao.addMemberToResource(resource, user, memberRO.getRoleType());
+        }
+        return conversionService.convert(member, MemberRO.class);
+    }
+
+    @Transactional
+    public MemberRO deleteMemberFromResource(Long resourceId, Long memberId) {
+        LOG.info("Delete member [{}] from resource [{}]", memberId, resourceId);
+        DBResourceMember resourceMember = resourceMemberDao.find(memberId);
+        if (resourceMember == null) {
+            throw new SMPRuntimeException(ErrorCode.INVALID_REQUEST, "Membership", "Membership does not exists!");
+        }
+        if (!Objects.equals(resourceMember.getResource().getId(), resourceId)) {
+            throw new SMPRuntimeException(ErrorCode.INVALID_REQUEST, "Membership", "Membership does not belong to resource!");
+        }
+
+        resourceMemberDao.remove(resourceMember);
+        return conversionService.convert(resourceMember, MemberRO.class);
+    }
+
+
     public DBDocument createDocumentForResourceDef(DBResourceDef resourceDef) {
         DBDocument document = new DBDocument();
         document.setCurrentVersion(1);

smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/DomainDaoTest.java

@@ -28,6 +28,7 @@ public class DomainDaoTest extends AbstractBaseDao {
         testUtilsDao.clearData();
         testUtilsDao.creatDomainMemberships();
         testUtilsDao.createGroupMemberships();
+        testUtilsDao.createResourceMemberships();
 
     }
     @Test
@@ -111,4 +112,44 @@ public class DomainDaoTest extends AbstractBaseDao {
         result = testInstance.getDomainsByUserIdAndGroupRoles(testUtilsDao.getUser1().getId(), MembershipRoleType.VIEWER,  MembershipRoleType.ADMIN);
         assertEquals(2, result.size());
     }
+
+    @Test
+    public void getDomainsByUserIdAndResourceRolesCount() {
+        // one for domain 1
+        Long cnt = testInstance.getDomainsByUserIdAndResourceRolesCount(testUtilsDao.getUser1().getId(), MembershipRoleType.ADMIN);
+        assertEquals(1, cnt.intValue());
+
+        // one for domain 2
+        cnt = testInstance.getDomainsByUserIdAndResourceRolesCount(testUtilsDao.getUser1().getId(), MembershipRoleType.VIEWER);
+        assertEquals(1, cnt.intValue());
+
+        // all
+        cnt = testInstance.getDomainsByUserIdAndResourceRolesCount(testUtilsDao.getUser1().getId());
+        assertEquals(2, cnt.intValue());
+
+        // all
+        cnt = testInstance.getDomainsByUserIdAndResourceRolesCount(testUtilsDao.getUser1().getId(),  MembershipRoleType.VIEWER,  MembershipRoleType.ADMIN);
+        assertEquals(2, cnt.intValue());
+    }
+    @Test
+    public void getDomainsByUserIdAndResourceRoles() {
+        // one for domain 1
+        List<DBDomain> result = testInstance.getDomainsByUserIdAndResourceRoles(testUtilsDao.getUser1().getId(), MembershipRoleType.ADMIN);
+        assertEquals(1, result.size());
+        assertEquals(testUtilsDao.getD1(), result.get(0));
+
+        // one for domain 2
+        result = testInstance.getDomainsByUserIdAndResourceRoles(testUtilsDao.getUser1().getId(), MembershipRoleType.VIEWER);
+        assertEquals(1, result.size());
+        assertEquals(testUtilsDao.getD2(), result.get(0));
+
+        result = testInstance.getDomainsByUserIdAndResourceRoles(testUtilsDao.getUser2().getId(), MembershipRoleType.VIEWER);
+        assertEquals(0, result.size());
+
+        result = testInstance.getDomainsByUserIdAndResourceRoles(testUtilsDao.getUser1().getId());
+        assertEquals(2, result.size());
+
+        result = testInstance.getDomainsByUserIdAndResourceRoles(testUtilsDao.getUser1().getId(), MembershipRoleType.VIEWER,  MembershipRoleType.ADMIN);
+        assertEquals(2, result.size());
+    }
 }

smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/GroupDaoTest.java

@@ -29,6 +29,7 @@ public class GroupDaoTest extends AbstractBaseDao {
         // setup initial data!
         testUtilsDao.clearData();
         testUtilsDao.createGroupMemberships();
+        testUtilsDao.createResourceMemberships();
         testInstance.clearPersistenceContext();
     }
 
@@ -97,30 +98,30 @@ public class GroupDaoTest extends AbstractBaseDao {
     }
 
     @Test
-    public void getGroupsByDomainUserIdAndRolesExists() {
+    public void getGroupsByDomainUserIdAndGroupRolesExists() {
 
-        List<DBGroup> groups = testInstance.getGroupsByDomainUserIdAndRoles(
+        List<DBGroup> groups = testInstance.getGroupsByDomainUserIdAndGroupRoles(
                 testUtilsDao.getD1().getId(),
                 testUtilsDao.getUser1().getId(),
                 MembershipRoleType.ADMIN);
 
         assertEquals(1, groups.size());
 
-        groups = testInstance.getGroupsByDomainUserIdAndRoles(
+        groups = testInstance.getGroupsByDomainUserIdAndGroupRoles(
                 testUtilsDao.getD1().getId(),
                 testUtilsDao.getUser2().getId(),
                 MembershipRoleType.ADMIN);
 
         assertEquals(0, groups.size());
 
-        groups = testInstance.getGroupsByDomainUserIdAndRoles(
+        groups = testInstance.getGroupsByDomainUserIdAndGroupRoles(
                 testUtilsDao.getD1().getId(),
                 testUtilsDao.getUser1().getId(),
                 MembershipRoleType.VIEWER);
 
         assertEquals(0, groups.size());
 
-        groups = testInstance.getGroupsByDomainUserIdAndRoles(
+        groups = testInstance.getGroupsByDomainUserIdAndGroupRoles(
                 testUtilsDao.getD2().getId(),
                 testUtilsDao.getUser1().getId(),
                 MembershipRoleType.VIEWER);
@@ -128,5 +129,35 @@ public class GroupDaoTest extends AbstractBaseDao {
         assertEquals(1, groups.size());
     }
 
+    @Test
+    public void getGroupsByDomainUserIdAndResourceRoles() {
+
+        List<DBGroup> groups = testInstance.getGroupsByDomainUserIdAndResourceRoles(
+                testUtilsDao.getD1().getId(),
+                testUtilsDao.getUser1().getId(),
+                MembershipRoleType.ADMIN);
+
+        assertEquals(1, groups.size());
+
+        groups = testInstance.getGroupsByDomainUserIdAndResourceRoles(
+                testUtilsDao.getD1().getId(),
+                testUtilsDao.getUser2().getId(),
+                MembershipRoleType.ADMIN);
+
+        assertEquals(0, groups.size());
 
+        groups = testInstance.getGroupsByDomainUserIdAndResourceRoles(
+                testUtilsDao.getD1().getId(),
+                testUtilsDao.getUser1().getId(),
+                MembershipRoleType.VIEWER);
+
+        assertEquals(0, groups.size());
+
+        groups = testInstance.getGroupsByDomainUserIdAndResourceRoles(
+                testUtilsDao.getD2().getId(),
+                testUtilsDao.getUser1().getId(),
+                MembershipRoleType.VIEWER);
+
+        assertEquals(1, groups.size());
+    }
 }

smp-soapui-tests/groovy/mysql-4.1_integration_test_data.sql

@@ -95,7 +95,12 @@ insert into SMP_SUBRESOURCE (ID, FK_RESOURCE_ID,FK_SUREDEF_ID, FK_DOCUMENT_ID, I
 (2, 1, 1, 2, 'service-value2', 'service-schema2', NOW(),  NOW());
 
 insert into SMP_RESOURCE_MEMBER (ID, FK_RESOURCE_ID, FK_USER_ID, MEMBERSHIP_ROLE, CREATED_ON, LAST_UPDATED_ON) values
-(1, 1, 2, 'ADMIN', NOW(),  NOW());
+(1, 1, 2, 'ADMIN', NOW(),  NOW()),
+(2, 2, 1, 'ADMIN', NOW(),  NOW()),
+(3, 3, 2, 'ADMIN', NOW(),  NOW()),
+(4, 4, 2, 'ADMIN', NOW(),  NOW()),
+(5, 5, 2, 'ADMIN', NOW(),  NOW())
+;
 
 insert into SMP_GROUP_MEMBER (ID, FK_GROUP_ID, FK_USER_ID, MEMBERSHIP_ROLE, CREATED_ON, LAST_UPDATED_ON) values
 (1, 1, 2, 'ADMIN', NOW(),  NOW()),
@@ -105,3 +110,4 @@ insert into SMP_GROUP_MEMBER (ID, FK_GROUP_ID, FK_USER_ID, MEMBERSHIP_ROLE, CREA
 insert into SMP_DOMAIN_MEMBER (ID, FK_DOMAIN_ID, FK_USER_ID, MEMBERSHIP_ROLE, CREATED_ON, LAST_UPDATED_ON) values
 (1, 1, 1, 'ADMIN', NOW(),  NOW()),
 (2, 1, 2, 'VIEWER', NOW(),  NOW());
+

smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthorizationService.java

@@ -88,6 +88,12 @@ public class SMPAuthorizationService {
         return groupMemberDao.isUserGroupMemberWithRole(userDetails.getUser().getId(), Collections.singletonList(groupId), MembershipRoleType.ADMIN);
     }
 
+    public boolean isResourceAdministrator(String resourceEncId) {
+        SMPUserDetails userDetails = getAndValidateUserDetails();
+        Long resourceId  = getIdFromEncryptedString(resourceEncId, false);
+        return resourceMemberDao.isUserResourceMemberWithRole(userDetails.getUser().getId(), resourceId, MembershipRoleType.ADMIN);
+    }
+
     public boolean isAnyDomainAdministrator() {
         SMPUserDetails userDetails = getAndValidateUserDetails();
         return domainMemberDao.isUserAnyDomainAdministrator(userDetails.getUser().getId());

smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/ResourceConstants.java

@@ -76,14 +76,17 @@ public class ResourceConstants {
             + "{" + PATH_PARAM_ENC_MEMBER_ID + "}" + "/" +  PATH_ACTION_DELETE;
     public static final String CONTEXT_PATH_EDIT_RESOURCE = CONTEXT_PATH_EDIT_GROUP + "/" +  "{" + PATH_PARAM_ENC_GROUP_ID + "}"
             + "/"+ PATH_RESOURCE_TYPE_RESOURCE;
-
     public static final String SUB_CONTEXT_PATH_EDIT_RESOURCE_CREATE =  PATH_ACTION_CREATE;
-
     public static final String SUB_CONTEXT_PATH_EDIT_RESOURCE_DELETE = "{" + PATH_PARAM_ENC_RESOURCE_ID + "}"
             + "/"+ PATH_ACTION_DELETE;
     public static final String SUB_CONTEXT_PATH_EDIT_RESOURCE_UPDATE = "{" + PATH_PARAM_ENC_RESOURCE_ID + "}"
             + "/"+ PATH_ACTION_UPDATE;
 
+    public static final String SUB_CONTEXT_PATH_EDIT_RESOURCE_MEMBER =  "{" + PATH_PARAM_ENC_RESOURCE_ID + "}" + "/" +  PATH_RESOURCE_TYPE_MEMBER;
+    public static final String SUB_CONTEXT_PATH_EDIT_RESOURCE_MEMBER_PUT =  SUB_CONTEXT_PATH_EDIT_RESOURCE_MEMBER+ "/" +  PATH_ACTION_PUT;
+    public static final String SUB_CONTEXT_PATH_EDIT_RESOURCE_MEMBER_DELETE = SUB_CONTEXT_PATH_EDIT_RESOURCE_MEMBER + "/"
+            + "{" + PATH_PARAM_ENC_MEMBER_ID + "}" + "/" +  PATH_ACTION_DELETE;
+
     // public
     public static final String CONTEXT_PATH_PUBLIC_SEARCH_PARTICIPANT = CONTEXT_PATH_PUBLIC + "search";
     public static final String CONTEXT_PATH_PUBLIC_DOMAIN = CONTEXT_PATH_PUBLIC + "domain";

smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/edit/DomainEditController.java

@@ -57,7 +57,9 @@ public class DomainEditController {
         if (StringUtils.equals(forRole, "group-admin")) {
             return uiDomainService.getAllDomainsForGroupAdminUser(userId);
         }
-
+        if (StringUtils.equals(forRole, "resource-admin")) {
+            return uiDomainService.getAllDomainsForResourceAdminUser(userId);
+        }
         if (StringUtils.isBlank(forRole) || StringUtils.equals(forRole, "domain-admin")) {
             return uiDomainService.getAllDomainsForDomainAdminUser(userId);
         }

smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/edit/GroupEditController.java

@@ -66,13 +66,18 @@ public class GroupEditController {
             return uiGroupPublicService.getAllGroupsForDomain(domainId);
         }
         if (StringUtils.equalsIgnoreCase("group-admin", forRole)) {
-            return uiGroupPublicService.getAllGroupsForDomainAndUserAndRole(domainId, userId, MembershipRoleType.ADMIN);
+            return uiGroupPublicService.getAllGroupsForDomainAndUserAndGroupRole(domainId, userId, MembershipRoleType.ADMIN);
         }
+
+        if (StringUtils.equalsIgnoreCase("resource-admin", forRole)) {
+            return uiGroupPublicService.getAllGroupsForDomainAndUserAndResourceRole(domainId, userId, MembershipRoleType.ADMIN);
+        }
+
         if (StringUtils.equalsIgnoreCase("group-viewer", forRole)) {
-            return uiGroupPublicService.getAllGroupsForDomainAndUserAndRole(domainId, userId, MembershipRoleType.VIEWER);
+            return uiGroupPublicService.getAllGroupsForDomainAndUserAndGroupRole(domainId, userId, MembershipRoleType.VIEWER);
         }
         if (StringUtils.equalsIgnoreCase("all-roles", forRole)) {
-            return uiGroupPublicService.getAllGroupsForDomainAndUserAndRole(domainId, userId, null);
+            return uiGroupPublicService.getAllGroupsForDomainAndUserAndGroupRole(domainId, userId, null);
         }
         throw new SMPRuntimeException(ErrorCode.INVALID_REQUEST, "getGroupsForDomain", "Unknown parameter type [" + forRole + "]!");
     }

smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/edit/ResourceEditController.java

 package eu.europa.ec.edelivery.smp.ui.edit;
 
 
+import eu.europa.ec.edelivery.smp.data.enums.MembershipRoleType;
+import eu.europa.ec.edelivery.smp.data.ui.MemberRO;
 import eu.europa.ec.edelivery.smp.data.ui.ResourceRO;
 import eu.europa.ec.edelivery.smp.data.ui.ServiceResult;
 import eu.europa.ec.edelivery.smp.exceptions.ErrorCode;
@@ -59,20 +61,20 @@ public class ResourceEditController {
                                                           @RequestParam(value = PARAM_PAGINATION_FILTER, defaultValue = "", required = false) String filter) {
         logAdminAccess("getResourcesForGroup and type: " + forRole);
         Long groupId = SessionSecurityUtils.decryptEntityId(groupEncId);
+        Long userId = SessionSecurityUtils.decryptEntityId(userEncId);
 
         if (StringUtils.isBlank(forRole)) {
             return uiResourceService.getGroupResources(groupId, page, pageSize, filter);
         }
 
-        if (StringUtils.equalsIgnoreCase("resource-admin", forRole)) {
+        if (StringUtils.equalsIgnoreCase("group-admin", forRole)) {
             return uiResourceService.getGroupResources(groupId, page, pageSize, filter);
-        }  /*
-        if (StringUtils.equalsIgnoreCase("resource-viewer", forRole)) {
-            return uiGroupPublicService.getAllGroupsForDomainAndUserAndRole(domainId, userId, MembershipRoleType.VIEWER);
         }
-        if (StringUtils.equalsIgnoreCase("all-roles", forRole)) {
-            return uiGroupPublicService.getAllGroupsForDomainAndUserAndRole(domainId, userId, null);
-        }*/
+
+        if (StringUtils.equalsIgnoreCase("resource-admin", forRole)) {
+            return uiResourceService.getResourcesForUserAndGroup(userId, MembershipRoleType.ADMIN, groupId, page, pageSize, filter);
+        }
+
         throw new SMPRuntimeException(ErrorCode.INVALID_REQUEST, "ResourcesForGroups", "Unknown parameter type [" + forRole + "]!");
     }
 
@@ -115,6 +117,61 @@ public class ResourceEditController {
         return uiResourceService.updateResourceForGroup(resourceRO, resourceId, groupId, domainId);
     }
 
+
+    @GetMapping(path = SUB_CONTEXT_PATH_EDIT_RESOURCE_MEMBER, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
+    @PreAuthorize("@smpAuthorizationService.isCurrentlyLoggedIn(#userEncId) and" +
+            " (@smpAuthorizationService.isGroupAdministrator(#groupEncId) or @smpAuthorizationService.isResourceAdministrator(#resourceEncId))")
+    public ServiceResult<MemberRO> getGroupMemberList(@PathVariable(PATH_PARAM_ENC_USER_ID) String userEncId,
+                                                      @PathVariable(PATH_PARAM_ENC_DOMAIN_ID) String domainEncId,
+                                                      @PathVariable(PATH_PARAM_ENC_GROUP_ID) String groupEncId,
+                                                      @PathVariable(PATH_PARAM_ENC_RESOURCE_ID) String resourceEncId,
+                                                      @RequestParam(value = PARAM_PAGINATION_PAGE, defaultValue = "0") int page,
+                                                      @RequestParam(value = PARAM_PAGINATION_PAGE_SIZE, defaultValue = "10") int pageSize,
+                                                      @RequestParam(value = PARAM_PAGINATION_FILTER, defaultValue = "", required = false) String filter) {
+
+        LOG.info("Search for group members with filter  [{}], paging: [{}/{}], user: {}", filter, page, pageSize, userEncId);
+        Long groupId = SessionSecurityUtils.decryptEntityId(groupEncId);
+        Long resourceId = SessionSecurityUtils.decryptEntityId(resourceEncId);
+        return uiResourceService.getResourceMembers(resourceId, page, pageSize, filter);
+    }
+
+    @PutMapping(path = SUB_CONTEXT_PATH_EDIT_RESOURCE_MEMBER_PUT, produces = MimeTypeUtils.APPLICATION_JSON_VALUE, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE)
+    @PreAuthorize("@smpAuthorizationService.isCurrentlyLoggedIn(#userEncId) and @smpAuthorizationService.isGroupAdministrator(#groupEncId)")
+    public MemberRO putGroupMember(@PathVariable(PATH_PARAM_ENC_USER_ID) String userEncId,
+                                   @PathVariable(PATH_PARAM_ENC_DOMAIN_ID) String domainEncId,
+                                   @PathVariable(PATH_PARAM_ENC_GROUP_ID) String groupEncId,
+                                   @PathVariable(PATH_PARAM_ENC_RESOURCE_ID) String resourceEncId,
+                                   @RequestBody MemberRO memberRO) {
+
+        LOG.info("add member to group");
+        Long groupId = SessionSecurityUtils.decryptEntityId(groupEncId);
+        Long resourceId = SessionSecurityUtils.decryptEntityId(resourceEncId);
+        Long memberId = memberRO.getMemberId() == null ? null : SessionSecurityUtils.decryptEntityId(memberRO.getMemberId());
+        if (memberRO.getRoleType() == null) {
+            memberRO.setRoleType(MembershipRoleType.VIEWER);
+        }
+        // is user domain admin or system admin
+        return uiResourceService.addMemberToResource(resourceId, memberRO, memberId);
+    }
+
+    @DeleteMapping(value = SUB_CONTEXT_PATH_EDIT_RESOURCE_MEMBER_DELETE)
+    @PreAuthorize("@smpAuthorizationService.isCurrentlyLoggedIn(#userEncId) and @smpAuthorizationService.isGroupAdministrator(#groupEncId)")
+    public MemberRO deleteDomainMember(
+            @PathVariable(PATH_PARAM_ENC_USER_ID) String userEncId,
+            @PathVariable(PATH_PARAM_ENC_DOMAIN_ID) String domainEncId,
+            @PathVariable(PATH_PARAM_ENC_GROUP_ID) String groupEncId,
+            @PathVariable(PATH_PARAM_ENC_RESOURCE_ID) String resourceEncId,
+            @PathVariable(PATH_PARAM_ENC_MEMBER_ID) String memberEncId
+    ) {
+        LOG.info("Delete member from group");
+        Long groupId = SessionSecurityUtils.decryptEntityId(groupEncId);
+        Long memberId = SessionSecurityUtils.decryptEntityId(memberEncId);
+        Long resourceId = SessionSecurityUtils.decryptEntityId(resourceEncId);
+
+        // is user domain admin or system admin
+        return uiResourceService.deleteMemberFromResource(resourceId, memberId);
+    }
+
     protected void logAdminAccess(String action) {
         LOG.info(SMPLogger.SECURITY_MARKER, "Admin Domain action [{}] by user [{}], ", action, SessionSecurityUtils.getSessionUserDetails());
     }