From 09ca9674c66f3413ef6d708a9cdef365d26a1eb0 Mon Sep 17 00:00:00 2001
From: RIHTARSIC Joze <joze.rihtarsic@ext.ec.europa.eu>
Date: Mon, 5 Jun 2023 14:54:44 +0200
Subject: [PATCH] Fix "public" search filter issue

---
 .../images/tomcat-mysql-smp-sml/Dockerfile    |  6 ++---
 .../edelivery/smp/data/dao/ResourceDao.java   |  4 +--
 .../smp/data/model/doc/DBResource.java        |  8 +++---
 .../smp/data/dao/ResourceDaoSearchTest.java   | 25 ++++++++++++++++++-
 4 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/smp-docker/images/tomcat-mysql-smp-sml/Dockerfile b/smp-docker/images/tomcat-mysql-smp-sml/Dockerfile
index d119e25f5..973a8bf89 100755
--- a/smp-docker/images/tomcat-mysql-smp-sml/Dockerfile
+++ b/smp-docker/images/tomcat-mysql-smp-sml/Dockerfile
@@ -19,10 +19,10 @@ ENV SMP_HOME=/opt/smp  \
     SMP_DB_USER_PASSWORD=smp  \
     MYSQL_ROOT_PASSWORD=root \
 # sml environment variables
-    SML_VERSION=4.2.RC1 \
+    SML_VERSION=4.2 \
     SML_DISTRIBUTION_URL=https://ec.europa.eu/digital-building-blocks/artifact/repository/public/eu/europa/ec/bdmsl/bdmsl-webapp/ \
-    SML_SHA512=2330e6caf557fd6a6e8725eb339c26cb2d06f0ca768fd1766989f5dec7557e41375ef61b65cad5d87fa478f3c468272880ebe8521bb66e8e7dee9bb16d0a3d51  \
-    SML_SETUP_SHA512=f9b7a9607f34f2d547acac13e7044df04fdf616b163f4cae8788f7b1eccd837c3db947458b4f55273d263f6af2e794c18d5216484cc8132e3cfd2dc176d9e1bf  \
+    SML_SHA512=b505958c87ce046c0b25f78fbb8555a22a3a636b3906fec77fd24341f649e9e01037083b2617827269ff3554ddbe5168cb4278f1e2d81172e444f6150e92f73e  \
+    SML_SETUP_SHA512=e99ee7b8e193566964321ca126f2b20dfcc2ed904e5c2d0dc8253e49b727067e48420813bec3ed617d64724a66525c2aa17e502a130a2156d6cb81406c5d2bf9  \
     SML_DB_SCHEMA=sml  \
     SML_DB_USER=sml \
     SML_DB_USER_PASSWORD=sml  \
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ResourceDao.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ResourceDao.java
index 2152bff8f..613877f6f 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ResourceDao.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ResourceDao.java
@@ -109,7 +109,7 @@ public class ResourceDao extends BaseDao<DBResource> {
     }
 
     public List<DBResource> getPublicResourcesSearch(int iPage, int iPageSize, DBUser user, String schema, String identifier) {
-        LOG.debug("Get resources for user [{}]", user);
+        LOG.debug("Get resources list for user [{}], search scheme [{}] and search value [{}]", user, schema, identifier);
 
         TypedQuery<DBResource> query = memEManager.createNamedQuery(QUERY_RESOURCE_ALL_FOR_USER, DBResource.class);
         if (iPageSize > -1 && iPage > -1) {
@@ -126,7 +126,7 @@ public class ResourceDao extends BaseDao<DBResource> {
     }
 
     public Long getPublicResourcesSearchCount(DBUser user, String schema, String identifier) {
-        LOG.debug("Get resources count for user [{}]", user);
+        LOG.debug("Get resources count for user [{}], search scheme [{}] and search value [{}]", user, schema, identifier);
         TypedQuery<Long> query = memEManager.createNamedQuery(QUERY_RESOURCE_ALL_FOR_USER_COUNT, Long.class);
 
         query.setParameter(PARAM_USER_ID, user != null ? user.getId() : null);
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/model/doc/DBResource.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/model/doc/DBResource.java
index 4bdb5be07..bc2520e4e 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/model/doc/DBResource.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/model/doc/DBResource.java
@@ -96,7 +96,7 @@ import static eu.europa.ec.edelivery.smp.data.dao.QueryNames.*;
 @NamedQuery(name = QUERY_RESOURCE_ALL_FOR_USER, query = "SELECT DISTINCT r FROM  DBResource r LEFT JOIN DBResourceMember rm ON r.id = rm.resource.id WHERE " +
         " (:resource_identifier IS NULL OR r.identifierValue like :resource_identifier) " +
         " AND (:resource_scheme IS NULL OR r.identifierScheme like :resource_scheme) " +
-        " AND :user_id IS NOT NULL AND rm.user.id = :user_id "  +
+        " AND ( :user_id IS NOT NULL AND rm.user.id = :user_id "  +
         " OR  r.visibility ='PUBLIC' " + // user must be member of the group or the group is public
         "   AND (:user_id IS NOT NULL " +
         "         AND  ((select count(gm.id) FROM  DBGroupMember gm where gm.user.id = :user_id and gm.group.id = r.group.id) > 0 " +
@@ -106,13 +106,13 @@ import static eu.europa.ec.edelivery.smp.data.dao.QueryNames.*;
         "            OR  (select count(dm.id) from DBDomainMember dm where dm.user.id = :user_id and dm.domain.id = r.group.domain.id) > 0 " +
         "            OR (select count(gm.id) from DBGroupMember gm where gm.user.id = :user_id and gm.group.domain.id = r.group.domain.id) > 0 " +
         "            OR (select count(rm.id) from DBResourceMember rm where rm.user.id = :user_id and rm.resource.group.domain.id = r.group.domain.id) > 0 " +
-        "))"+
+        ")))"+
         "order by r.identifierScheme, r.identifierValue"
 )
 @NamedQuery(name = QUERY_RESOURCE_ALL_FOR_USER_COUNT, query = "SELECT count(distinct r.id) FROM  DBResource r LEFT JOIN DBResourceMember rm ON r.id = rm.resource.id WHERE " +
         " (:resource_identifier IS NULL OR r.identifierValue like :resource_identifier) " +
         " AND (:resource_scheme IS NULL OR r.identifierScheme like :resource_scheme) " +
-        " AND :user_id IS NOT NULL AND rm.user.id = :user_id "  +
+        " AND (:user_id IS NOT NULL AND rm.user.id = :user_id "  +
         " OR  r.visibility ='PUBLIC' " + // user must be member of the group or the group is public
         "   AND (:user_id IS NOT NULL " +
         "         AND  ((select count(gm.id) FROM  DBGroupMember gm where gm.user.id = :user_id and gm.group.id = r.group.id) > 0 " +
@@ -122,7 +122,7 @@ import static eu.europa.ec.edelivery.smp.data.dao.QueryNames.*;
         "            OR  (select count(dm.id) from DBDomainMember dm where dm.user.id = :user_id and dm.domain.id = r.group.domain.id) > 0 " +
         "            OR (select count(gm.id) from DBGroupMember gm where gm.user.id = :user_id and gm.group.domain.id = r.group.domain.id) > 0 " +
         "            OR (select count(rm.id) from DBResourceMember rm where rm.user.id = :user_id and rm.resource.group.domain.id = r.group.domain.id) > 0 " +
-        "))"
+        ")))"
 )
 public class DBResource extends BaseEntity {
 
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ResourceDaoSearchTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ResourceDaoSearchTest.java
index a9b6c47f4..720808e89 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ResourceDaoSearchTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ResourceDaoSearchTest.java
@@ -3,6 +3,8 @@ package eu.europa.ec.edelivery.smp.data.dao;
 
 import eu.europa.ec.edelivery.smp.data.model.doc.DBResource;
 import eu.europa.ec.edelivery.smp.data.model.doc.DBResourceFilter;
+import org.hamcrest.CoreMatchers;
+import org.hamcrest.MatcherAssert;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
@@ -46,12 +48,24 @@ public class ResourceDaoSearchTest extends AbstractBaseDao {
         assertResources(result, "1-1-1::pubPubPub");
 
         // user1 (admin) and user2 (viewer) are members of all resources
-        result = testInstance.getPublicResourcesSearch(-1,-1,testUtilsDao.getUser1(), null, null);
+        result = testInstance.getPublicResourcesSearch(-1,-1,testUtilsDao.getUser2(), null, null);
         Assert.assertEquals(8, result.size());
 
+        result = testInstance.getPublicResourcesSearch(-1,-1,testUtilsDao.getUser1(), null, "pubPub");
+        Assert.assertEquals(2, result.size());
+        result.forEach(resource -> MatcherAssert.assertThat(resource.getIdentifierValue(), CoreMatchers.containsString("pubPub")));
+
+        result = testInstance.getPublicResourcesSearch(-1,-1,testUtilsDao.getUser1(), "1-1",null);
+        Assert.assertEquals(1, result.size());
+        result.forEach(resource -> MatcherAssert.assertThat(resource.getIdentifierScheme(), CoreMatchers.containsString("1-1")));
+
+        result = testInstance.getPublicResourcesSearch(-1,-1,testUtilsDao.getUser1(), "1-1","priv");
+        Assert.assertEquals(0, result.size());
+
         result = testInstance.getPublicResourcesSearch(-1,-1,testUtilsDao.getUser2(), null, null);
         Assert.assertEquals(8, result.size());
 
+
         // user3 is direct member of private domain - can see only public resource on public groups
         result = testInstance.getPublicResourcesSearch(-1,-1,testUtilsDao.getUser3(), null, null);
         assertResources(result, "1-1-1::pubPubPub", "5-5-5::privPubPub");
@@ -84,6 +98,15 @@ public class ResourceDaoSearchTest extends AbstractBaseDao {
         result = testInstance.getPublicResourcesSearchCount(testUtilsDao.getUser1(), null, null);
         Assert.assertEquals(8, result.intValue());
 
+        result = testInstance.getPublicResourcesSearchCount(testUtilsDao.getUser1(), null, "pubPub");
+        Assert.assertEquals(2, result.intValue());
+
+        result = testInstance.getPublicResourcesSearchCount(testUtilsDao.getUser1(), "1-1",null);
+        Assert.assertEquals(1, result.intValue());
+
+        result = testInstance.getPublicResourcesSearchCount(testUtilsDao.getUser1(), "1-1","priv");
+        Assert.assertEquals(0, result.intValue());
+
         result = testInstance.getPublicResourcesSearchCount(testUtilsDao.getUser2(), null, null);
         Assert.assertEquals(8, result.intValue());
 
-- 
GitLab