fix: filter user groups by env scope in query parameter

vikrantgravitee · vikrantgravitee · commit c0548b8993ec · 2025-11-11T22:14:45.000+05:30
diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-management/gravitee-apim-rest-api-management-rest/src/main/java/io/gravitee/rest/api/management/rest/resource/organization/UserResource.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-management/gravitee-apim-rest-api-management-rest/src/main/java/io/gravitee/rest/api/management/rest/resource/organization/UserResource.java
@@ -47,6 +47,8 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Set;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Defines the REST resources to manage Users.
@@ -60,6 +62,8 @@
 @Tag(name = "Users")
 public class UserResource extends AbstractResource {
 
+    private static final Logger LOGGER = LoggerFactory.getLogger(UserResource.class);
+
     @Context
     private ResourceContext resourceContext;
 
@@ -120,31 +124,30 @@ public Response deleteUser() {
     @ApiResponse(responseCode = "404", description = "User not found")
     @ApiResponse(responseCode = "500", description = "Internal server error")
     @Permissions(@Permission(value = RolePermission.ORGANIZATION_USERS, acls = RolePermissionAction.READ))
-    public List<UserGroupEntity> getUserGroups() {
+    public List<UserGroupEntity> getUserGroups(@QueryParam("q") String query) {
         // Check that user belongs to current organization
         userService.findById(GraviteeContext.getExecutionContext(), userId);
+        LOGGER.debug("Search groups for user: {} with query: {}", userId, query);
+        Set<GroupEntity> groups = groupService.findByUserAndEnvironment(userId, query);
+        List<UserGroupEntity> result = new ArrayList<>();
+        groups.forEach(groupEntity -> {
+            UserGroupEntity userGroupEntity = new UserGroupEntity();
+            userGroupEntity.setId(groupEntity.getId());
+            userGroupEntity.setName(groupEntity.getName());
+            userGroupEntity.setRoles(new HashMap<>());
+            Set<RoleEntity> roles = membershipService.getRoles(
+                MembershipReferenceType.GROUP,
+                groupEntity.getId(),
+                MembershipMemberType.USER,
+                userId
+            );
+            if (!roles.isEmpty()) {
+                roles.forEach(role -> userGroupEntity.getRoles().put(role.getScope().name(), role.getName()));
+            }
+            result.add(userGroupEntity);
+        });
 
-        List<UserGroupEntity> groups = new ArrayList<>();
-        groupService
-            .findByUser(userId)
-            .forEach(groupEntity -> {
-                UserGroupEntity userGroupEntity = new UserGroupEntity();
-                userGroupEntity.setId(groupEntity.getId());
-                userGroupEntity.setName(groupEntity.getName());
-                userGroupEntity.setRoles(new HashMap<>());
-                Set<RoleEntity> roles = membershipService.getRoles(
-                    MembershipReferenceType.GROUP,
-                    groupEntity.getId(),
-                    MembershipMemberType.USER,
-                    userId
-                );
-                if (!roles.isEmpty()) {
-                    roles.forEach(role -> userGroupEntity.getRoles().put(role.getScope().name(), role.getName()));
-                }
-                groups.add(userGroupEntity);
-            });
-
-        return groups;
+        return result;
     }
 
     @GET
diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-management/gravitee-apim-rest-api-management-rest/src/test/java/io/gravitee/rest/api/management/rest/resource/UserResourceTest.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-management/gravitee-apim-rest-api-management-rest/src/test/java/io/gravitee/rest/api/management/rest/resource/UserResourceTest.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright © 2015 The Gravitee team (http://gravitee.io)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.gravitee.rest.api.management.rest.resource;
+
+import static org.junit.Assert.*;
+import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.*;
+
+import io.gravitee.rest.api.management.rest.resource.organization.UserResource;
+import io.gravitee.rest.api.model.*;
+import io.gravitee.rest.api.service.GroupService;
+import io.gravitee.rest.api.service.MembershipService;
+import io.gravitee.rest.api.service.UserService;
+import io.gravitee.rest.api.service.common.ExecutionContext;
+import java.lang.reflect.Field;
+import java.util.*;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+
+/**
+ * Test for UserResource.getUserGroups() method
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class UserResourceTest {
+
+    private static final String USER_ID = "test-user";
+    private static final String ENV_ID = "test-env";
+
+    @Mock
+    private UserService userService;
+
+    @Mock
+    private GroupService groupService;
+
+    @Mock
+    private MembershipService membershipService;
+
+    @InjectMocks
+    private UserResource userResource;
+
+    @Before
+    public void setUp() throws Exception {
+        Field userIdField = UserResource.class.getDeclaredField("userId");
+        userIdField.setAccessible(true);
+        userIdField.set(userResource, USER_ID);
+    }
+
+    @Test
+    public void shouldReturnAllGroupsWhenQueryIsNull() {
+        GroupEntity group1 = new GroupEntity();
+        group1.setId("group1");
+        group1.setName("Group 1");
+
+        GroupEntity group2 = new GroupEntity();
+        group2.setId("group2");
+        group2.setName("Group 2");
+
+        when(userService.findById(any(ExecutionContext.class), eq(USER_ID))).thenReturn(new UserEntity());
+        when(groupService.findByUserAndEnvironment(USER_ID, null)).thenReturn(Set.of(group1, group2));
+        when(membershipService.getRoles(any(), any(), any(), any())).thenReturn(Collections.emptySet());
+        List<UserGroupEntity> result = userResource.getUserGroups(null);
+        assertEquals(2, result.size());
+        verify(groupService).findByUserAndEnvironment(USER_ID, null);
+    }
+
+    @Test
+    public void shouldReturnAllGroupsWhenQueryIsEmpty() {
+        GroupEntity group = new GroupEntity();
+        group.setId("group1");
+        group.setName("Group 1");
+
+        when(userService.findById(any(ExecutionContext.class), eq(USER_ID))).thenReturn(new UserEntity());
+        when(groupService.findByUserAndEnvironment(USER_ID, "")).thenReturn(Set.of(group));
+        when(membershipService.getRoles(any(), any(), any(), any())).thenReturn(Collections.emptySet());
+        List<UserGroupEntity> result = userResource.getUserGroups("");
+        assertEquals(1, result.size());
+        verify(groupService).findByUserAndEnvironment(USER_ID, "");
+    }
+
+    @Test
+    public void shouldFilterGroupsByEnvironmentWhenQueryProvided() {
+        GroupEntity envGroup = new GroupEntity();
+        envGroup.setId("env-group");
+        envGroup.setName("Env Group");
+
+        when(userService.findById(any(ExecutionContext.class), eq(USER_ID))).thenReturn(new UserEntity());
+        when(groupService.findByUserAndEnvironment(USER_ID, ENV_ID)).thenReturn(Set.of(envGroup));
+        when(membershipService.getRoles(any(), any(), any(), any())).thenReturn(Collections.emptySet());
+        List<UserGroupEntity> result = userResource.getUserGroups(ENV_ID);
+
+        assertEquals(1, result.size());
+        assertEquals("env-group", result.get(0).getId());
+        assertEquals("Env Group", result.get(0).getName());
+        verify(groupService).findByUserAndEnvironment(USER_ID, ENV_ID);
+        verify(groupService, never()).findByUser(any());
+    }
+
+    @Test
+    public void shouldReturnEmptyListWhenUserHasNoGroups() {
+        // Given
+        when(userService.findById(any(ExecutionContext.class), eq(USER_ID))).thenReturn(new UserEntity());
+        List<UserGroupEntity> result = userResource.getUserGroups(null);
+        assertTrue(result.isEmpty());
+        verify(membershipService, never()).getRoles(any(), any(), any(), any());
+    }
+}
diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/rest/api/service/GroupService.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/rest/api/service/GroupService.java
@@ -49,6 +49,7 @@ public interface GroupService {
     List<GroupEntity> findByName(final String environmentId, String name);
 
     Set<GroupEntity> findByUser(String username);
+    Set<GroupEntity> findByUserAndEnvironment(String username, String environmentId);
     List<ApiEntity> getApis(final String environmentId, String groupId);
     List<ApplicationEntity> getApplications(String groupId);
     int getNumberOfMembers(ExecutionContext executionContext, String groupId);
diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/rest/api/service/impl/GroupServiceImpl.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/rest/api/service/impl/GroupServiceImpl.java
@@ -907,6 +907,34 @@ public Set<GroupEntity> findByUser(String user) {
         }
     }
 
+    @Override
+    public Set<GroupEntity> findByUserAndEnvironment(String user, String environmentId) {
+        Set<String> userGroups = membershipService
+            .getMembershipsByMemberAndReference(MembershipMemberType.USER, user, MembershipReferenceType.GROUP)
+            .stream()
+            .map(MembershipEntity::getReferenceId)
+            .collect(Collectors.toSet());
+
+        try {
+            Set<Group> allGroups = groupRepository.findByIds(userGroups);
+            Set<GroupEntity> filteredGroups = allGroups
+                .stream()
+                .filter(group -> environmentId == null || environmentId.equals(group.getEnvironmentId()))
+                .map(this::map)
+                .collect(Collectors.toSet());
+
+            logger.debug(
+                "After filtering by environment '{}': {} groups remain: {}",
+                environmentId,
+                filteredGroups.size(),
+                filteredGroups.stream().map(GroupEntity::getName).collect(Collectors.toList())
+            );
+            return filteredGroups;
+        } catch (TechnicalException ex) {
+            throw new TechnicalManagementException("An error occurs while trying to find user groups for environment " + environmentId, ex);
+        }
+    }
+
     @Override
     public List<ApiEntity> getApis(final String environmentId, String groupId) {
         return apiRepository
diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/test/java/io/gravitee/rest/api/service/impl/GroupService_FindByUserAndEnvironmentTest.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/test/java/io/gravitee/rest/api/service/impl/GroupService_FindByUserAndEnvironmentTest.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright © 2015 The Gravitee team (http://gravitee.io)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.gravitee.rest.api.service.impl;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+
+import io.gravitee.repository.exceptions.TechnicalException;
+import io.gravitee.repository.management.api.GroupRepository;
+import io.gravitee.repository.management.model.Group;
+import io.gravitee.rest.api.model.GroupEntity;
+import io.gravitee.rest.api.model.MembershipEntity;
+import io.gravitee.rest.api.model.MembershipMemberType;
+import io.gravitee.rest.api.model.MembershipReferenceType;
+import io.gravitee.rest.api.service.MembershipService;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+
+@RunWith(MockitoJUnitRunner.class)
+public class GroupService_FindByUserAndEnvironmentTest {
+
+    @InjectMocks
+    private final GroupServiceImpl groupService = new GroupServiceImpl();
+
+    @Mock
+    private GroupRepository groupRepository;
+
+    @Mock
+    private MembershipService membershipService;
+
+    @Test
+    public void shouldReturnGroupsForUserInEnvironment() throws TechnicalException {
+        String userId = "user1";
+        String envId = "env1";
+        Group group1 = Group.builder().id("g1").environmentId(envId).name("Group1").build();
+        Group group2 = Group.builder().id("g2").environmentId("env2").name("Group2").build();
+        Group group3 = Group.builder().id("g3").environmentId(envId).name("Group3").build();
+        Set<String> userGroups = new HashSet<>(Arrays.asList("g1", "g2", "g3"));
+        when(
+            membershipService.getMembershipsByMemberAndReference(MembershipMemberType.USER, userId, MembershipReferenceType.GROUP)
+        ).thenReturn(
+            new HashSet<>(
+                Arrays.asList(
+                    MembershipEntity.builder().id("m1").referenceId("g1").build(),
+                    MembershipEntity.builder().id("m2").referenceId("g2").build(),
+                    MembershipEntity.builder().id("m3").referenceId("g3").build()
+                )
+            )
+        );
+        when(groupRepository.findByIds(userGroups)).thenReturn(Set.of(group1, group2, group3));
+        Set<GroupEntity> result = groupService.findByUserAndEnvironment(userId, envId);
+        assertThat(result).hasSize(2);
+        assertThat(result.stream().map(GroupEntity::getName)).containsExactlyInAnyOrder("Group1", "Group3");
+    }
+
+    @Test
+    public void shouldReturnEmptyForUserWithNoGroupsInEnv() throws TechnicalException {
+        String userId = "user2";
+        String envId = "env1";
+        Group group1 = Group.builder().id("g1").environmentId("env2").name("Group2").build();
+        Set<String> userGroups = Collections.singleton("g1");
+        when(
+            membershipService.getMembershipsByMemberAndReference(MembershipMemberType.USER, userId, MembershipReferenceType.GROUP)
+        ).thenReturn(new HashSet<>(Collections.singletonList(MembershipEntity.builder().id("m4").referenceId("g1").build())));
+        when(groupRepository.findByIds(userGroups)).thenReturn(Set.of(group1));
+        Set<GroupEntity> result = groupService.findByUserAndEnvironment(userId, envId);
+        assertThat(result).isEmpty();
+    }
+
+    @Test
+    public void shouldReturnEmptyForNonExistentUserOrEnv() throws TechnicalException {
+        String userId = "nouser";
+        String envId = "noenv";
+        when(
+            membershipService.getMembershipsByMemberAndReference(MembershipMemberType.USER, userId, MembershipReferenceType.GROUP)
+        ).thenReturn(new HashSet<>());
+        when(groupRepository.findByIds(Collections.emptySet())).thenReturn(Set.of());
+        Set<GroupEntity> result = groupService.findByUserAndEnvironment(userId, envId);
+        assertThat(result).isEmpty();
+    }
+
+    @Test
+    public void shouldReturnAllGroupsIfEnvIdIsNull() throws TechnicalException {
+        String userId = "user3";
+        Group group1 = Group.builder().id("g1").environmentId("env1").name("Group1").build();
+        Group group2 = Group.builder().id("g2").environmentId("env2").name("Group2").build();
+        Set<String> userGroups = new HashSet<>(Arrays.asList("g1", "g2"));
+        when(
+            membershipService.getMembershipsByMemberAndReference(MembershipMemberType.USER, userId, MembershipReferenceType.GROUP)
+        ).thenReturn(
+            new HashSet<>(
+                Arrays.asList(
+                    MembershipEntity.builder().id("m5").referenceId("g1").build(),
+                    MembershipEntity.builder().id("m6").referenceId("g2").build()
+                )
+            )
+        );
+        when(groupRepository.findByIds(userGroups)).thenReturn(Set.of(group1, group2));
+        Set<GroupEntity> result = groupService.findByUserAndEnvironment(userId, null);
+        assertThat(result).hasSize(2);
+        assertThat(result.stream().map(GroupEntity::getName)).containsExactlyInAnyOrder("Group1", "Group2");
+    }
+}
