SAK-11647 - Group-aware dropboxes. New permission dropbox.maintain.ow…

…n.groups added. Notifications extended to group TAs. Several fixes to corrections of Matthew Buckett.

content/content-tool/tool/src/java/org/sakaiproject/content/tool/ResourcesAction.java

@@ -4215,7 +4215,6 @@ public String buildListContext (	VelocityPortlet portlet,
 			// notshow the public option or notification when in dropbox mode
 			context.put("dropboxMode", Boolean.TRUE);
 			// allow filtering of dropboxes by group (SAK-14625)
-			String collectionId = (String) state.getAttribute (STATE_COLLECTION_ID);
 			String homeCollectionId = (String) state.getAttribute(STATE_HOME_COLLECTION_ID);
 			String containingCollectionId = ContentHostingService.getContainingCollectionId(homeCollectionId);
 			//Boolean showDropboxGroupFilter = Boolean.valueOf(homeCollectionId.equals(collectionId));			
@@ -4250,6 +4249,40 @@ public int compare(Group g0, Group g1) {
 					// something failed, group filter will be hidden
 				}
 			}
+
+			//SAK-11647 - Group-aware dropboxes
+			try
+			{
+				String currentUser = SessionManager.getCurrentSessionUserId();
+				Site site = SiteService.getSite(currentSiteId);
+
+				if ((!ContentHostingService.isDropboxMaintainer(currentSiteId))&&(ContentHostingService.isDropboxGroups(currentSiteId)))
+				{
+					context.put("dropboxGroupPermission_enabled",Boolean.TRUE);
+
+					List<Group> site_groups = new ArrayList<Group>();
+
+					Set allGroupsUsers = new TreeSet<String>();
+
+					site_groups.addAll(site.getGroupsWithMember(currentUser));
+					if (site_groups.size()>0)
+					{
+						for (Group g : site_groups)
+						{
+							allGroupsUsers.addAll(g.getUsers());
+						}
+					}
+					context.put("dropboxGroupPermission_allGroupsUsers",allGroupsUsers);
+				}
+				else
+				{
+					context.put("dropboxGroupPermission_enabled",Boolean.FALSE);
+				}
+			}
+			catch (IdUnusedException e)
+			{
+				logger.warn("DropboxGroupPermission error: "+e.toString());
+			}
 		}
 		else
 		{

content/content-tool/tool/src/java/org/sakaiproject/content/tool/SiteEmailNotificationDragAndDrop.java

@@ -28,6 +28,7 @@
 import org.sakaiproject.event.api.Notification;
 import org.sakaiproject.site.api.SiteService;
 import org.sakaiproject.site.api.Site;
+import org.sakaiproject.site.api.Group;
 import org.sakaiproject.authz.api.SecurityService;
 import org.sakaiproject.authz.api.Member;
 import org.sakaiproject.exception.IdUnusedException;
@@ -226,6 +227,12 @@ protected List getRecipients(Event event)
 					String siteDropbox = buf.toString();
 
 					recipients.addAll(securityService.unlockUsers(contentHostingService.AUTH_DROPBOX_MAINTAIN, siteDropbox));
+
+					//SAK-11647 - Adding to notifications all users with AUTH_DROPBOX_GROUPS who belong to current user's groups.
+					List<User> dropboxGroupsRecipients = new ArrayList<User>();
+					dropboxGroupsRecipients.addAll(securityService.unlockUsers(contentHostingService.AUTH_DROPBOX_GROUPS, siteDropbox));
+					recipients.addAll(filterUsersInGroups(dropboxGroupsRecipients, modifiedBy, site));
+
 					refineToSiteMembers(recipients, site);
 				}
 				else
@@ -259,6 +266,27 @@ protected List getRecipients(Event event)
 			return super.getRecipients(event);
 		}
 	}
+
+	private List<User> filterUsersInGroups(List<User> usersToFilter, String currentUser, Site site)
+	{
+		List<User> usersInCurrentUserGroups = new ArrayList<User>();
+		List<Group> site_groups = new ArrayList<Group>();
+		List<String> allGroupsUsers = new ArrayList<String>();
+
+		site_groups.addAll(site.getGroupsWithMember(currentUser));
+		if (site_groups.size()>0)
+		{
+			for (Group g : site_groups)
+			{
+				allGroupsUsers.addAll(g.getUsers());
+			}
+		}
+		for (User user : usersToFilter)
+		{
+			if (allGroupsUsers.contains(user.getId())) usersInCurrentUserGroups.add(user);
+		}
+		return usersInCurrentUserGroups;
+	}
 
 	/**
 	 * Only include actual site members in the notification.

content/content-tool/tool/src/webapp/vm/content/sakai_resources_list.vm

@@ -309,6 +309,7 @@ if ( window.jQuery ) {
 			#foreach($item in $site)
 				#set($qid=$item.id.replaceAll("'","\\'").replaceAll("\"", """))
 				#set($dqid=$item.id.replaceAll("\"", """))
+				#if ((!$dropboxGroupPermission_enabled) || ($item.isDropbox() && $item.DropboxOwner && $dropboxGroupPermission_allGroupsUsers.contains($item.DropboxOwner)))
 				#if(!$dropboxGroupFiltered || ($item.isDropbox() && $dropboxGroupFilter_groupUsers.contains($item.DropboxOwner)) )
 				#set($itemcount = $itemcount + 1)
 				#set ($addCount=($addCount - 1))
@@ -491,6 +492,7 @@ if ( window.jQuery ) {
 					#end
 				</tr>
 				#end ## if !$dropboxGroupFiltered || ($item.isDropbox() && $dropboxGroupFilter_groupUsers.contains($item.DropboxOwner)) 
+				#end ##if ((!$dropboxGroupPermission_enabled) || ($item.isDropbox() && $item.DropboxOwner && $dropboxGroupPermission_allGroupsUsers.contains($item.DropboxOwner)))
 			#end ## foreach $item in $this_site
 
 			############################################# Begin "Other sites" section

kernel/api/src/main/java/org/sakaiproject/content/api/ContentHostingService.java

@@ -168,6 +168,9 @@ public interface ContentHostingService extends EntityProducer
 
 	/** Security function for those who may OWN a dropbox. */
 	public static final String AUTH_DROPBOX_OWN = "dropbox.own";
+
+	/** Security function for those who may maintain dropboxes of their groups/sections. */
+	public static final String AUTH_DROPBOX_GROUPS = "dropbox.maintain.own.groups";
 
 	/** Security function for those who may maintain dropboxes. */
 	public static final String AUTH_DROPBOX_MAINTAIN = "dropbox.maintain";
@@ -1715,6 +1718,13 @@ public ResourceProperties removeProperty(String id, String name) throws Permissi
 	 */
 	public boolean isDropboxMaintainer(String siteId);
 
+	/**
+	 * Determine whether the user has the dropbox.groups permission 
+	 * 
+	 * @return True if user has dropbox.groups permission, false otherwise.
+	 */
+	public boolean isDropboxGroups(String siteId);
+
 	/**
 	 * Access the default dropbox collection display name for the current request. If the current user has permission to modify the site's dropbox collection, this is returned. Otherwise, the current user's collection within the site's dropbox is
 	 * returned.

kernel/api/src/main/java/org/sakaiproject/content/cover/ContentHostingService.java

@@ -99,6 +99,7 @@ public static org.sakaiproject.content.api.ContentHostingService getInstance()
 	public static java.lang.String AUTH_GROUP_RESOURCE_READ = org.sakaiproject.content.api.ContentHostingService.AUTH_GROUP_RESOURCE_READ;
 	public static java.lang.String AUTH_RESOURCE_HIDDEN = org.sakaiproject.content.api.ContentHostingService.AUTH_RESOURCE_HIDDEN;
 	public static java.lang.String AUTH_DROPBOX_OWN = org.sakaiproject.content.api.ContentHostingService.AUTH_DROPBOX_OWN;
+	public static java.lang.String AUTH_DROPBOX_GROUPS = org.sakaiproject.content.api.ContentHostingService.AUTH_DROPBOX_GROUPS;
 	public static java.lang.String AUTH_DROPBOX_MAINTAIN = org.sakaiproject.content.api.ContentHostingService.AUTH_DROPBOX_MAINTAIN;
 
 	public static java.lang.String PROP_ALTERNATE_REFERENCE = org.sakaiproject.content.api.ContentHostingService.PROP_ALTERNATE_REFERENCE;
@@ -923,6 +924,14 @@ public static boolean isDropboxMaintainer(java.lang.String param0)
 		return service.isDropboxMaintainer(param0);
 	}
 
+	public static boolean isDropboxGroups(java.lang.String param0)
+	{
+		org.sakaiproject.content.api.ContentHostingService service = getInstance();
+		if (service == null) return false;
+
+		return service.isDropboxGroups(param0);
+	}
+
 	public static java.lang.String getDropboxDisplayName()
 	{
 		org.sakaiproject.content.api.ContentHostingService service = getInstance();

kernel/kernel-impl/src/main/java/org/sakaiproject/content/impl/BaseContentService.java

@@ -952,6 +952,7 @@ public void init()
 			functionManager.registerFunction(AUTH_RESOURCE_HIDDEN, true);
 
 			functionManager.registerFunction(AUTH_DROPBOX_OWN, false);
+			functionManager.registerFunction(AUTH_DROPBOX_GROUPS, false);
 			functionManager.registerFunction(AUTH_DROPBOX_MAINTAIN, false);
 
 			// quotas
@@ -1491,13 +1492,27 @@ protected String convertLockIfDropbox(String lock, String id)
 		}
 
 		// if this resource is a dropbox, you need dropbox maintain permission
+		// Changed in SAK-11647 to enable group-aware dropboxes
 		if (id.startsWith(COLLECTION_DROPBOX))
 		{
 			// only for /group-user/SITEID/USERID/ refs.
 			String[] parts = StringUtil.split(id, "/");
 			if (parts.length >= 3)
 			{
-				return AUTH_DROPBOX_MAINTAIN;
+				String ref = null;
+				if (id != null)
+				{
+					ref = getReference(id);
+				}
+
+				//Before SAK-11647 any dropbox id asked for dropbox.maintain permission.
+				//Now we must support groups permission, so we ask for this permission too.
+				//Groups permission gives full access to dropboxes of users in current user's groups. 
+				//A different logic can be achieved here depending of lock parameter received.
+				if (m_securityService.unlock(AUTH_DROPBOX_MAINTAIN, ref))
+					return AUTH_DROPBOX_MAINTAIN;
+				else if (m_securityService.unlock(AUTH_DROPBOX_GROUPS, ref))
+					return AUTH_DROPBOX_GROUPS;
 			}
 		}
 
@@ -1703,6 +1718,7 @@ protected boolean unlockCheck(String lock, String id)
 		boolean isAllowed = m_securityService.isSuperUser();
 		if(! isAllowed)
 		{
+			//SAK-11647 - Changes in this function.
 			lock = convertLockIfDropbox(lock, id);
 
 			// make a reference from the resource id, if specified
@@ -1766,6 +1782,7 @@ protected void unlock(String lock, String id) throws PermissionException
 			return;
 		}
 
+		//SAK-11647 - Changes in this function.
 		lock = convertLockIfDropbox(lock, id);
 
 		// make a reference from the resource id, if specified
@@ -9823,8 +9840,8 @@ public String getDropboxCollection(String siteId)
 		// form the site's dropbox collection
 		rv = COLLECTION_DROPBOX + siteId + "/";
 
-		// for maintainers, use the site level
-		if (isDropboxMaintainer(siteId))
+		// for maintainers or users with groups access, use the site level
+		if ((isDropboxMaintainer(siteId))||(isDropboxGroups(siteId)))
 		{
 			// return the site's dropbox collection
 			return rv;
@@ -10154,6 +10171,26 @@ public boolean isDropboxMaintainer(String siteId)
 		return m_securityService.unlock(AUTH_DROPBOX_MAINTAIN, m_siteService.siteReference(siteId));
 	}
 
+	/**
+	 * Determine whether the user has the dropbox.groups permission 
+	 * 
+	 * @return True if user has dropbox.groups permission, false otherwise.
+	 */
+	public boolean isDropboxGroups(String siteId)
+	{
+		String dropboxId = null;
+
+		// make sure we are in a worksite, not a workspace
+		if (m_siteService.isUserSite(siteId) || m_siteService.isSpecialSite(siteId))
+		{
+			return false;
+		}
+
+		// if the user has dropbox maintain in the site, they are the dropbox maintainer
+		// (dropbox maintain in their myWorkspace just gives them access to their own dropbox)
+		return m_securityService.unlock(AUTH_DROPBOX_GROUPS, m_siteService.siteReference(siteId));
+	}
+
 	/******************************************************************************************************************************************************************************************************************************************************
 	 * Group awareness implementation
 	 *****************************************************************************************************************************************************************************************************************************************************/