Updated Subsets API and ACL

src/main/java/org/genesys2/server/model/impl/Subset.java

@@ -32,6 +32,7 @@ import javax.persistence.PrePersist;
 import javax.persistence.PreUpdate;
 import javax.persistence.Table;
 
+import org.genesys.blocks.model.JsonViews;
 import org.genesys.blocks.model.SelfCleaning;
 import org.genesys.blocks.model.UuidModel;
 import org.genesys.blocks.security.model.AclAwareModel;
@@ -41,6 +42,7 @@ import org.hibernate.annotations.Type;
 
 import com.fasterxml.jackson.annotation.JsonIdentityReference;
 import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonView;
 
 // TODO: Auto-generated Javadoc
 /**
@@ -82,8 +84,7 @@ public class Subset extends UuidModel implements AclAwareModel, SelfCleaning {
 	/** The institute. */
 	@ManyToOne(cascade = {}, optional = false)
 	@JoinColumn(name = "institute_id", updatable = false)
-	// @JsonView({ JsonViews.Public.class })
-	@JsonIgnore
+	@JsonView({ JsonViews.Public.class })
 	private FaoInstitute institute;
 
 	/** The accessions. */

src/main/java/org/genesys2/server/service/impl/SubsetServiceImpl.java

@@ -23,12 +23,12 @@ import java.util.UUID;
 import java.util.stream.Collectors;
 
 import org.genesys.catalog.exceptions.InvalidApiUsageException;
-import org.genesys.catalog.model.Partner;
 import org.genesys2.server.exception.NotFoundElement;
 import org.genesys2.server.model.PublishState;
 import org.genesys2.server.model.UserRole;
 import org.genesys2.server.model.genesys.AccessionData;
 import org.genesys2.server.model.genesys.AccessionId;
+import org.genesys2.server.model.impl.FaoInstitute;
 import org.genesys2.server.model.impl.QSubset;
 import org.genesys2.server.model.impl.Subset;
 import org.genesys2.server.persistence.AccessionRepository;
@@ -92,15 +92,15 @@ public class SubsetServiceImpl implements SubsetService {
 	@Override
 	@PreAuthorize("hasRole('ADMINISTRATOR') or isAuthenticated()")
     public  Page<Subset> listSubsetsForCurrentUser(SubsetFilter filter, Pageable page) {
+		Pageable markdownSortPageRequest = JPAUtils.toMarkdownSort(page, "title");
+
 		if (securityUtils.hasRole(UserRole.ADMINISTRATOR)) {
-			Pageable markdownSortPageRequest = JPAUtils.toMarkdownSort(page, "title");
-			Page res = subsetRepository.findAll(filter.buildQuery(), markdownSortPageRequest);
-			return new PageImpl<Subset>(res.getContent(), page, res.getTotalElements());
+			Page<Subset> res = subsetRepository.findAll(filter.buildQuery(), markdownSortPageRequest);
+			return new PageImpl<>(res.getContent(), page, res.getTotalElements());
 		} else {
-			final HashSet<Long> partners = new HashSet<>(securityUtils.listObjectIdentityIdsForCurrentUser(Partner.class, BasePermission.WRITE));
-			Pageable markdownSortPageRequest = JPAUtils.toMarkdownSort(page, "title");
-			Page res = subsetRepository.findAll(QSubset.subset.createdBy.in(partners).and(filter.buildQuery()), markdownSortPageRequest);
-			return new PageImpl<Subset>(res.getContent(), page, res.getTotalElements());
+			final HashSet<Long> instituteIds = new HashSet<>(securityUtils.listObjectIdentityIdsForCurrentUser(FaoInstitute.class, BasePermission.WRITE));
+			Page<Subset> res = subsetRepository.findAll(QSubset.subset.institute.id.in(instituteIds).and(filter.buildQuery()), markdownSortPageRequest);
+			return new PageImpl<>(res.getContent(), page, res.getTotalElements());
 		}
 	}
 

src/test/java/org/genesys/test/server/api/v1/SubsetRestControllerTest.java

@@ -184,6 +184,7 @@ public class SubsetRestControllerTest extends AbstractApiTest {
 		storedSubset.getAccessionIds().add(accessionId);
 		assertThat(storedSubset.getAccessionIds().size(), is(1));
 
+		storedSubset.getInstitute().setSettings(null);
 		final String s = verboseMapper.writeValueAsString(storedSubset);
 
 		/*@formatter:off*/