SID autocomplete and display
I hit an issue when using the Permission Editor in Genesys UI where a Partner and OAuthClient use the same "name".
Please also implement this change in grin-global-server.
Autocomplete
The SID autocomplete method in PermissionController (v1, v2?) uses Map<String, Long> to return "names" mapped to their AclSid#id field. This means that if two entries use the same "name" (client.getTitle(), role.name(), partner.getShortName(), ...) the only the last one will be included in the Map.
It would be better if the map returned was Map<Long, String>, mapping AclSid#id to a "name" since id is guaranteed to be unique.
A new UI ticket needs to be created to respect this change.
Display
This is a potential information leak.
The method to list permissions at /permissions/{aclObjectIdentityId} uses @JsonView(JsonViews.Minimal.class), but OAuthClient does not declare JsonViews.Protected or .Internal for many of its fields and getters.
Please add @JsonView(JsonViews.Protected.class) to registeredRedirectUri, authorizedGrantTypes, authorities, allowedOrigins, autoApproveScopes and publicRecaptchaKey.