12 changed files with 31 additions and 209 deletions
--- a/.github/workflows/assign-pr-author.yml
+++ b/.github/workflows/assign-pr-author.yml
@ -1,10 +1,9 @@
 ---
 name: "Assign PR Author as Assignee"
-on:
+"on":
  pull_request:
-    types:
+    types: [opened, ready_for_review, reopened]
      - opened
 jobs:
  assign-pr-author-as-assignee:
--- a/.github/workflows/check-title.yml
+++ b/.github/workflows/check-title.yml
@ -1,33 +0,0 @@
 ---
 name: "Check PR title"
 on:
  pull_request:
    types:
      - opened
      - edited
      - synchronize
      - ready_for_review
      - reopened
 jobs:
  check-title:
    runs-on: ubuntu-latest
    steps:
      - name: "Check title"
        uses: Slashgear/action-check-pr-title@v4.3.0
        with:
          regexp: "\\[(API,)?(API|DEV-OPS|DOC|FEAT|FIX|FIX\\-CI|STYLE)\\]( \\([A-Za-z0-9.\\-]+\\))? [A-Za-z0-9 ,.'\\-!]+$"
          helpMessage: |
            Title of the PR MUST respect format: "[{TYPE}] clear description without typos in english" with {TYPE}:
              * [API] Change API that permit to access on the application (un-compatibility only). This one can specifically added with [API,{TYPE}]
              * [DEV-OPS] Update automatic build system, method to deliver application/packages, ...
              * [DOC] Update or add some documentation.
              * [FEAT] Develop a new feature
              * [FIX] When fixing issue
              * [FIX-CI] When the CI fail to build and we apply a correction to set it work again.
              * [STYLE] Update of the style tools/checker, or add/remove rules.
            Examples:
              [FEAT] My beautiful feature
              [API,FIX] Change API to fix typo
              [FIX] (module) Correct part of ...
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@ -10,13 +10,15 @@ name: Java CI with Maven
 on:
  push:
-    branches:
+    branches: [ "develop" ]
      - develop
  pull_request:
    branches: [ "develop" ]
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: Set up JDK 17
--- a/src/org/kar/archidata/annotation/AnnotationTools.java
+++ b/src/org/kar/archidata/annotation/AnnotationTools.java
@ -21,7 +21,6 @@ import jakarta.persistence.ManyToMany;
 import jakarta.persistence.ManyToOne;
 import jakarta.persistence.OneToMany;
 import jakarta.persistence.Table;
 import jakarta.validation.constraints.Email;
 import jakarta.validation.constraints.Max;
 import jakarta.validation.constraints.Min;
 import jakarta.validation.constraints.NotNull;
@ -236,14 +235,6 @@ public class AnnotationTools {
 		return ((Pattern) annotation[0]).regexp();
 	}
 	public static boolean getConstraintsEmail(final Field element) throws DataAccessException {
 		final Annotation[] annotation = element.getDeclaredAnnotationsByType(Email.class);
 		if (annotation.length == 0) {
 			return false;
 		}
 		return true;
 	}
 	public static boolean isAnnotationGroup(final Field field, final Class<?> annotationType) {
 		try {
 			final Annotation[] anns = field.getAnnotations();
--- a/src/org/kar/archidata/dataAccess/DataAccess.java
+++ b/src/org/kar/archidata/dataAccess/DataAccess.java
@ -1246,10 +1246,6 @@ public class DataAccess {
 	public static void addElement(final PreparedStatement ps, final Object value, final CountInOut iii)
 			throws Exception {
 		if (value == null) {
 			ps.setNull(iii.value, Types.INTEGER);
 			return;
 		}
 		if (value instanceof final UUID tmp) {
 			final byte[] dataByte = UuidUtils.asBytes(tmp);
 			ps.setBytes(iii.value, dataByte);
--- a/src/org/kar/archidata/dataAccess/addOn/AddOnDataJson.java
+++ b/src/org/kar/archidata/dataAccess/addOn/AddOnDataJson.java
@ -30,9 +30,7 @@ import org.slf4j.LoggerFactory;
 import com.fasterxml.jackson.annotation.JsonValue;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.JavaType;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.type.TypeFactory;
 import jakarta.validation.constraints.NotNull;
@ -154,10 +152,7 @@ public class AddOnDataJson implements DataAccessAddOn {
 				}
 				LOGGER.warn("Maybe fail to translate Model in datajson list: List<{}>", listClass.getCanonicalName());
 			}
-			final TypeFactory typeFactory = objectMapper.getTypeFactory();
+			final Object dataParsed = objectMapper.readValue(jsonData, field.getType());
 			final JavaType fieldType = typeFactory.constructType(field.getGenericType());
 			final Object dataParsed = objectMapper.readValue(jsonData, fieldType);
 			//final Object dataParsed = objectMapper.readValue(jsonData, field.getType());
 			field.set(data, dataParsed);
 		}
 	}
--- a/src/org/kar/archidata/dataAccess/options/CheckJPA.java
+++ b/src/org/kar/archidata/dataAccess/options/CheckJPA.java
@ -401,27 +401,6 @@ public class CheckJPA<T> implements CheckFunctionInterface {
 									}
 								});
 					}
 					if (AnnotationTools.getConstraintsEmail(field)) {
 						final String emailPattern = "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$";
 						final Pattern pattern = Pattern.compile(emailPattern);
 						add(fieldName,
 								(
 										final String baseName,
 										final T data,
 										final List<String> modifiedValue,
 										final QueryOptions options) -> {
 									final Object elem = field.get(data);
 									if (elem == null) {
 										return;
 									}
 									final String elemTyped = (String) elem;
 									if (!pattern.matcher(elemTyped).find()) {
 										throw new InputException(baseName + fieldName,
 												"does not match the required pattern[email] (constraints) must be '"
 														+ emailPattern + "'");
 									}
 								});
 					}
 				} else if (type == JsonValue.class) {
 					final DataJson jsonAnnotation = AnnotationTools.getDataJson(field);
 					if (jsonAnnotation != null && jsonAnnotation.checker() != CheckFunctionVoid.class) {
--- a/src/org/kar/archidata/filter/AuthenticationFilter.java
+++ b/src/org/kar/archidata/filter/AuthenticationFilter.java
@ -12,7 +12,6 @@ import java.util.Map.Entry;
 import org.kar.archidata.annotation.security.PermitTokenInURI;
 import org.kar.archidata.catcher.RestErrorResponse;
 import org.kar.archidata.exception.SystemException;
 import org.kar.archidata.model.UserByToken;
 import org.kar.archidata.tools.JWTWrapper;
 import org.slf4j.Logger;
@ -24,7 +23,6 @@ import jakarta.annotation.Priority;
 import jakarta.annotation.security.DenyAll;
 import jakarta.annotation.security.PermitAll;
 import jakarta.annotation.security.RolesAllowed;
 import jakarta.ws.rs.Path;
 import jakarta.ws.rs.Priorities;
 import jakarta.ws.rs.container.ContainerRequestContext;
 import jakarta.ws.rs.container.ContainerRequestFilter;
@ -44,40 +42,18 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 	@Context
 	private ResourceInfo resourceInfo;
 	protected final String applicationName;
 	protected final String issuer;
 	public static final String AUTHENTICATION_SCHEME = "Bearer";
 	public static final String APIKEY = "ApiKey";
 	public AuthenticationFilter(final String applicationName) {
 		this.applicationName = applicationName;
 		this.issuer = "KarAuth";
 	}
 	public AuthenticationFilter(final String applicationName, final String issuer) {
 		this.applicationName = applicationName;
 		this.issuer = issuer;
 	}
 	public String getRequestedPath(final ContainerRequestContext requestContext) {
 		final Class<?> resourceClass = this.resourceInfo.getResourceClass();
 		final Method resourceMethod = this.resourceInfo.getResourceMethod();
 		final String classPath = resourceClass.isAnnotationPresent(Path.class)
 				? resourceClass.getAnnotation(Path.class).value()
 				: "";
 		final String methodPath = resourceMethod.isAnnotationPresent(Path.class)
 				? resourceMethod.getAnnotation(Path.class).value()
 				: "";
 		final String fullPath = (classPath.startsWith("/") ? "" : "/") + classPath
 				+ (methodPath.startsWith("/") ? "" : "/") + methodPath;
 		return fullPath;
 	}
 	@Override
 	public void filter(final ContainerRequestContext requestContext) throws IOException {
 		/* logger.debug("-----------------------------------------------------"); logger.debug("----          Check if have authorization        ----");
 		 * logger.debug("-----------------------------------------------------"); logger.debug("   for:{}", requestContext.getUriInfo().getPath()); */
 		final Method method = this.resourceInfo.getResourceMethod();
 		// Access denied for all
 		if (method.isAnnotationPresent(DenyAll.class)) {
@ -164,13 +140,12 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 		final List<String> roles = Arrays.asList(rolesAnnotation.value());
 		// check if the user have the right:
 		boolean haveRight = false;
-		try {
+		for (final String role : roles) {
-			haveRight = checkRight(requestContext, userContext, roles);
+			if (userContext.isUserInRole(role)) {
-		} catch (final SystemException e) {
+				haveRight = true;
-			// TODO Auto-generated catch block
+				break;
-			e.printStackTrace();
+			}
 		}
 		// Is user valid?
 		if (!haveRight) {
 			LOGGER.error("REJECTED not enought right : {} require: {}", requestContext.getUriInfo().getPath(), roles);
@ -182,18 +157,6 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 		// logger.debug("Get local user : {} / {}", user, userByToken);
 	}
 	protected boolean checkRight(
 			final ContainerRequestContext requestContext,
 			final MySecurityContext userContext,
 			final List<String> roles) throws SystemException {
 		for (final String role : roles) {
 			if (userContext.isUserInRole(this.applicationName, role)) {
 				return true;
 			}
 		}
 		return false;
 	}
 	private boolean isTokenBasedAuthentication(final String authorizationHeader) {
 		// Check if the Authorization header is valid
 		// It must not be null and must be prefixed with "Bearer" plus a whitespace
@ -230,7 +193,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 	// must be override to be good implementation
 	protected UserByToken validateJwtToken(final String authorization) throws Exception {
 		// logger.debug(" validate token : " + authorization);
-		final JWTClaimsSet ret = JWTWrapper.validateToken(authorization, this.issuer, null);
+		final JWTClaimsSet ret = JWTWrapper.validateToken(authorization, "KarAuth", null);
 		// check the token is valid !!! (signed and coherent issuer...
 		if (ret == null) {
 			LOGGER.error("The token is not valid: '{}'", authorization);
@ -245,16 +208,13 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 		user.type = UserByToken.TYPE_USER;
 		final Object rowRight = ret.getClaim("right");
 		if (rowRight != null) {
-			LOGGER.info("Detect right in Authentication Filer: {}", rowRight);
+			final Map<String, Map<String, Object>> rights = (Map<String, Map<String, Object>>) ret.getClaim("right");
 			user.right = (Map<String, Map<String, Object>>) ret.getClaim("right");
 			/*
 			if (rights.containsKey(this.applicationName)) {
 				user.right = rights.get(this.applicationName);
 			} else {
 				LOGGER.error("Connect with no right for this application='{}' full Right='{}'", this.applicationName,
 						rights);
 			}
 			*/
 		}
 		// logger.debug("request user: '{}' right: '{}' row='{}'", userUID, user.right, rowRight);
 		return user;
--- a/src/org/kar/archidata/filter/MySecurityContext.java
+++ b/src/org/kar/archidata/filter/MySecurityContext.java
@ -1,17 +1,13 @@
 package org.kar.archidata.filter;
 import java.security.Principal;
 import java.util.Set;
 import org.kar.archidata.model.UserByToken;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import jakarta.ws.rs.core.SecurityContext;
 // https://simplapi.wordpress.com/2015/09/19/jersey-jax-rs-securitycontext-in-action/
-public class MySecurityContext implements SecurityContext {
+class MySecurityContext implements SecurityContext {
 	private static final Logger LOGGER = LoggerFactory.getLogger(MySecurityContext.class);
 	private final GenericContext contextPrincipale;
 	private final String sheme;
@ -26,9 +22,10 @@ public class MySecurityContext implements SecurityContext {
 		return this.contextPrincipale;
 	}
-	public boolean isUserInRole(final String group, final String role) {
+	@Override
 	public boolean isUserInRole(final String role) {
 		if (this.contextPrincipale.userByToken != null) {
-			final Object value = this.contextPrincipale.userByToken.getRight(group, role);
+			final Object value = this.contextPrincipale.userByToken.right.get(role);
 			if (value instanceof final Boolean ret) {
 				return ret;
 			}
@ -36,43 +33,6 @@ public class MySecurityContext implements SecurityContext {
 		return false;
 	}
 	public Object getUserInRole(final String group, final String role) {
 		if (this.contextPrincipale.userByToken != null) {
 			return this.contextPrincipale.userByToken.getRight(group, role);
 		}
 		return null;
 	}
 	public Set<String> getGroups() {
 		if (this.contextPrincipale.userByToken != null) {
 			return this.contextPrincipale.userByToken.getGroups();
 		}
 		return Set.of();
 	}
 	public boolean groupExist(final String group) {
 		if (this.contextPrincipale.userByToken != null) {
 			return this.contextPrincipale.userByToken.groupExist(group);
 		}
 		return false;
 	}
 	@Override
 	public boolean isUserInRole(final String role) {
 		// TODO Auto-generated method stub
 		return isUserInRole("???", role);
 	}
 	public Object getRole(final String role) {
 		LOGGER.info("contextPrincipale={}", this.contextPrincipale);
 		if (this.contextPrincipale.userByToken != null) {
 			LOGGER.info("contextPrincipale.userByToken={}", this.contextPrincipale.userByToken);
 			LOGGER.info("contextPrincipale.userByToken.right={}", this.contextPrincipale.userByToken.right);
 			return this.contextPrincipale.userByToken.right.get(role);
 		}
 		return null;
 	}
 	@Override
 	public boolean isSecure() {
 		return "https".equalsIgnoreCase(this.sheme);
--- a/src/org/kar/archidata/model/User.java
+++ b/src/org/kar/archidata/model/User.java
@ -28,29 +28,26 @@ import io.swagger.v3.oas.annotations.media.Schema;
 import jakarta.annotation.Nullable;
 import jakarta.persistence.Column;
 import jakarta.persistence.Table;
 import jakarta.validation.constraints.NotNull;
 import jakarta.validation.constraints.Pattern;
 import jakarta.validation.constraints.Size;
 import jakarta.ws.rs.DefaultValue;
@Table(name = "user")
@DataIfNotExists
@JsonInclude(JsonInclude.Include.NON_NULL)
 public class User extends GenericDataSoftDelete {
 	@NotNull
 	@Column(length = 128)
 	@Size(min = 3, max = 128)
 	@Pattern(regexp = "^[a-zA-Z0-9-_ \\.]+$")
 	public String login = null;
 	@JsonFormat(shape = JsonFormat.Shape.STRING, pattern = "yyyy-MM-dd'T'HH:mm:ss.SSSXXX")
 	public Timestamp lastConnection = null;
-
+	@DefaultValue("'0'")
 	@Column(nullable = false)
 	public boolean admin = false;
 	@DefaultValue("'0'")
 	@Column(nullable = false)
 	public boolean blocked = false;
-	@Column(length = 512)
+	@DefaultValue("'0'")
-	public String blockedReason;
+	@Column(nullable = false)
 	public boolean removed = false;
 	@Schema(description = "List of Id of the specific covers")
 	@DataJson(targetEntity = Data.class)
@ -59,8 +56,7 @@ public class User extends GenericDataSoftDelete {
 	@Override
 	public String toString() {
-		return "User [login=" + this.login + ", last=" + this.lastConnection + ", blocked=" + this.blocked
+		return "User [login=" + this.login + ", last=" + this.lastConnection + ", admin=" + this.admin + "]";
 				+ ", blockedReason=" + this.blockedReason + "]";
 	}
 }
--- a/src/org/kar/archidata/model/UserByToken.java
+++ b/src/org/kar/archidata/model/UserByToken.java
@ -2,7 +2,6 @@ package org.kar.archidata.model;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
 public class UserByToken {
 	public static final int TYPE_USER = -1;
@ -14,35 +13,13 @@ public class UserByToken {
 	public Long parentId = null; // FOr application, this is the id of the application, and of user token, this is the USERID
 	public String name = null;
 	// Right map
-	public Map<String, Map<String, Object>> right = new HashMap<>();
+	public Map<String, Object> right = new HashMap<>();
-	public Set<String> getGroups() {
+	public boolean hasRight(final String key, final Object value) {
-		return this.right.keySet();
+		if (!this.right.containsKey(key)) {
 	}
 	public boolean groupExist(final String group) {
 		if (!this.right.containsKey(group)) {
 			return false;
 		}
 		return this.right.containsKey(group);
 	}
 	public Object getRight(final String group, final String key) {
 		if (!this.right.containsKey(group)) {
 			return null;
 		}
 		final Map<String, Object> rightGroup = this.right.get(group);
 		if (!rightGroup.containsKey(key)) {
 			return null;
 		}
 		return rightGroup.get(key);
 	}
 	public boolean hasRight(final String group, final String key, final Object value) {
 		final Object data = getRight(group, key);
 		if (data == null) {
 			return false;
 		}
 		final Object data = this.right.get(key);
 		if (data instanceof final Boolean elem) {
 			if (value instanceof final Boolean castVal) {
 				if (elem.equals(castVal)) {
--- a/src/org/kar/archidata/tools/RESTApi.java
+++ b/src/org/kar/archidata/tools/RESTApi.java
@ -121,7 +121,7 @@ public class RESTApi {
 	}
 	@SuppressWarnings("unchecked")
-	public <T, U> T modelSendJson(final String model, final Class<T> clazz, final String urlOffset, String body)
+	protected <T, U> T modelSendJson(final String model, final Class<T> clazz, final String urlOffset, String body)
 			throws RESTErrorResponseExeption, IOException, InterruptedException {
 		final HttpClient client = HttpClient.newHttpClient();
 		// client.property(HttpUrlConnectorProvider.SET_METHOD_WORKAROUND, true);
@ -166,7 +166,7 @@ public class RESTApi {
 	}
 	@SuppressWarnings("unchecked")
-	public <T> T modelSendMap(
+	protected <T> T modelSendMap(
 			final String model,
 			final Class<T> clazz,
 			final String urlOffset,