[RELEASE] Release v0.19.0

Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/maven.yml

@@ -18,9 +18,9 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up JDK 17
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@v4
       with:
         java-version: '21'
         distribution: 'temurin'
@@ -32,4 +32,4 @@ jobs:
 
     # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
     - name: Update dependency graph
-      uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6
+      uses: advanced-security/maven-dependency-submission-action@4f64ddab9d742a4806eeb588d238e4c311a8397d

pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>kangaroo-and-rabbit</groupId>
 	<artifactId>archidata</artifactId>
-	<version>0.18.0</version>
+	<version>0.19.0</version>
 	<properties>
 		<java.version>21</java.version>
 		<maven.compiler.version>3.1</maven.compiler.version>

src/org/kar/archidata/filter/AuthenticationFilter.java

@@ -187,7 +187,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 			final MySecurityContext userContext,
 			final List<String> roles) throws SystemException {
 		for (final String role : roles) {
-			if (userContext.isUserInRole(this.applicationName, role)) {
+			if (userContext.isUserInRole(this.applicationName + "/" + role)) {
 				return true;
 			}
 		}
@@ -245,7 +245,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 		user.type = UserByToken.TYPE_USER;
 		final Object rowRight = ret.getClaim("right");
 		if (rowRight != null) {
-			LOGGER.info("Detect right in Authentication Filer: {}", rowRight);
+			LOGGER.info("Detect right in Authentication Filter: {}", rowRight);
 			user.right = (Map<String, Map<String, Object>>) ret.getClaim("right");
 			/*
 			if (rights.containsKey(this.applicationName)) {

src/org/kar/archidata/filter/MySecurityContext.java

@@ -26,17 +26,7 @@ public class MySecurityContext implements SecurityContext {
 		return this.contextPrincipale;
 	}
 
-	public boolean isUserInRole(final String group, final String role) {
-		if (this.contextPrincipale.userByToken != null) {
-			final Object value = this.contextPrincipale.userByToken.getRight(group, role);
-			if (value instanceof final Boolean ret) {
-				return ret;
-			}
-		}
-		return false;
-	}
-
-	public Object getUserInRole(final String group, final String role) {
+	public Object getRightOfRoleInGroup(final String group, final String role) {
 		if (this.contextPrincipale.userByToken != null) {
 			return this.contextPrincipale.userByToken.getRight(group, role);
 		}
@@ -57,10 +47,95 @@ public class MySecurityContext implements SecurityContext {
 		return false;
 	}
 
+	// Not sure the Long type is definitive.
+	public Long getUserID() {
+		if (this.contextPrincipale.userByToken != null) {
+			return this.contextPrincipale.userByToken.id;
+		}
+		return null;
+	}
+
+	public boolean checkRightInGroup(
+			final String group,
+			final String role,
+			final boolean needRead,
+			final boolean needWrite) {
+		if ("USER".equals(role)) {
+			if (groupExist(group)) {
+				return true;
+			}
+			return false;
+		}
+		// get associated Roles:
+		final Object rightPart = getRightOfRoleInGroup(group, role);
+		LOGGER.info("detect : {}", rightPart);
+		long dataRight = 0;
+		if (rightPart instanceof final Long rightPartCasted) {
+			dataRight = rightPartCasted;
+		} else if (rightPart instanceof final Integer rightPartCasted) {
+			dataRight = rightPartCasted;
+		}
+		if (dataRight == PartRight.READ_WRITE.getValue()) {
+			return true;
+		}
+		if (!needRead && needWrite && dataRight == PartRight.WRITE.getValue()) {
+			return true;
+		}
+		if (needRead && !needWrite && dataRight == PartRight.READ.getValue()) {
+			return true;
+		}
+		return false;
+	}
+
 	@Override
 	public boolean isUserInRole(final String role) {
-		// TODO Auto-generated method stub
-		return isUserInRole("???", role);
+		String roleEdit = role;
+		boolean needRead = false;
+		boolean needWrite = false;
+		// Check if the API overwrite the right needed for this API.
+		if (roleEdit.contains(":")) {
+			if (roleEdit.endsWith(":w")) {
+				try {
+					roleEdit = roleEdit.substring(0, roleEdit.length() - 2);
+				} catch (final IndexOutOfBoundsException ex) {
+					LOGGER.error("Fail to extract role of '{}'", role);
+					ex.printStackTrace();
+					return false;
+				}
+				needWrite = true;
+			} else if (roleEdit.endsWith(":r")) {
+				try {
+					roleEdit = roleEdit.substring(0, roleEdit.length() - 2);
+				} catch (final IndexOutOfBoundsException ex) {
+					LOGGER.error("Fail to extract role of '{}'", role);
+					ex.printStackTrace();
+					return false;
+				}
+				needRead = true;
+			} else if (roleEdit.endsWith(":rw")) {
+				try {
+					roleEdit = roleEdit.substring(0, roleEdit.length() - 3);
+				} catch (final IndexOutOfBoundsException ex) {
+					LOGGER.error("Fail to extract role of '{}'", role);
+					ex.printStackTrace();
+					return false;
+				}
+				needRead = true;
+				needWrite = true;
+			} else {
+				LOGGER.error("Request check right of an unknow right mode: {} (after ':')", roleEdit);
+				return false;
+			}
+		}
+		if (roleEdit.contains("/")) {
+			final String[] elements = roleEdit.split("/");
+			return checkRightInGroup(elements[0], elements[1], needRead, needWrite);
+		}
+		// Special case, if the token is valid, it is an USER ...
+		if ("USER".equals(roleEdit)) {
+			return true;
+		}
+		return checkRightInGroup("?system?", roleEdit, needRead, needWrite);
 	}
 
 	public Object getRole(final String role) {

src/org/kar/archidata/filter/PartRight.java

@@ -0,0 +1,30 @@
+package org.kar.archidata.filter;
+
+import com.fasterxml.jackson.annotation.JsonValue;
+
+public enum PartRight {
+	NONE(0), //
+	READ(1), //
+	WRITE(2), //
+	READ_WRITE(3);
+
+	private final int value;
+
+	PartRight(final int value) {
+		this.value = value;
+	}
+
+	@JsonValue
+	public int getValue() {
+		return this.value;
+	}
+
+	public static PartRight fromValue(final int value) {
+		for (final PartRight element : values()) {
+			if (element.getValue() == value) {
+				return element;
+			}
+		}
+		throw new IllegalArgumentException("PartRight: Unknown value: " + value);
+	}
+}

version.txt

@@ -1 +1 @@
-0.18.0
+0.19.0