From f242ef77a136a16c49cd383d3a9927dde70c48c9 Mon Sep 17 00:00:00 2001
From: Adrian Damian <Adrian.Damian@nrc.ca>
Date: Wed, 19 Nov 2014 14:55:21 -0800
Subject: [PATCH] Filter out deleted groups from members or admins in getGroup

---
 .../ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java | 14 ++++++++++++--
 .../cadc/ac/server/ldap/LdapGroupDAOTest.java    | 16 ++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
index ce7f40f6..10a1a174 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
@@ -535,8 +535,18 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
                         else if (memberDN.isDescendantOf(config.getGroupsDN(),
                                                          false))
                         {
-                            ldapGroup.getGroupMembers().add(new Group(
-                                memberDN.getRDNString().replace("cn=", "")));
+                            try
+                            {
+                                String memberGroupID = 
+                                        memberDN.getRDNString().replace("cn=", "");
+                                ldapGroup.getGroupMembers().
+                                    add(getGroup(memberGroupID));
+                            }
+                            catch(GroupNotFoundException e)
+                            {
+                                // ignore as we are not cleaning up
+                                // deleted groups from the group members
+                            }
                         }
                         else
                         {
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
index 6e44f437..bad3d32a 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
@@ -266,8 +266,24 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
                     actualGroup = getGroupDAO().getGroup(expectGroup.getID());
                     assertGroupsEqual(expectGroup, actualGroup);
                     
+                    // create another group and make expected group
+                    // member of that group. Delete expected group after
+                    Group expectGroup2 = new Group(getGroupID(), daoTestUser1);
+                    expectGroup2.getGroupAdmins().add(expectGroup);
+                    expectGroup2.getGroupMembers().add(expectGroup);
+                    Group actualGroup2 = getGroupDAO().addGroup(expectGroup2);
+                    log.debug("addGroup: " + expectGroup2.getID());
+                    assertGroupsEqual(expectGroup2, actualGroup2);
+                    
                     // delete the group
                     getGroupDAO().deleteGroup(expectGroup.getID());
+                    // now expectGroup should not be member of admin of 
+                    // expectGroup2
+                    expectGroup2.getGroupAdmins().remove(expectGroup);
+                    expectGroup2.getGroupMembers().remove(expectGroup);
+                    actualGroup2 = getGroupDAO().getGroup(expectGroup2.getID());
+                    log.debug("addGroup: " + expectGroup2.getID());
+                    assertGroupsEqual(expectGroup2, actualGroup2);
                     
                     return null;
                 }
-- 
GitLab