Filter client, role and project information in user list according to…

… permissions

Kitodo/src/main/java/org/kitodo/production/forms/BaseForm.java

@@ -27,12 +27,12 @@
 import org.kitodo.data.database.beans.Role;
 import org.kitodo.data.database.beans.User;
 import org.kitodo.data.database.exceptions.DAOException;
+import org.kitodo.data.exceptions.DataException;
 import org.kitodo.production.enums.ObjectType;
 import org.kitodo.production.helper.Helper;
 import org.kitodo.production.model.LazyDTOModel;
 import org.kitodo.production.services.ServiceManager;
 import org.kitodo.production.services.data.ClientService;
-import org.kitodo.production.services.data.ProjectService;
 import org.kitodo.production.services.data.RoleService;
 import org.primefaces.component.datatable.DataTable;
 import org.primefaces.event.TabChangeEvent;
@@ -397,7 +397,12 @@ public String getClientNames(List<Client> clients) {
      * @return String containing project titles
      */
     public String getProjectTitles(List<Project> projects) {
-        return ProjectService.getProjectTitles(projects);
+        try {
+            return ServiceManager.getProjectService().getProjectTitles(projects);
+        } catch (DataException e) {
+            Helper.setErrorMessage(e);
+            return "";
+        }
     }
 
     /**

Kitodo/src/main/java/org/kitodo/production/services/data/ClientService.java

@@ -111,6 +111,11 @@ public List<Client> getAllAvailableForAssignToUser(User user) throws DAOExceptio
      * @return String containing client names
      */
     public static String getClientNames(List<Client> clients) {
-        return clients.stream().map(Client::getName).collect(Collectors.joining(", "));
+        if (ServiceManager.getSecurityAccessService().hasAuthorityToViewClientList()) {
+            return clients.stream().map(Client::getName).collect(Collectors.joining(", "));
+        } else {
+            return clients.stream().filter(client -> ServiceManager.getUserService().getAuthenticatedUser().getClients()
+                    .contains(client)).map(Client::getName).collect(Collectors.joining(", "));
+        }
     }
 }

Kitodo/src/main/java/org/kitodo/production/services/data/ProjectService.java

@@ -350,8 +350,16 @@ public List<Project> getProjectsWithTitleAndClient(String title, Integer clientI
      * @param projects list of roles
      * @return String containing project titles
      */
-    public static String getProjectTitles(List<Project> projects) {
-        return projects.stream().map(Project::getTitle).collect(Collectors.joining(", "));
+    public String getProjectTitles(List<Project> projects) throws DataException {
+        if (ServiceManager.getSecurityAccessService().hasAuthorityToViewProjectList()
+                && ServiceManager.getSecurityAccessService().hasAuthorityToViewClientList()) {
+            return projects.stream().map(Project::getTitle).collect(Collectors.joining());
+        } else {
+            List<Integer> userProjectIds = findAllProjectsForCurrentUser().stream().map(ProjectDTO::getId)
+                    .collect(Collectors.toList());
+            return projects.stream().filter(project -> userProjectIds.contains(project.getId())).map(Project::getTitle)
+                    .collect(Collectors.joining(", "));
+        }
     }
 
     /**

Kitodo/src/main/java/org/kitodo/production/services/data/RoleService.java

@@ -19,6 +19,7 @@
 import java.util.stream.Collectors;
 
 import org.kitodo.data.database.beans.Authority;
+import org.kitodo.data.database.beans.Client;
 import org.kitodo.data.database.beans.Role;
 import org.kitodo.data.database.beans.User;
 import org.kitodo.data.database.exceptions.DAOException;
@@ -160,6 +161,12 @@ public List<Role> getAllRolesByClientId(int clientId) {
      * @return String containing role titles
      */
     public static String getRoleTitles(List<Role> roles) {
-        return roles.stream().map(Role::getTitle).collect(Collectors.joining(", "));
+        if (ServiceManager.getSecurityAccessService().hasAuthorityGlobalToViewRoleList()) {
+            return roles.stream().map(Role::getTitle).collect(Collectors.joining(", "));
+        } else {
+            Client currentClient = ServiceManager.getUserService().getSessionClientOfAuthenticatedUser();
+            return roles.stream().filter(role -> role.getClient().equals(currentClient)).map(Role::getTitle)
+                    .collect(Collectors.joining(", "));
+        }
     }
 }