From 5f285be6b1562388cd9daed607549e205c8d5bef Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Tue, 18 Oct 2022 14:03:12 -0700
Subject: [PATCH 1/2] SHIBUI-2394

Bug fixes for ownership issues
---
 .../shibboleth/admin/ui/security/service/UserService.java     | 1 +
 .../admin/ui/service/JPAEntityDescriptorServiceImpl.java      | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
index 873ba3df6..d4cf2f653 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
@@ -8,6 +8,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.exception.OwnershipConflictException;
 import edu.internet2.tier.shibboleth.admin.ui.security.model.Group;
 import edu.internet2.tier.shibboleth.admin.ui.security.model.Ownable;
+import edu.internet2.tier.shibboleth.admin.ui.security.model.OwnableType;
 import edu.internet2.tier.shibboleth.admin.ui.security.model.OwnerType;
 import edu.internet2.tier.shibboleth.admin.ui.security.model.Ownership;
 import edu.internet2.tier.shibboleth.admin.ui.security.model.Role;
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
index 667477f09..9df95047c 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
@@ -140,6 +140,8 @@ public EntityDescriptorRepresentation createNew(EntityDescriptor ed) throws Forb
     @Override
     public EntityDescriptorRepresentation createNewEntityDescriptorFromXMLOrigin(EntityDescriptor ed) {
         ed.setIdOfOwner(userService.getCurrentUserGroup().getOwnerId());
+        ownershipRepository.deleteEntriesForOwnedObject(ed);
+        ownershipRepository.save(new Ownership(userService.getCurrentUserGroup(), ed));
         EntityDescriptor savedEntity = entityDescriptorRepository.save(ed);
         return createRepresentationFromDescriptor(savedEntity);
     }
@@ -153,6 +155,8 @@ public boolean entityExists(String entityID) {
     public EntityDescriptorRepresentation updateGroupForEntityDescriptor(String resourceId, String groupId) {
         EntityDescriptor ed = entityDescriptorRepository.findByResourceId(resourceId);
         ed.setIdOfOwner(groupId);
+        ownershipRepository.deleteEntriesForOwnedObject(ed);
+        ownershipRepository.save(new Ownership(groupService.find(groupId), ed));
         EntityDescriptor savedEntity = entityDescriptorRepository.save(ed);
         return createRepresentationFromDescriptor(savedEntity);
     }

From 006ac2e259e65f68584fc1eeaf271f2fabe1452d Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Tue, 18 Oct 2022 16:38:40 -0700
Subject: [PATCH 2/2] SHIBUI-2394

Updated user check for which groups they can approve for to include ALL the groups a user belongs to
---
 .../admin/ui/security/service/UserService.java       | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
index d4cf2f653..7a20cac04 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
@@ -26,6 +26,7 @@
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
@@ -145,8 +146,17 @@ public Group getCurrentUserGroup() {
         }
     }
 
+    /**
+     * @return a list of ALL groups that the user can approve for (checks ALL the users groups)
+     */
     public List<String> getGroupsCurrentUserCanApprove() {
-        return getCurrentUserGroup().getApproveForList();
+        HashSet<String> fullSet = new HashSet<>();
+        for (Group g : getCurrentUser().getUserGroups()) {
+            fullSet.addAll(g.getApproveForList());
+        }
+        ArrayList<String> result = new ArrayList<>();
+        result.addAll(fullSet);
+        return result;
     }
 
     public Set<String> getUserRoles(String username) {