Moved user-group retrieval API to UserGroupAdminController

Also changed the service path URL of UserGroupAdminController to
admin/group

Change-Id: I88dc3118d0fcb49d3fa0305f630d0eae0396159d
diff --git a/full/Changes b/full/Changes
index a963c45..94a3963 100644
--- a/full/Changes
+++ b/full/Changes
@@ -16,7 +16,9 @@
 2023-02-10
 - Use admin filter instead of OAuth2 ADMIN scope  
 - Added a plugin test.
-
+2023-02-15
+- Moved user-group retrieval API to UserGroupAdminController 
+  and changed the service path URL of UserGroupAdminController. 
 
 # version 0.69.1
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/UserGroupService.java b/full/src/main/java/de/ids_mannheim/korap/service/UserGroupService.java
index 51aa1c0..92f69c3 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/UserGroupService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/UserGroupService.java
@@ -551,20 +551,12 @@
         groupMemberDao.deleteMember(member, deletedBy, isSoftDelete);
     }
 
-    public UserGroupDto searchByName (String username, String groupName)
+    public UserGroupDto searchByName (String groupName)
             throws KustvaktException {
-        if (adminDao.isAdmin(username)) {
-            UserGroup userGroup =
-                    userGroupDao.retrieveGroupByName(groupName, true);
-            UserGroupDto groupDto = converter.createUserGroupDto(userGroup,
-                    userGroup.getMembers(), null, null);
-            return groupDto;
-        }
-        else {
-            throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,
-                    "Unauthorized operation for user: " + username, username);
-        }
-
+        UserGroup userGroup = userGroupDao.retrieveGroupByName(groupName, true);
+        UserGroupDto groupDto = converter.createUserGroupDto(userGroup,
+                userGroup.getMembers(), null, null);
+        return groupDto;
     }
 
     public void editMemberRoles (String username, String groupName,
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupAdminController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupAdminController.java
index c881cb9..6a5f146 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupAdminController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupAdminController.java
@@ -6,6 +6,7 @@
 import javax.ws.rs.FormParam;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 
@@ -22,7 +23,7 @@
 import de.ids_mannheim.korap.web.utils.ResourceFilters;
 
 @Controller
-@Path("{version}/group/admin")
+@Path("{version}/admin/group")
 @Produces(MediaType.APPLICATION_JSON + ";charset=utf-8")
 @ResourceFilters({ APIVersionFilter.class, AdminFilter.class })
 public class UserGroupAdminController {
@@ -60,5 +61,27 @@
             throw kustvaktResponseHandler.throwit(e);
         }
     }
+    
+    /**
+     * Retrieves a specific user-group. Only system admins are
+     * allowed.
+     * 
+     * @param securityContext
+     * @param groupName
+     *            group name
+     * @return a user-group
+     */
+    @POST
+    @Path("@{groupName}")
+    public UserGroupDto retrieveUserGroup (
+            @PathParam("groupName") String groupName) {
+        try {
+            return service.searchByName(groupName);
+        }
+        catch (KustvaktException e) {
+            throw kustvaktResponseHandler.throwit(e);
+        }
+
+    }
 
 }
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
index cf16395..4cd48e5 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
@@ -29,7 +29,6 @@
 import de.ids_mannheim.korap.service.UserGroupService;
 import de.ids_mannheim.korap.web.KustvaktResponseHandler;
 import de.ids_mannheim.korap.web.filter.APIVersionFilter;
-import de.ids_mannheim.korap.web.filter.AdminFilter;
 import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
 import de.ids_mannheim.korap.web.filter.BlockingFilter;
 import de.ids_mannheim.korap.web.filter.PiwikFilter;
@@ -87,33 +86,6 @@
         }
     }
 
-    
-    /**
-     * Retrieves a specific user-group. Only system admins are
-     * allowed.
-     * 
-     * @param securityContext
-     * @param groupName
-     *            group name
-     * @return a user-group
-     */
-    @GET
-    @Path("@{groupName}")
-    @ResourceFilters({ APIVersionFilter.class, AdminFilter.class })
-    public UserGroupDto retrieveUserGroup (
-            @Context SecurityContext securityContext,
-            @PathParam("groupName") String groupName) {
-        TokenContext context =
-                (TokenContext) securityContext.getUserPrincipal();
-        try {
-            return service.searchByName(context.getUsername(), groupName);
-        }
-        catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
-        }
-
-    }
-
     /**
      * Creates a user group with the group owner as the only group
      * member. The group owner is the authenticated user in the token
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerAdminTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerAdminTest.java
index 354f6f9..33d6532 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerAdminTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerAdminTest.java
@@ -55,8 +55,8 @@
         f.param("username", "dory");
         f.param("token", "secret");
         
-        Response response = target().path(API_VERSION).path("group")
-                .path("admin").path("list")
+        Response response = target().path(API_VERSION)
+                .path("admin").path("group").path("list")
                 .request()
                 .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED)
                 .post(Entity.form(f));
@@ -97,8 +97,8 @@
         Form f = new Form();
         f.param("username", "dory");
         
-        Response response = target().path(API_VERSION).path("group")
-                .path("admin").path("list")
+        Response response = target().path(API_VERSION)
+                .path("admin").path("group").path("list")
                 .request()
                 .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue(testUser, "pass"))
@@ -117,8 +117,8 @@
         f.param("username", "dory");
         f.param("status", "ACTIVE");
         
-        Response response = target().path(API_VERSION).path("group")
-                .path("admin").path("list")
+        Response response = target().path(API_VERSION)
+                .path("admin").path("group").path("list")
                 .queryParam("username", "dory").queryParam("status", "ACTIVE")
                 .request()
                 .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
@@ -152,8 +152,8 @@
     @Test
     public void testListByStatusAll () throws
             ProcessingException, KustvaktException {
-        Response response = target().path(API_VERSION).path("group")
-                .path("admin").path("list")
+        Response response = target().path(API_VERSION)
+                .path("admin").path("group").path("list")
                 .request()
                 .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue(sysAdminUser, "pass"))
@@ -179,8 +179,8 @@
         Form f = new Form();
         f.param("status", "HIDDEN");
         
-        Response response = target().path(API_VERSION).path("group")
-                .path("admin").path("list")
+        Response response = target().path(API_VERSION)
+                .path("admin").path("group").path("list")
                 .queryParam("status", "HIDDEN")
                 .request()
                 .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
@@ -313,13 +313,14 @@
     private JsonNode retrieveGroup (String groupName)
             throws ProcessingException,
             KustvaktException {
-        Response response = target().path(API_VERSION).path("group")
-                .path("@" + groupName)
-                .request()
-                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
-                        .createBasicAuthorizationHeaderValue(sysAdminUser, "pass"))
+        Response response = target().path(API_VERSION).path("admin")
+                .path("group").path("@" + groupName).request()
+                .header(Attributes.AUTHORIZATION,
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue(
+                                        sysAdminUser, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .get();
+                .post(null);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
 
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
index 853d5cc..3b6bc5f 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
@@ -387,8 +387,8 @@
         // EM: this is so complicated because the group retrieval are not allowed 
         // for delete groups
         // check group
-        response = target().path(API_VERSION).path("group")
-                .path("admin").path("list")
+        response = target().path(API_VERSION)
+                .path("admin").path("group").path("list")
                 .request()
                 .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue(admin, "pass"))
@@ -793,13 +793,12 @@
 
     private void checkGroupMemberRole (String groupName, String deletedMemberName)
             throws KustvaktException {
-        Response response = target().path(API_VERSION).path("group")
-                .path("@"+groupName)
+        Response response = target().path(API_VERSION)
+                .path("admin").path("group").path("@"+groupName)
                 .request()
                 .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue(admin, "pass"))
-                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .get();
+                .post(null);
         String entity = response.readEntity(String.class);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/VCReferenceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/VCReferenceTest.java
index baeed7c..fe2c1df 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/VCReferenceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/VCReferenceTest.java
@@ -228,8 +228,8 @@
         f.param("status", "HIDDEN");
         
         // check dory in the hidden group of the vc
-        response = target().path(API_VERSION).path("group")
-                .path("admin").path("list")
+        response = target().path(API_VERSION)
+                .path("admin").path("group").path("list")
                 .request()
                 .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue("admin", "pass"))
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
index c764225..3730e82 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
@@ -226,8 +226,8 @@
         Form f = new Form();
         f.param("status", "HIDDEN");
         // check gill in the hidden group of the vc
-        Response response = target().path(API_VERSION).path("group")
-                .path("admin").path("list")
+        Response response = target().path(API_VERSION)
+                .path("admin").path("group").path("list")
                 .request()
                 .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue("admin", "pass"))
@@ -404,13 +404,13 @@
     private JsonNode testCheckHiddenGroup (String groupName)
             throws ProcessingException,
             KustvaktException {
-        Response response = target().path(API_VERSION).path("group")
-                .path("@"+groupName)
+        Response response = target().path(API_VERSION)
+                .path("admin").path("group").path("@"+groupName)
                 .request()
                 .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue("admin", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .get();
+                .post(null);
 
         String entity = response.readEntity(String.class);
         return JsonUtils.readTree(entity);