SAK-40943 Always include current user memberships

When getting memberships for the current user the list of sites to return the results for were incorrectly getting filtered so that only the entries where the current user was allowed to view the roster in the site. That should have only been happening when the a non-admin user was looking for the memberships of a different user.

entitybroker/core-providers/src/java/org/sakaiproject/entitybroker/providers/MembershipEntityProvider.java

@@ -705,18 +705,22 @@ public List<EntityData> getEntities(EntityReference ref, Search search) {
                 throw new IllegalArgumentException("unable to find user with id ("+userId+")");
             }
 
-            boolean userCurrent = userId.equals(currentUserId);
 
             // Is there a faster way to do this? I really truly hope so -AZ
             // Only if you don't care about getMember details -MJ
             List<Site> allUserSites = siteService.getUserSites(false, userId);
+            List<Site> sites = new ArrayList<>();
 
-            // Filter out sites where the logged in user of EB does not have view roster status.
-            List<Site> sites = new ArrayList<Site>();
-            for (Site site: allUserSites) {
-                if (siteService.allowViewRoster(site.getId())) {
-                    sites.add(site);
+            boolean userCurrent = userId.equals(currentUserId);
+            if (!userCurrent) {
+                // Filter out sites where the logged in user of EB does not have view roster status.
+                for (Site site : allUserSites) {
+                    if (siteService.allowViewRoster(site.getId())) {
+                        sites.add(site);
+                    }
                 }
+            } else {
+                sites = allUserSites;
             }
 
             if (includeMemberDetails) {

entitybroker/core-providers/src/test/org/sakaiproject/entitybroker/providers/MembershipEntityProviderTest.java

@@ -417,6 +417,84 @@ public void getEntitiesPreservesDotsInGroupIds() throws IdUnusedException {
         assertEquals("user-foo::group:group.with.dots", results.get(0).getEntityId());
     }
 
+
+    @Test
+    public void getEntityDifferentUserNoRoster() {
+        Search search = new Search();
+        search.addRestriction(new Restriction(CollectionResolvable.SEARCH_USER_REFERENCE, "otherUserId"));
+
+        User user = mock(User.class);
+        when(user.getId()).thenReturn("otherUserId");
+
+        when(developerHelperService.getCurrentUserId()).thenReturn("currentUserId");
+
+        when(userEntityProvider.findAndCheckUserId("otherUserId", null)).thenReturn("otherUserId");
+
+        Site site = mock(Site.class);
+        when(site.getId()).thenReturn("siteId");
+        when(siteService.getUserSites(false, "otherUserId")).thenReturn(Collections.singletonList(site));
+        when(siteService.allowViewRoster("siteId")).thenReturn(false);
+
+        List<EntityData> entities = provider.getEntities(null, search);
+        assertEquals(0, entities.size());
+    }
+
+    @Test
+    public void getEntityDifferentUserWithRoster() {
+        Search search = new Search();
+        search.addRestriction(new Restriction(CollectionResolvable.SEARCH_USER_REFERENCE, "otherUserId"));
+
+        User user = mock(User.class);
+        when(user.getId()).thenReturn("otherUserId");
+
+        Member member = mock(Member.class);
+        when(member.getUserId()).thenReturn("otherUserId");
+        when(member.getUserEid()).thenReturn("otherUserEid");
+
+        when(developerHelperService.getCurrentUserId()).thenReturn("currentUserId");
+
+        when(userEntityProvider.findAndCheckUserId("otherUserId", null)).thenReturn("otherUserId");
+
+        Site site = mock(Site.class);
+        when(site.getId()).thenReturn("siteId");
+        when(site.getReference()).thenReturn("/site/siteId");
+        when(site.getType()).thenReturn("test");
+        when(site.getMember("otherUserId")).thenReturn(member);
+        when(siteService.getUserSites(false, "otherUserId")).thenReturn(Collections.singletonList(site));
+        when(siteService.allowViewRoster("siteId")).thenReturn(true);
+
+        List<EntityData> entities = provider.getEntities(null, search);
+        assertEquals(1, entities.size());
+        assertEquals("otherUserId::site:siteId", entities.get(0).getEntityId());
+    }
+
+    @Test
+    public void getEntitySameUserNoRoster() {
+        User user = mock(User.class);
+        when(user.getId()).thenReturn("currentUserId");
+
+        Member member = mock(Member.class);
+        when(member.getUserId()).thenReturn("currentUserId");
+        when(member.getUserEid()).thenReturn("currentUserEid");
+
+        when(developerHelperService.getCurrentUserId()).thenReturn("currentUserId");
+
+        when(userEntityProvider.findAndCheckUserId("currentUserId", null)).thenReturn("currentUserId");
+
+        Site site = mock(Site.class);
+        when(site.getId()).thenReturn("siteId");
+        when(site.getReference()).thenReturn("/site/siteId");
+        when(site.getType()).thenReturn("test");
+        when(site.getMember("currentUserId")).thenReturn(member);
+        when(siteService.getUserSites(false, "currentUserId")).thenReturn(Collections.singletonList(site));
+        // Check even when you don't have permission to view roster you still can see your own membership
+        when(siteService.allowViewRoster("siteId")).thenReturn(false);
+
+        List<EntityData> entities = provider.getEntities(null, null);
+        assertEquals(1, entities.size());
+        assertEquals("currentUserId::site:siteId", entities.get(0).getEntityId());
+    }
+
     // we don't have a createEntityPreservesDotsInSiteIdQueryParams() test b/c passing a
     // org.sakaiproject.mock.domain.Member to createEntity() doesn't actually work.