Changed cdstar-proxy-search to support privileged search queries.

Admin users with special permissions should be able to submit privileged
unfiltered searches in the future.

cdstar-plugins-pom/cdstar-proxy-search/README.adoc

@@ -45,11 +45,13 @@ The search gateway should accept POST requests at the configured target URL with
 | limit | int | User provided limit for results per page. (optional)
 | scroll | string | User provided scroll handle. (optional)
 | vault | string | Name of the vault this search is performed on.
-| principal | string | Principal name (including domain) of the user performing the search. (optional)
-| groups | array(string) | List of groups the searching user belongs to. (optional)
+| principal | object | Security context for this search request. If missing or None, assume an unauthenticated user.
+| principal.name | string | Name (including domain) of the user performing the search. (optional)
+| principal.groups | array(string) | List of groups the searching user belongs to. (optional)
+| principal.privileged | boolean | If true, assume the user can see all results. (default: false)
 |=========
 
-The `q`, `order`, `limit` and `scroll` fields correspond to the (cleaned up) user provided search parameters as defined by the CDSTAR search API. `vault`, `principal` and `groups` are added by CDSTAR. The search target should use `principal` and `groups` to limit search results to entities visible to the logged-in user. If these are not defined, the search should only return public results.
+The `q`, `order`, `limit` and `scroll` fields correspond to the (cleaned up) user provided search parameters as defined by the CDSTAR search API. `vault` and `principal` are added by CDSTAR. The search target should limit search results to entities visible to the specified `principal`. If no principal is present (null, missing or empty), the search should only return publicly visible results. If `principal.privileged` is true, the search should not filter by visibility and return all matching results.
 
 .Example Request
 [source,json]
@@ -61,8 +63,11 @@ Content-Type: application/json
     "order": ["-score"],
     "limit": 100,
     "vault": "myVault",
-    "principal": "alice@realm",
-    "groups": ["users@realm"]
+    "principal": {
+        "name": "alice@realm",
+        "groups": ["users@realm"],
+        "privileged": false
+    }
 }
 ----
 

cdstar-plugins-pom/cdstar-proxy-search/src/main/java/de/gwdg/cdstar/ext/proxysearch/JsonQuery.java

@@ -12,6 +12,11 @@ public class JsonQuery {
 	public String scroll;
 
 	public String vault;
-	public String principal;
-	public List<String> groups;
+	public PrincipalInfo principal = new PrincipalInfo();
+
+	public static class PrincipalInfo {
+		public String name;
+		public List<String> groups;
+		public boolean privileged;
+	}
 }

cdstar-plugins-pom/cdstar-proxy-search/src/main/java/de/gwdg/cdstar/ext/proxysearch/ProxySearchProvider.java

@@ -185,8 +185,8 @@ class ProxySearchProvider implements SearchProvider, Closeable {
 
 		// Trusted parameters
 		queryDoc.vault = q.getVault();
-		queryDoc.principal = q.getPrincipal();
-		queryDoc.groups = new ArrayList<>(q.getGroups());
+		queryDoc.principal.name = q.getPrincipal();
+		queryDoc.principal.groups = new ArrayList<>(q.getGroups());
 		return queryDoc;
 	}
 

cdstar-plugins-pom/cdstar-proxy-search/src/test/java/de/gwdg/cdstar/ext/proxysearch/ProxySearchProviderTest.java

@@ -64,8 +64,8 @@ public class ProxySearchProviderTest {
 
 		assertHeader("Accept", "application/json", rs);
 		assertEquals("q", jq.q);
-		assertEquals("testP", jq.principal);
-		assertEquals(Arrays.asList("g1", "g2"), jq.groups);
+		assertEquals("testP", jq.principal.name);
+		assertEquals(Arrays.asList("g1", "g2"), jq.principal.groups);
 	}
 
 
@@ -82,8 +82,8 @@ public class ProxySearchProviderTest {
 		assertEquals(Arrays.asList("a", "b"), jq.order);
 		assertEquals("s", jq.scroll);
 
-		assertEquals("p", jq.principal);
-		assertEquals(Arrays.asList("g1", "g2"), jq.groups);
+		assertEquals("p", jq.principal.name);
+		assertEquals(Arrays.asList("g1", "g2"), jq.principal.groups);
 	}
 
 	@Test
@@ -97,8 +97,8 @@ public class ProxySearchProviderTest {
 		assertEquals(0, jq.limit);
 		assertNull(jq.order);
 		assertNull(jq.scroll);
-		assertNull(jq.principal);
-		assertNull(jq.groups);
+		assertNull(jq.principal.name);
+		assertTrue(jq.principal.groups.isEmpty());
 	}
 
 	@Test