RSDEV-488: fix possible NPE when populating response to public API /folders endpoints (#249) (#256)

Author: mKowalski256

src/main/java/com/researchspace/api/v1/model/RecordTreeItemInfo.java

@@ -9,6 +9,8 @@
 import com.researchspace.core.util.jsonserialisers.ISO8601DateTimeSerialiser;
 import com.researchspace.model.User;
 import com.researchspace.model.record.BaseRecord;
+import com.researchspace.model.record.Folder;
+import java.util.Optional;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import lombok.NoArgsConstructor;
@@ -49,13 +51,16 @@ public class RecordTreeItemInfo extends IdentifiableNameableApiObject {
   @JsonProperty("type")
   private ApiRecordType type = null;
 
-  public RecordTreeItemInfo(BaseRecord record, User authorisedSubject) {
+  public RecordTreeItemInfo(BaseRecord record, User user) {
     super(record.getId(), record.getGlobalIdentifier(), record.getName());
     setCreatedMillis(record.getCreationDateMillis());
     setLastModifiedMillis(record.getModificationDateMillis());
     // set parent folder if user is owner of document else null
-    if (authorisedSubject.equals(record.getOwner()) && record.hasParents()) {
-      setParentFolderId(record.getOwnerParent().get().getId());
+    if (user.equals(record.getOwner()) && record.hasParents()) {
+      Optional<Folder> parentForCurrentUser = record.getOwnerOrSharedParentForUser(user);
+      if (parentForCurrentUser.isPresent()) {
+        setParentFolderId(parentForCurrentUser.get().getId());
+      }
     }
     setOwner(new ApiUser(record.getOwner()));
     if (record.isNotebook()) {

src/main/java/com/researchspace/webapp/controller/GalleryController.java

@@ -819,8 +819,7 @@ public AjaxReturnObject<List<RecordInformation>> getDocumentsLinkedToAttachment(
 
   /**
    * Gets record information for a list of IDs (and revision numbers) of EcatMediaFiles
-   * If info cannot be retrieved, value of map will be null and there will be an error
-   *
+   * 
    * @param ids
    * @param revisions
    * @return a map with keys in "$id-$revision" format

src/test/java/com/researchspace/api/v1/controller/FolderApiControllerMVCIT.java

@@ -262,7 +262,7 @@ public void traverseFolderAndSharedFolder() throws Exception {
       result = deleteByIdFailsWith4xxStatus(u1, apiKey, info.getId());
     }
 
-    // ser shouldn't be able to create content inside these folders either.
+    // user shouldn't be able to create content inside these folders either.
     ApiFolder folderPost = new ApiFolder();
     folderPost.setName("TestFolder");
     folderPost.setParentFolderId(sharedId);
@@ -294,6 +294,30 @@ public void traverseFolderAndSharedFolder() throws Exception {
         deleteByIdFailsWith4xxStatus(group.getPi(), piApiKey, getRootFolderForUser(u1).getId());
   }
 
+  @Test
+  public void listOwnSharedFolderInNonOwnedFolder_RSDEV_488() throws Exception {
+    TestGroup group = createTestGroup(2);
+    User u1 = group.u1();
+    logoutAndLoginAs(u1);
+    String apiKey = createNewApiKeyForUser(u1);
+
+    Long groupSharedFolderId = group.getGroup().getCommunalGroupFolderId();
+    ApiFolder folderPost = new ApiFolder();
+    folderPost.setName("u1 test folder in group's shared folder");
+    folderPost.setParentFolderId(groupSharedFolderId);
+    MvcResult result = this.mockMvc.perform(folderCreate(u1, apiKey, folderPost)).andReturn();
+    ApiFolder created = getFromJsonResponseBody(result, ApiFolder.class);
+    assertNotNull(created.getId());
+
+    // listing of top-level folder works fine for u1 (RSDEV-488)
+    ApiRecordTreeItemListing sharedFolderListing =
+        performFolderListingById(u1, apiKey, groupSharedFolderId);
+    assertEquals(1, sharedFolderListing.getTotalHits().intValue());
+    RecordTreeItemInfo retrievedFolder = sharedFolderListing.getRecords().get(0);
+    assertEquals(u1.getUsername(), retrievedFolder.getOwner().getUsername());
+    assertEquals(groupSharedFolderId, retrievedFolder.getParentFolderId());
+  }
+
   private long getIdFromNameForListing(String name, ApiRecordTreeItemListing listing) {
     return listing.getRecords().stream()
         .filter(item -> item.getName().equals(name))