From 6fea087b9502a0dbb6e09f7b62aea86ef2b027ba Mon Sep 17 00:00:00 2001
From: Florian Necas <florian.necas@camptocamp.com>
Date: Wed, 20 Nov 2024 10:46:28 +0100
Subject: [PATCH] fix : user synchronizer if only reviewer and not both

---
 .github/workflows/georchestra-gn4.yml              |  2 +-
 .../external/integration/UserSynchronizer.java     | 14 ++++++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/georchestra-gn4.yml b/.github/workflows/georchestra-gn4.yml
index 8cd3a507d9..12d0637404 100644
--- a/.github/workflows/georchestra-gn4.yml
+++ b/.github/workflows/georchestra-gn4.yml
@@ -57,7 +57,7 @@ jobs:
 
     - name: "publish the webapp as artifact"
       if: github.repository == 'georchestra/geonetwork' && github.actor != 'dependabot[bot]' && github.ref == 'refs/heads/georchestra-gn4.2.x' && github.event_name != 'pull_request'
-      uses: actions/upload-artifact@v1
+      uses: actions/upload-artifact@v4
       with:
         name: geonetwork.war
         path: web/target/geonetwork.war
diff --git a/georchestra-integration/externalized-accounts/src/main/java/org/geonetwork/security/external/integration/UserSynchronizer.java b/georchestra-integration/externalized-accounts/src/main/java/org/geonetwork/security/external/integration/UserSynchronizer.java
index f5e8680cf3..d006fdc8a1 100644
--- a/georchestra-integration/externalized-accounts/src/main/java/org/geonetwork/security/external/integration/UserSynchronizer.java
+++ b/georchestra-integration/externalized-accounts/src/main/java/org/geonetwork/security/external/integration/UserSynchronizer.java
@@ -147,12 +147,22 @@ private void synchronizeUserGroups(User user, List<Privilege> privileges) {
     }
 
     private List<UserGroup> resolveNewPrivileges(User user, List<Privilege> actual) {
-        List<Privilege> editors = actual.stream().filter(privilege -> privilege.getProfile() == Profile.Reviewer)//
-                .map(privilege -> {
+
+        List<Privilege> editors = actual.stream().filter(privilege -> privilege.getProfile() == Profile.Reviewer || privilege.getProfile() == Profile.Editor)
+            // group by geonetwork group
+            .collect(Collectors.groupingBy(Privilege::getGroup))//
+            .values().stream()//
+            // check if both reviewer and editor are present for the same group and profile is only reviewer
+            .filter(privileges -> privileges.size() == 1 && privileges.get(0).getProfile() == Profile.Reviewer)
+            // get first privilege (reviewer)
+            .map(privileges -> privileges.get(0))
+            // create a new privilege with editor profile
+            .map(privilege -> {
                     log.debug("User {} is a reviewer of group {}", user.getUsername(),
                         privilege.getGroup().getName());
                     return new Privilege(privilege.getGroup(), Profile.Editor);
                 }).collect(Collectors.toList());
+        //Combine all the privileges
         editors.addAll(actual);
 
         return editors.stream()//