From 61da55e289ad42c880272e8341952708fdc11b36 Mon Sep 17 00:00:00 2001
From: evasques <eva.vasques@gmail.com>
Date: Fri, 5 Jun 2020 15:18:15 +0100
Subject: [PATCH] MNT-21585 - Having EVERYONE in original ACL causes IPR
 duplication (#1144)

* MNT-21585 - Having EVERYONE in original authorities causes IPR duplication

* Update License Headers

* prevent NPE when authorities is null and refactored findIPRGroup method
---
 .../security/ExtendedSecurityServiceImpl.java      | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
index 1e8ab62b09..0f6205520b 100644
--- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
@@ -407,13 +407,12 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
                 // if exists and matches we have found our group
                 if (isIPRGroupTrueMatch(group, authorities))
                 {
-                    iprGroup = group;
-                    break;
+                    return new Pair<String, Integer>(group, nextGroupIndex);
                 }
             }
 
             // determine if there are any more pages to inspect
-            hasMoreItems = results.hasMoreItems();
+            hasMoreItems = hasMoreItems ? results.hasMoreItems() : false;
             pageCount ++;
         }
 
@@ -429,8 +428,15 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
      */
     private boolean isIPRGroupTrueMatch(String group, Set<String> authorities)
     {
+        //Remove GROUP_EVERYONE for proper comparison as GROUP_EVERYONE is never included in an IPR group
+        Set<String> plainAuthorities = new HashSet<String>();
+        if (authorities != null)
+        {
+            plainAuthorities.addAll(authorities);
+            plainAuthorities.remove(PermissionService.ALL_AUTHORITIES);
+        }
         Set<String> contained =  authorityService.getContainedAuthorities(null, group, true);
-        return contained.equals(authorities);
+        return contained.equals(plainAuthorities);
     }
 
     /**