Draft: F acm permissions2

Summary

Insert a meaningful description for this merge request here.  What is the
new/changed behavior? Which bug has been fixed? Are there related Issues?

Focus

Point the reviewer to the core of the code change. Where should they start
reading? What should they focus on (e.g. security, performance,
maintainability, user-friendliness, compliance with the specs, finding more
corner cases, concrete questions)?

Test Environment

How to set up a test environment for manual testing?

Check List for the Author

Please, prepare your MR for a review. Be sure to write a summary and a focus and create gitlab comments for the reviewer. They should guide the reviewer through the changes, explain your changes and also point out open questions. For further good practices have a look at our review guidelines

• All automated tests pass
• Reference related Issues
• Up-to-date CHANGELOG.md
• Annotations in code (Gitlab comments)
  • Intent of new code
  • Problems with old code
  • Why this implementation?

Check List for the Reviewer

• I understand the intent of this MR
• All automated tests pass
• Up-to-date CHANGELOG.md
• The test environment setup works and the intended behavior is reproducible in the test environment
• In-code documentation and comments are up-to-date.
• Check: Are there spezifications? Are they satisfied?

For further good practices have a look at our review guidelines.

src/main/java/org/caosdb/server/permissions/AbstractEntityACLFactory.java

@@ -169,7 +169,17 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
     return create(acis);
   }
 
+  /**
+   * Normalize the permission rules.
+   *
+   * <p>This means that rules which are overriden by other rules are removed. E.g. a granting rule
+   * for the permission X and the agent P would be removed if there is a denial of X (for P) with
+   * the same or a higher priority. Likewise, A denial of Y for agent Q would be removed if there is
+   * a granting rule of Y (for Q) with a higher priority.
+   */
   private void normalize() {
+    // 1. run through all prioritized denials and remove overriden rules
+    // (priority grants, normal grants and normal denials)
     Iterator<Entry<ResponsibleAgent, Long>> iterator = this.priorityDenials.entrySet().iterator();
     while (iterator.hasNext()) {
       Entry<ResponsibleAgent, Long> next = iterator.next();
@@ -189,6 +199,8 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
         this.normalGrants.put(agent, this.normalGrants.get(agent) & ~bitset);
       }
     }
+    // 2. run through all prioritized grants and remove overriden rules (normal
+    // denials and grants)
     iterator = this.priorityGrants.entrySet().iterator();
     while (iterator.hasNext()) {
       Entry<ResponsibleAgent, Long> next = iterator.next();
@@ -205,6 +217,7 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
         this.normalGrants.put(agent, this.normalGrants.get(agent) & ~bitset);
       }
     }
+    // 3. run through all normal denials and remove overriden rules (normal grants)
     iterator = this.normalDenials.entrySet().iterator();
     while (iterator.hasNext()) {
       Entry<ResponsibleAgent, Long> next = iterator.next();
@@ -218,6 +231,7 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
         this.normalGrants.put(agent, this.normalGrants.get(agent) & ~bitset);
       }
     }
+    // finally, remove all remaining empty grants
     iterator = this.normalGrants.entrySet().iterator();
     while (iterator.hasNext()) {
       Entry<ResponsibleAgent, Long> next = iterator.next();
@@ -237,9 +251,18 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
 
   protected abstract T create(Collection<EntityACI> acis);
 
-  public AbstractEntityACLFactory<T> remove(EntityACL permissions) {
-    if (permissions != null) {
-      for (EntityACI aci : permissions.getRules()) {
+  /**
+   * Remove all rules of the `other` EntityACL from this factory.
+   *
+   * <p>This is mainly used for removing all rules which belong to the global entity ACL from this
+   * ACL before storing it to the backend.
+   *
+   * @param other
+   * @return the same object with changed rule set.
+   */
+  public AbstractEntityACLFactory<T> remove(EntityACL other) {
+    if (other != null) {
+      for (EntityACI aci : other.getRules()) {
         if (EntityACL.isAllowance(aci.getBitSet())) {
           if (EntityACL.isPriorityBitSet(aci.getBitSet())) {
             Long bitset = this.priorityGrants.get(aci.getResponsibleAgent());