filtering for admin parameters didn't work properly

rest-api/src/main/java/lcsb/mapviewer/api/configuration/ConfigurationController.java

 package lcsb.mapviewer.api.configuration;
 
 import java.io.IOException;
-import java.util.List;
-import java.util.Map;
-import java.util.TreeMap;
+import java.util.*;
 import java.util.stream.Collectors;
 
 import javax.servlet.ServletContext;
 
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.web.bind.annotation.*;
 
 import lcsb.mapviewer.api.BaseController;
 import lcsb.mapviewer.api.QueryException;
+import lcsb.mapviewer.model.security.PrivilegeType;
 import lcsb.mapviewer.services.interfaces.IConfigurationService;
 
 @RestController
 @RequestMapping(value = "/configuration", produces = MediaType.APPLICATION_JSON_VALUE)
 public class ConfigurationController extends BaseController {
 
+  Logger logger = LogManager.getLogger();
+
   private ConfigurationRestImpl configurationController;
   private IConfigurationService configurationService;
   private ServletContext context;
 
   @Autowired
   public ConfigurationController(ConfigurationRestImpl configurationController,
-                                 IConfigurationService configurationService,
-                                 ServletContext context) {
+      IConfigurationService configurationService,
+      ServletContext context) {
     this.configurationController = configurationController;
     this.configurationService = configurationService;
     this.context = context;
@@ -61,9 +64,10 @@ public class ConfigurationController extends BaseController {
 
   @GetMapping(value = "/options/")
   public List<Map<String, Object>> getOptions(Authentication authentication) {
-    boolean isAdmin = authentication.getAuthorities().contains((GrantedAuthority) () -> "IS_ADMIN");
+    boolean isAdmin = authentication.getAuthorities()
+        .contains(new SimpleGrantedAuthority(PrivilegeType.IS_ADMIN.toString()));
     return configurationController.getAllValues().stream()
-        .filter(option -> !(Boolean) option.get("isServerSide") || isAdmin)
+        .filter(option -> !((Boolean) option.get("isServerSide")) || isAdmin)
         .collect(Collectors.toList());
   }
 

web/src/test/java/lcsb/mapviewer/web/ConfigurationControllerIntegrationTest.java

 package lcsb.mapviewer.web;
 
+import static org.junit.Assert.*;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
 
 import java.util.HashMap;
 import java.util.Map;
 
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -17,7 +20,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.web.servlet.RequestBuilder;
 import org.springframework.transaction.annotation.Transactional;
 
-import com.google.gson.Gson;
+import com.google.gson.*;
 
 import lcsb.mapviewer.model.security.PrivilegeType;
 import lcsb.mapviewer.model.user.ConfigurationElementType;
@@ -28,16 +31,21 @@ import lcsb.mapviewer.services.interfaces.IUserService;
 @Transactional
 @Rollback
 public class ConfigurationControllerIntegrationTest extends ControllerIntegrationTest {
+  Logger logger = LogManager.getLogger();
 
   private static final String TEST_USER_PASSWORD = "test_pass";
 
   private static final String TEST_USER_LOGIN = "test_user";
-  
+
+  private static final String TEST_ADMIN_PASSWORD = "test_admin_pass";
+
+  private static final String TEST_ADMIN_LOGIN = "test_admin";
+
   @Autowired
   private IUserService userService;
 
   private User user;
-  
+
   @Before
   public void setup() {
     user = createUser(TEST_USER_LOGIN, TEST_USER_PASSWORD);
@@ -71,6 +79,43 @@ public class ConfigurationControllerIntegrationTest extends ControllerIntegratio
         .andExpect(status().is2xxSuccessful());
   }
 
+  @Test
+  public void accessConfigurationOptionsAsAnonymous() throws Exception {
+    RequestBuilder request = get("/configuration/options/");
+
+    String response = mockMvc.perform(request)
+        .andExpect(status().is2xxSuccessful()).andReturn().getResponse().getContentAsString();
+
+    JsonArray options = new JsonParser()
+        .parse(response)
+        .getAsJsonArray();
+    for (JsonElement jsonElement : options) {
+      assertFalse(jsonElement.getAsJsonObject().get("isServerSide").getAsBoolean());
+    }
+
+  }
+
+  @Test
+  public void accessConfigurationOptionsAsAdmin() throws Exception {
+    createAdmin(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
+    MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
+
+    RequestBuilder request = get("/configuration/options/").session(session);
+
+    String response = mockMvc.perform(request)
+        .andExpect(status().is2xxSuccessful()).andReturn().getResponse().getContentAsString();
+
+    JsonArray options = new JsonParser()
+        .parse(response)
+        .getAsJsonArray();
+
+    boolean includeServerSide = false;
+    for (JsonElement jsonElement : options) {
+      includeServerSide |= jsonElement.getAsJsonObject().get("isServerSide").getAsBoolean();
+    }
+    assertTrue(includeServerSide);
+  }
+
   @Test
   public void testSetSmtpPortWithoutAdminPrivileges() throws Exception {
     MockHttpSession session = createSession(TEST_USER_LOGIN, TEST_USER_PASSWORD);