DAR permissions fix

mica-core/src/main/java/org/obiba/mica/security/realm/MicaAuthorizingRealm.java

@@ -161,6 +161,9 @@ public Collection<Permission> resolvePermissionsInRole(String roleString) {
           }));
           return perms;
         case Roles.MICA_DAO:
+          // can view and delete any data access requests
+          return mergePermissions(
+            "/data-access-request:ADD,/data-access-request:VIEW,/data-access-request:DELETE,/files:UPLOAD", permissions);
         case Roles.MICA_USER:
           return mergePermissions("/data-access-request:ADD,/files:UPLOAD", permissions);
       }

mica-rest/src/main/java/org/obiba/mica/access/rest/DataAccessRequestResource.java

@@ -126,6 +126,7 @@ public Response delete(@PathParam("id") String id) {
       // remove associated comments
       commentsService.delete(DataAccessRequest.class.getSimpleName(), id);
       eventBus.post(new ResourceDeletedEvent("/data-access-request", id));
+      eventBus.post(new ResourceDeletedEvent("/data-access-request/" + id, "_status"));
     } catch(NoSuchDataAccessRequestException e) {
       // ignore
     }
@@ -237,7 +238,7 @@ private Response submit(String id) {
   private Response open(@PathParam("id") String id) {
     DataAccessRequest request = dataAccessRequestService.updateStatus(id, DataAccessRequest.Status.OPENED);
     // restore applicant permissions
-    subjectAclService.addUserPermission(request.getApplicant(), "/data-access-request", "EDIT,DELETE", id);
+    subjectAclService.addUserPermission(request.getApplicant(), "/data-access-request", "VIEW,EDIT,DELETE", id);
     subjectAclService.addUserPermission(request.getApplicant(), "/data-access-request/" + id, "EDIT", "_status");
     // data access officers cannot change the status of this request anymore
     subjectAclService.removeGroupPermission(Roles.MICA_DAO, "/data-access-request/" + id, "EDIT", "_status");