keeps
diff --git a/‎roda-common/roda-common-data/src/main/java/org/roda/core/data/common/RodaConstants.java‎
Lines changed: 3 additions & 0 deletions b/‎roda-common/roda-common-data/src/main/java/org/roda/core/data/common/RodaConstants.java‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎roda-core/roda-core/src/main/java/org/roda/core/common/CryptographyUtils.java‎
Lines changed: 40 additions & 0 deletions b/‎roda-core/roda-core/src/main/java/org/roda/core/common/CryptographyUtils.java‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎roda-core/roda-core/src/main/java/org/roda/core/model/DefaultModelService.java‎
Lines changed: 5 additions & 2 deletions b/‎roda-core/roda-core/src/main/java/org/roda/core/model/DefaultModelService.java‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎roda-ui/roda-wui/src/main/java/config/i18n/client/ClientMessages.java‎
Lines changed: 17 additions & 0 deletions b/‎roda-ui/roda-wui/src/main/java/config/i18n/client/ClientMessages.java‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎roda-ui/roda-wui/src/main/java/org/roda/wui/api/v2/controller/MembersController.java‎
Lines changed: 6 additions & 2 deletions b/‎roda-ui/roda-wui/src/main/java/org/roda/wui/api/v2/controller/MembersController.java‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎roda-ui/roda-wui/src/main/java/org/roda/wui/client/browse/tabs/RODAMemberTabs.java‎
Lines changed: 24 additions & 2 deletions b/‎roda-ui/roda-wui/src/main/java/org/roda/wui/client/browse/tabs/RODAMemberTabs.java‎
Lines changed: 24 additions & 2 deletions
diff --git a/‎…ui/client/common/UserActionsToolbar.java‎ ‎…ent/common/RODAMemberActionsToolbar.java‎roda-ui/roda-wui/src/main/java/org/roda/wui/client/common/UserActionsToolbar.java renamed to roda-ui/roda-wui/src/main/java/org/roda/wui/client/common/RODAMemberActionsToolbar.java
Lines changed: 6 additions & 3 deletions b/‎…ui/client/common/UserActionsToolbar.java‎ ‎…ent/common/RODAMemberActionsToolbar.java‎roda-ui/roda-wui/src/main/java/org/roda/wui/client/common/UserActionsToolbar.java renamed to roda-ui/roda-wui/src/main/java/org/roda/wui/client/common/RODAMemberActionsToolbar.java
Lines changed: 6 additions & 3 deletions
diff --git a/‎roda-ui/roda-wui/src/main/java/org/roda/wui/client/common/actions/RODAMemberToolbarActions.java‎
Lines changed: 24 additions & 7 deletions b/‎roda-ui/roda-wui/src/main/java/org/roda/wui/client/common/actions/RODAMemberToolbarActions.java‎
Lines changed: 24 additions & 7 deletions
diff --git a/‎roda-ui/roda-wui/src/main/java/org/roda/wui/client/common/dialogs/AccessKeyDialogs.java‎
Lines changed: 12 additions & 47 deletions b/‎roda-ui/roda-wui/src/main/java/org/roda/wui/client/common/dialogs/AccessKeyDialogs.java‎
Lines changed: 12 additions & 47 deletions
@@ -2158,6 +2158,9 @@ public enum RODA_TYPE {
   public static final String PERMISSION_METHOD_CREATE_GROUP = "org.roda.wui.api.v2.controller.MembersController.createGroup";
   public static final String PERMISSION_METHOD_UPDATE_USER = "org.roda.wui.api.v2.controller.MembersController.updateUser";
   public static final String PERMISSION_METHOD_DELETE_USER = "org.roda.wui.api.v2.controller.MembersController.deleteUser";
+  public static final String PERMISSION_METHOD_REVOKE_ACCESS_TOKEN = "org.roda.wui.api.v2.controller.MembersController.regenerateAccessKey";
+  public static final String PERMISSION_METHOD_DELETE_ACCESS_TOKEN = "org.roda.wui.api.v2.controller.MembersController.deleteAccessKey";
+  public static final String PERMISSION_METHOD_REGENERATE_ACCESS_TOKEN = "org.roda.wui.api.v2.controller.MembersController.regenerateAccessKey";
 
   public static final String PERMISSION_METHOD_CREATE_ACCESS_KEY = "org.roda.wui.api.v2.controller.MembersController.createAccessKey";
 
 
@@ -0,0 +1,40 @@
+package org.roda.core.common;
+
+import org.roda.core.data.exceptions.GenericException;
+
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+/**
+ *
+ * @author Miguel Guimarães <mguimaraes@keep.pt>
+ */
+public class CryptographyUtils {
+
+  private CryptographyUtils() {
+    // do nothing
+  }
+
+  public static String hashTokenSHA256(String token) throws GenericException {
+    try {
+      MessageDigest digest = MessageDigest.getInstance("SHA-256");
+      byte[] encodedHash = digest.digest(token.getBytes(StandardCharsets.UTF_8));
+
+      // Convert the byte array into a hex string for easy storage
+      StringBuilder hexString = new StringBuilder(2 * encodedHash.length);
+      for (byte hash : encodedHash) {
+        String hex = Integer.toHexString(0xff & hash);
+        if (hex.length() == 1) {
+          hexString.append('0');
+        }
+        hexString.append(hex);
+      }
+      return hexString.toString();
+
+    } catch (NoSuchAlgorithmException e) {
+      // Wrap and throw using your application's exception handling
+      throw new GenericException("Error initializing SHA-256 hashing algorithm", e);
+    }
+  }
+}
@@ -52,6 +52,7 @@
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.roda.core.RodaCoreFactory;
+import org.roda.core.common.CryptographyUtils;
 import org.roda.core.common.JwtUtils;
 import org.roda.core.common.PremisV3Utils;
 import org.roda.core.common.ProvidesInputStream;
@@ -5266,9 +5267,10 @@ public AccessKey createAccessKey(AccessKey accessKey, String createdBy) throws G
       accessKey.setExpirationDate(expirationDate);
     }
 
-    String token = JwtUtils.generateToken(accessKey.getUserName(), accessKey.getExpirationDate());
+    String plainTextToken = JwtUtils.generateToken(accessKey.getUserName(), accessKey.getExpirationDate());
 
-    accessKey.setKey(token);
+    String hashedToken = CryptographyUtils.hashTokenSHA256(plainTextToken);
+    accessKey.setKey(hashedToken);
 
     accessKey.setCreatedOn(new Date());
     accessKey.setCreatedBy(createdBy);
@@ -5279,6 +5281,7 @@ public AccessKey createAccessKey(AccessKey accessKey, String createdBy) throws G
     StoragePath accessKeyPath = ModelUtils.getAccessKeysStoragePath(accessKey.getId());
     storage.createBinary(accessKeyPath, new StringContentPayload(accessKeyAsJson), false);
 
+    accessKey.setKey(plainTextToken);
     return accessKey;
   }
 
 
@@ -2501,6 +2501,8 @@ SafeHtml representationInformationAssociatedWithDescription(String field, String
 
   String createAccessKeyTitle();
 
+  String regenerateAccessKeyTitle();
+
   String showAccessKeyTitle();
 
   String editAccessKeyTitle();
@@ -2539,6 +2541,8 @@ SafeHtml representationInformationAssociatedWithDescription(String field, String
 
   String accessKeySuccessfullyRegenerated();
 
+  String accessKeySuccessfullyDeleted();
+
   String accessKeySuccessfullyRevoked();
 
   String accessKeyDeleteConfirmationMessage();
@@ -2547,6 +2551,8 @@ SafeHtml representationInformationAssociatedWithDescription(String field, String
 
   String accessKeyRegenerateConfirmationMessage();
 
+  String accessKeyExpirationDateInThePast();
+
   /** Market **/
   String marketPluginsActionsTabLabel();
 
@@ -2641,4 +2647,15 @@ SafeHtml representationInformationAssociatedWithDescription(String field, String
   String reasonCantActOnUser();
 
   String reasonCantActOnGroup();
+
+  // RODA Members - Permissions
+  String catalogueAndSearchGroupLabel();
+
+  String ingestPreservationActionsInternalActionsGroupLabel();
+
+  String administrationGroupLabel();
+
+  String planningGroupLabel();
+
+  String disposalGroupLabel();
 }
@@ -272,7 +272,7 @@ private static Set<String> mapCasGroupstoRODAGroups(Set<String> casGroups) {
   }
 
   @Override
-  public User getUser(String name) {
+  public RODAMember getUser(String name) {
     RequestContext requestContext = RequestUtils.parseHTTPRequest(request);
     ControllerAssistant controllerAssistant = new ControllerAssistant() {};
     LogEntryState state = LogEntryState.SUCCESS;
@@ -281,7 +281,11 @@ public User getUser(String name) {
       // check user permissions
       controllerAssistant.checkRoles(requestContext.getUser());
 
-      return membersService.retrieveUser(name);
+      if (name.startsWith("user-")) {
+        return membersService.retrieveUser(name.substring("user-".length()));
+      } else {
+        return membersService.retrieveGroup(name.substring("group-".length()));
+      }
 
     } catch (RODAException e) {
       state = LogEntryState.FAILURE;
 
@@ -2,8 +2,13 @@
 
 import com.google.gwt.safehtml.shared.SafeHtmlUtils;
 import com.google.gwt.user.client.ui.Widget;
+import org.roda.core.data.common.RodaConstants;
 import org.roda.core.data.v2.user.RODAMember;
+import org.roda.core.data.v2.user.User;
+import org.roda.wui.client.common.utils.PermissionClientUtils;
 import org.roda.wui.client.management.members.tabs.AccessKeysTab;
+import org.roda.wui.client.management.members.tabs.RODAMemberGroupsTab;
+import org.roda.wui.client.management.members.tabs.RODAMemberPermissionsTab;
 
 /**
  * @author Miguel Guimarães <mguimaraes@keep.pt>
@@ -19,11 +24,28 @@ public Widget buildTabWidget() {
       }
     });
 
-    createAndAddTab(SafeHtmlUtils.fromSafeConstant("Access Tokens"), new TabContentBuilder() {
+    createAndAddTab(SafeHtmlUtils.fromSafeConstant(member.isUser() ? messages.groups() : messages.users()), new TabContentBuilder() {
       @Override
       public Widget buildTabWidget() {
-        return new AccessKeysTab(member);
+        return new RODAMemberGroupsTab(member);
       }
     });
+
+    createAndAddTab(SafeHtmlUtils.fromSafeConstant(messages.permissionsTab()), new TabContentBuilder() {
+      @Override
+      public Widget buildTabWidget() {
+        return new RODAMemberPermissionsTab(member);
+      }
+    });
+
+    if (member.isUser() && PermissionClientUtils.hasPermissions(RodaConstants.PERMISSION_METHOD_REVOKE_ACCESS_TOKEN,
+      RodaConstants.PERMISSION_METHOD_REGENERATE_ACCESS_TOKEN, RodaConstants.PERMISSION_METHOD_DELETE_ACCESS_TOKEN)) {
+      createAndAddTab(SafeHtmlUtils.fromSafeConstant(messages.showAccessKeyTitle()), new TabContentBuilder() {
+        @Override
+        public Widget buildTabWidget() {
+          return new AccessKeysTab(member);
+        }
+      });
+    }
   }
 }
@@ -10,7 +10,6 @@
 import java.util.List;
 
 import org.roda.core.data.v2.user.RODAMember;
-import org.roda.core.data.v2.user.User;
 import org.roda.wui.client.common.actions.RODAMemberAction;
 import org.roda.wui.client.common.actions.RODAMemberToolbarActions;
 import org.roda.wui.client.common.actions.model.ActionableObject;
@@ -20,9 +19,13 @@
  *
  * @author Miguel Guimarães <mguimaraes@keep.pt>
  */
-public class UserActionsToolbar extends BrowseObjectActionsToolbar<User> {
+public class RODAMemberActionsToolbar extends BrowseObjectActionsToolbar<RODAMember> {
   public void buildIcon() {
-    setIcon("fa fa-user");
+    if (object.isUser()) {
+      setIcon("fa fa-user");
+    } else {
+      setIcon("fa fa-group");
+    }
   }
 
   public void buildTags() {
 
@@ -7,6 +7,7 @@
 import org.roda.core.data.v2.accessKey.CreateAccessKeyRequest;
 import org.roda.core.data.v2.user.RODAMember;
 import org.roda.core.data.v2.user.requests.ChangeUserStatusRequest;
+import org.roda.wui.client.common.NoAsyncCallback;
 import org.roda.wui.client.common.actions.callbacks.ActionNoAsyncCallback;
 import org.roda.wui.client.common.actions.model.ActionableBundle;
 import org.roda.wui.client.common.actions.model.ActionableGroup;
@@ -16,12 +17,12 @@
 import org.roda.wui.client.management.members.EditGroup;
 import org.roda.wui.client.management.members.EditUser;
 import org.roda.wui.client.management.members.MemberManagement;
+import org.roda.wui.client.management.members.ShowUser;
 import org.roda.wui.client.services.Services;
 import org.roda.wui.common.client.tools.HistoryUtils;
 import org.roda.wui.common.client.widgets.Toast;
 
 import java.util.Arrays;
-import java.util.Date;
 import java.util.HashSet;
 import java.util.Set;
 
@@ -206,12 +207,28 @@ public void onFailure(Throwable caught) {
 
   private void createNewAccessKey(AsyncCallback<ActionImpact> callback, RODAMember user) {
     callback.onSuccess(ActionImpact.NONE);
-    AccessKeyDialogs.showRegenerateAccessKeyDialog("test", null, true, new ActionNoAsyncCallback<CreateAccessKeyRequest>(callback) {
-      @Override
-      public void onSuccess(CreateAccessKeyRequest result) {
-        super.onSuccess(result);
-      }
-    });
+    AccessKeyDialogs.createAccessKeyDialog(messages.createAccessKeyTitle(), null, true,
+      new ActionNoAsyncCallback<CreateAccessKeyRequest>(callback) {
+        @Override
+        public void onSuccess(CreateAccessKeyRequest keyRequest) {
+          Services services = new Services("Create access key", "create");
+          CreateAccessKeyRequest createAccessKeyRequest = new CreateAccessKeyRequest(keyRequest.getName(),
+            keyRequest.getExpirationDate());
+          services.membersResource(s -> s.createAccessKey(user.getId(), createAccessKeyRequest))
+            .whenComplete((response, error) -> {
+              if (response != null) {
+                AccessKeyDialogs.showAccessKeyDialog(messages.accessKeyLabel(), response,
+                  new NoAsyncCallback<Boolean>() {
+                    @Override
+                    public void onSuccess(Boolean result) {
+                      callback.onSuccess(ActionImpact.UPDATED);
+                      HistoryUtils.newHistory(ShowUser.RESOLVER, user.getId());
+                    }
+                  });
+              }
+            });
+        }
+      });
   }
 
   @Override
 
@@ -8,7 +8,6 @@
 package org.roda.wui.client.common.dialogs;
 
 import com.google.gwt.i18n.client.DateTimeFormat;
-import com.google.gwt.user.client.ui.SimplePanel;
 import com.google.gwt.user.client.ui.TextBox;
 import com.google.gwt.user.datepicker.client.DateBox;
 import org.roda.core.data.v2.accessKey.AccessKey;
@@ -103,66 +102,27 @@ public void onClick(ClickEvent clickEvent) {
     dialogBox.show();
   }
 
-  public static void showCreateAccessTokenModal(final AsyncCallback<String> callback) {
-    final DialogBox dialogBox = new DialogBox(false, true);
-    dialogBox.setText("Create access token");
-
-    final FlowPanel layout = new FlowPanel();
-
-    final Label messageLabel = new Label("test");
-    layout.add(messageLabel);
-    messageLabel.addStyleName("wui-dialog-message");
-
-    final Button cancelButton = new Button(messages.cancelButton());
-    final Button confirmButton = new Button(messages.saveButton());
-
-    layout.add(cancelButton);
-    layout.add(confirmButton);
-
-    dialogBox.setWidget(layout);
-
-    dialogBox.setGlassEnabled(true);
-    dialogBox.setAnimationEnabled(false);
-
-    cancelButton.addClickHandler(new ClickHandler() {
-
-      @Override
-      public void onClick(ClickEvent event) {
-        dialogBox.hide();
-        callback.onFailure(null);
-      }
-    });
-
-    dialogBox.addStyleName("wui-dialog-prompt");
-    layout.addStyleName("wui-dialog-layout");
-    cancelButton.addStyleName("btn btn-link");
-    confirmButton.addStyleName("pull-right btn btn-play");
-
-    dialogBox.center();
-    dialogBox.show();
-  }
-
-  public static void showRegenerateAccessKeyDialog(String title, String tokenName, boolean create,
-    final AsyncCallback<CreateAccessKeyRequest> callback) {
+  public static void createAccessKeyDialog(String title, String tokenName, boolean create,
+                                           final AsyncCallback<CreateAccessKeyRequest> callback) {
     final DialogBox dialogBox = new DialogBox(false, true);
     final Button cancelButton = new Button(messages.cancelButton());
     final Button confirmButton = new Button(messages.confirmButton());
     final FlowPanel layout = new FlowPanel();
     final FlowPanel header = new FlowPanel();
     final FlowPanel footer = new FlowPanel();
 
-    final Label tokenNameLabel = new Label("Name");
+    final Label tokenNameLabel = new Label(messages.accessKeyNameLabel());
     final TextBox tokenNameTextBox = new TextBox();
-    final Label tokenNameTextBoxErrorLabel = new Label("Mandatory field");
+    final Label tokenNameTextBoxErrorLabel = new Label(messages.mandatoryField());
 
     if (!create) {
       tokenNameTextBox.setText(tokenName);
       tokenNameTextBox.setEnabled(false);
     }
 
-    final Label expirationDateLabel = new Label("Expiration date");
+    final Label expirationDateLabel = new Label(messages.accessKeyExpirationDateLabel());
     final DateBox expirationDateBox = new DateBox();
-    final Label expirationDateErrorLabel = new Label("Invalid Date");
+    final Label expirationDateErrorLabel = new Label();
 
     tokenNameTextBoxErrorLabel.addStyleName("form-label-error");
     tokenNameTextBoxErrorLabel.setVisible(false);
@@ -204,8 +164,13 @@ public void onClick(ClickEvent clickEvent) {
         }
 
         Date selectedDate = expirationDateBox.getValue();
-        if (selectedDate == null || selectedDate.before(new Date())) {
+        if (selectedDate == null) {
+          expirationDateErrorLabel.setVisible(true);
+          expirationDateErrorLabel.setText(messages.mandatoryField());
+          errors = true;
+        } else if (selectedDate.before(new Date())) {
           expirationDateErrorLabel.setVisible(true);
+          expirationDateErrorLabel.setText(messages.accessKeyExpirationDateInThePast());
           errors = true;
         } else {
           expirationDateErrorLabel.setVisible(false);