Distinguish domain groups with a leading "@"

domain-server/src/DomainGatekeeper.cpp

@@ -181,7 +181,7 @@ NodePermissions DomainGatekeeper::setPermissionsForUser(bool isLocalUser, QStrin
         auto userGroups = _domainGroupMemberships[verifiedDomainUserName];
         foreach (QString userGroup, userGroups) {
             // Domain groups may be specified as comma- and/or space-separated lists of group names.
-            // For example, "silver gold, platinum".
+            // For example, "@silver @Gold, @platinum".
             auto domainGroups = _server->_settingsManager.getDomainGroupNames()
                 .filter(QRegularExpression("^(.*[\\s,])?" + userGroup + "([\\s,].*)?$", 
                     QRegularExpression::CaseInsensitiveOption));
@@ -302,7 +302,7 @@ NodePermissions DomainGatekeeper::setPermissionsForUser(bool isLocalUser, QStrin
         auto userGroups = _domainGroupMemberships[verifiedDomainUserName];
         foreach(QString userGroup, userGroups) {
             // Domain groups may be specified as comma- and/or space-separated lists of group names.
-            // For example, "silver gold, platinum".
+            // For example, "@silver @Gold, @platinum".
             auto domainGroups = _server->_settingsManager.getDomainBlacklistGroupNames()
                 .filter(QRegularExpression("^(.*[\\s,])?" + userGroup + "([\\s,].*)?$",
                     QRegularExpression::CaseInsensitiveOption));
@@ -1277,7 +1277,8 @@ void DomainGatekeeper::requestDomainUserFinished() {
             QStringList domainUserGroups;
             auto userRoles = rootObject.value("roles").toArray();
             foreach (auto role, userRoles) {
-                domainUserGroups.append(role.toString());
+                // Distinguish domain groups from metaverse groups by a leading special character.
+                domainUserGroups.append(DOMAIN_GROUP_CHAR + role.toString().toLower());
             }
             _domainGroupMemberships[username] = domainUserGroups;
 

domain-server/src/DomainGatekeeper.h

@@ -30,6 +30,8 @@
 #include "NodeConnectionData.h"
 #include "PendingAssignedNodeData.h"
 
+const QString DOMAIN_GROUP_CHAR = "@";
+
 class DomainServer;
 
 class DomainGatekeeper : public QObject {

domain-server/src/DomainServerSettingsManager.cpp

@@ -1966,6 +1966,10 @@ void DomainServerSettingsManager::apiRefreshGroupInformation() {
     QStringList groupNames = getAllKnownGroupNames();
     foreach (QString groupName, groupNames) {
         QString lowerGroupName = groupName.toLower();
+        if (lowerGroupName.contains(DOMAIN_GROUP_CHAR)) {
+            // Ignore domain groups.
+            return;
+        }
         if (_groupIDs.contains(lowerGroupName)) {
             // we already know about this one.  recall setGroupID in case the group has been
             // added to another section (the same group is found in both groups and blacklists).

domain-server/src/DomainServerSettingsManager.h

@@ -19,11 +19,11 @@
 
 #include <HifiConfigVariantMap.h>
 #include <HTTPManager.h>
-
-#include <ReceivedMessage.h>
-#include "NodePermissions.h"
-
 #include <Node.h>
+#include <ReceivedMessage.h>
+
+#include "DomainGatekeeper.h"
+#include "NodePermissions.h"
 
 const QString SETTINGS_PATHS_KEY = "paths";