GroupController.php 16.2 KB
Newer Older
Damien's avatar
Damien committed
1
2
<?php

Damien's avatar
Damien committed
3
namespace Group\controllers;
Damien's avatar
Damien committed
4

5
use Action\models\ActionModel;
6
use Basket\models\GroupBasketModel;
7
use Entity\models\EntityModel;
8
use Group\models\PrivilegeModel;
Damien's avatar
Damien committed
9
use Group\models\GroupModel;
Damien's avatar
Damien committed
10
use Respect\Validation\Validator;
11
12
use Slim\Http\Request;
use Slim\Http\Response;
13
use SrcCore\controllers\PreparedClauseController;
Damien's avatar
Damien committed
14
use SrcCore\models\ValidatorModel;
15
use User\controllers\UserController;
16
use User\models\UserEntityModel;
17
use User\models\UserGroupModel;
Damien's avatar
Damien committed
18
use User\models\UserModel;
Damien's avatar
Damien committed
19
20
21

class GroupController
{
22
23
    const INDEXING_ACTIONS = ['confirmAction', 'noConfirmAction', 'closeMailAction', 'sendSignatureBookAction', 'closeAndIndexAction',
                                'saveRegisteredMailAction', 'saveAndPrintRegisteredMailAction', 'saveAndIndexRegisteredMailAction'];
24

25
    public function get(Request $request, Response $response)
Damien's avatar
Damien committed
26
    {
27
28
29
30
        $hasPrivilege = PrivilegeController::hasPrivilege(['privilegeId' => 'admin_groups', 'userId' => $GLOBALS['id']]);

        $select = $hasPrivilege ? ['*'] : ['id', 'group_desc'];
        $groups = GroupModel::get(['select' => $select, 'orderBy' => ['group_desc']]);
Damien's avatar
Damien committed
31

32
33
34
35
        if ($hasPrivilege) {
            foreach ($groups as $key => $value) {
                $groups[$key]['users'] = GroupModel::getUsersById(['id' => $value['id'], 'select' => ['users.user_id', 'users.firstname', 'users.lastname']]);
            }
Damien's avatar
Damien committed
36
37
38
39
40
        }

        return $response->withJson(['groups' => $groups]);
    }

41
    public function getById(Request $request, Response $response, array $aArgs)
Damien's avatar
Damien committed
42
    {
43
        if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_groups', 'userId' => $GLOBALS['id']])) {
44
45
46
47
48
49
50
51
52
53
54
55
56
            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
        }

        $group = GroupModel::getById(['id' => $aArgs['id']]);
        if (empty($group)) {
            return $response->withStatus(400)->withJson(['errors' => 'Group not found']);
        }

        return $response->withJson(['group' => $group]);
    }

    public function create(Request $request, Response $response)
    {
57
        if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_groups', 'userId' => $GLOBALS['id']])) {
Damien's avatar
Damien committed
58
59
60
61
62
            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
        }

        $data = $request->getParams();

Florian Azizian's avatar
Florian Azizian committed
63
        $check = Validator::stringType()->notEmpty()->validate($data['group_id']) && preg_match("/^[\w-]*$/", $data['group_id']) && (strlen($data['group_id']) < 33);
64
        $check = $check && Validator::stringType()->notEmpty()->validate($data['group_desc']);
Damien's avatar
Damien committed
65
66
67
68
69
        $check = $check && Validator::stringType()->notEmpty()->validate($data['security']['where_clause']);
        if (!$check) {
            return $response->withStatus(400)->withJson(['errors' => 'Bad Request']);
        }

70
71
        $existingGroup = GroupModel::getByGroupId(['groupId' => $data['group_id'], 'select' => ['1']]);
        if (!empty($existingGroup)) {
72
            return $response->withStatus(400)->withJson(['errors' => _ID. ' ' . _ALREADY_EXISTS]);
73
74
        }

75
        if (!PreparedClauseController::isRequestValid(['clause' => $data['security']['where_clause'], 'userId' => $GLOBALS['login'], 'limit' => 1])) {
76
77
78
            return $response->withStatus(400)->withJson(['errors' => _INVALID_CLAUSE]);
        }

Damien's avatar
Damien committed
79
80
        GroupModel::create(['groupId' => $data['group_id'], 'description' => $data['group_desc'], 'clause' => $data['security']['where_clause'], 'comment' => $data['security']['maarch_comment']]);

81
82
        $group = GroupModel::getByGroupId(['groupId' => $data['group_id'], 'select' => ['id']]);
        if (empty($group)) {
Damien's avatar
Damien committed
83
84
85
            return $response->withStatus(500)->withJson(['errors' => 'Group Creation Error']);
        }

86
        return $response->withJson(['group' => $group['id']]);
Damien's avatar
Damien committed
87
88
    }

Damien's avatar
Damien committed
89
    public function update(Request $request, Response $response, array $aArgs)
Damien's avatar
Damien committed
90
    {
91
        if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_groups', 'userId' => $GLOBALS['id']])) {
Damien's avatar
Damien committed
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
        }

        $group = GroupModel::getById(['id' => $aArgs['id']]);
        if (empty($group)) {
            return $response->withStatus(400)->withJson(['errors' => 'Group not found']);
        }

        $data = $request->getParams();
        $check = Validator::stringType()->notEmpty()->validate($data['description']);
        $check = $check && Validator::stringType()->notEmpty()->validate($data['security']['where_clause']);
        if (!$check) {
            return $response->withStatus(400)->withJson(['errors' => 'Bad Request']);
        }

107
        if (!PreparedClauseController::isRequestValid(['clause' => $data['security']['where_clause'], 'userId' => $GLOBALS['login'], 'limit' => 1])) {
Damien's avatar
Damien committed
108
109
110
            return $response->withStatus(400)->withJson(['errors' => _INVALID_CLAUSE]);
        }

111
112
113
114
115
116
117
118
119
120
        GroupModel::update([
            'set'   => ['group_desc' => $data['description']],
            'where' => ['id = ?'],
            'data'  => [$aArgs['id']]
        ]);
        GroupModel::updateSecurity([
            'set'   => ['where_clause' => $data['security']['where_clause'], 'maarch_comment' => $data['security']['maarch_comment']],
            'where' => ['group_id = ?'],
            'data'  => [$group['group_id']]
        ]);
Damien's avatar
Damien committed
121
122
123
124

        return $response->withJson(['success' => 'success']);
    }

Damien's avatar
Damien committed
125
    public function delete(Request $request, Response $response, array $aArgs)
Damien's avatar
Damien committed
126
    {
127
        if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_groups', 'userId' => $GLOBALS['id']])) {
Damien's avatar
Damien committed
128
129
130
131
132
133
134
135
136
137
            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
        }

        $group = GroupModel::getById(['id' => $aArgs['id']]);
        if (empty($group)) {
            return $response->withStatus(400)->withJson(['errors' => 'Group not found']);
        }

        GroupModel::delete(['id' => $aArgs['id']]);

138
        $groups = GroupModel::get(['orderBy' => ['group_desc']]);
Damien's avatar
Damien committed
139
        foreach ($groups as $key => $value) {
140
            $groups[$key]['users'] = GroupModel::getUsersById(['id' => $value['id'], 'select' => ['users.user_id']]);
Damien's avatar
Damien committed
141
142
143
144
145
        }

        return $response->withJson(['groups' => $groups]);
    }

146
    public function getDetailledById(Request $request, Response $response, array $args)
Damien's avatar
Damien committed
147
    {
148
        if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_groups', 'userId' => $GLOBALS['id']])) {
Damien's avatar
Damien committed
149
150
151
            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
        }

152
        $group = GroupModel::getById(['id' => $args['id'], 'select' => ['id', 'group_id', 'group_desc']]);
Damien's avatar
Damien committed
153
154
155
156
        if (empty($group)) {
            return $response->withStatus(400)->withJson(['errors' => 'Group not found']);
        }

157
158
159
160
161
162
163
        $group['security']                  = GroupModel::getSecurityByGroupId(['groupId' => $group['group_id']]);
        $group['users']                     = GroupModel::getUsersById(['id' => $args['id'], 'select' => ['users.id', 'users.user_id', 'users.firstname', 'users.lastname', 'users.status']]);
        $group['baskets']                   = GroupBasketModel::getBasketsByGroupId(['select' => ['baskets.basket_id', 'baskets.basket_name', 'baskets.basket_desc'], 'groupId' => $group['group_id']]);
        $group['canAdminUsers']             = PrivilegeController::hasPrivilege(['privilegeId' => 'admin_users', 'userId' => $GLOBALS['id']]);
        $group['canAdminBaskets']           = PrivilegeController::hasPrivilege(['privilegeId' => 'admin_baskets', 'userId' => $GLOBALS['id']]);
        $group['privileges']                = PrivilegeModel::getPrivilegesByGroupId(['groupId' => $args['id']]);
        $group['lockAdvancedPrivileges']    = PrivilegeController::isAdvancedPrivilegesLocked();
Damien's avatar
Damien committed
164

Damien's avatar
Damien committed
165
166
167
168
        $allowedUsers = [];
        $isRoot = UserController::isRoot(['id' => $GLOBALS['id']]);
        if (!$isRoot) {
            $users = array_column($group['users'], 'id');
169
            $entities = EntityModel::getAllEntitiesByUserId(['userId' => $GLOBALS['id']]);
Damien's avatar
Damien committed
170
            if (!empty($entities) && !empty($users)) {
171
172
                $allowedUsers = UserEntityModel::getWithUsers([
                    'select'    => ['DISTINCT users.id'],
Damien's avatar
Damien committed
173
174
                    'where'     => ['users_entities.entity_id in (?)', 'status != ?', 'users.id in (?)'],
                    'data'      => [$entities, 'DEL', $users]
175
176
177
178
179
180
181
182
                ]);
            }
            $usersNoEntities = UserEntityModel::getUsersWithoutEntities(['select' => ['id']]);
            $allowedUsers = array_merge($allowedUsers, $usersNoEntities);
            $allowedUsers = array_column($allowedUsers, 'id');
        }

        foreach ($group['users'] as $key => $user) {
Damien's avatar
Damien committed
183
            $group['users'][$key]['allowed'] = $isRoot ?: in_array($user['id'], $allowedUsers);
184
185
        }

Damien's avatar
Damien committed
186
187
188
        return $response->withJson(['group' => $group]);
    }

Damien's avatar
Damien committed
189
    public function reassignUsers(Request $request, Response $response, array $aArgs)
Damien's avatar
Damien committed
190
    {
191
        if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_groups', 'userId' => $GLOBALS['id']])) {
Damien's avatar
Damien committed
192
193
194
            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
        }

Damien's avatar
Damien committed
195
        $group = GroupModel::getById(['id' => $aArgs['id'], 'select' => ['group_id']]);
Damien's avatar
Damien committed
196
197
198
        if (empty($group)) {
            return $response->withStatus(400)->withJson(['errors' => 'Group not found']);
        }
Damien's avatar
Damien committed
199
        $newGroup = GroupModel::getById(['id' => $aArgs['newGroupId'], 'select' => ['group_id']]);
Damien's avatar
Damien committed
200
201
202
        if (empty($newGroup)) {
            return $response->withStatus(400)->withJson(['errors' => 'Group not found']);
        }
203
204
        $oldGroupUsers = GroupModel::getUsersById(['id' => $aArgs['id'], 'select' => ['users.id']]);
        $newGroupUsers = GroupModel::getUsersById(['id' => $aArgs['id'], 'select' => ['users.id']]);
205
206
207
        
        //Mapped array to have only user_id
        $oldGroupUsers = array_map(function ($entry) {
208
            return $entry['id'];
209
210
211
        }, $oldGroupUsers);

        $newGroupUsers = array_map(function ($entry) {
212
            return $entry['id'];
213
214
215
        }, $newGroupUsers);

        $ignoredUsers = [];
216
        foreach ($oldGroupUsers as $user) {
Damien's avatar
Damien committed
217
            if (in_array($user, $newGroupUsers)) {
218
219
220
                $ignoredUsers[] = $user;
            }
        }
Damien's avatar
Damien committed
221

222
223
224
225
226
227
228
229
        $where = ['group_id = ?'];
        $data = [$aArgs['groupId']];
        if (!empty($ignoredUsers)) {
            $where[] = 'user_id NOT IN (?)';
            $data[] = $ignoredUsers;
        }

        UserGroupModel::update(['set' => ['group_id' => $aArgs['newGroupId']], 'where' => $where, 'data' => $data]);
Damien's avatar
Damien committed
230

Damien's avatar
Damien committed
231
        return $response->withJson(['success' => 'success']);
Damien's avatar
Damien committed
232
    }
Damien's avatar
Damien committed
233

234
    public function getIndexingInformationsById(Request $request, Response $response, array $args)
235
    {
236
        if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_groups', 'userId' => $GLOBALS['id']])) {
237
238
239
240
241
242
243
244
            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
        }

        $group = GroupModel::getById(['id' => $args['id'], 'select' => ['can_index', 'indexation_parameters']]);
        if (empty($group)) {
            return $response->withStatus(400)->withJson(['errors' => 'Group not found']);
        }

245
246
247
248
        $group['canIndex'] = $group['can_index'];
        $group['indexationParameters'] = json_decode($group['indexation_parameters'], true);
        unset($group['can_index'], $group['indexation_parameters']);

249
        $allActions = ActionModel::get(['select' => ['id', 'label_action'], 'where' => ['component in (?)'], 'data' => [GroupController::INDEXING_ACTIONS]]);
250
251

        $allEntities = EntityModel::get([
252
            'select'    => ['e1.id', 'e1.entity_id', 'e1.entity_label', 'e1.parent_entity_id', 'e2.id as parent_id'],
253
254
255
256
257
            'table'     => ['entities e1', 'entities e2'],
            'left_join' => ['e1.parent_entity_id = e2.entity_id'],
            'where'     => ['e1.enabled = ?'],
            'data'      => ['Y']
        ]);
258
        $allEntities = EntityModel::removeOrphanedEntities($allEntities);
259
260
261
262
263
264
265
266
267
268

        foreach ($allEntities as $key => $value) {
            $allEntities[$key]['id'] = $value['id'];
            if (empty($value['parent_id'])) {
                $allEntities[$key]['parent'] = '#';
                $allEntities[$key]['icon']   = "fa fa-building";
            } else {
                $allEntities[$key]['parent'] = $value['parent_id'];
                $allEntities[$key]['icon']   = "fa fa-sitemap";
            }
Damien's avatar
Damien committed
269
            $allEntities[$key]['state']['opened'] = true;
Damien's avatar
Damien committed
270
            if (in_array($value['id'], $group['indexationParameters']['entities'])) {
271
272
273
274
275
276
277
278
279
                $allEntities[$key]['state']['selected'] = true;
            }

            $allEntities[$key]['text'] = $value['entity_label'];
        }

        return $response->withJson(['group' => $group, 'actions' => $allActions, 'entities' => $allEntities]);
    }

280
281
    public function updateIndexingInformations(Request $request, Response $response, array $args)
    {
282
        if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_groups', 'userId' => $GLOBALS['id']])) {
283
284
285
            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
        }

Damien's avatar
Damien committed
286
        $body = $request->getParsedBody();
287
288
        if (!Validator::arrayType()->notEmpty()->validate($body)) {
            return $response->withStatus(400)->withJson(['errors' => 'Body is empty or not an array']);
Damien's avatar
Damien committed
289
290
        }

291
292
293
294
295
        $group = GroupModel::getById(['id' => $args['id'], 'select' => ['indexation_parameters']]);
        if (empty($group)) {
            return $response->withStatus(400)->withJson(['errors' => 'Group not found']);
        }

296
        $set = [];
297
298
        $indexationParameters = json_decode($group['indexation_parameters'], true);

Damien's avatar
Damien committed
299
        if (isset($body['canIndex']) && is_bool($body['canIndex'])) {
300
301
            $set['can_index'] = $body['canIndex'] ? 'true' : 'false';
        }
Damien's avatar
Damien committed
302
303
304
305
306
307
        if (isset($body['actions']) && is_array($body['actions'])) {
            if (!empty($body['actions'])) {
                $countActions = ActionModel::get(['select' => ['count(1)'], 'where' => ['id in (?)'], 'data' => [$body['actions']]]);
                if ($countActions[0]['count'] != count($body['actions'])) {
                    return $response->withStatus(400)->withJson(['errors' => 'Body actions contains invalid actions']);
                }
Damien's avatar
Damien committed
308
309
310
                foreach ($body['actions'] as $key => $action) {
                    $body['actions'][$key] = (string)$action;
                }
311
312
313
            }
            $indexationParameters['actions'] = $body['actions'];
        }
Damien's avatar
Damien committed
314
315
316
317
318
319
        if (isset($body['entities']) && is_array($body['entities'])) {
            if (!empty($body['entities'])) {
                $countEntities = EntityModel::get(['select' => ['count(1)'], 'where' => ['id in (?)'], 'data' => [$body['entities']]]);
                if ($countEntities[0]['count'] != count($body['entities'])) {
                    return $response->withStatus(400)->withJson(['errors' => 'Body entities contains invalid entities']);
                }
Damien's avatar
Damien committed
320
321
322
                foreach ($body['entities'] as $key => $entity) {
                    $body['entities'][$key] = (string)$entity;
                }
323
324
325
            }
            $indexationParameters['entities'] = $body['entities'];
        }
Damien's avatar
Damien committed
326
        if (isset($body['keywords']) && is_array($body['keywords'])) {
327
328
            $indexationParameters['keywords'] = $body['keywords'];
        }
329
330
        $set['indexation_parameters'] = json_encode($indexationParameters);

331
        GroupModel::update([
332
            'set'   => $set,
333
334
335
336
337
338
339
            'where' => ['id = ?'],
            'data'  => [$args['id']]
        ]);

        return $response->withStatus(204);
    }

Damien's avatar
Damien committed
340
341
342
343
344
    public static function getGroupsClause(array $aArgs)
    {
        ValidatorModel::notEmpty($aArgs, ['userId']);
        ValidatorModel::stringType($aArgs, ['userId']);

345
        $groups = UserModel::getGroupsByLogin(['login' => $aArgs['userId']]);
Damien's avatar
Damien committed
346
347
348
        $groupsClause = '';
        foreach ($groups as $key => $group) {
            if (!empty($group['where_clause'])) {
Damien's avatar
Damien committed
349
                $groupClause = PreparedClauseController::getPreparedClause(['clause' => $group['where_clause'], 'login' => $aArgs['userId']]);
Damien's avatar
Damien committed
350
351
352
353
354
355
356
357
358
                if ($key > 0) {
                    $groupsClause .= ' or ';
                }
                $groupsClause .= "({$groupClause})";
            }
        }

        return $groupsClause;
    }
Damien's avatar
Damien committed
359
}