Commit 98459358 authored by Cyril Vazquez's avatar Cyril Vazquez
Browse files

Merge branch 'release/2.6.1' into 'develop'

Release/2.6.1

See merge request !11
parents 19675e5c 6c16be2e
2.6
\ No newline at end of file
2.6.1
\ No newline at end of file
......@@ -241,6 +241,7 @@ class digitalSafe
$replyMessage->descriptionObject = $archive->descriptionObject;
foreach ($archive->digitalResources as $digitalResource) {
$this->archiveController->logConsultation($archive, $digitalResource);
unset($digitalResource->address);
}
......@@ -285,7 +286,7 @@ class digitalSafe
$replyMessage->depositDate = $archive->depositDate;
$replyMessage->originatorArchiveId = $archive->originatorArchiveId;
if (count($res['error']) > 1) {
if (count($res['error']) > 0) {
$replyMessage->operationResult = false;
$replyMessage->operationMessage = "No integrity";
return $replyMessage;
......@@ -318,21 +319,26 @@ class digitalSafe
$userAccountController = \laabs::newController('auth/userAccount');
$userAccountController->isAuthorized(['func_admin', 'user']);
try {
$organization = $this->organizationController->getOrgByRegNumber($originatorOwnerOrgRegNumber);
} catch (\Exception $exception) {
throw $this->getThrowable("Organization " . $originatorOwnerOrgRegNumber . " doesn't exist", 404, $replyMessage);
}
$accountToken = \laabs::getToken('AUTH');
$account = $this->sdoFactory->read("auth/account", $accountToken->accountId);
//$securityLevel = $account->getSecurityLevel();
if ($account->ownerOrgId != $originatorOwnerOrgRegNumber) {
if ($account->ownerOrgId != $organization->orgId) {
throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
}
// if ($securityLevel == $account::SECLEVEL_USER) {
// $position = $this->servicePositionController->getPosition($account->accountId);
//
// if (!$originatorOrgRegNumber || $originatorOrgRegNumber != $position->orgId) {
// throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
// }
// }
// if ($securityLevel == $account::SECLEVEL_USER) {
// $position = $this->servicePositionController->getPosition($account->accountId);
// if (!$originatorOrgRegNumber || $originatorOrgRegNumber != $position->orgId) {
// throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
// }
// }
$replyMessage = new \stdClass();
$replyMessage->originatorOwnerOrgRegNumber = $originatorOwnerOrgRegNumber;
......@@ -343,8 +349,18 @@ class digitalSafe
$query = array();
$queryParams = array();
$queryParams['objectClass'] = 'recordsManagement/archive';
$query['objectClass'] = "objectClass = :objectClass";
$eventsToFind = "(eventType = 'organization/listing' OR " .
"eventType = 'organization/counting' OR " .
"eventType = 'organization/journal' OR " .
"eventType = 'recordsManagement/consultation' OR " .
"eventType = 'recordsManagement/deposit' OR " .
"eventType = 'recordsManagement/depositNewResource' OR " .
"eventType = 'recordsManagement/integrityCheck' OR " .
"eventType = 'recordsManagement/destruction' OR " .
"eventType = 'recordsManagement/elimination' OR " .
"eventType = 'recordsManagement/periodicIntegrityCheck')";
$query['eventType'] = $eventsToFind;
$queryParams['originatorOwnerOrgRegNumber'] = $originatorOwnerOrgRegNumber;
$query['originatorOwnerOrgRegNumber'] = "orgRegNumber = :originatorOwnerOrgRegNumber";
......@@ -400,8 +416,8 @@ class digitalSafe
$replyMessage->lifeCycleEvents = [];
foreach ($events as $i => $event) {
$event = $this->lifeCycleJournalController->decodeEventFormat($event);
$event->accountName = $this->account->accountName;
$event->eventInfo = $this->lifeCycleJournalController->getObjectEvents($event->objectId, $event->objectClass);
$replyMessage->lifeCycleEvents[] = $event;
}
} catch (\Exception $e) {
......
......@@ -108,6 +108,7 @@ stopWordsFilePath = "%laabsDirectory%/data/stopwords/stopwords_fr.txt"
[audit]
; Chain journal with timestamp file. The timestamp dependency must be configured.
chainWithTimestamp = false;
; timestampService = dependency/timestamp/plugins/TsaClient
[medona]
; Enable or disable the transaction mode
......@@ -128,7 +129,7 @@ useSecurityLevel = true
passwordEncryption = SHA256
; Admin user account name
adminUsers = "['superadmin']"
adminUsers = "['superadmin', 'ADMIN-G']"
; Allow the user to modify his or her information
allowUserModification = true
......@@ -273,6 +274,8 @@ chainJournalByOrganization = false;
; Chain journal with timestamp file. The timestamp dependency must be configured.
chainWithTimestamp = false;
; timestampService = dependency/timestamp/plugins/TsaClient
[organization]
......@@ -455,3 +458,15 @@ datetimeFormat = "YYYY-MM-DD HH24:MI:SS,US"
; 2 = trace queries
; 3 = dump queries
trace = 1
[dependency.timestamp]
; The URL of the TSA provider
; Somme open and free TSA test services :
; tsaUrl=http://zeitstempel.dfn.de
; tsaUrl=http://timestamp.entrust.net/TSS/RFC3161sha2TS
; tsaUrl=http://time.certum.pl
; The path to openssl, if not in PHP path
; pathToOpenSSL="C:\Program Files\OpenSSL-Win64\bin\openssl"
......@@ -22,6 +22,8 @@ privileges = "{
],
'2' : [
'journal/audit',
'journal/lifeCycleJournal',
'journal/searchLogArchive',
'adminArchive/*',
'adminTech/adminEventFormat',
'adminTech/adminFormat',
......@@ -45,7 +47,8 @@ privileges = "{
'adminFunc/adminOrganization',
'adminFunc/adminUseraccount',
'adminFunc/adminServiceaccount',
'adminFunc/adminAuthorization'
'adminFunc/adminAuthorization',
'adminFunc/batchScheduling'
]
}"
......
......@@ -30,7 +30,7 @@
SetEnv LAABS_APP digitalSafe
SetEnv LAABS_BUNDLES digitalSafe;audit;auth;batchProcessing;contact;digitalResource;digitalSafe;lifeCycle;medona;mades;organization;recordsManagement;filePlan
SetEnv LAABS_EXTENSIONS digitalSafe
SetEnv LAABS_DEPENDENCIES repository;xml;html;localisation;datasource;sdo;json;fileSystem;notification;PDF;csrf;csv
SetEnv LAABS_DEPENDENCIES repository;xml;html;localisation;datasource;sdo;json;fileSystem;notification;PDF;csrf;csv;timestamp
SetEnv LAABS_PRESENTATION maarchRM
SetEnv SERVICE_CLIENT_TOKEN service
......
-- AUTH
-- AUTH USER
INSERT INTO auth.account ("accountId", "accountName", "displayName", "accountType", "emailAddress", enabled, password, "passwordChangeRequired", "passwordLastChange", locked, "lockDate", "badPasswordCount", "lastLogin", "lastIp", "replacingUserAccountId", "firstName", "lastName", title, salt, "tokenDate", authentication, preferences, "ownerOrgId", "isAdmin") VALUES
('maarchrmds_5jmpnhp7q-0000-pf4vjt', 'superadmin', 'super admin', 'user', 'support@maarch.fr', true, '186cf774c97b60a1c106ef718d10970a6a06e06bef89553d9ae65d938a886eae', false, NULL, false, NULL, 0, NULL, NULL, NULL, 'Admin', 'Super', 'M.', NULL, NULL, NULL, NULL, NULL, true);
-- AUTH SERVICE
INSERT INTO "auth"."account" ("accountId","accountName","displayName","accountType","emailAddress","enabled","password","passwordChangeRequired","passwordLastChange","locked","lockDate","badPasswordCount","lastLogin","lastIp","replacingUserAccountId","firstName","lastName","title","salt","tokenDate","authentication","preferences","ownerOrgId","isAdmin") VALUES
('maarchrmds_5jmpnt8go-0000-s791qn', 'ADMIN-G', 'ADMIN-G', 'service', '', true, 'phdF9WkJuTKkDuPXoqDZuPs4jdJfIZgYNAOiaya9vYxcKibaHOiJ1ZQ5f27UftAUh+ymwIbKpgJuRpUj1mg+1ndLFxFM4s9g0p+U20vcHhoeXvzoQ/jZq8ae/eX+G5lbewHr2CBuHzA7xCKWm8XGaNDfqwp5+aj/', true, NULL, false, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, true);
-- ROLE
INSERT INTO "auth"."role"("roleId", "roleName", "description", "securityLevel", "enabled") VALUES
('maarchrmds_5jmpnhp7q-0000-pf4vww', 'Administrateur Général', 'Groupe administrateur général', 'gen_admin', true),
......@@ -11,7 +15,7 @@ INSERT INTO "auth"."role"("roleId", "roleName", "description", "securityLevel",
INSERT INTO "auth"."roleMember"("roleId", "userAccountId") VALUES
('maarchrmds_5jmpnhp7q-0000-pf4vww', 'maarchrmds_5jmpnhp7q-0000-pf4vjt');
-- privilege
-- user privileges
INSERT INTO "auth"."privilege"("roleId", "userStory") VALUES
('maarchrmds_5jmpnhp7q-0000-pf4vww', 'adminTech/*'),
('maarchrmds_5jmpnhp7q-0000-pf4vww', 'adminFunc/adminOrganization'),
......@@ -26,6 +30,21 @@ INSERT INTO "auth"."privilege"("roleId", "userStory") VALUES
('maarchrmds_5jmpnhp7q-0000-pf4ttt', 'adminFunc/adminServiceaccount'),
('maarchrmds_5jmpnhp7q-0000-pf4ttt', 'adminFunc/adminOrgUser');
--service privileges
INSERT INTO "auth"."servicePrivilege" ("accountId","serviceURI") VALUES
('maarchrmds_5jmpnt8go-0000-s791qn', 'organization/organization/create'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'organization/organization/index'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'organization/organization/update_orgId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/userAccount/create'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/userAccount/updateEnable_userAccountId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/userAccount/updateDisable_userAccountId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/create'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/update'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/updateEnable_serviceAccountId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/updateDisable_serviceAccountId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/updateServicetoken_serviceAccountId_')
;
-- LIFECYCLE
INSERT INTO "lifeCycle"."eventFormat" (type, format, message, notification) VALUES
('recordsManagement/archivalProfileModification', 'archivalProfileReference', 'Modification du profil %6$s.', false),
......
......@@ -11,7 +11,7 @@ INSERT INTO "auth"."account" ("accountId","accountName","displayName","accountTy
('maarchrmds_5jmpnqfv9-0000-leb5cl', 'ADMIN-F-coffre-A', 'ADMIN-F-coffre-A', 'service', '', true, 'RJpzB36bmR+iuz/aHN9Zl9PDn8tZEtwb8PHWeRdfdZbZhWnoyiAnHYBhbXWFQ1k4jUfv1vXUmsiuYBfKM0LjuQvqukZbgs7rgseOzrBOnXwqAUerHOXVlbKeqrZw8wCNaLM=', true, NULL, false, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'maarchrmds_5jmx41bs6-0000-dlmg8h', true),
('maarchrmds_5jmpntc9y-0000-r8vwtw', 'ADMIN-F-coffre-B', 'ADMIN-F-coffre-B', 'service', '', true, 'RJpzB36bmR+iuz/aHN9Zl9PDn8tZEtwb8PHWeRdfdZbZhWnoyiMnHYBhbXWFQ1k43xOz0fHUzZv8OkTNMEy24gq+vBFd0p2z0M2DnLYYz3cqAUerHOXVlbKeqrZw8wCNaLM=', true, NULL, false, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'maarchrmds_5jmx41t30-0000-yr4m49', true),
('maarchrmds_5jmpnspb0-0000-sxzow6', 'ADMIN-F-maarch', 'ADMIN-F-maarch', 'service', '', true, 'RJpzB36bmR+iuz/aHN9Zl9PDn8tZEtwb8PHWeRdfe5jekXjlxU0nQsN+eDvLQwEvhEPu16fWnMyvbhWWOkKxvg7t6kZc1pvv08SCmuIR2jgkXg7xCfTXnbSWsbE9pxLK', true, NULL, false, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'maarchrmds_5jmx3s8zh-0000-kffw4z', true),
('maarchrmds_5jmpnt8go-0000-s791qn', 'ADMIN-G', 'ADMIN-G', 'service', '', true, 'RJpzB36bmR+iuz/aHN9Zl9PDn8tZEtwb8PHWeRZQOtvMgnf5xVsnB8d2byqTVFIq3RfhgPHWkM7/OEOXYErl6lvrv0NYgsuoyNiUmqtYkTdpCALmF7+fzL0=', true, NULL, false, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, true)
('maarchrmds_5jmpnt8go-0000-s791qn', 'ADMIN-G', 'ADMIN-G', 'service', '', true, 'RJpzB36bmR+iuz/aHN9Zl9PDn8tZEvA+3Mr7PCMfcorg1nHglw9xCcV9ISnBUVM3zxHvhLPci4bpKkPDd1m7+AK/7kJbgcu7g8LVneMRzXMwTF6+TvmSxPPGvOp+rBTWerPP/8mWNoxWVa56i/etEHT6', true, NULL, false, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, true)
;
INSERT INTO "auth"."account" ("accountId","accountName","displayName","accountType","emailAddress","enabled","password","passwordChangeRequired","passwordLastChange","locked","lockDate","badPasswordCount","lastLogin","lastIp","replacingUserAccountId","firstName","lastName","title","salt","tokenDate","authentication","preferences","ownerOrgId","isAdmin") VALUES
......@@ -83,6 +83,7 @@ INSERT INTO "auth"."servicePrivilege" ("accountId","serviceURI") VALUES
INSERT INTO "auth"."servicePrivilege" ("accountId","serviceURI") VALUES
('maarchrmds_5jmpnt8go-0000-s791qn', 'organization/organization/create'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'organization/organization/index'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'organization/organization/update_orgId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/userAccount/create'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/userAccount/updateEnable_userAccountId_'),
......@@ -90,7 +91,8 @@ INSERT INTO "auth"."servicePrivilege" ("accountId","serviceURI") VALUES
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/create'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/update'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/updateEnable_serviceAccountId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/updateDisable_serviceAccountId_')
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/updateDisable_serviceAccountId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/updateServicetoken_serviceAccountId_')
;
INSERT INTO "auth"."servicePrivilege" ("accountId","serviceURI") VALUES
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment