Commit 9ff26ba8 authored by Arnaud Pauget's avatar Arnaud Pauget
Browse files

fix() : override addServiceAccount function to reduce processing times

parent 997c847d
<?php
/*
* Copyright (C) 2015 Maarch
*
* This file is part of bundle auth.
*
* Bundle auth is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Bundle auth is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with bundle auth. If not, see <http://www.gnu.org/licenses/>.
*/
namespace ext\digitalSafe\bundle\auth\Controller;
/**
* serviceAccount controller
*
* @package Auth
* @author Alexandre Morin <alexandre.morin@maarch.org>
*/
class serviceAccount extends \bundle\auth\Controller\serviceAccount
{
/**
* Record a new service
* @param auth/account $serviceAccount The service object
* @param string $orgId The organization identifier
* @param array $servicesURI Array of service URI
*
* @return auth/account The service object
*/
public function addService($serviceAccount, $orgId, $servicesURI = [])
{
$this->userAccountController->isAuthorized(['gen_admin', 'func_admin']);
$organizationController = \laabs::newController("organization/organization");
$accountToken = \laabs::getToken('AUTH');
$account = $this->read($accountToken->accountId);
if (isset($orgId) && !empty($orgId)) {
try {
$organization = $organizationController->read($orgId);
} catch (\Exception $e) {
throw new \core\Exception\NotFoundException("Organization unit identified by " . $orgId . " does not exist.");
}
}
if ($this->hasSecurityLevel) {
if ($account->getSecurityLevel() == $account::SECLEVEL_FUNCADMIN && array_search($account->ownerOrgId, array_column($this->organizationController->readParentOrg($orgId), 'orgId')) === false){
throw new \core\Exception\ForbiddenException("You are not allowed to add user in this organization");
}
$this->checkPrivilegesAccess($account, $serviceAccount);
}
if (!$serviceAccount->ownerOrgId && !empty($orgId)) {
if(!empty($serviceAccount->ownerOrgId) && $serviceAccount->ownerOrgId != $organization->ownerOrgId) {
throw new \core\Exception\NotFoundException("Organization identified by " . $serviceAccount->ownerOrgId . " is not the owner organization of the organization identified by " . $orgId);
}
$serviceAccount->ownerOrgId = $organization->ownerOrgId;
}
if ($serviceAccount->ownerOrgId) {
try {
$organizationController->read($serviceAccount->ownerOrgId);
} catch (\Exception $e) {
throw new \core\Exception\NotFoundException("Organization identified by " . $serviceAccount->ownerOrgId . " does not exist.");
}
}
$serviceAccount = \laabs::cast($serviceAccount, 'auth/account');
$serviceAccount->accountId = \laabs::newId();
if ($this->sdoFactory->exists('auth/account', array('accountName' => $serviceAccount->accountName))) {
throw \laabs::newException("auth/serviceAlreadyExistException");
}
$transactionControl = !$this->sdoFactory->inTransaction();
if ($transactionControl) {
$this->sdoFactory->beginTransaction();
}
try {
$this->sdoFactory->create($serviceAccount, 'auth/account');
$this->createServicePrivilege($servicesURI, $serviceAccount->accountId);
if (!$serviceAccount->isAdmin) {
$this->organizationController->addServicePosition($orgId, $serviceAccount->accountId);
}
} catch (\Exception $exception) {
if ($transactionControl) {
$this->sdoFactory->rollback();
}
throw $exception;
}
if ($transactionControl) {
$this->sdoFactory->commit();
}
return $serviceAccount;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment