Skip to content
GitLab
Commit a621407f authored by Cyril Vazquez's avatar Cyril Vazquez
Browse files

Merge branch 'release/2.6.1' into 'Support/2.6.X' 

Release/2.6.1

See merge request !10
parents 70066980 6c16be2e
Hide whitespace changes
Inline Side-by-side
VERSION.md 100644 → 100755
View file @ a621407f
2.6
\ No newline at end of file
2.6.1
\ No newline at end of file
bundle/digitalSafe/Controller/digitalSafe.php
View file @ a621407f
......@@ -258,6 +258,7 @@ class digitalSafe
$replyMessage->descriptionObject = $archive->descriptionObject;
foreach ($archive->digitalResources as $digitalResource) {
$this->archiveController->logConsultation($archive, $digitalResource);
unset($digitalResource->address);
}
......@@ -302,7 +303,7 @@ class digitalSafe
$replyMessage->depositDate = $archive->depositDate;
$replyMessage->originatorArchiveId = $archive->originatorArchiveId;
if (count($res['error']) > 1) {
if (count($res['error']) > 0) {
$replyMessage->operationResult = false;
$replyMessage->operationMessage = "No integrity";
return $replyMessage;
......@@ -335,21 +336,26 @@ class digitalSafe
$userAccountController = \laabs::newController('auth/userAccount');
$userAccountController->isAuthorized(['func_admin', 'user']);
try {
$organization = $this->organizationController->getOrgByRegNumber($originatorOwnerOrgRegNumber);
} catch (\Exception $exception) {
throw $this->getThrowable("Organization " . $originatorOwnerOrgRegNumber . " doesn't exist", 404, $replyMessage);
}
$accountToken = \laabs::getToken('AUTH');
$account = $this->sdoFactory->read("auth/account", $accountToken->accountId);
//$securityLevel = $account->getSecurityLevel();
if ($account->ownerOrgId != $originatorOwnerOrgRegNumber) {
if ($account->ownerOrgId != $organization->orgId) {
throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
}
// if ($securityLevel == $account::SECLEVEL_USER) {
// $position = $this->servicePositionController->getPosition($account->accountId);
//
// if (!$originatorOrgRegNumber || $originatorOrgRegNumber != $position->orgId) {
// throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
// }
// }
// if ($securityLevel == $account::SECLEVEL_USER) {
// $position = $this->servicePositionController->getPosition($account->accountId);
// if (!$originatorOrgRegNumber || $originatorOrgRegNumber != $position->orgId) {
// throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
// }
// }
$replyMessage = new \stdClass();
$replyMessage->originatorOwnerOrgRegNumber = $originatorOwnerOrgRegNumber;
......@@ -360,8 +366,18 @@ class digitalSafe
$query = array();
$queryParams = array();
$queryParams['objectClass'] = 'recordsManagement/archive';
$query['objectClass'] = "objectClass = :objectClass";
$eventsToFind = "(eventType = 'organization/listing' OR " .
"eventType = 'organization/counting' OR " .
"eventType = 'organization/journal' OR " .
"eventType = 'recordsManagement/consultation' OR " .
"eventType = 'recordsManagement/deposit' OR " .
"eventType = 'recordsManagement/depositNewResource' OR " .
"eventType = 'recordsManagement/integrityCheck' OR " .
"eventType = 'recordsManagement/destruction' OR " .
"eventType = 'recordsManagement/elimination' OR " .
"eventType = 'recordsManagement/periodicIntegrityCheck')";
$query['eventType'] = $eventsToFind;
$queryParams['originatorOwnerOrgRegNumber'] = $originatorOwnerOrgRegNumber;
$query['originatorOwnerOrgRegNumber'] = "orgRegNumber = :originatorOwnerOrgRegNumber";
......@@ -417,8 +433,8 @@ class digitalSafe
$replyMessage->lifeCycleEvents = [];
foreach ($events as $i => $event) {
$event = $this->lifeCycleJournalController->decodeEventFormat($event);
$event->accountName = $this->account->accountName;
$event->eventInfo = $this->lifeCycleJournalController->getObjectEvents($event->objectId, $event->objectClass);
$replyMessage->lifeCycleEvents[] = $event;
}
} catch (\Exception $e) {
......
data/conf/configuration.ini.default
View file @ a621407f
......@@ -108,6 +108,7 @@ stopWordsFilePath = "%laabsDirectory%/data/stopwords/stopwords_fr.txt"
[audit]
; Chain journal with timestamp file. The timestamp dependency must be configured.
chainWithTimestamp = false;
; timestampService = dependency/timestamp/plugins/TsaClient
[medona]
; Enable or disable the transaction mode
......@@ -128,7 +129,7 @@ useSecurityLevel = true
passwordEncryption = SHA256
; Admin user account name
adminUsers = "['superadmin']"
adminUsers = "['superadmin', 'ADMIN-G']"
; Allow the user to modify his or her information
allowUserModification = true
......@@ -273,6 +274,8 @@ chainJournalByOrganization = false;
; Chain journal with timestamp file. The timestamp dependency must be configured.
chainWithTimestamp = false;
; timestampService = dependency/timestamp/plugins/TsaClient
[organization]
......@@ -455,3 +458,15 @@ datetimeFormat = "YYYY-MM-DD HH24:MI:SS,US"
; 2 = trace queries
; 3 = dump queries
trace = 1
[dependency.timestamp]
; The URL of the TSA provider
; Somme open and free TSA test services :
; tsaUrl=http://zeitstempel.dfn.de
; tsaUrl=http://timestamp.entrust.net/TSS/RFC3161sha2TS
; tsaUrl=http://time.certum.pl
; The path to openssl, if not in PHP path
; pathToOpenSSL="C:\Program Files\OpenSSL-Win64\bin\openssl"
data/conf/securityLevel.ini
View file @ a621407f
......@@ -22,6 +22,8 @@ privileges = "{
],
'2' : [
'journal/audit',
'journal/lifeCycleJournal',
'journal/searchLogArchive',
'adminArchive/*',
'adminTech/adminEventFormat',
'adminTech/adminFormat',
......@@ -45,7 +47,8 @@ privileges = "{
'adminFunc/adminOrganization',
'adminFunc/adminUseraccount',
'adminFunc/adminServiceaccount',
'adminFunc/adminAuthorization'
'adminFunc/adminAuthorization',
'adminFunc/batchScheduling'
]
}"
......
data/conf/vhost.conf.default
View file @ a621407f
......@@ -30,7 +30,7 @@
SetEnv LAABS_APP digitalSafe
SetEnv LAABS_BUNDLES digitalSafe;audit;auth;batchProcessing;contact;digitalResource;digitalSafe;lifeCycle;medona;mades;organization;recordsManagement;filePlan
SetEnv LAABS_EXTENSIONS digitalSafe
SetEnv LAABS_DEPENDENCIES repository;xml;html;localisation;datasource;sdo;json;fileSystem;notification;PDF;csrf;csv
SetEnv LAABS_DEPENDENCIES repository;xml;html;localisation;datasource;sdo;json;fileSystem;notification;PDF;csrf;csv;timestamp
SetEnv LAABS_PRESENTATION maarchRM
SetEnv SERVICE_CLIENT_TOKEN service
......
data/sql/default.sql
View file @ a621407f
-- AUTH
-- AUTH USER
INSERT INTO auth.account ("accountId", "accountName", "displayName", "accountType", "emailAddress", enabled, password, "passwordChangeRequired", "passwordLastChange", locked, "lockDate", "badPasswordCount", "lastLogin", "lastIp", "replacingUserAccountId", "firstName", "lastName", title, salt, "tokenDate", authentication, preferences, "ownerOrgId", "isAdmin") VALUES
('maarchrmds_5jmpnhp7q-0000-pf4vjt', 'superadmin', 'super admin', 'user', 'support@maarch.fr', true, '186cf774c97b60a1c106ef718d10970a6a06e06bef89553d9ae65d938a886eae', false, NULL, false, NULL, 0, NULL, NULL, NULL, 'Admin', 'Super', 'M.', NULL, NULL, NULL, NULL, NULL, true);
-- AUTH SERVICE
INSERT INTO "auth"."account" ("accountId","accountName","displayName","accountType","emailAddress","enabled","password","passwordChangeRequired","passwordLastChange","locked","lockDate","badPasswordCount","lastLogin","lastIp","replacingUserAccountId","firstName","lastName","title","salt","tokenDate","authentication","preferences","ownerOrgId","isAdmin") VALUES
('maarchrmds_5jmpnt8go-0000-s791qn', 'ADMIN-G', 'ADMIN-G', 'service', '', true, 'phdF9WkJuTKkDuPXoqDZuPs4jdJfIZgYNAOiaya9vYxcKibaHOiJ1ZQ5f27UftAUh+ymwIbKpgJuRpUj1mg+1ndLFxFM4s9g0p+U20vcHhoeXvzoQ/jZq8ae/eX+G5lbewHr2CBuHzA7xCKWm8XGaNDfqwp5+aj/', true, NULL, false, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, true);
-- ROLE
INSERT INTO "auth"."role"("roleId", "roleName", "description", "securityLevel", "enabled") VALUES
('maarchrmds_5jmpnhp7q-0000-pf4vww', 'Administrateur Général', 'Groupe administrateur général', 'gen_admin', true),
......@@ -11,7 +15,7 @@ INSERT INTO "auth"."role"("roleId", "roleName", "description", "securityLevel",
INSERT INTO "auth"."roleMember"("roleId", "userAccountId") VALUES
('maarchrmds_5jmpnhp7q-0000-pf4vww', 'maarchrmds_5jmpnhp7q-0000-pf4vjt');
-- privilege
-- user privileges
INSERT INTO "auth"."privilege"("roleId", "userStory") VALUES
('maarchrmds_5jmpnhp7q-0000-pf4vww', 'adminTech/*'),
('maarchrmds_5jmpnhp7q-0000-pf4vww', 'adminFunc/adminOrganization'),
......@@ -26,6 +30,21 @@ INSERT INTO "auth"."privilege"("roleId", "userStory") VALUES
('maarchrmds_5jmpnhp7q-0000-pf4ttt', 'adminFunc/adminServiceaccount'),
('maarchrmds_5jmpnhp7q-0000-pf4ttt', 'adminFunc/adminOrgUser');
--service privileges
INSERT INTO "auth"."servicePrivilege" ("accountId","serviceURI") VALUES
('maarchrmds_5jmpnt8go-0000-s791qn', 'organization/organization/create'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'organization/organization/index'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'organization/organization/update_orgId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/userAccount/create'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/userAccount/updateEnable_userAccountId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/userAccount/updateDisable_userAccountId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/create'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/update'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/updateEnable_serviceAccountId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/updateDisable_serviceAccountId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/updateServicetoken_serviceAccountId_')
;
-- LIFECYCLE
INSERT INTO "lifeCycle"."eventFormat" (type, format, message, notification) VALUES
('recordsManagement/archivalProfileModification', 'archivalProfileReference', 'Modification du profil %6$s.', false),
......
data/sql/demo.sql
View file @ a621407f
......@@ -11,7 +11,7 @@ INSERT INTO "auth"."account" ("accountId","accountName","displayName","accountTy
('maarchrmds_5jmpnqfv9-0000-leb5cl', 'ADMIN-F-coffre-A', 'ADMIN-F-coffre-A', 'service', '', true, 'RJpzB36bmR+iuz/aHN9Zl9PDn8tZEtwb8PHWeRdfdZbZhWnoyiAnHYBhbXWFQ1k4jUfv1vXUmsiuYBfKM0LjuQvqukZbgs7rgseOzrBOnXwqAUerHOXVlbKeqrZw8wCNaLM=', true, NULL, false, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'maarchrmds_5jmx41bs6-0000-dlmg8h', true),
('maarchrmds_5jmpntc9y-0000-r8vwtw', 'ADMIN-F-coffre-B', 'ADMIN-F-coffre-B', 'service', '', true, 'RJpzB36bmR+iuz/aHN9Zl9PDn8tZEtwb8PHWeRdfdZbZhWnoyiMnHYBhbXWFQ1k43xOz0fHUzZv8OkTNMEy24gq+vBFd0p2z0M2DnLYYz3cqAUerHOXVlbKeqrZw8wCNaLM=', true, NULL, false, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'maarchrmds_5jmx41t30-0000-yr4m49', true),
('maarchrmds_5jmpnspb0-0000-sxzow6', 'ADMIN-F-maarch', 'ADMIN-F-maarch', 'service', '', true, 'RJpzB36bmR+iuz/aHN9Zl9PDn8tZEtwb8PHWeRdfe5jekXjlxU0nQsN+eDvLQwEvhEPu16fWnMyvbhWWOkKxvg7t6kZc1pvv08SCmuIR2jgkXg7xCfTXnbSWsbE9pxLK', true, NULL, false, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'maarchrmds_5jmx3s8zh-0000-kffw4z', true),
('maarchrmds_5jmpnt8go-0000-s791qn', 'ADMIN-G', 'ADMIN-G', 'service', '', true, 'RJpzB36bmR+iuz/aHN9Zl9PDn8tZEtwb8PHWeRZQOtvMgnf5xVsnB8d2byqTVFIq3RfhgPHWkM7/OEOXYErl6lvrv0NYgsuoyNiUmqtYkTdpCALmF7+fzL0=', true, NULL, false, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, true)
('maarchrmds_5jmpnt8go-0000-s791qn', 'ADMIN-G', 'ADMIN-G', 'service', '', true, 'RJpzB36bmR+iuz/aHN9Zl9PDn8tZEvA+3Mr7PCMfcorg1nHglw9xCcV9ISnBUVM3zxHvhLPci4bpKkPDd1m7+AK/7kJbgcu7g8LVneMRzXMwTF6+TvmSxPPGvOp+rBTWerPP/8mWNoxWVa56i/etEHT6', true, NULL, false, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, true)
;
INSERT INTO "auth"."account" ("accountId","accountName","displayName","accountType","emailAddress","enabled","password","passwordChangeRequired","passwordLastChange","locked","lockDate","badPasswordCount","lastLogin","lastIp","replacingUserAccountId","firstName","lastName","title","salt","tokenDate","authentication","preferences","ownerOrgId","isAdmin") VALUES
......@@ -83,6 +83,7 @@ INSERT INTO "auth"."servicePrivilege" ("accountId","serviceURI") VALUES
INSERT INTO "auth"."servicePrivilege" ("accountId","serviceURI") VALUES
('maarchrmds_5jmpnt8go-0000-s791qn', 'organization/organization/create'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'organization/organization/index'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'organization/organization/update_orgId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/userAccount/create'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/userAccount/updateEnable_userAccountId_'),
......@@ -90,7 +91,8 @@ INSERT INTO "auth"."servicePrivilege" ("accountId","serviceURI") VALUES
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/create'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/update'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/updateEnable_serviceAccountId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/updateDisable_serviceAccountId_')
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/updateDisable_serviceAccountId_'),
('maarchrmds_5jmpnt8go-0000-s791qn', 'auth/serviceAccount/updateServicetoken_serviceAccountId_')
;
INSERT INTO "auth"."servicePrivilege" ("accountId","serviceURI") VALUES
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment