Commit b2c85ec9 authored by Arnaud Pauget's avatar Arnaud Pauget
Browse files

Merge branch 'Support/2.8.X' into 'master'

fix(19647) : changing the pattern regex in html to prevent validation error...

See merge request !719
parents 7a4b4d90 f1e8b69d
Pipeline #18120 failed with stages
in 21 seconds
# CHANGELOG
## Version 2.8.3
- `Fixed` Recherche par côte d'archive non fonctionnelle.
- `Fixed` Vérification du pattern de l'adresse email lors de la création d'un nouvel utilisateur.
## Version 2.8.2
- `Changed` Possibilité d'ajouter des caractères spéciaux dans les identifiants d'organisations.
- `Fixed` Blocage du process d'extraction fulltext si un document était en erreur dans Apache Tika.
- `Changed` Possibilité de rechercher les archives d'un service producteur appartenant à une autre organisation si la liaison du service d'archive et service producteur existe dans un accord de versement.
- `Changed` Possibilité d'empêcher l'opérateur d'archivage d'accéder à toutes les archives du système. Voir point de configuration "ownerIsSuperUser" dans configuration.ini.default.
- `Fixed` Import via connecteur Octave.
## Version 2.8.1
- `Fixed` Impossible de modifier son mot de passe pour un utilisateur nouvellement créé
......
# Migration 2.8.2
## Modification dans la configuration :
### Ajout
Dans la section [recordsManagement], ajout de la directive `ownerIsSuperUser` qui permet de définir si les utilisateurs appartenant au service d'opérateur d'archvivage ont le droit ou non d'accéder à toutes les archives du système. Si `true`, alors les opérateurs ont accès à toutes les archives du système. Si `false`, l'opérateur d'archivage sera considéré comme n'importe quel autre service producteur et aura accès uniquement à ses propres archives dont il est déclaré comme producteur.
# Migration 2.7 vers 2.8
## Vhost :
......
......@@ -46,6 +46,10 @@ css = "/presentation/css/style.css"
displayableFormat = "['application/pdf', 'image/jpeg', 'image/png', 'text/plain']"
[recordsManagement]
; Allow the owner org to have access to other org units archives
ownerIsSuperUser = false
; Profile directory for rng profile
profilesDirectory = "%laabsDirectory%/data/maarchRM/profiles"
refDirectory = "%laabsDirectory%/data/maarchRM/ref"
......
......@@ -223,6 +223,11 @@ class userAccount
$userAccount->accountId = \laabs::newId();
$userAccount->accountType = 'user';
if (!is_null($userAccount->emailAddress) && !filter_var($userAccount->emailAddress, FILTER_VALIDATE_EMAIL)) {
$validationErrors = ["Email malformed"];
throw \laabs::newException("auth/invalidUserInformationException", $validationErrors);
}
$organizationController = \laabs::newController('organization/organization');
if (!is_null($organizations)) {
$organization = $organizationController->read($organizations[0]);
......
......@@ -882,7 +882,9 @@ class digitalResource
file_put_contents($srcfile, $contents);
$fullText .= $fullTextService->getText($srcfile);
try {
$fullText .= $fullTextService->getText($srcfile);
} catch (\Exception $exception) {}
}
}
......
......@@ -119,15 +119,16 @@ class ArchiveTransfer extends abstractMessage
foreach ($confParams as $name => $confParam) {
// Default value
$param = "";
if (isset($confParam["default"])) {
$value = $confParam["default"];
$param = $confParam["default"];
}
if (isset($params[$name]) && $params[$name] !== "") {
$value = $params[$name];
$param = $params[$name];
}
$params[$name] = $value;
$params[$name] = $param;
if ($param == "") {
if (isset($confParam["required"]) && $confParam["required"]) {
......
......@@ -1624,15 +1624,11 @@ class organization
public function getOriginator()
{
$currentService = \laabs::getToken("ORGANIZATION");
if (!$currentService) {
$this->view->addContentFile("recordsManagement/welcome/noWorkingOrg.html");
return $this->view->saveHtml();
}
$ownerOriginatorOrgs = $this->getOwnerOrgsByRole($currentService, 'originator');
$originators = [];
foreach ($ownerOriginatorOrgs as $org) {
foreach ($org->originator as $originator) {
foreach ($org->originators as $originator) {
$originator->ownerOrgName = $org->displayName;
$originators[] = $originator;
}
......@@ -1650,20 +1646,22 @@ class organization
*/
protected function getOwnerOrgsByRole($currentService, $role)
{
$organizationController = \laabs::newController('organization/organization');
$orgUnits = $organizationController->getOrgsByRole($role);
$orgUnits = $this->getOrgsByRole($role);
$userPositionController = \laabs::newController('organization/userPosition');
$orgController = \laabs::newController('organization/organization');
$archivalAgreementController = \laabs::newController('medona/archivalAgreement');
$owner = false;
$archiver = false;
$userOrgUnits = [];
$userOrgs = [];
$allArchivalAgreements = $archivalAgreementController->index();
$originatorOrgIds = [];
$userOrgUnitOrgRegNumbers = array_merge(array($currentService->registrationNumber), $userPositionController->readDescandantService((string)$currentService->orgId));
foreach ($userOrgUnitOrgRegNumbers as $userOrgUnitOrgRegNumber) {
$userOrgUnit = $orgController->getOrgByRegNumber($userOrgUnitOrgRegNumber);
$userOrgUnit = $this->getOrgByRegNumber($userOrgUnitOrgRegNumber);
$userOrgUnits[] = $userOrgUnit;
if (isset($userOrgUnit->orgRoleCodes)) {
foreach ($userOrgUnit->orgRoleCodes as $orgRoleCode) {
......@@ -1672,6 +1670,12 @@ class organization
}
if ($orgRoleCode == 'archiver') {
$archiver = true;
$myOriginatorOrgs = [];
foreach ($allArchivalAgreements as $archivalAgreement) {
if($archivalAgreement->archiverOrgRegNumber == $userOrgUnitOrgRegNumber) {
$myOriginatorOrgs = array_merge($myOriginatorOrgs, $archivalAgreement->originatorOrgIds->jsonSerialize());
}
}
}
}
}
......@@ -1681,20 +1685,22 @@ class organization
foreach ($orgUnits as $orgUnit) {
if (// Owner = all originators
$owner
// Archiver = all originators fo the same org
|| ($archiver && $orgUnit->ownerOrgId == $userOrgUnit->ownerOrgId)
// Archiver = all originators for the same org
|| ($archiver && ($orgUnit->ownerOrgId == $userOrgUnit->ownerOrgId || in_array($orgUnit->orgId, $myOriginatorOrgs)))
// Originator = all originators at position and sub-services
|| ($role == 'originator' && $orgUnit->registrationNumber == $userOrgUnit->registrationNumber)
// Depositor = all
|| $role == 'depositor') {
if (!isset($userOrgs[(string)$orgUnit->ownerOrgId])) {
$orgObject = $organizationController->read((string)$orgUnit->ownerOrgId);
// $originators = $orgUnit->originators;
if (!isset($userOrgs[(string)$orgUnit->ownerOrgId])) {
$orgObject = $this->read((string)$orgUnit->ownerOrgId);
$userOrgs[(string)$orgObject->orgId] = new \stdClass();
$userOrgs[(string)$orgObject->orgId]->displayName = $orgObject->displayName;
$userOrgs[(string)$orgObject->orgId]->{$role} = [];
$userOrgs[(string)$orgObject->orgId]->originators = [];
}
$userOrgs[(string)$orgObject->orgId]->{$role}[] = $orgUnit;
$userOrgs[(string)$orgObject->orgId]->originators[] = $orgUnit;
}
}
}
......
......@@ -85,6 +85,10 @@ trait archiveAccessTrait
$checkAccess = true,
$maxResults = null
) {
if(is_null($originatorArchiveId)) {
$originatorArchiveId = $archiverArchiveId;
}
$accountController = \laabs::newController('auth/userAccount');
$accountController->isAuthorized('user');
......@@ -921,11 +925,16 @@ trait archiveAccessTrait
$this->userPositionController->readDescandantService((string) $currentService->orgId)
);
$ownerIsSuperUser = true;
if (isset(\laabs::configuration("recordsManagement")['ownerIsSuperUser'])) {
$ownerIsSuperUser = (bool) \laabs::configuration("recordsManagement")['ownerIsSuperUser'];
}
foreach ($userServiceOrgRegNumbers as $userServiceOrgRegNumber) {
$userService = $this->organizationController->getOrgByRegNumber($userServiceOrgRegNumber);
// User orgUnit is owner
if (isset($userService->orgRoleCodes) && (strpos((string) $userService->orgRoleCodes, 'owner') !== false)) {
if (isset($userService->orgRoleCodes) && (strpos((string) $userService->orgRoleCodes, 'owner') !== false) && $ownerIsSuperUser) {
return true;
}
......@@ -1030,6 +1039,11 @@ trait archiveAccessTrait
$queryParts['archiverArchiveId'] = "archiverArchiveId= :archiverArchiveId";
$queryParams['archiverArchiveId'] = $args['archiverArchiveId'];
}
if (!empty($args['originatorArchiveId']) && !empty($args['archiverArchiveId']) && $args['originatorArchiveId'] == $args['archiverArchiveId']) {
$queryParts['originatorArchiveId'] = "(archiveId= :archiveId OR originatorArchiveId= :originatorArchiveId OR archiverArchiveId= :archiverArchiveId)";
$queryParams['archiveId'] = $args['originatorArchiveId'];
unset($queryParts['archiverArchiveId']);
}
if (!empty($args['originatingDate'])) {
if (!empty($args['originatingDate'][0]) && is_string($args['originatingDate'][0])) {
$args['originatingDate'][0] = \laabs::newDate($args['originatingDate'][0]);
......@@ -1129,9 +1143,14 @@ trait archiveAccessTrait
$this->userPositionController->readDescandantService((string) $currentService->orgId)
);
$ownerIsSuperUser = true;
if (isset(\laabs::configuration("recordsManagement")['ownerIsSuperUser'])) {
$ownerIsSuperUser = (bool) \laabs::configuration("recordsManagement")['ownerIsSuperUser'];
}
foreach ($userServiceOrgRegNumbers as $userServiceOrgRegNumber) {
$userService = $this->organizationController->getOrgByRegNumber($userServiceOrgRegNumber);
if (isset($userService->orgRoleCodes) && $userService->orgRoleCodes->contains('owner')) {
if (isset($userService->orgRoleCodes) && $userService->orgRoleCodes->contains('owner') && $ownerIsSuperUser) {
return;
}
}
......@@ -1362,7 +1381,6 @@ trait archiveAccessTrait
if (!$currentUserService) {
return false;
}
$userPositionController = \laabs::newController('organization/userPosition');
$org = $this->organizationController->getOrgByRegNumber($archive->originatorOrgRegNumber);
$positionAncestors = $this->organizationController->readParentOrg($this->organizationController->getOrgByRegNumber($archive->originatorOrgRegNumber)->orgId);
......@@ -1370,9 +1388,16 @@ trait archiveAccessTrait
$userServices[] = $currentUserService->registrationNumber;
// OWNER access
$ownerIsSuperUser = true;
if (isset(\laabs::configuration("recordsManagement")['ownerIsSuperUser'])) {
$ownerIsSuperUser = (bool) \laabs::configuration("recordsManagement")['ownerIsSuperUser'];
}
if (
!is_null($currentUserService->orgRoleCodes)
&& \laabs\in_array('owner', $currentUserService->orgRoleCodes)
&& $ownerIsSuperUser
) {
return true;
}
......
......@@ -778,16 +778,42 @@ trait archiveEntryTrait
}
/**
* Update the retention start date of an archive
* Get the identifiers of the parent and the sibling archives
*
* @param recordsManagement/archive $archive The archive to receive
* @param recordsManagement/archive $archive The archive to receive
* @return array Archive ids of the archive, the parent and the siblings of the archive
*/
public function updateRetentionRuleStartDate($archive)
{
if ($this->archivalProfileController->getByReference($archive->archivalProfileReference) &&
(!empty($archive->fileplanLevel) && $archive->fileplanLevel == 'file')) {
$archive->retentionStartDate = \laabs::newTimestamp();
$archive->disposalDate = $archive->retentionStartDate->shift($archive->retentionDuration);
public function getParentAndSiblingIds($archive) {
$result = [];
if (!empty($archive->parentArchiveId)) {
$result = array_merge([$archive->parentArchiveId], $this->getChildrenArchives($archive->parentArchiveId));
}
return $result;
}
/**
* Apply the retention rule start date modification from last deposit on archive identifiers
*
* @param array $archiveIds The identifiers of the archives to update
*/
public function updateRetentionRuleStartDate($archiveIds) {
$currentDate = \laabs::newDate();
try {
foreach($archiveIds as $archiveId) {
$archiveToModify = $this->sdoFactory->read('recordsManagement/archive', $archiveId);
$retentionRule = $this->retentionRuleController->read($archiveToModify->retentionRuleCode);
$retentionRule = \laabs::castMessage($archiveToModify, 'recordsManagement/archiveRetentionRule');
$retentionRule->retentionStartDate = $currentDate;
$retentionRule->changeStartDate = true;
$this->modifyRetentionRule($retentionRule, $archiveId);
}
} catch (\Exception $exception) {
throw $exception;
}
}
......@@ -856,16 +882,16 @@ trait archiveEntryTrait
}
if ($transactionControl) {
$this->sdoFactory->commit();
// TimeStamp last modification date of the parent archive.
if (!empty($archive->parentArchiveId)) {
$parentArchive = $this->sdoFactory->read('recordsManagement/archive', $archive->parentArchiveId);
$parentArchive->lastModificationDate = \laabs::newTimestamp();
if ($this->archivalProfileController->getByReference($parentArchive->archivalProfileReference)->isRetentionLastDeposit) {
$this->updateRetentionRuleStartDate($parentArchive);
}
$this->sdoFactory->update($parentArchive, 'recordsManagement/archive');
$this->sdoFactory->commit();
}
// feat/16379 : update retention rule start date from last deposit
if (!empty($archive->parentArchiveId)) {
$parentArchive = $this->sdoFactory->read('recordsManagement/archive', $archive->parentArchiveId);
$parentArchivalProfile = $this->archivalProfileController->getByReference($parentArchive->archivalProfileReference);
if ($parentArchivalProfile->isRetentionLastDeposit) {
$archiveIds = $this->getParentAndSiblingIds($archive);
$this->updateRetentionRuleStartDate($archiveIds);
}
}
......
......@@ -937,7 +937,10 @@ trait archiveModificationTrait
stream_copy_to_stream($handler, $tmpStream);
rewind($tmpStream);
fclose($tmpStream);
$fullText .= $fulltextService->getText($tmpFile, $options) . " ";
try {
$fullText .= $fulltextService->getText($tmpFile, $options) . " ";
} catch (\Exception $exception) {}
unlink($tmpFile);
}
$archive = $this->retrieve($archiveId);
......
......@@ -77,7 +77,21 @@ class archive
$emptyRole = true;
} else {
$emptyRole = false;
$ownerOriginatorOrgs = $this->getOwnerOriginatorsOrgs($currentService);
// $ownerOriginatorOrgs = $this->getOwnerOriginatorsOrgs($currentService);
/* $orgController = \laabs::newController('organization/organization');
$originators = $orgController->getOriginator();
foreach ($originators as $originator) {
if (!isset($ownerOriginatorOrgs[(string) $originator->ownerOrgId])) {
$ownerOriginatorOrgs[(string) $originator->ownerOrgId] = new \stdClass();
$ownerOriginatorOrgs[(string) $originator->ownerOrgId]->displayName = $originator->ownerOrgName;
$ownerOriginatorOrgs[(string) $originator->ownerOrgId]->originators = [];
}
if (!in_array($originator, $ownerOriginatorOrgs[(string) $originator->ownerOrgId]->originators)) {
$ownerOriginatorOrgs[(string)$originator->ownerOrgId]->originators[] = $originator;
}
} */
}
$descriptionSchemeNames = \laabs::callService('recordsManagement/descriptionScheme/read_name_Descriptionfields');
$retentionRuleController = \laabs::newController('recordsManagement/retentionRule');
......@@ -111,7 +125,7 @@ class archive
$this->view->setSource("retentionRules", $retentionRules);
$this->view->setSource("emptyRole", $emptyRole);
$this->view->setSource("profiles", $profiles);
$this->view->setSource("organizationsOriginator", $ownerOriginatorOrgs);
// $this->view->setSource("organizationsOriginator", $ownerOriginatorOrgs);
$this->view->setSource("deleteDescription", $deleteDescription);
$this->view->setSource("descriptionScheme", $descriptionSchemeNames);
......@@ -228,6 +242,7 @@ class archive
$archive->hasRights = false;
} else {
$archive->hasRights = $archiveController->checkRights($archive);
// $archive->hasRights = true;
}
} catch (\Exception $e) {
$archive->hasRights = false;
......
......@@ -204,8 +204,8 @@ msgstr "Comptes de service"
msgid "Submit"
msgstr "Valider"
msgid "You must use only letters, numbers and the special character '_'"
msgstr "Vous devez utiliser uniquement les lettres, les chiffres et le caractère spécial '_'"
msgid "You must use only letters, numbers and the special characters ('_','-','/' and '.')"
msgstr "Vous devez utiliser uniquement les lettres, les chiffres et les caractères spéciaux ('_','-','/' et '.')"
msgid "The first and last character must be a letter. You must use only letters and the special character '_'"
msgstr "Les premier et dernier caractères doivent être des lettres. Vous devez utiliser uniquement les lettres et le caractère spécial '_'"
......
......@@ -279,7 +279,7 @@
}
function validateEmail($email) {
var emailReg = /^([\w-\.]+@([\w-]+\.)+[\w-]{2,4})?$/;
var emailReg = /(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])/;
return emailReg.test($email);
}
......
......@@ -33,7 +33,7 @@
<div class="form-group">
<label>Registration number <span style="color: red">*</span></label>
<input type="text" class="form-control" name="registrationNumber" placeholder="Registration number">
<small class="help-block">You must use only letters, numbers and the special character '_'</small>
<small class="help-block">You must use only letters, numbers and the special characters ('_','-','/' and '.')</small>
</div>
<div class="form-group" id="orgForm_enabled" style="display: none">
<label>Enabled</label>
......@@ -265,7 +265,7 @@
var organization = OrganizationForm.serialize();
var pattern = new RegExp("^[A-Za-z0-9_]*[A-Za-z0-9_]$");
var pattern = new RegExp("^[A-Za-z0-9_/.-]*[A-Za-z0-9_/.-]$");
if(!pattern.test(organization.registrationNumber)) {
return;
......@@ -395,7 +395,7 @@
$("#organization_organizationForm").on("keyup","[name='registrationNumber']", function(){
var input = $(this);
var pattern = new RegExp("^[A-Za-z0-9_]*[A-Za-z0-9]$");
var pattern = new RegExp("^[A-Za-z0-9_/.-]*[A-Za-z0-9/.-]$");
var formGroup = input.closest('.form-group');
if(!input.val()) {
......
......@@ -339,7 +339,7 @@ FulltextSearchForm = {
} else if ($(this).hasClass('dateTimePicker')) {
var operation = ($(this).data('range') == 'start') ? ">=" : "<=";
// TODO fix datetime sent in params with a date conversion (done @rm/archives/search.html)
value = name + operation + "'" + $(this).data('DateTimePicker').date().format('YYYY-MM-DD HH:MM:SS') + "'";
value = name + operation + "'" + $(this).data('DateTimePicker').date().format('YYYY-MM-DD HH:mm:ss') + "'";
// Fill start and end values
if (query.description[name] == undefined) {
......
......@@ -41,7 +41,7 @@
<div class="col-sm-8">
<input type="text" class="form-control orgHide" placeholder="Producer" name="originatorOwnerOrgRegNumber"
id="orgTypeahead" />
<select class="form-control hide" name="originatorOwnerOrgId" id="originatorOwnerOrgId">
<!-- <select class="form-control hide" name="originatorOwnerOrgId" id="originatorOwnerOrgId">
<option value="">All</option>
<?merge organizationsOriginator ?>
<div>
......@@ -50,8 +50,10 @@
<?merge .displayName ?>
</option>
</div>
</select>
<select class="form-control hide" name="originatorOrgRegNumber" id="originatorOrgRegNumber">
</select> -->
<input type="hidden" name="originatorOwnerOrgId" id="originatorOwnerOrgId" />
<!-- <select class="form-control hide" name="originatorOrgRegNumber" id="originatorOrgRegNumber">
<option value="">All</option>
<?merge organizationsOriginator ?>
<div>
......@@ -60,7 +62,8 @@
<?merge .displayName ?>
</option>
</div>
</select>
</select> -->
<input type="hidden" name="originatorOrgRegNumber" id="originatorOrgRegNumber" />
</div>
</div>
</div>
......@@ -246,6 +249,7 @@
<hr style="height:1px;border:none;color:gray;background-color:gray;">
</div>
<span class="hide" id="required_fields">You must fill all required fields (*)</span>
<div data-translate-catalog="recordsManagement/messages" id="noOriginatorFound" class="hide">No originator found</div>
</div>
<script>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment