From 98a7e029791b96c4d724e39a5ead7be71db0f76d Mon Sep 17 00:00:00 2001 From: Arnaud Pauget Date: Fri, 27 Nov 2020 15:05:37 +0000 Subject: [PATCH] Release/2.6.9 (cherry picked from commit 338afc1b023862d06bd113b555ec392c6dfc3ed0) --- src/bundle/auth/Controller/serviceAccount.php | 18 +++++++- .../organization/Controller/organization.php | 32 ++++++++++---- .../organization/organizationInterface.php | 2 +- .../Presenter/auth/serviceAccount.php | 27 ++---------- .../Presenter/batchProcessing/scheduling.php | 16 ------- .../view/auth/serviceAccount/edit.html | 43 +++++++------------ 6 files changed, 60 insertions(+), 78 deletions(-) diff --git a/src/bundle/auth/Controller/serviceAccount.php b/src/bundle/auth/Controller/serviceAccount.php index b681b7c56..99a2c8e3b 100755 --- a/src/bundle/auth/Controller/serviceAccount.php +++ b/src/bundle/auth/Controller/serviceAccount.php @@ -368,8 +368,22 @@ class serviceAccount $account = $this->read($accountToken->accountId); if ($account->accountId != $serviceAccount->accountId && $this->hasSecurityLevel) { - if (array_search($serviceAccount->accountName, array_column($this->search(), 'accountName')) === false){ - throw new \core\Exception\UnauthorizedException("You are not allowed to modify this service account"); + if ($account->getSecurityLevel() == $account::SECLEVEL_GENADMIN) { + if (!$serviceAccount->isAdmin) { + throw new \core\Exception\UnauthorizedException("You are not allowed to modify this service account"); + } + } + else if ($account->getSecurityLevel() == $account::SECLEVEL_FUNCADMIN) { + $organization = $this->sdoFactory->read('organization/organization', $account->ownerOrgId); + $organizations = $this->organizationController->readDescendantOrg($organization->orgId); + $organizations[] = $organization; + $organizationsIds = []; + foreach ($organizations as $key => $organization) { + $organizationsIds[] = (string) $organization->orgId; + } + if ($serviceAccount->isAdmin || !in_array($serviceAccount->ownerOrgId, $organizationsIds)){ + throw new \core\Exception\UnauthorizedException("You are not allowed to modify this service account"); + } } $this->checkPrivilegesAccess($account, $serviceAccount); } diff --git a/src/bundle/organization/Controller/organization.php b/src/bundle/organization/Controller/organization.php index 6a710f686..872b80bbe 100755 --- a/src/bundle/organization/Controller/organization.php +++ b/src/bundle/organization/Controller/organization.php @@ -67,10 +67,11 @@ class organization * * @param bool $ownerOrg * @param bool $orgUnit + * @param string $term The term to search in database * * @return organization/organization[] An array of organization whith service */ - public function todisplay($ownerOrg, $orgUnit) + public function todisplay($ownerOrg, $orgUnit, $term) { $authController = \laabs::newController("auth/userAccount"); $user = $authController->get(\laabs::getToken('AUTH')->accountId); @@ -79,9 +80,9 @@ class organization $orgList = []; if (!$currentOrg || (!empty($currentOrg->orgRoleCodes) && in_array('owner', $currentOrg->orgRoleCodes))) { - $orgUnitList = $this->getOwnerOriginatorsOrgs(); + $orgUnitList = $this->getOwnerOriginatorsOrgs(null, $term); } else { - $orgUnitList = $this->getOwnerOriginatorsOrgs($currentOrg); + $orgUnitList = $this->getOwnerOriginatorsOrgs($currentOrg, $term); } foreach ($orgUnitList as $org) { @@ -1472,7 +1473,7 @@ class organization return $count > 0 ? true : false; } - protected function getOwnerOriginatorsOrgs($currentService = null) + protected function getOwnerOriginatorsOrgs($currentService = null, $term = null) { $userPositionController = \laabs::newController('organization/userPosition'); $owner = false; @@ -1495,9 +1496,17 @@ class organization $userOrgs[] = $currentService; } + $filter = ""; + if ($term) { + $filter = "(registrationNumber ~ '*".$term."*' + OR orgName ~ '*".$term."*' + OR displayName ~ '*".$term."*' + OR parentOrgId ~ '*".$term."*')"; + } + $organizationController = \laabs::newController('organization/organization'); if ($securityLevel == $user::SECLEVEL_GENADMIN || is_null($securityLevel)) { - $originators = $organizationController->index(); + $originators = $organizationController->index(null, $filter); } else { foreach ($userOrgs as $userPosition) { if (!in_array($userPosition->ownerOrgId, $userOwnerOrgs)) { @@ -1515,13 +1524,20 @@ class organization } if ($owner) { - $originators = $organizationController->index(); + $originators = $organizationController->index(null, $filter); } else { + $query = "isOrgUnit=true"; + if (!empty($userOwnerOrgs)) { + $query .= " AND ownerOrgId=['" . \laabs\implode("','", $userOwnerOrgs) . "']"; + } + if ($term) { + $query .= " AND $filter"; + } + $originators = $organizationController->index( null, - "isOrgUnit=true AND ownerOrgId=['" . \laabs\implode("','", $userOwnerOrgs) . "']" + $query ); - $originators = array_merge($originators, $this->readDescendantServices($user->ownerOrgId)); } } diff --git a/src/bundle/organization/organizationInterface.php b/src/bundle/organization/organizationInterface.php index 9cb7649a9..8792fa507 100755 --- a/src/bundle/organization/organizationInterface.php +++ b/src/bundle/organization/organizationInterface.php @@ -310,7 +310,7 @@ interface organizationInterface * * @action organization/organization/todisplay */ - public function readTodisplay($ownerOrg = false, $orgUnit = false); + public function readTodisplay($ownerOrg = false, $orgUnit = false, $term = ""); /** * Get originator diff --git a/src/presentation/maarchRM/Presenter/auth/serviceAccount.php b/src/presentation/maarchRM/Presenter/auth/serviceAccount.php index d0181bb2c..817438822 100755 --- a/src/presentation/maarchRM/Presenter/auth/serviceAccount.php +++ b/src/presentation/maarchRM/Presenter/auth/serviceAccount.php @@ -127,16 +127,9 @@ class serviceAccount */ public function edit($serviceAccount) { - $tabOrganizations = \laabs::callService('organization/organization/readIndex'); - $ownerOrganizations = []; - $organizations = []; - - foreach ($tabOrganizations as $org) { - if ($org->isOrgUnit) { - $organizations[] = $org; - } else { - $ownerOrganizations []= $org; - } + if (isset($serviceAccount->orgId)) { + $serviceAccount->orgName = \laabs::callService('organization/organization/read_orgId_', (string) $serviceAccount->orgId)->displayName; + $serviceAccount->ownerOrgName = \laabs::callService('organization/organization/read_orgId_', (string) $serviceAccount->ownerOrgId)->displayName; } if ($serviceAccount->servicePrivilege) { @@ -155,18 +148,6 @@ class serviceAccount } } - foreach ($organizations as $org) { - if (isset($serviceAccount->orgId) && $org->orgId == $serviceAccount->orgId) { - $serviceAccount->orgName = $org->displayName; - $ownerOrgid = $org->ownerOrgId; - } - } - foreach ($ownerOrganizations as $org) { - if (isset($ownerOrgid) && $ownerOrgid == $org->orgId) { - $serviceAccount->ownerOrgName = $org->displayName; - } - } - $accountId = \laabs::getToken("AUTH")->accountId; $account = \laabs::callService("auth/userAccount/read_userAccountId_", $accountId); @@ -177,8 +158,6 @@ class serviceAccount } $this->view->addContentFile("auth/serviceAccount/edit.html"); - $this->view->setSource("organizations", $organizations); - $this->view->merge($this->view->getElementById("serviceOrgId")); $this->view->setSource("serviceAccount", $serviceAccount); $this->view->setSource('whatAmI', $whatAmI); diff --git a/src/presentation/maarchRM/Presenter/batchProcessing/scheduling.php b/src/presentation/maarchRM/Presenter/batchProcessing/scheduling.php index e0ffc22aa..a6b328572 100755 --- a/src/presentation/maarchRM/Presenter/batchProcessing/scheduling.php +++ b/src/presentation/maarchRM/Presenter/batchProcessing/scheduling.php @@ -61,21 +61,6 @@ class scheduling $tasks = \laabs::callService('batchProcessing/scheduling/readTasks'); - $serviceAccounts = \laabs::callService('auth/serviceAccount/readSearch'); - - foreach ($serviceAccounts as $key => $serviceAccount) { - $serviceURI = []; - $privileges = \laabs::callService('auth/serviceAccount/readPrivilege_serviceAccountId_', $serviceAccount->accountId); - if (!$serviceAccount->enabled) { - unset($serviceAccounts[$key]); - continue; - } - foreach ($privileges as $privilege) { - $serviceURI[] = $privilege->serviceURI; - } - $serviceAccount->privileges = json_encode($serviceURI); - } - foreach ($scheduledTasks as $scheduledTask) { $scheduledTask->taskName = $tasks[$scheduledTask->taskId]->description; $frequency = explode(';', $scheduledTask->frequency); @@ -133,7 +118,6 @@ class scheduling } $this->view->translate(); - $this->view->setSource("serviceAccount", $serviceAccounts); $this->view->setSource("tasks", $tasks); $this->view->setSource("scheduledTasks", $scheduledTasks); $this->view->setSource("timezone", date_default_timezone_get()); diff --git a/src/presentation/maarchRM/Resources/view/auth/serviceAccount/edit.html b/src/presentation/maarchRM/Resources/view/auth/serviceAccount/edit.html index 8e694dae3..3fceef68a 100755 --- a/src/presentation/maarchRM/Resources/view/auth/serviceAccount/edit.html +++ b/src/presentation/maarchRM/Resources/view/auth/serviceAccount/edit.html @@ -29,12 +29,7 @@ Organization Service
- - +
@@ -268,7 +263,7 @@ } serviceAccount.enabled = false; - var orgId = $("#serviceOrgId").val(); + var orgId = $("#orgTypeahead").attr("data-orgid"); if (serviceAccount['isAdmin'] == true) { serviceAccount.ownerOrgId = $("#orgSelect").val(); @@ -396,9 +391,16 @@ var organizations = new Bloodhound({ datumTokenizer: Bloodhound.tokenizers.obj.whitespace('displayName'), queryTokenizer: Bloodhound.tokenizers.whitespace, - prefetch: {url: '/organizations/todisplay?orgUnit=true', ttl: '0'}, - limit: 100 - }); + remote: { + wildcard: '%QUERY', + url: '/organizations/todisplay?orgUnit=true&ownerOrg=false&term=%QUERY', + rateLimitWait: 500, + ajax : { + async: false + } + }, + limit: 100 + }); window.localStorage.clear(); organizations.initialize(); @@ -430,25 +432,12 @@ return display; } }, - source: function(query, cb) { - organizations.search(query, function(suggestions) { - var i = suggestions.length - while (i--) { - if (!suggestions[i].ownerOrgName) { - suggestions.splice(i, 1) - } else { - if ($('#orgs').find('[data-orgid="' + suggestions[i].orgId + '"]').length) - suggestions.splice(i, 1); - } - } - cb(suggestions); - }); - }, + source: organizations, skipCache: true } ).on('typeahead:selected', function($event, suggestion, source) { $("#orgTypeahead").prop('org', suggestion); - $("#serviceOrgId").val(suggestion.orgId); + $("#orgTypeahead").attr("data-orgid", suggestion.orgId); $("#originatorOwnerOrgName").val(suggestion.ownerOrgName); $("#originatorOwnerOrgName").attr("data-ownerorgid", suggestion.ownerOrgId); }); @@ -457,10 +446,10 @@ var whatAmI = $('#whatAmI').text(); if (!$(this).val() && whatAmI != 'userWithoutSecurityLevel') { $("#originatorOwnerOrgName").val(''); - $("#serviceOrgId").val(''); + $("#orgTypeahead").attr("data-orgid", ""); } else if (!$(this).val() && whatAmI == 'userWithoutSecurityLevel') { $("#originatorOwnerOrgName").val(''); - $("#serviceOrgId").val(''); + $("#orgTypeahead").attr("data-orgid", ""); $("#orgGroup").addClass('hide'); } else if (whatAmI == 'userWithoutSecurityLevel') { $("#orgGroup").removeClass('hide'); -- GitLab