Commit c3dd44b6 authored by Arnaud Pauget's avatar Arnaud Pauget

Merge branch 'release/2.6.9' into 'Support/2.6.X'

Release/2.6.9

See merge request !615
parents 5f1e735e 338afc1b
Pipeline #10421 failed with stages
in 54 seconds
......@@ -355,8 +355,22 @@ class serviceAccount
$account = $this->read($accountToken->accountId);
if ($account->accountId != $serviceAccount->accountId && $this->hasSecurityLevel) {
if (array_search($serviceAccount->accountName, array_column($this->search(), 'accountName')) === false){
throw new \core\Exception\UnauthorizedException("You are not allowed to modify this service account");
if ($account->getSecurityLevel() == $account::SECLEVEL_GENADMIN) {
if (!$serviceAccount->isAdmin) {
throw new \core\Exception\UnauthorizedException("You are not allowed to modify this service account");
}
}
else if ($account->getSecurityLevel() == $account::SECLEVEL_FUNCADMIN) {
$organization = $this->sdoFactory->read('organization/organization', $account->ownerOrgId);
$organizations = $this->organizationController->readDescendantOrg($organization->orgId);
$organizations[] = $organization;
$organizationsIds = [];
foreach ($organizations as $key => $organization) {
$organizationsIds[] = (string) $organization->orgId;
}
if ($serviceAccount->isAdmin || !in_array($serviceAccount->ownerOrgId, $organizationsIds)){
throw new \core\Exception\UnauthorizedException("You are not allowed to modify this service account");
}
}
$this->checkPrivilegesAccess($account, $serviceAccount);
}
......
......@@ -67,10 +67,11 @@ class organization
*
* @param bool $ownerOrg
* @param bool $orgUnit
* @param string $term The term to search in database
*
* @return organization/organization[] An array of organization whith service
*/
public function todisplay($ownerOrg, $orgUnit)
public function todisplay($ownerOrg, $orgUnit, $term)
{
$authController = \laabs::newController("auth/userAccount");
$user = $authController->get(\laabs::getToken('AUTH')->accountId);
......@@ -79,9 +80,9 @@ class organization
$orgList = [];
if (!$currentOrg || (!empty($currentOrg->orgRoleCodes) && in_array('owner', $currentOrg->orgRoleCodes))) {
$orgUnitList = $this->getOwnerOriginatorsOrgs();
$orgUnitList = $this->getOwnerOriginatorsOrgs(null, $term);
} else {
$orgUnitList = $this->getOwnerOriginatorsOrgs($currentOrg);
$orgUnitList = $this->getOwnerOriginatorsOrgs($currentOrg, $term);
}
foreach ($orgUnitList as $org) {
......@@ -1472,7 +1473,7 @@ class organization
return $count > 0 ? true : false;
}
protected function getOwnerOriginatorsOrgs($currentService = null)
protected function getOwnerOriginatorsOrgs($currentService = null, $term = null)
{
$userPositionController = \laabs::newController('organization/userPosition');
$owner = false;
......@@ -1495,9 +1496,17 @@ class organization
$userOrgs[] = $currentService;
}
$filter = "";
if ($term) {
$filter = "(registrationNumber ~ '*".$term."*'
OR orgName ~ '*".$term."*'
OR displayName ~ '*".$term."*'
OR parentOrgId ~ '*".$term."*')";
}
$organizationController = \laabs::newController('organization/organization');
if ($securityLevel == $user::SECLEVEL_GENADMIN || is_null($securityLevel)) {
$originators = $organizationController->index();
$originators = $organizationController->index(null, $filter);
} else {
foreach ($userOrgs as $userPosition) {
if (!in_array($userPosition->ownerOrgId, $userOwnerOrgs)) {
......@@ -1515,13 +1524,20 @@ class organization
}
if ($owner) {
$originators = $organizationController->index();
$originators = $organizationController->index(null, $filter);
} else {
$query = "isOrgUnit=true";
if (!empty($userOwnerOrgs)) {
$query .= " AND ownerOrgId=['" . \laabs\implode("','", $userOwnerOrgs) . "']";
}
if ($term) {
$query .= " AND $filter";
}
$originators = $organizationController->index(
null,
"isOrgUnit=true AND ownerOrgId=['" . \laabs\implode("','", $userOwnerOrgs) . "']"
$query
);
$originators = array_merge($originators, $this->readDescendantServices($user->ownerOrgId));
}
}
......
......@@ -310,7 +310,7 @@ interface organizationInterface
*
* @action organization/organization/todisplay
*/
public function readTodisplay($ownerOrg = false, $orgUnit = false);
public function readTodisplay($ownerOrg = false, $orgUnit = false, $term = "");
/**
* Get originator
......
......@@ -125,16 +125,9 @@ class serviceAccount
*/
public function edit($serviceAccount)
{
$tabOrganizations = \laabs::callService('organization/organization/readIndex');
$ownerOrganizations = [];
$organizations = [];
foreach ($tabOrganizations as $org) {
if ($org->isOrgUnit) {
$organizations[] = $org;
} else {
$ownerOrganizations []= $org;
}
if (isset($serviceAccount->orgId)) {
$serviceAccount->orgName = \laabs::callService('organization/organization/read_orgId_', (string) $serviceAccount->orgId)->displayName;
$serviceAccount->ownerOrgName = \laabs::callService('organization/organization/read_orgId_', (string) $serviceAccount->ownerOrgId)->displayName;
}
if ($serviceAccount->servicePrivilege) {
......@@ -153,18 +146,6 @@ class serviceAccount
}
}
foreach ($organizations as $org) {
if (isset($serviceAccount->orgId) && $org->orgId == $serviceAccount->orgId) {
$serviceAccount->orgName = $org->displayName;
$ownerOrgid = $org->ownerOrgId;
}
}
foreach ($ownerOrganizations as $org) {
if (isset($ownerOrgid) && $ownerOrgid == $org->orgId) {
$serviceAccount->ownerOrgName = $org->displayName;
}
}
$accountId = \laabs::getToken("AUTH")->accountId;
$account = \laabs::callService("auth/userAccount/read_userAccountId_", $accountId);
......@@ -175,8 +156,6 @@ class serviceAccount
}
$this->view->addContentFile("auth/serviceAccount/edit.html");
$this->view->setSource("organizations", $organizations);
$this->view->merge($this->view->getElementById("serviceOrgId"));
$this->view->setSource("serviceAccount", $serviceAccount);
$this->view->setSource('whatAmI', $whatAmI);
......
......@@ -61,21 +61,6 @@ class scheduling
$tasks = \laabs::callService('batchProcessing/scheduling/readTasks');
$serviceAccounts = \laabs::callService('auth/serviceAccount/readSearch');
foreach ($serviceAccounts as $key => $serviceAccount) {
$serviceURI = [];
$privileges = \laabs::callService('auth/serviceAccount/readPrivilege_serviceAccountId_', $serviceAccount->accountId);
if (!$serviceAccount->enabled) {
unset($serviceAccounts[$key]);
continue;
}
foreach ($privileges as $privilege) {
$serviceURI[] = $privilege->serviceURI;
}
$serviceAccount->privileges = json_encode($serviceURI);
}
foreach ($scheduledTasks as $scheduledTask) {
$scheduledTask->taskName = $tasks[$scheduledTask->taskId]->description;
$frequency = explode(';', $scheduledTask->frequency);
......@@ -133,7 +118,6 @@ class scheduling
}
$this->view->translate();
$this->view->setSource("serviceAccount", $serviceAccounts);
$this->view->setSource("tasks", $tasks);
$this->view->setSource("scheduledTasks", $scheduledTasks);
$this->view->setSource("timezone", date_default_timezone_get());
......
......@@ -25,12 +25,7 @@
<span class="hide" id="organization_translated_text">Organization</span>
<span class="hide" id="service_translated_text">Service</span>
<div>
<input type="text" class="form-control" name="orgName" placeholder="Service" id="orgTypeahead"/>
<select class="form-control hide" name="orgId" id="serviceOrgId">
<option></option>
<?merge organizations ?>
<option value="[?merge .orgId ?]" name="orgId"><?merge .displayName ?></option>
</select>
<input type="text" class="form-control" data-orgid="[?merge serviceAccount.orgId ?]" name="orgName" placeholder="Service" id="orgTypeahead"/>
</div>
<?merge whatAmI.ifne('userWithoutSecurityLevel') ?>
<div id="selectOrgGroup" class="input-group col-md-12">
......@@ -252,7 +247,7 @@
serviceAccount.ownerOrgId = $("#originatorOwnerOrgName").attr("data-ownerorgid");
serviceAccount.emailAddress = '';
serviceAccount.enabled = false;
var orgId = $("#serviceOrgId").val();
var orgId = $("#orgTypeahead").attr("data-orgid");
if (serviceAccount['isAdmin'] == true) {
serviceAccount.ownerOrgId = $("#orgSelect").val();
......@@ -380,9 +375,16 @@
var organizations = new Bloodhound({
datumTokenizer: Bloodhound.tokenizers.obj.whitespace('displayName'),
queryTokenizer: Bloodhound.tokenizers.whitespace,
prefetch: {url: '/organizations/todisplay?orgUnit=true', ttl: '0'},
limit: 100
});
remote: {
wildcard: '%QUERY',
url: '/organizations/todisplay?orgUnit=true&ownerOrg=false&term=%QUERY',
rateLimitWait: 500,
ajax : {
async: false
}
},
limit: 100
});
window.localStorage.clear();
organizations.initialize();
......@@ -414,25 +416,12 @@
return display;
}
},
source: function(query, cb) {
organizations.search(query, function(suggestions) {
var i = suggestions.length
while (i--) {
if (!suggestions[i].ownerOrgName) {
suggestions.splice(i, 1)
} else {
if ($('#orgs').find('[data-orgid="' + suggestions[i].orgId + '"]').length)
suggestions.splice(i, 1);
}
}
cb(suggestions);
});
},
source: organizations,
skipCache: true
}
).on('typeahead:selected', function($event, suggestion, source) {
$("#orgTypeahead").prop('org', suggestion);
$("#serviceOrgId").val(suggestion.orgId);
$("#orgTypeahead").attr("data-orgid", suggestion.orgId);
$("#originatorOwnerOrgName").val(suggestion.ownerOrgName);
$("#originatorOwnerOrgName").attr("data-ownerorgid", suggestion.ownerOrgId);
});
......@@ -441,10 +430,10 @@
var whatAmI = $('#whatAmI').text();
if (!$(this).val() && whatAmI != 'userWithoutSecurityLevel') {
$("#originatorOwnerOrgName").val('');
$("#serviceOrgId").val('');
$("#orgTypeahead").attr("data-orgid", "");
} else if (!$(this).val() && whatAmI == 'userWithoutSecurityLevel') {
$("#originatorOwnerOrgName").val('');
$("#serviceOrgId").val('');
$("#orgTypeahead").attr("data-orgid", "");
$("#orgGroup").addClass('hide');
} else if (whatAmI == 'userWithoutSecurityLevel') {
$("#orgGroup").removeClass('hide');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment