RubyGems - rom-ldap - Versions diffs - 0.2.2 - Mend

rom-ldap 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (104) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +251 -0
data/CONTRIBUTING.md +18 -0
data/README.md +172 -0
data/TODO.md +33 -0
data/config/responses.yml +328 -0
data/lib/dry/monitor/ldap/colorizers/default.rb +17 -0
data/lib/dry/monitor/ldap/colorizers/rouge.rb +31 -0
data/lib/dry/monitor/ldap/logger.rb +58 -0
data/lib/rom-ldap.rb +1 -0
data/lib/rom/ldap.rb +22 -0
data/lib/rom/ldap/alias.rb +30 -0
data/lib/rom/ldap/associations.rb +6 -0
data/lib/rom/ldap/associations/core.rb +23 -0
data/lib/rom/ldap/associations/many_to_many.rb +18 -0
data/lib/rom/ldap/associations/many_to_one.rb +22 -0
data/lib/rom/ldap/associations/one_to_many.rb +32 -0
data/lib/rom/ldap/associations/one_to_one.rb +19 -0
data/lib/rom/ldap/associations/self_ref.rb +35 -0
data/lib/rom/ldap/attribute.rb +327 -0
data/lib/rom/ldap/client.rb +185 -0
data/lib/rom/ldap/client/authentication.rb +118 -0
data/lib/rom/ldap/client/operations.rb +233 -0
data/lib/rom/ldap/commands.rb +6 -0
data/lib/rom/ldap/commands/create.rb +41 -0
data/lib/rom/ldap/commands/delete.rb +17 -0
data/lib/rom/ldap/commands/update.rb +35 -0
data/lib/rom/ldap/constants.rb +193 -0
data/lib/rom/ldap/dataset.rb +286 -0
data/lib/rom/ldap/dataset/conversion.rb +62 -0
data/lib/rom/ldap/dataset/dsl.rb +299 -0
data/lib/rom/ldap/dataset/persistence.rb +44 -0
data/lib/rom/ldap/directory.rb +126 -0
data/lib/rom/ldap/directory/capabilities.rb +71 -0
data/lib/rom/ldap/directory/entry.rb +200 -0
data/lib/rom/ldap/directory/env.rb +155 -0
data/lib/rom/ldap/directory/operations.rb +282 -0
data/lib/rom/ldap/directory/password.rb +122 -0
data/lib/rom/ldap/directory/root.rb +187 -0
data/lib/rom/ldap/directory/tokenization.rb +66 -0
data/lib/rom/ldap/directory/transactions.rb +31 -0
data/lib/rom/ldap/directory/vendors/active_directory.rb +129 -0
data/lib/rom/ldap/directory/vendors/apache_ds.rb +27 -0
data/lib/rom/ldap/directory/vendors/e_directory.rb +16 -0
data/lib/rom/ldap/directory/vendors/open_directory.rb +12 -0
data/lib/rom/ldap/directory/vendors/open_dj.rb +25 -0
data/lib/rom/ldap/directory/vendors/open_ldap.rb +35 -0
data/lib/rom/ldap/directory/vendors/three_eight_nine.rb +16 -0
data/lib/rom/ldap/directory/vendors/unknown.rb +22 -0
data/lib/rom/ldap/dsl.rb +76 -0
data/lib/rom/ldap/errors.rb +47 -0
data/lib/rom/ldap/expression.rb +77 -0
data/lib/rom/ldap/expression_encoder.rb +174 -0
data/lib/rom/ldap/extensions.rb +50 -0
data/lib/rom/ldap/extensions/active_support_notifications.rb +26 -0
data/lib/rom/ldap/extensions/compatibility.rb +11 -0
data/lib/rom/ldap/extensions/dsml.rb +165 -0
data/lib/rom/ldap/extensions/msgpack.rb +23 -0
data/lib/rom/ldap/extensions/optimised_json.rb +25 -0
data/lib/rom/ldap/extensions/rails_log_subscriber.rb +38 -0
data/lib/rom/ldap/formatter.rb +26 -0
data/lib/rom/ldap/functions.rb +207 -0
data/lib/rom/ldap/gateway.rb +145 -0
data/lib/rom/ldap/ldif.rb +74 -0
data/lib/rom/ldap/ldif/exporter.rb +77 -0
data/lib/rom/ldap/ldif/importer.rb +95 -0
data/lib/rom/ldap/mapper_compiler.rb +19 -0
data/lib/rom/ldap/matchers.rb +69 -0
data/lib/rom/ldap/message_queue.rb +7 -0
data/lib/rom/ldap/oid.rb +101 -0
data/lib/rom/ldap/parsers/abstract_syntax.rb +91 -0
data/lib/rom/ldap/parsers/attribute.rb +290 -0
data/lib/rom/ldap/parsers/filter_syntax.rb +133 -0
data/lib/rom/ldap/pdu.rb +285 -0
data/lib/rom/ldap/plugin/pagination.rb +145 -0
data/lib/rom/ldap/plugins.rb +7 -0
data/lib/rom/ldap/projection_dsl.rb +38 -0
data/lib/rom/ldap/relation.rb +135 -0
data/lib/rom/ldap/relation/exporting.rb +72 -0
data/lib/rom/ldap/relation/reading.rb +461 -0
data/lib/rom/ldap/relation/writing.rb +64 -0
data/lib/rom/ldap/responses.rb +17 -0
data/lib/rom/ldap/restriction_dsl.rb +45 -0
data/lib/rom/ldap/schema.rb +123 -0
data/lib/rom/ldap/schema/attributes_inferrer.rb +59 -0
data/lib/rom/ldap/schema/dsl.rb +13 -0
data/lib/rom/ldap/schema/inferrer.rb +50 -0
data/lib/rom/ldap/schema/type_builder.rb +133 -0
data/lib/rom/ldap/scope.rb +19 -0
data/lib/rom/ldap/search_request.rb +249 -0
data/lib/rom/ldap/socket.rb +210 -0
data/lib/rom/ldap/tasks/ldap.rake +103 -0
data/lib/rom/ldap/tasks/ldif.rake +80 -0
data/lib/rom/ldap/transaction.rb +29 -0
data/lib/rom/ldap/type_map.rb +88 -0
data/lib/rom/ldap/types.rb +158 -0
data/lib/rom/ldap/version.rb +17 -0
data/lib/rom/plugins/relation/ldap/active_directory.rb +182 -0
data/lib/rom/plugins/relation/ldap/auto_restrictions.rb +69 -0
data/lib/rom/plugins/relation/ldap/e_directory.rb +27 -0
data/lib/rom/plugins/relation/ldap/instrumentation.rb +35 -0
data/lib/rouge/lexers/ldap.rb +72 -0
data/lib/rouge/themes/ldap.rb +49 -0
metadata +231 -0

data/lib/rom/ldap/tasks/ldap.rake ADDED Viewed

@@ -0,0 +1,103 @@
+#
+# Leverage LDAP env variables or RC files.
+#
+# @note
+#   Any LDAPURI must be compatible with ldapmodify.
+#
+# @example
+#   load 'rom/ldap/tasks/ldap.rake'
+#
+require 'pathname'
+require 'pry'
+module ROM
+  module LDAP
+    #
+    # `$ ldapmodify -a -H ldap://127.0.0.1:3389 -D 'cn=Directory Manager'
+    #     -w 'topsecret' -c -v -f spec/fixtures/ldif/examples/users.ldif`
+    #
+    module RakeSupport
+      module_function
+      def message
+        puts "Using #{root}, alternatively set LDAPDIR=/path/to/root"
+        puts
+        puts "=========================================="
+      end
+      # ldapsearch with simple authentication.
+      #
+      def search(attrs:, filter:)
+        puts 'ldapsearch is not installed!' if ldapsearch.empty?
+        system(ldapsearch, '-x', *auth, filter, *attrs.split('.'))
+      end
+      # ldapmodify with simple authentication and continuous operation.
+      #
+      def modify(dir: root)
+        puts 'ldapmodify is not installed!' if ldapmodify.empty?
+        Dir.glob("#{dir}/*.ldif") do |file|
+          system(ldapmodify, '-x', *auth, '-a', '-c', '-v', '-f', file)
+        end
+      end
+      private_instance_methods
+      def root
+        Pathname(ENV['LDAPDIR'] || Dir.pwd)
+      end
+      def auth
+        abort('LDAPBINDDN and LDAPBINDPW are not set') unless ENV['LDAPBINDDN'] && ENV['LDAPBINDPW']
+        ['-D', ENV['LDAPBINDDN'], '-w', ENV['LDAPBINDPW']]
+      end
+      def ldapsearch
+        `which ldapsearch`.strip
+      end
+      def ldapmodify
+        `which ldapmodify`.strip
+      end
+    end
+  end
+end
+namespace :ldap do
+  task :env do
+    ROM::LDAP::RakeSupport.message
+  end
+  # Iterate through *.ldif files in a folder.
+  #
+  # @example
+  #
+  #   $ LDAPURI=ldap://127.0.0.1:3389 \
+  #     LDAPBINDDN='cn=Directory Manager' \
+  #     LDAPBINDPW=topsecret \
+  #     LDAPDIR=./spec/fixtures/ldif \
+  #     rake ldap:modify
+  #
+  desc 'Use ldapmodify'
+  task :modify, [:dir] => :env do |_t, args|
+    ROM::LDAP::RakeSupport.modify(args)
+  end
+  # 'LDAPBASE=dc=foo ldap:search[cn=*foo,gn.sn]'
+  #
+  # @example
+  #   $ rake ldap:search
+  #   $ rake ldap:search[cn=*41,uid.mail.sn]
+  #   $ rake ldap:search[gn=adele]
+  #   $ rake ldap:search[userid=adele*]
+  #
+  desc 'Use ldapsearch'
+  task :search, [:filter, :attrs] => :env do |_t, args|
+    args.with_defaults(attrs: "+ \\*", filter: '(objectClass=*)')
+    ROM::LDAP::RakeSupport.search(args)
+  end
+end

data/lib/rom/ldap/tasks/ldif.rake ADDED Viewed

@@ -0,0 +1,80 @@
+# @example
+#   load 'rom/ldap/tasks/ldif.rake'
+require 'rom/ldap'
+module ROM
+  module LDAP
+    module RakeSupport
+      module_function
+      def directory
+        @directory ||= config.gateways[:default].directory
+      end
+      private_instance_methods
+      def config
+        @config ||= ROM::Configuration.new(:ldap)
+      end
+      def container
+        @container ||= ROM.container(config)
+      end
+    end
+  end
+end
+namespace :ldif do
+  task :env do
+    # ENV['DEBUG'] = 'y'
+  end
+  #
+  # Parse and import LDIF file
+  # rake 'ldif:import[examples/users.ldif]'
+  #
+  desc 'import'
+  task :import, [:file] => :env do |_t, args|
+    abort 'file is required' unless args[:file]
+    timer   = Time.now.utc
+    counter = 0
+    ROM::LDAP::LDIF(File.read(args[:file])) do |entry|
+      counter += 1
+      ROM::LDAP::RakeSupport.directory.add(entry)
+    end
+    duration = Time.now.utc - timer
+    puts "========================================="
+    puts "#{counter} entries in #{duration} seconds"
+  end
+  #
+  # Print LDIF
+  # rake 'ldif:export[(cn=*)]'
+  #
+  desc 'export'
+  task :export, [:filter] => :env do |_t, args|
+    args.with_defaults(filter: '(objectClass=*)')
+    using ROM::LDAP::LDIF
+    directory = ROM::LDAP::RakeSupport.directory
+    dataset   = ROM::LDAP::Dataset.new(directory: directory, name: args[:filter])
+    puts "#"
+    puts "# #{Time.now}"
+    puts "# ========================================="
+    puts ""
+    puts dataset.export.to_ldif
+  end
+end

data/lib/rom/ldap/transaction.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+module ROM
+  module LDAP
+    # Work in progress
+    #
+    # @see https://tools.ietf.org/html/rfc5805
+    #
+    # @api private
+    class Transaction < ::ROM::Transaction
+      attr_reader :directory
+      private :directory
+      def initialize(directory)
+        @directory = directory
+      end
+      # rubocop:disable Lint/SuppressedException
+      def run(opts = EMPTY_OPTS)
+        directory.transaction(opts) { yield(self) }
+      rescue ::ROM::Transaction::Rollback
+        # noop
+      end
+      # rubocop:enable Lint/SuppressedException
+    end
+  end
+end

data/lib/rom/ldap/type_map.rb ADDED Viewed

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+# rubocop:disable Layout/HashAlignment
+module ROM
+  module LDAP
+    # LDAPv3 Syntaxes
+    #
+    # @see https://ldapwiki.com/wiki/LDAPSyntaxes
+    #
+    OID_TYPE_MAP = {
+      '1.3.6.1.1.16.1'                =>  'String',     # UUID
+      '1.3.6.1.4.1.1466.115.121.1.1'  =>  'String',     # ACI Item
+      '1.3.6.1.4.1.1466.115.121.1.2'  =>  'String',     # Access Point
+      '1.3.6.1.4.1.1466.115.121.1.3'  =>  'String',     # Attribute Type Description
+      '1.3.6.1.4.1.1466.115.121.1.4'  =>  'Binary',     # Audio
+      '1.3.6.1.4.1.1466.115.121.1.5'  =>  'Binary',     # Binary
+      '1.3.6.1.4.1.1466.115.121.1.6'  =>  'String',     # Bit String
+      '1.3.6.1.4.1.1466.115.121.1.7'  =>  'Bool',       # Boolean
+      '1.3.6.1.4.1.1466.115.121.1.8'  =>  'String',     # Certificate
+      '1.3.6.1.4.1.1466.115.121.1.9'  =>  'String',     # Certificate List
+      '1.3.6.1.4.1.1466.115.121.1.10' =>  'String',     # Certificate Pair
+      '1.3.6.1.4.1.1466.115.121.1.11' =>  'String',     # Country String - IA5 ISO-646 (ASCII). Limited to exactly two characters describing the ISO 3166 country code.
+      '1.3.6.1.4.1.1466.115.121.1.12' =>  'String',     # DN
+      '1.3.6.1.4.1.1466.115.121.1.13' =>  'String',     # Data Quality Syntax
+      '1.3.6.1.4.1.1466.115.121.1.14' =>  'String',     # Delivery Method
+      '1.3.6.1.4.1.1466.115.121.1.15' =>  'String',     # Directory String
+      '1.3.6.1.4.1.1466.115.121.1.19' =>  'String',     # DSA Quality Syntax
+      '1.3.6.1.4.1.1466.115.121.1.20' =>  'String',     # DSE Type
+      '1.3.6.1.4.1.1466.115.121.1.21' =>  'String',     # Enhanced Guide
+      '1.3.6.1.4.1.1466.115.121.1.22' =>  'String',     # Facsimile Telephone Number
+      '1.3.6.1.4.1.1466.115.121.1.23' =>  'String',     # Fax
+      '1.3.6.1.4.1.1466.115.121.1.24' =>  'Time',       # Generalized Time
+      '1.3.6.1.4.1.1466.115.121.1.25' =>  'String',     # Guide
+      '1.3.6.1.4.1.1466.115.121.1.26' =>  'String',     # IA5String - IA5 ISO-646 (ASCII).
+      '1.3.6.1.4.1.1466.115.121.1.27' =>  'Integer',    # INTEGER - IntegerMatch / integerOrderingMatch
+      '1.3.6.1.4.1.1466.115.121.1.28' =>  'Binary',     # JPEG - RFC2798: Joint Photographic Experts Group (JPEG) image syntax from inetOrgPerson object class schema.
+      '1.3.6.1.4.1.1466.115.121.1.32' =>  'String',     # Mail Preference
+      '1.3.6.1.4.1.1466.115.121.1.34' =>  'String',     # Name And Optional UID
+      '1.3.6.1.4.1.1466.115.121.1.35' =>  'String',     # Name Form Description
+      '1.3.6.1.4.1.1466.115.121.1.36' =>  'Integer',    # Numeric String - IA5 ISO-646 (ASCII).
+      '1.3.6.1.4.1.1466.115.121.1.37' =>  'String',     # Object Class Description
+      '1.3.6.1.4.1.1466.115.121.1.38' =>  'String',     # OID
+      '1.3.6.1.4.1.1466.115.121.1.39' =>  'String',     # Other Mailbox
+      '1.3.6.1.4.1.1466.115.121.1.40' =>  'String',     # Octet String - Treated as transparent 8-bit bytes. (passwords)
+      '1.3.6.1.4.1.1466.115.121.1.41' =>  'String',     # Postal Address - UTF-8 ISO-10646 (Unicode). Split by dollar sign "$".
+      '1.3.6.1.4.1.1466.115.121.1.42' =>  'String',     # Protocol Information
+      '1.3.6.1.4.1.1466.115.121.1.43' =>  'String',     # Presentation Address
+      '1.3.6.1.4.1.1466.115.121.1.44' =>  'String',     # Printable String
+      '1.3.6.1.4.1.1466.115.121.1.50' =>  'String',     # Telephone Number
+      '1.3.6.1.4.1.1466.115.121.1.51' =>  'String',     # Teletex Terminal Identifier
+      '1.3.6.1.4.1.1466.115.121.1.52' =>  'String',     # Telex Number
+      '1.3.6.1.4.1.1466.115.121.1.53' =>  'Time',       # UTC Time
+      '1.3.6.1.4.1.1466.115.121.1.54' =>  'String',     # LDAP Syntax Description
+      '1.3.6.1.4.1.1466.115.121.1.56' =>  'String',     # LDAP Schema Definition
+      '1.3.6.1.4.1.1466.115.121.1.57' =>  'String',     # LDAP Schema Description
+      # Microsoft Active Directory
+      #
+      # @see https://ldapwiki.com/wiki/Microsoft%20Active%20Directory%20Syntax
+      # @see https://docs.microsoft.com/en-gb/windows/desktop/ADSchema/attributes-all
+      # @see https://docs.microsoft.com/en-us/windows/desktop/ADSI/data-type-mapping-between-active-directory-and-ldap
+      #
+      '1.2.840.113556.1.2.19'         =>  'Time',       # uSNCreated
+      '1.2.840.113556.1.2.120'        =>  'Time',       # uSNChanged
+      '1.2.840.113556.1.4.49'         =>  'Time',       # badPasswordTime
+      '1.2.840.113556.1.4.52'         =>  'Time',       # lastLogon
+      '1.2.840.113556.1.4.53'         =>  'Time',       # lastSetTime
+      '1.2.840.113556.1.4.60'         =>  'Time',       # lockoutDuration
+      '1.2.840.113556.1.4.74'         =>  'Time',       # maxPwdAge
+      '1.2.840.113556.1.4.76'         =>  'Integer',    # maxStorage
+      '1.2.840.113556.1.4.78'         =>  'Time',       # minPwdAge
+      '1.2.840.113556.1.4.96'         =>  'Time',       # pwdLastSet
+      '1.2.840.113556.1.4.159'        =>  'Time',       # accountExpires
+      '1.2.840.113556.1.4.371'        =>  'Integer',    # rIDAllocationPool
+      '1.2.840.113556.1.4.662'        =>  'Time',       # lockoutTime
+      '1.2.840.113556.1.4.903'        =>  'String',     # DNWithOctetString
+      '1.2.840.113556.1.4.904'        =>  'String',     # DNWithString
+      '1.2.840.113556.1.4.905'        =>  'String',     # Telex
+      '1.2.840.113556.1.4.906'        =>  'Integer',    # INTEGER8
+      '1.2.840.113556.1.4.907'        =>  'String',     # ObjectSecurityDescriptor
+      '1.2.840.113556.1.4.1221'       =>  'String',     # CaseIgnoreString' / ORName
+      '1.2.840.113556.1.4.1362'       =>  'String',     # CaseExactString
+      '1.2.840.113556.1.4.1696'       =>  'Time'        # lastLogonTimeStamp
+    }.freeze
+  end
+end
+# rubocop:enable Layout/HashAlignment

data/lib/rom/ldap/types.rb ADDED Viewed

@@ -0,0 +1,158 @@
+# frozen_string_literal: true
+require 'rom/types'
+require 'rom/ldap/functions'
+module ROM
+  module LDAP
+    module Types
+      include ROM::Types
+      # Protocol ldap(s) only
+      #
+      # @return [Dry::Types::Constrained]
+      #
+      # @api public
+      URI = Strict::String.constrained(format: LDAPURI_REGEX)
+      # Something in parentheses
+      #
+      # @return [Dry::Types::Constrained]
+      #
+      # @api public
+      Filter = Strict::String.constrained(format: FILTER_REGEX)
+      #
+      # @return [Dry::Types::Constrained]
+      #
+      # @api public
+      DN = Strict::String.constrained(format: DN_REGEX)
+      # @return [Dry::Types::Constrained]
+      #
+      # @api public
+      Direction = Strict::Symbol.constrained(included_in: %i[asc desc])
+      # @return [Dry::Types::Constrained]
+      #
+      # @api public
+      Scope = Strict::Integer.constrained(included_in: SCOPES)
+      # @return [Dry::Types::Constrained]
+      #
+      # @api public
+      Deref = Strict::Integer.constrained(included_in: DEREF_ALL)
+      # Abstraction of LDAP constructors and operators
+      #
+      # @return [Dry::Types::Constrained]
+      #
+      # @api public
+      Abstract = Strict::Symbol.constrained(included_in: ABSTRACTS)
+      # Compatible filter fields (formatters may symbolise)
+      #
+      # @return [Dry::Types::Sum::Constrained]
+      #
+      # @api public
+      Field = Strict::String | Strict::Symbol
+      # Compatible filter values (including wildcard abstraction)
+      #
+      # @return [Dry::Types::Sum::Constrained]
+      #
+      # @api public
+      Value = Strict::String | Strict::Integer | Strict::Float | Strict::Symbol.constrained(included_in: %i[wildcard])
+      # @example => "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD...."
+      #
+      # @return [String]
+      #
+      # @api public
+      Media = Constructor(String,  ->(v) { Functions[:mime_type].call(v[0]) })
+      #     1.3.6.1.4.1.1466.115.121.1.41
+      #
+      #     A special format which uses UTF-8 encoding of ISO-10646 (Unicode)
+      #     separated by '$' used for generating printable labels or other output.
+      #     DOES allow extended characters e.g. é, Ø, å etc.
+      #     Allows matchingRules of `caseIgnoreListMatch` and `caseIgnoreListSubstringsMatch`.
+      #
+      # @return [Array<String>]
+      #
+      # @api public
+      Address = Constructor(Array, ->(v) { v.split('$').map(&:strip) })
+      #
+      # Single Values --------
+      #
+      # @see Schema::Attribute read types
+      # @return [String]
+      #
+      # @api public
+      String = Constructor(String, ->(v) { Functions[:stringify].call(v[0]) })
+      # @return [Integer]
+      #
+      # @api public
+      Integer = Constructor(Integer, ->(v) { Functions[:map_to_integers][v][0] })
+      # @return [Symbol]
+      #
+      # @api public
+      Symbol = Constructor(Symbol, ->(v) { Functions[:map_to_symbols][v][0] })
+      # @return [Time]
+      #
+      # @api public
+      Time = Constructor(Time, ->(v) { Functions[:map_to_times][v][0] })
+      # @overload [ROM::Types::Bool]
+      #
+      # @return [Boolean]
+      #
+      # @api public
+      Bool = Constructor(Bool, ->(v) { Functions[:map_to_booleans][v][0] })
+      # @return [String]
+      #
+      # @api public
+      Binary = Constructor(String, ->(v) { Functions[:map_to_base64][v][0] }).meta(binary: true)
+      #
+      # Multiple Values --------
+      #
+      # @return [Array<String>]
+      #
+      # @api public
+      Strings = Constructor(Array, Functions[:stringify])
+      # @return [Array<Integer>]
+      #
+      # @api public
+      Integers = Constructor(Array, Functions[:map_to_integers])
+      # @return [Array<Symbol>]
+      #
+      # @api public
+      Symbols = Constructor(Array, Functions[:map_to_symbols])
+      # @return [Array<Time>]
+      #
+      # @api public
+      Times = Constructor(Array, Functions[:map_to_times])
+      # @return [Array<TrueClass, FalseClass>]
+      #
+      # @api public
+      Bools = Constructor(Array, Functions[:map_to_booleans])
+      # @return [Array<String>]
+      #
+      # @api public
+      Binaries = Constructor(Array, Functions[:map_to_base64]).meta(binary: true)
+    end
+  end
+end