@tomei/sso 0.33.6 → 0.33.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (182) hide show
  1. package/.commitlintrc.json +22 -22
  2. package/.eslintrc +16 -16
  3. package/.eslintrc.js +35 -35
  4. package/.gitlab-ci.yml +16 -16
  5. package/.husky/commit-msg +15 -15
  6. package/.husky/pre-commit +7 -7
  7. package/.prettierrc +4 -4
  8. package/Jenkinsfile +57 -57
  9. package/README.md +23 -23
  10. package/__tests__/unit/components/group/group.spec.ts +79 -79
  11. package/__tests__/unit/components/group-object-privilege/group-object-privilege.spec.ts +88 -88
  12. package/__tests__/unit/components/group-privilege/group-privilege.spec.ts +68 -68
  13. package/__tests__/unit/components/group-reporting-user/group-reporting-user.spec.ts +66 -66
  14. package/__tests__/unit/components/group-system-access/group-system-access.spec.ts +83 -83
  15. package/__tests__/unit/components/login-user/l.spec.ts +746 -746
  16. package/__tests__/unit/components/login-user/login.spec.ts +1064 -1064
  17. package/__tests__/unit/components/password-hash/password-hash.service.spec.ts +31 -31
  18. package/__tests__/unit/components/system/system.spec.ts +254 -254
  19. package/__tests__/unit/components/system-privilege/system-privilege.spec.ts +83 -83
  20. package/__tests__/unit/components/user-group/user-group.spec.ts +86 -86
  21. package/__tests__/unit/components/user-object-privilege/user-object-privilege.spec.ts +78 -78
  22. package/__tests__/unit/components/user-privilege/user-privilege.spec.ts +72 -72
  23. package/__tests__/unit/components/user-system-access/user-system-access.spec.ts +89 -89
  24. package/__tests__/unit/redis-client/redis.service.spec.ts +23 -23
  25. package/__tests__/unit/session/session.service.spec.ts +47 -47
  26. package/__tests__/unit/system-privilege/system-privilage.spec.ts +91 -91
  27. package/coverage/clover.xml +1452 -1452
  28. package/coverage/coverage-final.json +47 -47
  29. package/coverage/lcov-report/base.css +224 -224
  30. package/coverage/lcov-report/block-navigation.js +87 -87
  31. package/coverage/lcov-report/components/group/group.repository.ts.html +117 -117
  32. package/coverage/lcov-report/components/group/group.ts.html +327 -327
  33. package/coverage/lcov-report/components/group/index.html +130 -130
  34. package/coverage/lcov-report/components/group-object-privilege/group-object-privilege.repository.ts.html +117 -117
  35. package/coverage/lcov-report/components/group-object-privilege/group-object-privilege.ts.html +321 -321
  36. package/coverage/lcov-report/components/group-object-privilege/index.html +130 -130
  37. package/coverage/lcov-report/components/group-privilege/group-privilege.repository.ts.html +117 -117
  38. package/coverage/lcov-report/components/group-privilege/group-privilege.ts.html +303 -303
  39. package/coverage/lcov-report/components/group-privilege/index.html +130 -130
  40. package/coverage/lcov-report/components/group-reporting-user/group-reporting-user.repository.ts.html +117 -117
  41. package/coverage/lcov-report/components/group-reporting-user/group-reporting-user.ts.html +327 -327
  42. package/coverage/lcov-report/components/group-reporting-user/index.html +130 -130
  43. package/coverage/lcov-report/components/group-system-access/group-system-access.repository.ts.html +117 -117
  44. package/coverage/lcov-report/components/group-system-access/group-system-access.ts.html +309 -309
  45. package/coverage/lcov-report/components/group-system-access/index.html +130 -130
  46. package/coverage/lcov-report/components/login-history/index.html +115 -115
  47. package/coverage/lcov-report/components/login-history/login-history.repository.ts.html +117 -117
  48. package/coverage/lcov-report/components/login-user/index.html +130 -130
  49. package/coverage/lcov-report/components/login-user/login-user.ts.html +5007 -5007
  50. package/coverage/lcov-report/components/login-user/user.repository.ts.html +117 -117
  51. package/coverage/lcov-report/components/password-hash/index.html +115 -115
  52. package/coverage/lcov-report/components/password-hash/password-hash.service.ts.html +126 -126
  53. package/coverage/lcov-report/components/system/index.html +130 -130
  54. package/coverage/lcov-report/components/system/system.repository.ts.html +117 -117
  55. package/coverage/lcov-report/components/system/system.ts.html +909 -909
  56. package/coverage/lcov-report/components/system-privilege/index.html +130 -130
  57. package/coverage/lcov-report/components/system-privilege/system-privilege.repository.ts.html +120 -120
  58. package/coverage/lcov-report/components/system-privilege/system-privilege.ts.html +390 -390
  59. package/coverage/lcov-report/components/user-group/index.html +130 -130
  60. package/coverage/lcov-report/components/user-group/user-group.repository.ts.html +117 -117
  61. package/coverage/lcov-report/components/user-group/user-group.ts.html +354 -354
  62. package/coverage/lcov-report/components/user-object-privilege/index.html +130 -130
  63. package/coverage/lcov-report/components/user-object-privilege/user-object-privilege.repository.ts.html +117 -117
  64. package/coverage/lcov-report/components/user-object-privilege/user-object-privilege.ts.html +312 -312
  65. package/coverage/lcov-report/components/user-privilege/index.html +130 -130
  66. package/coverage/lcov-report/components/user-privilege/user-privilege.repository.ts.html +117 -117
  67. package/coverage/lcov-report/components/user-privilege/user-privilege.ts.html +306 -306
  68. package/coverage/lcov-report/components/user-system-access/index.html +130 -130
  69. package/coverage/lcov-report/components/user-system-access/user-system-access.repository.ts.html +117 -117
  70. package/coverage/lcov-report/components/user-system-access/user-system-access.ts.html +312 -312
  71. package/coverage/lcov-report/enum/group-type.enum.ts.html +108 -108
  72. package/coverage/lcov-report/enum/index.html +160 -160
  73. package/coverage/lcov-report/enum/index.ts.html +93 -93
  74. package/coverage/lcov-report/enum/user-status.enum.ts.html +105 -105
  75. package/coverage/lcov-report/enum/yn.enum.ts.html +96 -96
  76. package/coverage/lcov-report/index.html +370 -370
  77. package/coverage/lcov-report/models/group-object-privilege.entity.ts.html +333 -333
  78. package/coverage/lcov-report/models/group-privilege.entity.ts.html +315 -315
  79. package/coverage/lcov-report/models/group-reporting-user.entity.ts.html +339 -339
  80. package/coverage/lcov-report/models/group-system-access.entity.ts.html +324 -324
  81. package/coverage/lcov-report/models/group.entity.ts.html +435 -435
  82. package/coverage/lcov-report/models/index.html +310 -310
  83. package/coverage/lcov-report/models/login-history.entity.ts.html +252 -252
  84. package/coverage/lcov-report/models/staff.entity.ts.html +411 -411
  85. package/coverage/lcov-report/models/system-privilege.entity.ts.html +354 -354
  86. package/coverage/lcov-report/models/system.entity.ts.html +423 -423
  87. package/coverage/lcov-report/models/user-group.entity.ts.html +354 -354
  88. package/coverage/lcov-report/models/user-object-privilege.entity.ts.html +330 -330
  89. package/coverage/lcov-report/models/user-privilege.entity.ts.html +315 -315
  90. package/coverage/lcov-report/models/user-system-access.entity.ts.html +315 -315
  91. package/coverage/lcov-report/models/user.entity.ts.html +522 -522
  92. package/coverage/lcov-report/prettify.css +1 -1
  93. package/coverage/lcov-report/prettify.js +2 -2
  94. package/coverage/lcov-report/redis-client/index.html +115 -115
  95. package/coverage/lcov-report/redis-client/redis.service.ts.html +240 -240
  96. package/coverage/lcov-report/session/index.html +115 -115
  97. package/coverage/lcov-report/session/session.service.ts.html +246 -246
  98. package/coverage/lcov-report/sorter.js +196 -196
  99. package/coverage/lcov.info +2490 -2490
  100. package/coverage/test-report.xml +128 -128
  101. package/create-sso-user.sql +39 -39
  102. package/dist/__tests__/unit/components/group-privilege/group-privilege.test.d.ts +1 -0
  103. package/dist/__tests__/unit/components/group-privilege/group-privilege.test.js +71 -0
  104. package/dist/__tests__/unit/components/group-privilege/group-privilege.test.js.map +1 -0
  105. package/dist/__tests__/unit/components/login-user/login-user.spec.d.ts +0 -0
  106. package/dist/__tests__/unit/components/login-user/login-user.spec.js +6 -0
  107. package/dist/__tests__/unit/components/login-user/login-user.spec.js.map +1 -0
  108. package/dist/src/components/group/group.d.ts +27 -0
  109. package/dist/src/components/group/group.js +432 -4
  110. package/dist/src/components/group/group.js.map +1 -1
  111. package/dist/src/components/group-object-privilege/group-object-privilege.d.ts +3 -0
  112. package/dist/src/components/group-object-privilege/group-object-privilege.js +106 -0
  113. package/dist/src/components/group-object-privilege/group-object-privilege.js.map +1 -1
  114. package/dist/src/components/group-object-privilege/group-object-privilege.repository.d.ts +1 -0
  115. package/dist/src/components/group-object-privilege/group-object-privilege.repository.js +22 -0
  116. package/dist/src/components/group-object-privilege/group-object-privilege.repository.js.map +1 -1
  117. package/dist/src/components/group-privilege/group-privilege.d.ts +2 -0
  118. package/dist/src/components/group-privilege/group-privilege.js +10 -0
  119. package/dist/src/components/group-privilege/group-privilege.js.map +1 -1
  120. package/dist/src/components/group-privilege/group-privilege.repository.d.ts +1 -0
  121. package/dist/src/components/group-privilege/group-privilege.repository.js +22 -0
  122. package/dist/src/components/group-privilege/group-privilege.repository.js.map +1 -1
  123. package/dist/src/components/login-user/login-user.d.ts +1 -1
  124. package/dist/src/components/system-privilege/system-privilege.d.ts +7 -0
  125. package/dist/src/components/system-privilege/system-privilege.js +54 -1
  126. package/dist/src/components/system-privilege/system-privilege.js.map +1 -1
  127. package/dist/src/components/user-object-privilege/user-object-privilege.js.map +1 -1
  128. package/dist/src/interfaces/group-object-privilege.interface.d.ts +1 -1
  129. package/dist/src/interfaces/group-privilege.interface.d.ts +1 -1
  130. package/dist/src/interfaces/system-privilege-search.interface.d.ts +5 -0
  131. package/dist/src/interfaces/system-privilege-search.interface.js +3 -0
  132. package/dist/src/interfaces/system-privilege-search.interface.js.map +1 -0
  133. package/dist/src/models/group-object-privilege.entity.js +1 -0
  134. package/dist/src/models/group-object-privilege.entity.js.map +1 -1
  135. package/dist/src/models/group-privilege.entity.js +1 -0
  136. package/dist/src/models/group-privilege.entity.js.map +1 -1
  137. package/dist/src/models/group-reporting-user.entity.js +1 -0
  138. package/dist/src/models/group-reporting-user.entity.js.map +1 -1
  139. package/dist/src/models/user-object-privilege.entity.js +1 -0
  140. package/dist/src/models/user-object-privilege.entity.js.map +1 -1
  141. package/dist/src/models/user-privilege.entity.js +1 -0
  142. package/dist/src/models/user-privilege.entity.js.map +1 -1
  143. package/dist/src/models/user-system-access.entity.js +1 -0
  144. package/dist/src/models/user-system-access.entity.js.map +1 -1
  145. package/dist/tsconfig.tsbuildinfo +1 -1
  146. package/jest.config.js +14 -14
  147. package/migrations/20240314080602-create-user-table.js +108 -108
  148. package/migrations/20240314080603-create-user-group-table.js +85 -85
  149. package/migrations/20240314080604-create-user-user-group-table.js +55 -55
  150. package/migrations/20240314080605-create-login-history-table.js +53 -53
  151. package/migrations/20240527064925-create-system-table.js +78 -78
  152. package/migrations/20240527064926-create-system-privilege-table.js +67 -67
  153. package/migrations/20240527065342-create-group-table.js +89 -89
  154. package/migrations/20240527065633-create-group-reporting-user-table.js +76 -76
  155. package/migrations/20240528011551-create-group-system-access-table.js +72 -72
  156. package/migrations/20240528023018-user-system-access-table.js +75 -75
  157. package/migrations/20240528032229-user-privilege-table.js +75 -75
  158. package/migrations/20240528063003-create-group-privilege-table.js +75 -75
  159. package/migrations/20240528063051-create-group-object-privilege-table.js +84 -84
  160. package/migrations/20240528063107-create-user-object-privilege-table.js +83 -83
  161. package/package.json +89 -89
  162. package/sampledotenv +7 -7
  163. package/sonar-project.properties +22 -22
  164. package/src/components/group/group.ts +1456 -747
  165. package/src/components/group-object-privilege/group-object-privilege.repository.ts +15 -2
  166. package/src/components/group-object-privilege/group-object-privilege.ts +183 -0
  167. package/src/components/group-privilege/group-privilege.repository.ts +12 -2
  168. package/src/components/group-privilege/group-privilege.ts +11 -0
  169. package/src/components/system-privilege/system-privilege.ts +86 -2
  170. package/src/components/user-object-privilege/user-object-privilege.ts +1 -0
  171. package/src/interfaces/group-object-privilege.interface.ts +14 -14
  172. package/src/interfaces/group-privilege.interface.ts +1 -1
  173. package/src/interfaces/system-privilege-search.interface.ts +5 -0
  174. package/src/models/group-object-privilege.entity.ts +1 -0
  175. package/src/models/group-privilege.entity.ts +1 -0
  176. package/src/models/group-reporting-user.entity.ts +1 -0
  177. package/src/models/group-system-access.entity.ts +81 -81
  178. package/src/models/user-object-privilege.entity.ts +1 -0
  179. package/src/models/user-privilege.entity.ts +1 -0
  180. package/src/models/user-system-access.entity.ts +1 -0
  181. package/tsconfig.build.json +5 -5
  182. package/tsconfig.json +22 -22
@@ -1,747 +1,1456 @@
1
- import { ClassError, ObjectBase } from '@tomei/general';
2
- import { GroupRepository } from './group.repository';
3
- import { IGroupAttr } from '../../interfaces/group.interface';
4
- import { GroupTypeEnum } from 'enum';
5
- import { LoginUser } from '../login-user/login-user';
6
- import { IGroupSearchAttr } from '../../interfaces/group-search-attr.interface';
7
- import { ApplicationConfig } from '@tomei/config';
8
- import { Op } from 'sequelize';
9
- import { ActionEnum, Activity } from '@tomei/activity-history';
10
- import { GroupSystemAccessRepository } from '../group-system-access/group-system-access.repository';
11
- import SystemModel from '../../models/system.entity';
12
- import { GroupSystemAccess } from '../group-system-access';
13
- import { RedisService } from '../../redis-client/redis.service';
14
-
15
- export class Group extends ObjectBase {
16
- ObjectId: string;
17
- ObjectName: string;
18
- TableName: 'sso_Group';
19
- ObjectType = 'Group';
20
-
21
- Name: string;
22
- Description: string;
23
- Type: GroupTypeEnum;
24
- ParentGroupCode: string;
25
- InheritParentPrivilegeYN: string;
26
- InheritParentSystemAccessYN: string;
27
- Status: string;
28
- ParentGroup?: any;
29
- private _CreatedById: number;
30
- private _CreatedAt: Date;
31
- private _UpdatedById: number;
32
- private _UpdatedAt: Date;
33
- private static _Repo = new GroupRepository();
34
- private static _GroupSystemAccessRepo = new GroupSystemAccessRepository();
35
- private static _RedisService: RedisService;
36
- get GroupCode(): string {
37
- return this.ObjectId;
38
- }
39
-
40
- set GroupCode(value: string) {
41
- this.ObjectId = value;
42
- }
43
-
44
- get CreatedById(): number {
45
- return this._CreatedById;
46
- }
47
-
48
- get CreatedAt(): Date {
49
- return this._CreatedAt;
50
- }
51
-
52
- get UpdatedById(): number {
53
- return this._UpdatedById;
54
- }
55
-
56
- get UpdatedAt(): Date {
57
- return this._UpdatedAt;
58
- }
59
-
60
- private constructor(groupAttr?: IGroupAttr) {
61
- super();
62
- if (groupAttr) {
63
- this.GroupCode = groupAttr.GroupCode;
64
- this.Name = groupAttr.Name;
65
- this.Description = groupAttr?.Description;
66
- this.Type = groupAttr?.Type;
67
- this.ParentGroupCode = groupAttr?.ParentGroupCode;
68
- this.InheritParentPrivilegeYN = groupAttr?.InheritParentPrivilegeYN;
69
- this.InheritParentSystemAccessYN = groupAttr?.InheritParentSystemAccessYN;
70
- this.Status = groupAttr?.Status;
71
- this._CreatedById = groupAttr.CreatedById;
72
- this._CreatedAt = groupAttr.CreatedAt;
73
- this._UpdatedById = groupAttr.UpdatedById;
74
- this._UpdatedAt = groupAttr.UpdatedAt;
75
- }
76
- }
77
-
78
- public static async init(dbTransaction: any, GroupCode?: string) {
79
- try {
80
- Group._RedisService = await RedisService.init();
81
- if (GroupCode) {
82
- const group = await Group._Repo.findByPk(GroupCode, {
83
- transaction: dbTransaction,
84
- });
85
- if (group) {
86
- return new Group(group);
87
- } else {
88
- throw Error('Group not found');
89
- }
90
- }
91
- return new Group();
92
- } catch (error) {
93
- throw new ClassError(
94
- 'Group',
95
- 'GroupErrMsg01',
96
- 'Failed To Initialize Group',
97
- );
98
- }
99
- }
100
-
101
- public static async findAll(
102
- page: number,
103
- row: number,
104
- dbTransaction: any,
105
- loginUser: LoginUser,
106
- search?: IGroupSearchAttr,
107
- ) {
108
- //This method will list all group based on the query params.
109
- //Part 1: Privilege Checking
110
- const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
111
- const isPrivileged = await loginUser.checkPrivileges(
112
- systemCode,
113
- 'GROUP_LIST',
114
- );
115
-
116
- if (!isPrivileged) {
117
- throw new ClassError(
118
- 'Group',
119
- 'GroupErrMsg04',
120
- 'User is not privileged to list group',
121
- );
122
- }
123
-
124
- //Part 2: Retrieve listing
125
- const queryObj: any = {};
126
-
127
- let options: any = {
128
- transaction: dbTransaction,
129
- };
130
-
131
- if (page && row) {
132
- options = {
133
- ...options,
134
- limit: row,
135
- offset: row * (page - 1),
136
- order: [['CreatedAt', 'DESC']],
137
- };
138
- }
139
-
140
- if (search) {
141
- Object.entries(search).forEach(([key, value]) => {
142
- queryObj[key] = {
143
- [Op.substring]: value,
144
- };
145
- });
146
-
147
- options = {
148
- ...options,
149
- where: queryObj,
150
- };
151
-
152
- const result = await Group._Repo.findAllWithPagination(options);
153
-
154
- //Map the result to Group instance
155
- return {
156
- Count: result.count,
157
- Groups: result.rows.map(
158
- (group) => new Group(group.get({ plain: true })),
159
- ),
160
- };
161
- }
162
- }
163
-
164
- public static async create(
165
- loginUser: LoginUser,
166
- dbTransaction: any,
167
- group: Group,
168
- ) {
169
- try {
170
- //Part 1: Privilege Checking
171
- const systemCode =
172
- ApplicationConfig.getComponentConfigValue('system-code');
173
- const isPrivileged = await loginUser.checkPrivileges(
174
- systemCode,
175
- 'GROUP_CREATE',
176
- );
177
- if (!isPrivileged) {
178
- throw new Error('You do not have permission to create group');
179
- }
180
-
181
- //Part 2: Validation
182
- if (!group.GroupCode) {
183
- throw new ClassError(
184
- 'Group',
185
- 'GroupErrMsg02',
186
- 'Group Code is required',
187
- );
188
- }
189
-
190
- if (!group.Name) {
191
- throw new ClassError(
192
- 'Group',
193
- 'GroupErrMsg02',
194
- 'Group Name is required',
195
- );
196
- }
197
-
198
- if (!group.Type) {
199
- throw new ClassError(
200
- 'Group',
201
- 'GroupErrMsg02',
202
- 'Group Type is required',
203
- );
204
- }
205
-
206
- //Check if group code is unique
207
- const existingGroupCode = await Group._Repo.findByPk(group.GroupCode, {
208
- transaction: dbTransaction,
209
- });
210
-
211
- if (existingGroupCode) {
212
- throw new ClassError(
213
- 'Group',
214
- 'GroupErrMsg03',
215
- 'Duplicate GroupCode found.',
216
- );
217
- }
218
-
219
- //Validate parent group code if passed. Call Group._Repo.findByPk
220
- if (group.ParentGroupCode) {
221
- const parentGroup = await Group._Repo.findByPk(group.ParentGroupCode, {
222
- transaction: dbTransaction,
223
- });
224
-
225
- if (!parentGroup) {
226
- throw new ClassError(
227
- 'Group',
228
- 'GroupErrMsg04',
229
- 'ParentGroupCode is not found.',
230
- );
231
- }
232
-
233
- //If Params.group.GroupCode = Params.group?.ParentGroupCode, throw new ClassError
234
- if (group.GroupCode === group.ParentGroupCode) {
235
- throw new ClassError(
236
- 'Group',
237
- 'GroupErrMsg05',
238
- 'GroupCode and ParentGroupCode cannot be the same.',
239
- );
240
- }
241
- }
242
-
243
- //Part 3: Create Group
244
- //Initialise new Group instance and populate
245
- const newGroup = new Group(group);
246
- newGroup.ObjectId = group.GroupCode;
247
- newGroup.Name = group.Name;
248
- newGroup.Type = group.Type;
249
- newGroup.Description = group.Description;
250
- newGroup.ParentGroupCode = group.ParentGroupCode;
251
- newGroup.InheritParentPrivilegeYN = group.InheritParentPrivilegeYN;
252
- newGroup.InheritParentSystemAccessYN = group.InheritParentSystemAccessYN;
253
- newGroup.Status = 'Active';
254
- newGroup._CreatedById = loginUser.UserId;
255
- newGroup._UpdatedById = loginUser.UserId;
256
-
257
- //Call Group._Repo create method
258
- const entityGroupAfter = {
259
- GroupCode: newGroup.ObjectId,
260
- Name: newGroup.Name,
261
- Type: newGroup.Type,
262
- Description: newGroup.Description,
263
- ParentGroupCode: newGroup.ParentGroupCode,
264
- InheritParentPrivilegeYN: newGroup.InheritParentPrivilegeYN,
265
- InheritParentSystemAccessYN: newGroup.InheritParentSystemAccessYN,
266
- Status: newGroup.Status,
267
- CreatedById: newGroup._CreatedById,
268
- UpdatedById: newGroup._UpdatedById,
269
- CreatedAt: newGroup._CreatedAt,
270
- UpdatedAt: newGroup._UpdatedAt,
271
- };
272
-
273
- await Group._Repo.create(entityGroupAfter, {
274
- transaction: dbTransaction,
275
- });
276
-
277
- //Part 4: Record Create Group Activity and return newGroup
278
-
279
- const entityValueBefore = {};
280
-
281
- //Instantiate new activity
282
- const activity = new Activity();
283
- activity.ActivityId = activity.createId();
284
- activity.Action = ActionEnum.ADD;
285
- activity.Description = 'Create Group';
286
- activity.EntityType = 'Group';
287
- activity.EntityId = newGroup.ObjectId;
288
- activity.EntityValueBefore = JSON.stringify(entityValueBefore);
289
- activity.EntityValueAfter = JSON.stringify(entityGroupAfter);
290
-
291
- //Call Activity.create method
292
- await activity.create(loginUser.ObjectId, dbTransaction);
293
-
294
- return newGroup;
295
- } catch (error) {
296
- throw error;
297
- }
298
- }
299
-
300
- protected static async checkDuplicateGroupCode(
301
- dbTransaction: any,
302
- GroupCode,
303
- ) {
304
- const isGroupCodeExist = await Group._Repo.findOne({
305
- where: { GroupCode },
306
- transaction: dbTransaction,
307
- });
308
-
309
- if (isGroupCodeExist) {
310
- throw new ClassError(
311
- 'Group',
312
- 'GroupErrMsg07',
313
- 'GroupCode already exists.',
314
- );
315
- }
316
- }
317
-
318
- public async update(
319
- loginUser: LoginUser,
320
- dbTransaction: any,
321
- group: {
322
- GroupCode: string;
323
- NewGroupCode?: string;
324
- Name?: string;
325
- Description?: string;
326
- Type?: GroupTypeEnum;
327
- ParentGroupCode?: string;
328
- InheritParentPrivilegeYN?: string;
329
- InheritParentSystemAccessYN?: string;
330
- Status?: string;
331
- },
332
- ) {
333
- //Part 1: Privilege Checking
334
- const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
335
- const isPrivileged = await loginUser.checkPrivileges(
336
- systemCode,
337
- 'GROUP_UPDATE',
338
- );
339
-
340
- if (!isPrivileged) {
341
- throw new ClassError(
342
- 'Group',
343
- 'GroupErrMsg06',
344
- 'You do not have the privilege to update Group',
345
- );
346
- }
347
- try {
348
- const currentGroup = await Group.init(dbTransaction, group.GroupCode);
349
- if (group.NewGroupCode) {
350
- await Group.checkDuplicateGroupCode(dbTransaction, group.NewGroupCode);
351
- }
352
-
353
- if (
354
- group.ParentGroupCode &&
355
- currentGroup.ParentGroupCode !== group.ParentGroupCode
356
- ) {
357
- const parentGroup = await Group.init(
358
- dbTransaction,
359
- group.ParentGroupCode,
360
- );
361
- if (!parentGroup) {
362
- throw new ClassError(
363
- 'Group',
364
- 'GroupErrMsg08',
365
- 'Parent Group Code not found',
366
- );
367
- }
368
- }
369
-
370
- const entityValueBefore = {
371
- GroupCode: currentGroup.GroupCode,
372
- Name: currentGroup.Name,
373
- Type: currentGroup.Type,
374
- Description: currentGroup.Description,
375
- ParentGroupCode: currentGroup.ParentGroupCode,
376
- InheritParentPrivilegeYN: currentGroup.InheritParentPrivilegeYN,
377
- InheritParentSystemAccessYN: currentGroup.InheritParentSystemAccessYN,
378
- Status: currentGroup.Status,
379
- CreatedById: currentGroup._CreatedById,
380
- UpdatedById: currentGroup._UpdatedById,
381
- CreatedAt: currentGroup._CreatedAt,
382
- UpdatedAt: currentGroup._UpdatedAt,
383
- };
384
-
385
- currentGroup.GroupCode = group?.NewGroupCode || currentGroup.GroupCode;
386
- currentGroup.Name = group?.Name || currentGroup.Name;
387
- currentGroup.Type = group?.Type || currentGroup.Type;
388
- currentGroup.Description = group?.Description || currentGroup.Description;
389
- currentGroup.ParentGroupCode =
390
- group?.ParentGroupCode || currentGroup.ParentGroupCode;
391
- currentGroup.InheritParentPrivilegeYN =
392
- group?.InheritParentPrivilegeYN ||
393
- currentGroup.InheritParentPrivilegeYN;
394
- currentGroup.InheritParentSystemAccessYN =
395
- group?.InheritParentSystemAccessYN ||
396
- currentGroup.InheritParentSystemAccessYN;
397
- currentGroup.Status = group?.Status || currentGroup.Status;
398
- currentGroup._UpdatedById = loginUser.UserId;
399
- currentGroup._UpdatedAt = new Date();
400
-
401
- await Group._Repo.update(
402
- {
403
- GroupCode: currentGroup.GroupCode,
404
- Name: currentGroup.Name,
405
- Type: currentGroup.Type,
406
- Description: currentGroup.Description,
407
- ParentGroupCode: currentGroup.ParentGroupCode,
408
- InheritParentPrivilegeYN: currentGroup.InheritParentPrivilegeYN,
409
- InheritParentSystemAccessYN: currentGroup.InheritParentSystemAccessYN,
410
- Status: currentGroup.Status,
411
- UpdatedById: currentGroup._UpdatedById,
412
- UpdatedAt: currentGroup._UpdatedAt,
413
- },
414
- {
415
- where: {
416
- GroupCode: group.GroupCode,
417
- },
418
- transaction: dbTransaction,
419
- },
420
- );
421
-
422
- const entityValueAfter = {
423
- GroupCode: currentGroup.GroupCode,
424
- Name: currentGroup.Name,
425
- Type: currentGroup.Type,
426
- Description: currentGroup.Description,
427
- ParentGroupCode: currentGroup.ParentGroupCode,
428
- InheritParentPrivilegeYN: currentGroup.InheritParentPrivilegeYN,
429
- InheritParentSystemAccessYN: currentGroup.InheritParentSystemAccessYN,
430
- Status: currentGroup.Status,
431
- CreatedById: currentGroup._CreatedById,
432
- UpdatedById: currentGroup._UpdatedById,
433
- CreatedAt: currentGroup._CreatedAt,
434
- UpdatedAt: currentGroup._UpdatedAt,
435
- };
436
-
437
- const activity = new Activity();
438
- activity.ActivityId = activity.createId();
439
- activity.Action = ActionEnum.UPDATE;
440
- activity.Description = `Update Group ${group.Type}`;
441
- activity.EntityType = 'Group';
442
- activity.EntityId = group.GroupCode;
443
- activity.EntityValueBefore = JSON.stringify(entityValueBefore);
444
- activity.EntityValueAfter = JSON.stringify(entityValueAfter);
445
- await activity.create(loginUser.ObjectId, dbTransaction);
446
-
447
- return currentGroup;
448
- } catch (error) {
449
- throw error;
450
- }
451
- }
452
-
453
- public static async getSystemAccesses(
454
- loginUser: LoginUser,
455
- dbTransaction: any,
456
- GroupCode: string,
457
- Page: number,
458
- Rows: number,
459
- Search: {
460
- SystemCode?: string;
461
- Status?: string;
462
- },
463
- ) {
464
- // Part 1: Privilege Checking
465
- const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
466
- const isPrivileged = await loginUser.checkPrivileges(
467
- systemCode,
468
- 'SYSTEM_ACCESS_VIEW',
469
- );
470
-
471
- if (!isPrivileged) {
472
- throw new ClassError(
473
- 'Group',
474
- 'GroupErrMsg06',
475
- 'You do not have the privilege to view system access',
476
- );
477
- }
478
-
479
- try {
480
- // Part 2: Validation
481
- await Group.init(dbTransaction, GroupCode);
482
-
483
- // Part 3: Retrieve System Access and returns
484
- const queryObj: any = { GroupCode: GroupCode };
485
-
486
- if (Search) {
487
- Object.entries(Search).forEach(([key, value]) => {
488
- queryObj[key] = value;
489
- });
490
- }
491
-
492
- let options: any = {
493
- where: queryObj,
494
- distinct: true,
495
- transaction: dbTransaction,
496
- };
497
-
498
- if (Page && Rows) {
499
- options = {
500
- ...options,
501
- limit: Rows,
502
- offset: Rows * (Page - 1),
503
- order: [['CreatedAt', 'DESC']],
504
- };
505
- }
506
-
507
- const systemAccess = await Group._GroupSystemAccessRepo.findAndCountAll(
508
- options,
509
- );
510
- return systemAccess;
511
- } catch (error) {
512
- return error;
513
- }
514
- }
515
-
516
- private static async getInheritedSystemAccess(
517
- dbTransaction: any,
518
- group: Group,
519
- ): Promise<any[]> {
520
- const options: any = {
521
- where: {
522
- GroupCode: group.GroupCode,
523
- Status: 'Active',
524
- },
525
- include: [
526
- {
527
- model: SystemModel,
528
- },
529
- ],
530
- transaction: dbTransaction,
531
- };
532
- let systemAccess = await Group._GroupSystemAccessRepo.findAll(options);
533
-
534
- if (group.InheritParentSystemAccessYN === 'Y') {
535
- const parentGroup = await Group.init(
536
- dbTransaction,
537
- group.ParentGroupCode,
538
- );
539
- const parentSystemAccesses = await this.getInheritedSystemAccess(
540
- dbTransaction,
541
- parentGroup,
542
- );
543
- systemAccess = systemAccess.concat(parentSystemAccesses);
544
- }
545
- return systemAccess;
546
- }
547
-
548
- public static async getParentSystemAccesses(
549
- loginUser: LoginUser,
550
- dbTransaction: any,
551
- GroupCode: string,
552
- ) {
553
- // Part 1: Privilege Checking
554
- const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
555
- const isPrivileged = await loginUser.checkPrivileges(
556
- systemCode,
557
- 'SYSTEM_ACCESS_VIEW',
558
- );
559
-
560
- if (!isPrivileged) {
561
- throw new ClassError(
562
- 'Group',
563
- 'GroupErrMsg06',
564
- 'You do not have the privilege to view system access',
565
- );
566
- }
567
-
568
- try {
569
- const group = await Group.init(dbTransaction, GroupCode);
570
- if (group.InheritParentSystemAccessYN !== 'Y' && !group.ParentGroupCode) {
571
- return [];
572
- } else {
573
- const parentGroup = await Group.init(
574
- dbTransaction,
575
- group.ParentGroupCode,
576
- );
577
- const inheritSystemAccess = await Group.getInheritedSystemAccess(
578
- dbTransaction,
579
- parentGroup,
580
- );
581
- return inheritSystemAccess;
582
- }
583
- } catch (error) {
584
- throw error;
585
- }
586
- }
587
-
588
- public static async addSystemAccesses(
589
- loginUser: LoginUser,
590
- dbTransaction: any,
591
- GroupCode: string,
592
- SystemCodes: string[],
593
- ) {
594
- // Part 1: Privilege Checking
595
- const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
596
- const isPrivileged = await loginUser.checkPrivileges(
597
- systemCode,
598
- 'SYSTEM_ACCESS_CREATE',
599
- );
600
-
601
- if (!isPrivileged) {
602
- throw new ClassError(
603
- 'Group',
604
- 'GroupErrMsg07',
605
- 'You do not have the privilege to create system access',
606
- );
607
- }
608
-
609
- try {
610
- if (SystemCodes.length > 0) {
611
- for (let i = 0; i < SystemCodes.length; i++) {
612
- const CurrentGroupSystemAccess = await Group.getSystemAccesses(
613
- loginUser,
614
- dbTransaction,
615
- GroupCode,
616
- 1,
617
- Number.MAX_SAFE_INTEGER,
618
- { SystemCode: SystemCodes[i] },
619
- );
620
-
621
- if (CurrentGroupSystemAccess?.count > 0) {
622
- throw new ClassError(
623
- 'Group',
624
- 'GroupErrMsg08',
625
- 'System access already exists',
626
- );
627
- }
628
-
629
- const groupSystemAccess = await GroupSystemAccess.init(dbTransaction);
630
- groupSystemAccess.createId();
631
- groupSystemAccess.GroupCode = GroupCode;
632
- groupSystemAccess.SystemCode = SystemCodes[i];
633
- groupSystemAccess.Status = 'Active';
634
- groupSystemAccess.CreatedById = +loginUser.ObjectId;
635
- groupSystemAccess.CreatedAt = new Date();
636
- groupSystemAccess.UpdatedById = +loginUser.ObjectId;
637
- groupSystemAccess.UpdatedAt = new Date();
638
-
639
- const EntityValueAfter = {
640
- GroupCode: groupSystemAccess.GroupCode,
641
- SystemCode: groupSystemAccess.SystemCode,
642
- Status: groupSystemAccess.Status,
643
- CreatedById: groupSystemAccess.CreatedById,
644
- CreatedAt: groupSystemAccess.CreatedAt,
645
- UpdatedById: groupSystemAccess.UpdatedById,
646
- UpdatedAt: groupSystemAccess.UpdatedAt,
647
- };
648
-
649
- const systemAccess = await Group._GroupSystemAccessRepo.create(
650
- EntityValueAfter,
651
- {
652
- transaction: dbTransaction,
653
- },
654
- );
655
-
656
- const activity = new Activity();
657
- activity.ActivityId = activity.createId();
658
- activity.Action = ActionEnum.ADD;
659
- activity.Description = 'Create Group System Access';
660
- activity.EntityType = 'GroupSystemAccess';
661
- activity.EntityId = systemAccess.GroupSystemAccessId?.toString();
662
- activity.EntityValueBefore = JSON.stringify({});
663
- activity.EntityValueAfter = JSON.stringify(EntityValueAfter);
664
-
665
- await activity.create(loginUser.ObjectId, dbTransaction);
666
- }
667
-
668
- return { Message: 'Successfully added.' };
669
- }
670
- } catch (error) {
671
- throw error;
672
- }
673
- }
674
-
675
- public static async deleteSystemAccess(
676
- loginUser: LoginUser,
677
- dbTransaction: any,
678
- GroupCode: string,
679
- SystemCode: string,
680
- ) {
681
- // Part 1: Privilege Checking
682
- const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
683
- const isPrivileged = await loginUser.checkPrivileges(
684
- systemCode,
685
- 'SYSTEM_ACCESS_DELETE',
686
- );
687
-
688
- if (!isPrivileged) {
689
- throw new ClassError(
690
- 'Group',
691
- 'GroupErrMsg08',
692
- 'You do not have the privilege to delete system access',
693
- );
694
- }
695
-
696
- try {
697
- const currentGroupSystemAccess = await Group.getSystemAccesses(
698
- loginUser,
699
- dbTransaction,
700
- GroupCode,
701
- 1,
702
- Number.MAX_SAFE_INTEGER,
703
- { SystemCode: SystemCode },
704
- );
705
-
706
- if (currentGroupSystemAccess.count < 1) {
707
- throw new ClassError(
708
- 'Group',
709
- 'GroupErrMsg10',
710
- 'No associated system access found.',
711
- );
712
- }
713
-
714
- await Group._GroupSystemAccessRepo.delete(
715
- GroupCode,
716
- SystemCode,
717
- dbTransaction,
718
- );
719
-
720
- const EntityValueBefore = {
721
- GroupCode: currentGroupSystemAccess?.rows[0]?.GroupCode,
722
- SystemCode: currentGroupSystemAccess?.rows[0]?.SystemCode,
723
- Status: currentGroupSystemAccess?.rows[0]?.Status,
724
- CreatedById: currentGroupSystemAccess?.rows[0]?.CreatedById,
725
- CreatedAt: currentGroupSystemAccess?.rows[0]?.CreatedAt,
726
- UpdatedById: currentGroupSystemAccess?.rows[0]?.UpdatedById,
727
- UpdatedAt: currentGroupSystemAccess?.rows[0]?.UpdatedAt,
728
- };
729
-
730
- const activity = new Activity();
731
- activity.ActivityId = activity.createId();
732
- activity.Action = ActionEnum.DELETE;
733
- activity.Description = 'Delete Group System Access';
734
- activity.EntityType = 'GroupSystemAccess';
735
- activity.EntityId =
736
- currentGroupSystemAccess?.rows[0]?.GroupSystemAccessId?.toString();
737
- activity.EntityValueBefore = JSON.stringify(EntityValueBefore);
738
- activity.EntityValueAfter = JSON.stringify({});
739
-
740
- await activity.create(loginUser.ObjectId, dbTransaction);
741
-
742
- return { Message: 'System access removed.', SystemCode: SystemCode };
743
- } catch (error) {
744
- throw error;
745
- }
746
- }
747
- }
1
+ import { ClassError, ObjectBase } from '@tomei/general';
2
+ import { GroupRepository } from './group.repository';
3
+ import { IGroupAttr } from '../../interfaces/group.interface';
4
+ import { GroupTypeEnum } from 'enum';
5
+ import { LoginUser } from '../login-user/login-user';
6
+ import { IGroupSearchAttr } from '../../interfaces/group-search-attr.interface';
7
+ import { ApplicationConfig } from '@tomei/config';
8
+ import { Op } from 'sequelize';
9
+ import { ActionEnum, Activity } from '@tomei/activity-history';
10
+ import { GroupSystemAccessRepository } from '../group-system-access/group-system-access.repository';
11
+ import SystemModel from '../../models/system.entity';
12
+ import { GroupSystemAccess } from '../group-system-access';
13
+ import { RedisService } from '../../redis-client/redis.service';
14
+ import SystemPrivilegeModel from '../../models/system-privilege.entity';
15
+ import { GroupPrivilegeRepository } from '../group-privilege/group-privilege.repository';
16
+ import { SystemPrivilege } from '../system-privilege/system-privilege';
17
+ import GroupPrivilegeModel from '../../models/group-privilege.entity';
18
+ import { GroupObjectPrivilegeRepository } from '../group-object-privilege/group-object-privilege.repository';
19
+ import { GroupObjectPrivilege } from '../group-object-privilege/group-object-privilege';
20
+ import { GroupPrivilege } from '../group-privilege/group-privilege';
21
+
22
+ export class Group extends ObjectBase {
23
+ ObjectId: string;
24
+ ObjectName: string;
25
+ TableName: 'sso_Group';
26
+ ObjectType = 'Group';
27
+
28
+ Name: string;
29
+ Description: string;
30
+ Type: GroupTypeEnum;
31
+ ParentGroupCode: string;
32
+ InheritParentPrivilegeYN: string;
33
+ InheritParentSystemAccessYN: string;
34
+ Status: string;
35
+ ParentGroup?: any;
36
+ private _CreatedById: number;
37
+ private _CreatedAt: Date;
38
+ private _UpdatedById: number;
39
+ private _UpdatedAt: Date;
40
+ private static _Repo = new GroupRepository();
41
+ private static _GroupSystemAccessRepo = new GroupSystemAccessRepository();
42
+ private static _GroupPrivilegeRepo = new GroupPrivilegeRepository();
43
+ private static _GroupObjectPrivilegeRepo = new GroupObjectPrivilegeRepository();
44
+ private static _RedisService: RedisService;
45
+ get GroupCode(): string {
46
+ return this.ObjectId;
47
+ }
48
+
49
+ set GroupCode(value: string) {
50
+ this.ObjectId = value;
51
+ }
52
+
53
+ get CreatedById(): number {
54
+ return this._CreatedById;
55
+ }
56
+
57
+ get CreatedAt(): Date {
58
+ return this._CreatedAt;
59
+ }
60
+
61
+ get UpdatedById(): number {
62
+ return this._UpdatedById;
63
+ }
64
+
65
+ get UpdatedAt(): Date {
66
+ return this._UpdatedAt;
67
+ }
68
+
69
+ private constructor(groupAttr?: IGroupAttr) {
70
+ super();
71
+ if (groupAttr) {
72
+ this.GroupCode = groupAttr.GroupCode;
73
+ this.Name = groupAttr.Name;
74
+ this.Description = groupAttr?.Description;
75
+ this.Type = groupAttr?.Type;
76
+ this.ParentGroupCode = groupAttr?.ParentGroupCode;
77
+ this.InheritParentPrivilegeYN = groupAttr?.InheritParentPrivilegeYN;
78
+ this.InheritParentSystemAccessYN = groupAttr?.InheritParentSystemAccessYN;
79
+ this.Status = groupAttr?.Status;
80
+ this._CreatedById = groupAttr.CreatedById;
81
+ this._CreatedAt = groupAttr.CreatedAt;
82
+ this._UpdatedById = groupAttr.UpdatedById;
83
+ this._UpdatedAt = groupAttr.UpdatedAt;
84
+ }
85
+ }
86
+
87
+ public static async init(dbTransaction: any, GroupCode?: string) {
88
+ try {
89
+ Group._RedisService = await RedisService.init();
90
+ if (GroupCode) {
91
+ const group = await Group._Repo.findByPk(GroupCode, {
92
+ transaction: dbTransaction,
93
+ });
94
+ if (group) {
95
+ return new Group(group);
96
+ } else {
97
+ throw Error('Group not found');
98
+ }
99
+ }
100
+ return new Group();
101
+ } catch (error) {
102
+ throw new ClassError(
103
+ 'Group',
104
+ 'GroupErrMsg01',
105
+ 'Failed To Initialize Group',
106
+ );
107
+ }
108
+ }
109
+
110
+ public static async findAll(
111
+ page: number,
112
+ row: number,
113
+ dbTransaction: any,
114
+ loginUser: LoginUser,
115
+ search?: IGroupSearchAttr,
116
+ ) {
117
+ //This method will list all group based on the query params.
118
+ //Part 1: Privilege Checking
119
+ const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
120
+ const isPrivileged = await loginUser.checkPrivileges(
121
+ systemCode,
122
+ 'GROUP_LIST',
123
+ );
124
+
125
+ if (!isPrivileged) {
126
+ throw new ClassError(
127
+ 'Group',
128
+ 'GroupErrMsg04',
129
+ 'User is not privileged to list group',
130
+ );
131
+ }
132
+
133
+ //Part 2: Retrieve listing
134
+ const queryObj: any = {};
135
+
136
+ let options: any = {
137
+ transaction: dbTransaction,
138
+ };
139
+
140
+ if (page && row) {
141
+ options = {
142
+ ...options,
143
+ limit: row,
144
+ offset: row * (page - 1),
145
+ order: [['CreatedAt', 'DESC']],
146
+ };
147
+ }
148
+
149
+ if (search) {
150
+ Object.entries(search).forEach(([key, value]) => {
151
+ queryObj[key] = {
152
+ [Op.substring]: value,
153
+ };
154
+ });
155
+
156
+ options = {
157
+ ...options,
158
+ where: queryObj,
159
+ };
160
+
161
+ const result = await Group._Repo.findAllWithPagination(options);
162
+
163
+ //Map the result to Group instance
164
+ return {
165
+ Count: result.count,
166
+ Groups: result.rows.map(
167
+ (group) => new Group(group.get({ plain: true })),
168
+ ),
169
+ };
170
+ }
171
+ }
172
+
173
+ public static async create(
174
+ loginUser: LoginUser,
175
+ dbTransaction: any,
176
+ group: Group,
177
+ ) {
178
+ try {
179
+ //Part 1: Privilege Checking
180
+ const systemCode =
181
+ ApplicationConfig.getComponentConfigValue('system-code');
182
+ const isPrivileged = await loginUser.checkPrivileges(
183
+ systemCode,
184
+ 'GROUP_CREATE',
185
+ );
186
+ if (!isPrivileged) {
187
+ throw new Error('You do not have permission to create group');
188
+ }
189
+
190
+ //Part 2: Validation
191
+ if (!group.GroupCode) {
192
+ throw new ClassError(
193
+ 'Group',
194
+ 'GroupErrMsg02',
195
+ 'Group Code is required',
196
+ );
197
+ }
198
+
199
+ if (!group.Name) {
200
+ throw new ClassError(
201
+ 'Group',
202
+ 'GroupErrMsg02',
203
+ 'Group Name is required',
204
+ );
205
+ }
206
+
207
+ if (!group.Type) {
208
+ throw new ClassError(
209
+ 'Group',
210
+ 'GroupErrMsg02',
211
+ 'Group Type is required',
212
+ );
213
+ }
214
+
215
+ //Check if group code is unique
216
+ const existingGroupCode = await Group._Repo.findByPk(group.GroupCode, {
217
+ transaction: dbTransaction,
218
+ });
219
+
220
+ if (existingGroupCode) {
221
+ throw new ClassError(
222
+ 'Group',
223
+ 'GroupErrMsg03',
224
+ 'Duplicate GroupCode found.',
225
+ );
226
+ }
227
+
228
+ //Validate parent group code if passed. Call Group._Repo.findByPk
229
+ if (group.ParentGroupCode) {
230
+ const parentGroup = await Group._Repo.findByPk(group.ParentGroupCode, {
231
+ transaction: dbTransaction,
232
+ });
233
+
234
+ if (!parentGroup) {
235
+ throw new ClassError(
236
+ 'Group',
237
+ 'GroupErrMsg04',
238
+ 'ParentGroupCode is not found.',
239
+ );
240
+ }
241
+
242
+ //If Params.group.GroupCode = Params.group?.ParentGroupCode, throw new ClassError
243
+ if (group.GroupCode === group.ParentGroupCode) {
244
+ throw new ClassError(
245
+ 'Group',
246
+ 'GroupErrMsg05',
247
+ 'GroupCode and ParentGroupCode cannot be the same.',
248
+ );
249
+ }
250
+ }
251
+
252
+ //Part 3: Create Group
253
+ //Initialise new Group instance and populate
254
+ const newGroup = new Group(group);
255
+ newGroup.ObjectId = group.GroupCode;
256
+ newGroup.Name = group.Name;
257
+ newGroup.Type = group.Type;
258
+ newGroup.Description = group.Description;
259
+ newGroup.ParentGroupCode = group.ParentGroupCode;
260
+ newGroup.InheritParentPrivilegeYN = group.InheritParentPrivilegeYN;
261
+ newGroup.InheritParentSystemAccessYN = group.InheritParentSystemAccessYN;
262
+ newGroup.Status = 'Active';
263
+ newGroup._CreatedById = loginUser.UserId;
264
+ newGroup._UpdatedById = loginUser.UserId;
265
+
266
+ //Call Group._Repo create method
267
+ const entityGroupAfter = {
268
+ GroupCode: newGroup.ObjectId,
269
+ Name: newGroup.Name,
270
+ Type: newGroup.Type,
271
+ Description: newGroup.Description,
272
+ ParentGroupCode: newGroup.ParentGroupCode,
273
+ InheritParentPrivilegeYN: newGroup.InheritParentPrivilegeYN,
274
+ InheritParentSystemAccessYN: newGroup.InheritParentSystemAccessYN,
275
+ Status: newGroup.Status,
276
+ CreatedById: newGroup._CreatedById,
277
+ UpdatedById: newGroup._UpdatedById,
278
+ CreatedAt: newGroup._CreatedAt,
279
+ UpdatedAt: newGroup._UpdatedAt,
280
+ };
281
+
282
+ await Group._Repo.create(entityGroupAfter, {
283
+ transaction: dbTransaction,
284
+ });
285
+
286
+ //Part 4: Record Create Group Activity and return newGroup
287
+
288
+ const entityValueBefore = {};
289
+
290
+ //Instantiate new activity
291
+ const activity = new Activity();
292
+ activity.ActivityId = activity.createId();
293
+ activity.Action = ActionEnum.ADD;
294
+ activity.Description = 'Create Group';
295
+ activity.EntityType = 'Group';
296
+ activity.EntityId = newGroup.ObjectId;
297
+ activity.EntityValueBefore = JSON.stringify(entityValueBefore);
298
+ activity.EntityValueAfter = JSON.stringify(entityGroupAfter);
299
+
300
+ //Call Activity.create method
301
+ await activity.create(loginUser.ObjectId, dbTransaction);
302
+
303
+ return newGroup;
304
+ } catch (error) {
305
+ throw error;
306
+ }
307
+ }
308
+
309
+ protected static async checkDuplicateGroupCode(
310
+ dbTransaction: any,
311
+ GroupCode,
312
+ ) {
313
+ const isGroupCodeExist = await Group._Repo.findOne({
314
+ where: { GroupCode },
315
+ transaction: dbTransaction,
316
+ });
317
+
318
+ if (isGroupCodeExist) {
319
+ throw new ClassError(
320
+ 'Group',
321
+ 'GroupErrMsg07',
322
+ 'GroupCode already exists.',
323
+ );
324
+ }
325
+ }
326
+
327
+ public async update(
328
+ loginUser: LoginUser,
329
+ dbTransaction: any,
330
+ group: {
331
+ GroupCode: string;
332
+ NewGroupCode?: string;
333
+ Name?: string;
334
+ Description?: string;
335
+ Type?: GroupTypeEnum;
336
+ ParentGroupCode?: string;
337
+ InheritParentPrivilegeYN?: string;
338
+ InheritParentSystemAccessYN?: string;
339
+ Status?: string;
340
+ },
341
+ ) {
342
+ //Part 1: Privilege Checking
343
+ const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
344
+ const isPrivileged = await loginUser.checkPrivileges(
345
+ systemCode,
346
+ 'GROUP_UPDATE',
347
+ );
348
+
349
+ if (!isPrivileged) {
350
+ throw new ClassError(
351
+ 'Group',
352
+ 'GroupErrMsg06',
353
+ 'You do not have the privilege to update Group',
354
+ );
355
+ }
356
+ try {
357
+ const currentGroup = await Group.init(dbTransaction, group.GroupCode);
358
+ if (group.NewGroupCode) {
359
+ await Group.checkDuplicateGroupCode(dbTransaction, group.NewGroupCode);
360
+ }
361
+
362
+ if (
363
+ group.ParentGroupCode &&
364
+ currentGroup.ParentGroupCode !== group.ParentGroupCode
365
+ ) {
366
+ const parentGroup = await Group.init(
367
+ dbTransaction,
368
+ group.ParentGroupCode,
369
+ );
370
+ if (!parentGroup) {
371
+ throw new ClassError(
372
+ 'Group',
373
+ 'GroupErrMsg08',
374
+ 'Parent Group Code not found',
375
+ );
376
+ }
377
+ }
378
+
379
+ const entityValueBefore = {
380
+ GroupCode: currentGroup.GroupCode,
381
+ Name: currentGroup.Name,
382
+ Type: currentGroup.Type,
383
+ Description: currentGroup.Description,
384
+ ParentGroupCode: currentGroup.ParentGroupCode,
385
+ InheritParentPrivilegeYN: currentGroup.InheritParentPrivilegeYN,
386
+ InheritParentSystemAccessYN: currentGroup.InheritParentSystemAccessYN,
387
+ Status: currentGroup.Status,
388
+ CreatedById: currentGroup._CreatedById,
389
+ UpdatedById: currentGroup._UpdatedById,
390
+ CreatedAt: currentGroup._CreatedAt,
391
+ UpdatedAt: currentGroup._UpdatedAt,
392
+ };
393
+
394
+ currentGroup.GroupCode = group?.NewGroupCode || currentGroup.GroupCode;
395
+ currentGroup.Name = group?.Name || currentGroup.Name;
396
+ currentGroup.Type = group?.Type || currentGroup.Type;
397
+ currentGroup.Description = group?.Description || currentGroup.Description;
398
+ currentGroup.ParentGroupCode =
399
+ group?.ParentGroupCode || currentGroup.ParentGroupCode;
400
+ currentGroup.InheritParentPrivilegeYN =
401
+ group?.InheritParentPrivilegeYN ||
402
+ currentGroup.InheritParentPrivilegeYN;
403
+ currentGroup.InheritParentSystemAccessYN =
404
+ group?.InheritParentSystemAccessYN ||
405
+ currentGroup.InheritParentSystemAccessYN;
406
+ currentGroup.Status = group?.Status || currentGroup.Status;
407
+ currentGroup._UpdatedById = loginUser.UserId;
408
+ currentGroup._UpdatedAt = new Date();
409
+
410
+ await Group._Repo.update(
411
+ {
412
+ GroupCode: currentGroup.GroupCode,
413
+ Name: currentGroup.Name,
414
+ Type: currentGroup.Type,
415
+ Description: currentGroup.Description,
416
+ ParentGroupCode: currentGroup.ParentGroupCode,
417
+ InheritParentPrivilegeYN: currentGroup.InheritParentPrivilegeYN,
418
+ InheritParentSystemAccessYN: currentGroup.InheritParentSystemAccessYN,
419
+ Status: currentGroup.Status,
420
+ UpdatedById: currentGroup._UpdatedById,
421
+ UpdatedAt: currentGroup._UpdatedAt,
422
+ },
423
+ {
424
+ where: {
425
+ GroupCode: group.GroupCode,
426
+ },
427
+ transaction: dbTransaction,
428
+ },
429
+ );
430
+
431
+ const entityValueAfter = {
432
+ GroupCode: currentGroup.GroupCode,
433
+ Name: currentGroup.Name,
434
+ Type: currentGroup.Type,
435
+ Description: currentGroup.Description,
436
+ ParentGroupCode: currentGroup.ParentGroupCode,
437
+ InheritParentPrivilegeYN: currentGroup.InheritParentPrivilegeYN,
438
+ InheritParentSystemAccessYN: currentGroup.InheritParentSystemAccessYN,
439
+ Status: currentGroup.Status,
440
+ CreatedById: currentGroup._CreatedById,
441
+ UpdatedById: currentGroup._UpdatedById,
442
+ CreatedAt: currentGroup._CreatedAt,
443
+ UpdatedAt: currentGroup._UpdatedAt,
444
+ };
445
+
446
+ const activity = new Activity();
447
+ activity.ActivityId = activity.createId();
448
+ activity.Action = ActionEnum.UPDATE;
449
+ activity.Description = `Update Group ${group.Type}`;
450
+ activity.EntityType = 'Group';
451
+ activity.EntityId = group.GroupCode;
452
+ activity.EntityValueBefore = JSON.stringify(entityValueBefore);
453
+ activity.EntityValueAfter = JSON.stringify(entityValueAfter);
454
+ await activity.create(loginUser.ObjectId, dbTransaction);
455
+
456
+ return currentGroup;
457
+ } catch (error) {
458
+ throw error;
459
+ }
460
+ }
461
+
462
+ public static async getSystemAccesses(
463
+ loginUser: LoginUser,
464
+ dbTransaction: any,
465
+ GroupCode: string,
466
+ Page: number,
467
+ Rows: number,
468
+ Search: {
469
+ SystemCode?: string;
470
+ Status?: string;
471
+ },
472
+ ) {
473
+ // Part 1: Privilege Checking
474
+ const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
475
+ const isPrivileged = await loginUser.checkPrivileges(
476
+ systemCode,
477
+ 'SYSTEM_ACCESS_VIEW',
478
+ );
479
+
480
+ if (!isPrivileged) {
481
+ throw new ClassError(
482
+ 'Group',
483
+ 'GroupErrMsg06',
484
+ 'You do not have the privilege to view system access',
485
+ );
486
+ }
487
+
488
+ try {
489
+ // Part 2: Validation
490
+ await Group.init(dbTransaction, GroupCode);
491
+
492
+ // Part 3: Retrieve System Access and returns
493
+ const queryObj: any = { GroupCode: GroupCode };
494
+
495
+ if (Search) {
496
+ Object.entries(Search).forEach(([key, value]) => {
497
+ queryObj[key] = value;
498
+ });
499
+ }
500
+
501
+ let options: any = {
502
+ where: queryObj,
503
+ distinct: true,
504
+ transaction: dbTransaction,
505
+ };
506
+
507
+ if (Page && Rows) {
508
+ options = {
509
+ ...options,
510
+ limit: Rows,
511
+ offset: Rows * (Page - 1),
512
+ order: [['CreatedAt', 'DESC']],
513
+ };
514
+ }
515
+
516
+ const systemAccess = await Group._GroupSystemAccessRepo.findAndCountAll(
517
+ options,
518
+ );
519
+ return systemAccess;
520
+ } catch (error) {
521
+ return error;
522
+ }
523
+ }
524
+
525
+ private static async getInheritedSystemAccess(
526
+ dbTransaction: any,
527
+ group: Group,
528
+ ): Promise<any[]> {
529
+ const options: any = {
530
+ where: {
531
+ GroupCode: group.GroupCode,
532
+ Status: 'Active',
533
+ },
534
+ include: [
535
+ {
536
+ model: SystemModel,
537
+ },
538
+ ],
539
+ transaction: dbTransaction,
540
+ };
541
+ let systemAccess = await Group._GroupSystemAccessRepo.findAll(options);
542
+
543
+ if (group.InheritParentSystemAccessYN === 'Y' && group.ParentGroupCode) {
544
+ const parentGroup = await Group.init(
545
+ dbTransaction,
546
+ group.ParentGroupCode,
547
+ );
548
+ const parentSystemAccesses = await this.getInheritedSystemAccess(
549
+ dbTransaction,
550
+ parentGroup,
551
+ );
552
+ systemAccess = systemAccess.concat(parentSystemAccesses);
553
+ }
554
+ return systemAccess;
555
+ }
556
+
557
+ public static async getParentSystemAccesses(
558
+ loginUser: LoginUser,
559
+ dbTransaction: any,
560
+ GroupCode: string,
561
+ ) {
562
+ // Part 1: Privilege Checking
563
+ const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
564
+ const isPrivileged = await loginUser.checkPrivileges(
565
+ systemCode,
566
+ 'SYSTEM_ACCESS_VIEW',
567
+ );
568
+
569
+ if (!isPrivileged) {
570
+ throw new ClassError(
571
+ 'Group',
572
+ 'GroupErrMsg06',
573
+ 'You do not have the privilege to view system access',
574
+ );
575
+ }
576
+
577
+ try {
578
+ const group = await Group.init(dbTransaction, GroupCode);
579
+ if (group.InheritParentSystemAccessYN !== 'Y' && !group.ParentGroupCode) {
580
+ return [];
581
+ } else {
582
+ const parentGroup = await Group.init(
583
+ dbTransaction,
584
+ group.ParentGroupCode,
585
+ );
586
+ const inheritSystemAccess = await Group.getInheritedSystemAccess(
587
+ dbTransaction,
588
+ parentGroup,
589
+ );
590
+ return inheritSystemAccess;
591
+ }
592
+ } catch (error) {
593
+ throw error;
594
+ }
595
+ }
596
+
597
+ public static async addSystemAccesses(
598
+ loginUser: LoginUser,
599
+ dbTransaction: any,
600
+ GroupCode: string,
601
+ SystemCodes: string[],
602
+ ) {
603
+ // Part 1: Privilege Checking
604
+ const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
605
+ const isPrivileged = await loginUser.checkPrivileges(
606
+ systemCode,
607
+ 'SYSTEM_ACCESS_CREATE',
608
+ );
609
+
610
+ if (!isPrivileged) {
611
+ throw new ClassError(
612
+ 'Group',
613
+ 'GroupErrMsg07',
614
+ 'You do not have the privilege to create system access',
615
+ );
616
+ }
617
+
618
+ try {
619
+ if (SystemCodes.length > 0) {
620
+ for (const element of SystemCodes) {
621
+ const CurrentGroupSystemAccess = await Group.getSystemAccesses(
622
+ loginUser,
623
+ dbTransaction,
624
+ GroupCode,
625
+ 1,
626
+ Number.MAX_SAFE_INTEGER,
627
+ { SystemCode: element },
628
+ );
629
+
630
+ if (CurrentGroupSystemAccess?.count > 0) {
631
+ throw new ClassError(
632
+ 'Group',
633
+ 'GroupErrMsg08',
634
+ 'System access already exists',
635
+ );
636
+ }
637
+
638
+ const groupSystemAccess = await GroupSystemAccess.init(dbTransaction);
639
+ groupSystemAccess.createId();
640
+ groupSystemAccess.GroupCode = GroupCode;
641
+ groupSystemAccess.SystemCode = element;
642
+ groupSystemAccess.Status = 'Active';
643
+ groupSystemAccess.CreatedById = +loginUser.ObjectId;
644
+ groupSystemAccess.CreatedAt = new Date();
645
+ groupSystemAccess.UpdatedById = +loginUser.ObjectId;
646
+ groupSystemAccess.UpdatedAt = new Date();
647
+
648
+ const EntityValueAfter = {
649
+ GroupCode: groupSystemAccess.GroupCode,
650
+ SystemCode: groupSystemAccess.SystemCode,
651
+ Status: groupSystemAccess.Status,
652
+ CreatedById: groupSystemAccess.CreatedById,
653
+ CreatedAt: groupSystemAccess.CreatedAt,
654
+ UpdatedById: groupSystemAccess.UpdatedById,
655
+ UpdatedAt: groupSystemAccess.UpdatedAt,
656
+ };
657
+
658
+ const systemAccess = await Group._GroupSystemAccessRepo.create(
659
+ EntityValueAfter,
660
+ {
661
+ transaction: dbTransaction,
662
+ },
663
+ );
664
+
665
+ const activity = new Activity();
666
+ activity.ActivityId = activity.createId();
667
+ activity.Action = ActionEnum.ADD;
668
+ activity.Description = 'Create Group System Access';
669
+ activity.EntityType = 'GroupSystemAccess';
670
+ activity.EntityId = systemAccess.GroupSystemAccessId?.toString();
671
+ activity.EntityValueBefore = JSON.stringify({});
672
+ activity.EntityValueAfter = JSON.stringify(EntityValueAfter);
673
+
674
+ await activity.create(loginUser.ObjectId, dbTransaction);
675
+ }
676
+
677
+ return { Message: 'Successfully added.' };
678
+ }
679
+ } catch (error) {
680
+ throw error;
681
+ }
682
+ }
683
+
684
+ public static async deleteSystemAccess(
685
+ loginUser: LoginUser,
686
+ dbTransaction: any,
687
+ GroupCode: string,
688
+ SystemCode: string,
689
+ ) {
690
+ // Part 1: Privilege Checking
691
+ const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
692
+ const isPrivileged = await loginUser.checkPrivileges(
693
+ systemCode,
694
+ 'SYSTEM_ACCESS_DELETE',
695
+ );
696
+
697
+ if (!isPrivileged) {
698
+ throw new ClassError(
699
+ 'Group',
700
+ 'GroupErrMsg08',
701
+ 'You do not have the privilege to delete system access',
702
+ );
703
+ }
704
+
705
+ try {
706
+ const currentGroupSystemAccess = await Group.getSystemAccesses(
707
+ loginUser,
708
+ dbTransaction,
709
+ GroupCode,
710
+ 1,
711
+ Number.MAX_SAFE_INTEGER,
712
+ { SystemCode: SystemCode },
713
+ );
714
+
715
+ if (currentGroupSystemAccess.count < 1) {
716
+ throw new ClassError(
717
+ 'Group',
718
+ 'GroupErrMsg10',
719
+ 'No associated system access found.',
720
+ );
721
+ }
722
+
723
+ await Group._GroupSystemAccessRepo.delete(
724
+ GroupCode,
725
+ SystemCode,
726
+ dbTransaction,
727
+ );
728
+
729
+ const EntityValueBefore = {
730
+ GroupCode: currentGroupSystemAccess?.rows[0]?.GroupCode,
731
+ SystemCode: currentGroupSystemAccess?.rows[0]?.SystemCode,
732
+ Status: currentGroupSystemAccess?.rows[0]?.Status,
733
+ CreatedById: currentGroupSystemAccess?.rows[0]?.CreatedById,
734
+ CreatedAt: currentGroupSystemAccess?.rows[0]?.CreatedAt,
735
+ UpdatedById: currentGroupSystemAccess?.rows[0]?.UpdatedById,
736
+ UpdatedAt: currentGroupSystemAccess?.rows[0]?.UpdatedAt,
737
+ };
738
+
739
+ const activity = new Activity();
740
+ activity.ActivityId = activity.createId();
741
+ activity.Action = ActionEnum.DELETE;
742
+ activity.Description = 'Delete Group System Access';
743
+ activity.EntityType = 'GroupSystemAccess';
744
+ activity.EntityId =
745
+ currentGroupSystemAccess?.rows[0]?.GroupSystemAccessId?.toString();
746
+ activity.EntityValueBefore = JSON.stringify(EntityValueBefore);
747
+ activity.EntityValueAfter = JSON.stringify({});
748
+
749
+ await activity.create(loginUser.ObjectId, dbTransaction);
750
+
751
+ return { Message: 'System access removed.', SystemCode: SystemCode };
752
+ } catch (error) {
753
+ throw error;
754
+ }
755
+ }
756
+
757
+ public static async getSystemPrivileges(
758
+ loginUser: LoginUser,
759
+ dbTransaction: any,
760
+ GroupCode: string,
761
+ search?: {
762
+ SystemCode?: string;
763
+ Status?: string;
764
+ },
765
+ ) {
766
+ try {
767
+ //Part 1: Privilege Checking
768
+ const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
769
+ const isPrivileged = await loginUser.checkPrivileges(
770
+ systemCode,
771
+ 'GROUP_PRIVILEGE_VIEW',
772
+ );
773
+
774
+ if (!isPrivileged) {
775
+ throw new ClassError(
776
+ 'Group',
777
+ 'GroupErrMsg11',
778
+ 'You do not have the privilege to view group privileges',
779
+ );
780
+ }
781
+
782
+ //Set group to instantiation of existing Group
783
+ await Group.init(dbTransaction, GroupCode);
784
+
785
+ //Part 3: Retrieve Group Own Privilege
786
+ //Retrieve group data and it's privileged by calling Group._Repo.findAll
787
+ let where: any = {
788
+ GroupCode,
789
+ };
790
+
791
+ let systemWhere: any = {};
792
+
793
+ if (search) {
794
+ if (search.Status) {
795
+ where = {
796
+ ...where,
797
+ Status: search.Status,
798
+ };
799
+ }
800
+
801
+ if (search.SystemCode) {
802
+ systemWhere = {
803
+ SystemCode: {
804
+ [Op.substring]: search.SystemCode,
805
+ },
806
+ };
807
+ }
808
+ }
809
+
810
+ const groupOwnPrivileges = await Group._GroupPrivilegeRepo.findAll({
811
+ where,
812
+ include: [
813
+ {
814
+ model: SystemPrivilegeModel,
815
+ where: systemWhere,
816
+ },
817
+ ],
818
+ transaction: dbTransaction,
819
+ });
820
+
821
+ //Create variable called privileges and Map the SystemPrivilege data retrieved from 3.1 into SystemPrivilege object and push it to the privileges variables
822
+ let privileges: SystemPrivilege[] = [];
823
+
824
+ for (const groupPrivilege of groupOwnPrivileges) {
825
+ const systemPrivilege = await SystemPrivilege.init(
826
+ dbTransaction,
827
+ );
828
+ systemPrivilege.setAttributes(groupPrivilege.Privilege.get({ plain: true }));
829
+ privileges.push(systemPrivilege);
830
+ }
831
+
832
+ return privileges;
833
+ } catch (error) {
834
+ throw error;
835
+ }
836
+ }
837
+
838
+ public static async getInheritedSystemPrivileges(
839
+ dbTransaction: any,
840
+ GroupCode: string,
841
+ search?: {
842
+ SystemCode?: string;
843
+ Status?: string;
844
+ PrivilegeCode?: string;
845
+ },
846
+ ): Promise<SystemPrivilege[]> {
847
+ try {
848
+ //Retrieve group data and it's privileges by calling Group._Repo.findAll
849
+ let where: any = {
850
+ GroupCode,
851
+ };
852
+
853
+ let groupPrivilegeWhere: any = {};
854
+ let systemPrivilegeWhere: any = {};
855
+
856
+ if (search) {
857
+ if (search.Status) {
858
+ groupPrivilegeWhere = {
859
+ Status: search.Status,
860
+ };
861
+ }
862
+
863
+ if (search.SystemCode) {
864
+ systemPrivilegeWhere = {
865
+ SystemCode: {
866
+ [Op.substring]: search.SystemCode,
867
+ },
868
+ };
869
+ }
870
+ }
871
+ const group = await Group._Repo.findOne({
872
+ where: where,
873
+ include: [
874
+ {
875
+ model: GroupPrivilegeModel,
876
+ where: groupPrivilegeWhere,
877
+ include: [
878
+ {
879
+ model: SystemPrivilegeModel,
880
+ where: systemPrivilegeWhere,
881
+ },
882
+ ],
883
+ },
884
+ ],
885
+ transaction: dbTransaction,
886
+ });
887
+
888
+ //Retrieve group object privileges by calling LoginUser._GroupObjectPrivilegeRepo.findAll
889
+ let objectWhere: any = {
890
+ GroupCode,
891
+ };
892
+ let systemWhere: any = {};
893
+ if (search) {
894
+ Object.entries(search).forEach(([key, value]) => {
895
+ if (key === 'SystemCode') {
896
+ systemWhere[key] = {
897
+ [Op.substring]: value,
898
+ };
899
+ } else {
900
+ objectWhere[key] = {
901
+ [Op.substring]: value,
902
+ };
903
+ }
904
+ });
905
+ }
906
+ const groupObjectPrivileges = await Group._GroupObjectPrivilegeRepo.findAll({
907
+ where: objectWhere,
908
+ include: [
909
+ {
910
+ model: SystemPrivilegeModel,
911
+ where: systemWhere,
912
+ },
913
+ ],
914
+ transaction: dbTransaction,
915
+ });
916
+
917
+ //Map to SystemPrivilege object
918
+ let privileges: SystemPrivilege[] = [];
919
+ for (const groupPrivilege of group.GroupPrivileges) {
920
+ const systemPrivilege = await SystemPrivilege.init(dbTransaction);
921
+ systemPrivilege.setAttributes(groupPrivilege.Privilege.get({ plain: true }));
922
+ privileges.push(systemPrivilege);
923
+ }
924
+
925
+ for (const groupObjectPrivilege of groupObjectPrivileges) {
926
+ const systemPrivilege = await SystemPrivilege.init(dbTransaction);
927
+ systemPrivilege.setAttributes(groupObjectPrivilege.Privilege.get({ plain: true }));
928
+ privileges.push(systemPrivilege);
929
+ }
930
+
931
+ //Part 2: Retrieve Privileges Inherited from Parent Group
932
+ //if group data retrieved from 1.1 have InheritParentPrivilegeYN == "Y" and ParentGroupCode value is not empty. Call this method again
933
+ if (group.InheritParentPrivilegeYN === 'Y' && group.ParentGroupCode) {
934
+ const inheritedPrivileges = await Group.getInheritedSystemPrivileges(
935
+ dbTransaction,
936
+ group.ParentGroupCode,
937
+ search,
938
+ );
939
+ privileges = privileges.concat(inheritedPrivileges);
940
+ }
941
+
942
+ //format to make sure no duplicate
943
+ const uniquePrivileges = Array.from(new Set(privileges.map(a => a.PrivilegeCode)))
944
+ .map(PrivilegeCode => {
945
+ return privileges.find(a => a.PrivilegeCode === PrivilegeCode);
946
+ });
947
+
948
+ return uniquePrivileges;
949
+ } catch (error) {
950
+ throw error;
951
+ }
952
+ }
953
+
954
+ public static async getParentSystemPrivileges(
955
+ loginUser: LoginUser,
956
+ dbTransaction: any,
957
+ GroupCode: string,
958
+ search?: {
959
+ SystemCode?: string;
960
+ Status?: string;
961
+ PrivilegeCode?: string;
962
+ },
963
+ ): Promise<SystemPrivilege[]> {
964
+ try {
965
+ //Part 1: Privilege Checking
966
+ const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
967
+ const isPrivileged = await loginUser.checkPrivileges(
968
+ systemCode,
969
+ 'GROUP_PRIVILEGE_VIEW',
970
+ );
971
+
972
+ if (!isPrivileged) {
973
+ throw new ClassError(
974
+ 'Group',
975
+ 'GroupErrMsg11',
976
+ 'You do not have the privilege to view group privileges',
977
+ );
978
+ }
979
+
980
+ //Part 2: Validation
981
+ //Set group to instantiation of existing Group
982
+ const group = await Group.init(dbTransaction, GroupCode);
983
+ //Check if group.InheritParentPrivilegeYN == "Y" and ParentGroupCode value is not empty. if no then return an empty array
984
+ if (group.InheritParentPrivilegeYN !== 'Y' && !group.ParentGroupCode) {
985
+ return [];
986
+ }
987
+
988
+ //Part 3: Retrieve Group Own Privilege
989
+ //Retrieve group data and it's privileged by calling Group.getIheritedSystemPrivileges
990
+ const privileges = await Group.getInheritedSystemPrivileges(
991
+ dbTransaction,
992
+ group.ParentGroupCode,
993
+ search,
994
+ );
995
+
996
+ return privileges;
997
+ } catch (error) {
998
+ throw error;
999
+ }
1000
+ }
1001
+
1002
+ public static async assignGroupObjectPrivilege(
1003
+ loginUser: LoginUser,
1004
+ dbTransaction: any,
1005
+ GroupCode: string,
1006
+ GroupObjectPrivileges: GroupObjectPrivilege[]
1007
+ ): Promise<string> {
1008
+ try {
1009
+ //Part 1: Privilege Checking
1010
+ const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
1011
+ const isPrivileged = await loginUser.checkPrivileges(
1012
+ systemCode,
1013
+ 'GROUP_OBJECT_PRIVILEGE_ASSIGN',
1014
+ );
1015
+
1016
+ if (!isPrivileged) {
1017
+ throw new ClassError(
1018
+ 'Group',
1019
+ 'GroupErrMsg12',
1020
+ 'You do not have the privilege to assign group object privilege',
1021
+ );
1022
+ }
1023
+
1024
+ //Part 2: Validation
1025
+ //Initialise group with group init
1026
+ const group = await Group.init(dbTransaction, GroupCode);
1027
+ //Retrieve all group system access by calling Group.getSystemAccesses
1028
+ const groupSystemAccesses = await Group.getSystemAccesses(
1029
+ loginUser,
1030
+ dbTransaction,
1031
+ GroupCode,
1032
+ 1,
1033
+ Number.MAX_SAFE_INTEGER,
1034
+ {},
1035
+ );
1036
+
1037
+ //If Group.InheritParentSystemAccess == "Y" and Group.ParentGroupCode exist, initialise parent group
1038
+ let parentGroupSystemAccesses: any = {};
1039
+ if (group.InheritParentSystemAccessYN === 'Y' && group.ParentGroupCode) {
1040
+ //Retrieve all parent group system access by calling Group.getSystemAccesses
1041
+ parentGroupSystemAccesses = await Group.getSystemAccesses(
1042
+ loginUser,
1043
+ dbTransaction,
1044
+ group.ParentGroupCode,
1045
+ 1,
1046
+ Number.MAX_SAFE_INTEGER,
1047
+ {},
1048
+ );
1049
+ }
1050
+
1051
+ // For each Params.GroupObjectPrivileges.
1052
+ for (const groupObjectPrivilege of GroupObjectPrivileges) {
1053
+ //Initialise existing System privilege
1054
+ const systemPrivilege = await SystemPrivilege.init(dbTransaction, groupObjectPrivilege.PrivilegeCode);
1055
+ //Check whether the system codes used by that privilege is exist inside the group system access
1056
+ const combinedSystemAccesses = {
1057
+ ...groupSystemAccesses.rows,
1058
+ ...parentGroupSystemAccesses.rows,
1059
+ };
1060
+ const systemAccess = combinedSystemAccesses.find(
1061
+ (systemAccess) => systemAccess.SystemCode === systemPrivilege.SystemCode,
1062
+ );
1063
+ if (!systemAccess) {
1064
+ throw new ClassError(
1065
+ 'Group',
1066
+ 'GroupErrMsg13',
1067
+ 'Failed to assign privilege ' + groupObjectPrivilege.PrivilegeCode + ' due to non-existent system access.',
1068
+ );
1069
+ }
1070
+
1071
+ //Check whether the group object privilege already exist by using Group._GroupObjectPrivilegesRepo.findOne
1072
+ const groupObjectPrivilegeData = await Group._GroupObjectPrivilegeRepo.findOne({
1073
+ where: {
1074
+ GroupCode,
1075
+ PrivilegeCode: groupObjectPrivilege.PrivilegeCode,
1076
+ ObjectId: groupObjectPrivilege.ObjectId,
1077
+ ObjectType: groupObjectPrivilege.ObjectType,
1078
+ },
1079
+ transaction: dbTransaction,
1080
+ });
1081
+ //If GroupObjectPrivilege record exist. Skip this loop and proceed to the next privilege code
1082
+ if (groupObjectPrivilegeData) {
1083
+ continue;
1084
+ } else {
1085
+ //Call GroupObjectPrivilege.create
1086
+ await GroupObjectPrivilege.create(
1087
+ loginUser,
1088
+ dbTransaction,
1089
+ groupObjectPrivilege,
1090
+ );
1091
+ }
1092
+ }
1093
+
1094
+ return 'Successfully added.';
1095
+ } catch (error) {
1096
+ throw error;
1097
+ }
1098
+ }
1099
+
1100
+ public static async getGroubObjectPrivileges(
1101
+ loginUser: LoginUser,
1102
+ dbTransaction: any,
1103
+ GroupCode: string,
1104
+ search?: {
1105
+ PrivilegeCode?: string;
1106
+ ObjectType?: string;
1107
+ ObjectId?: string;
1108
+ SystemCode?: string;
1109
+ }
1110
+ ): Promise<SystemPrivilege[]> {
1111
+ try {
1112
+ // Part 1: Privilege Checking
1113
+ const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
1114
+ const isPrivileged = await loginUser.checkPrivileges(
1115
+ systemCode,
1116
+ 'GROUP_PRIVILEGE_VIEW',
1117
+ );
1118
+
1119
+ if (!isPrivileged) {
1120
+ throw new ClassError(
1121
+ 'Group',
1122
+ 'GroupErrMsg11',
1123
+ 'You do not have the privilege to view group privileges',
1124
+ );
1125
+ }
1126
+
1127
+ // Part 2: Validation
1128
+ // Set group to instantiation of existing Group
1129
+ await Group.init(dbTransaction, GroupCode);
1130
+
1131
+ // Part 3: Retrieve Group Own Privilege
1132
+ // Retrieve group object privileges by calling LoginUser._GroupObjectPrivilegeRepo.findAll
1133
+ let where: any = {
1134
+ GroupCode,
1135
+ };
1136
+
1137
+ let systemWhere: any = {};
1138
+
1139
+ if (search) {
1140
+ Object.entries(search).forEach(([key, value]) => {
1141
+ if (key === 'SystemCode') {
1142
+ systemWhere[key] = {
1143
+ [Op.substring]: value,
1144
+ };
1145
+ } else {
1146
+ where[key] = {
1147
+ [Op.substring]: value,
1148
+ };
1149
+ }
1150
+ });
1151
+ }
1152
+
1153
+ const groupObjectPrivileges = await Group._GroupObjectPrivilegeRepo.findAll({
1154
+ where,
1155
+ include: [
1156
+ {
1157
+ model: SystemPrivilegeModel,
1158
+ where: systemWhere,
1159
+ },
1160
+ ],
1161
+ transaction: dbTransaction,
1162
+ });
1163
+ // Create variable called privileges and Map the SystemPrivilege data retrieved from 3.1 into SystemPrivilege object and push it to the privileges variables
1164
+ let privileges: SystemPrivilege[] = [];
1165
+ for (const groupObjectPrivilege of groupObjectPrivileges) {
1166
+ const systemPrivilege = await SystemPrivilege.init(
1167
+ dbTransaction,
1168
+ );
1169
+ systemPrivilege.setAttributes(groupObjectPrivilege.Privilege.get({ plain: true }));
1170
+ privileges.push(systemPrivilege);
1171
+ }
1172
+
1173
+ //Remove duplicate
1174
+ const uniquePrivileges = Array.from(new Set(privileges.map(a => a.PrivilegeCode)))
1175
+ .map(PrivilegeCode => {
1176
+ return privileges.find(a => a.PrivilegeCode === PrivilegeCode);
1177
+ });
1178
+
1179
+ // Create the result based on the spec on return then returns it.
1180
+ return uniquePrivileges;
1181
+ } catch (error) {
1182
+ throw error;
1183
+ }
1184
+ }
1185
+
1186
+ public static async assignGroupPrivileges(
1187
+ loginUser: LoginUser,
1188
+ dbTransaction: any,
1189
+ GroupCode: string,
1190
+ PrivilegeCodes: string[],
1191
+ ) {
1192
+ try {
1193
+ // Part 1: Privilege Checking
1194
+ const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
1195
+ const isPrivileged = await loginUser.checkPrivileges(
1196
+ systemCode,
1197
+ 'GROUP_PRIVILEGE_ASSIGN',
1198
+ );
1199
+
1200
+ if (!isPrivileged) {
1201
+ throw new ClassError(
1202
+ 'Group',
1203
+ 'GroupErrMsg06',
1204
+ 'You do not have the privilege to assign group privileges',
1205
+ );
1206
+ }
1207
+
1208
+ // Part 2: Validation, Create and Record Activity
1209
+ // Initialise group with group init
1210
+
1211
+ const group = await Group.init(dbTransaction, GroupCode);
1212
+
1213
+ // Retrieve all group system access by calling Group.getSystemAccess
1214
+ const groupSystemAccesses = await Group.getSystemAccesses(
1215
+ loginUser,
1216
+ dbTransaction,
1217
+ GroupCode,
1218
+ 1,
1219
+ Number.MAX_SAFE_INTEGER,
1220
+ {},
1221
+ );
1222
+
1223
+ // If Group.InheritParentSystemAccess == "Y" and Group.ParentGroupCode exist
1224
+ let parentGroupSystemAccesses: any = {};
1225
+ if (group.InheritParentSystemAccessYN === 'Y' && group.ParentGroupCode) {
1226
+ // Retrieve all parent group system access by calling Group.getSystemAccess
1227
+ parentGroupSystemAccesses = await Group.getSystemAccesses(
1228
+ loginUser,
1229
+ dbTransaction,
1230
+ group.ParentGroupCode,
1231
+ 1,
1232
+ Number.MAX_SAFE_INTEGER,
1233
+ {},
1234
+ );
1235
+ }
1236
+
1237
+ // For each Params.PrivilegesCodes.
1238
+ for (const PrivilegeCode of PrivilegeCodes) {
1239
+ // Initialise existing System privilege by calling SystemPrivilege.init
1240
+ const systemPrivilege = await SystemPrivilege.init(dbTransaction, PrivilegeCode);
1241
+ //Check whether the system codes used by that privilege is exist inside the group system access retrieved from step 2.2 & 2.4. If system code does not exist in group system access, throw a new ClassError by passing:
1242
+ // Classname: "Group"
1243
+ // MessageCode: "GroupErrMsg0X"
1244
+ // Message: "Failed to assign privilege <PrivilegeCode> due to non-existent system access."
1245
+ const combinedSystemAccesses = {
1246
+ ...groupSystemAccesses.rows,
1247
+ ...parentGroupSystemAccesses.rows,
1248
+ };
1249
+ const systemAccess = combinedSystemAccesses.find(
1250
+ (systemAccess) => systemAccess.SystemCode === systemPrivilege.SystemCode,
1251
+ );
1252
+ if (!systemAccess) {
1253
+ throw new ClassError(
1254
+ 'Group',
1255
+ 'GroupErrMsg13',
1256
+ 'Failed to assign privilege ' + PrivilegeCode + ' due to non-existent system access.',
1257
+ );
1258
+ }
1259
+
1260
+ //Check whether the group privilege exist by using Group._GroupPrivilegesRepo.findOne
1261
+ const groupPrivilege = await Group._GroupPrivilegeRepo.findOne({
1262
+ where: {
1263
+ GroupCode,
1264
+ PrivilegeCode,
1265
+ },
1266
+ transaction: dbTransaction,
1267
+ });
1268
+
1269
+ //If GroupPrivilege record exist and status is "Active". Skip this loop and proceed to the next privilege code
1270
+ if (groupPrivilege && groupPrivilege.Status === 'Active') {
1271
+ continue;
1272
+ }
1273
+
1274
+ let entityValueBefore = {};
1275
+ let entityValueAfter = {};
1276
+ let action = ActionEnum.ADD;
1277
+ let description = 'Create Group Privilege';
1278
+ let entityId = null;
1279
+ //If GroupPrivilege record exist and status is not "Active" do the following:
1280
+ if (groupPrivilege && groupPrivilege.Status !== 'Active') {
1281
+ //Set this GroupPrivilege entity as EntityValueBefore
1282
+ entityValueBefore = {
1283
+ GroupCode: groupPrivilege.GroupCode,
1284
+ PrivilegeCode: groupPrivilege.PrivilegeCode,
1285
+ Status: groupPrivilege.Status,
1286
+ CreatedById: groupPrivilege.CreatedById,
1287
+ CreatedAt: groupPrivilege.CreatedAt,
1288
+ UpdatedById: groupPrivilege.UpdatedById,
1289
+ UpdatedAt: groupPrivilege.UpdatedAt,
1290
+ };
1291
+
1292
+ //Update the status to active using Group._GroupPrivilegesRepo.Update.
1293
+ const updatedPayload = {
1294
+ Status: 'Active',
1295
+ UpdatedById: loginUser.UserId,
1296
+ UpdatedAt: new Date(),
1297
+ };
1298
+ await Group._GroupPrivilegeRepo.update(
1299
+ updatedPayload,
1300
+ {
1301
+ where: {
1302
+ GroupCode,
1303
+ PrivilegeCode,
1304
+ },
1305
+ transaction: dbTransaction,
1306
+ },
1307
+ );
1308
+
1309
+ //Set updated GroupPrivilege as EntityValueAfter
1310
+ entityValueAfter = {
1311
+ GroupCode: groupPrivilege.GroupCode,
1312
+ PrivilegeCode: groupPrivilege.PrivilegeCode,
1313
+ Status: updatedPayload.Status,
1314
+ CreatedById: groupPrivilege.CreatedById,
1315
+ CreatedAt: groupPrivilege.CreatedAt,
1316
+ UpdatedById: updatedPayload.UpdatedById,
1317
+ UpdatedAt: updatedPayload.UpdatedAt,
1318
+ };
1319
+
1320
+ //Instantiate new activity from Activity class
1321
+ action = ActionEnum.UPDATE;
1322
+ description = 'Update Group Privilege';
1323
+ entityId = groupPrivilege.GroupPrivilegeId;
1324
+ } else {
1325
+ //If GroupPrivilege record does not exist, do the following:
1326
+ //Initialise empty GroupPrivilege.
1327
+ const newGroupPrivilege = await GroupPrivilege.init(dbTransaction);
1328
+ //Set the attributes
1329
+ newGroupPrivilege.setAttributes({
1330
+ GroupCode,
1331
+ PrivilegeCode,
1332
+ Status: 'Active',
1333
+ CreatedById: loginUser.UserId,
1334
+ CreatedAt: new Date(),
1335
+ UpdatedById: loginUser.UserId,
1336
+ UpdatedAt: new Date(),
1337
+ });
1338
+
1339
+ // Set EntityValueAfter to above instance.
1340
+ entityValueAfter = {
1341
+ GroupCode: newGroupPrivilege.GroupCode,
1342
+ PrivilegeCode: newGroupPrivilege.PrivilegeCode,
1343
+ Status: newGroupPrivilege.Status,
1344
+ CreatedById: newGroupPrivilege.CreatedById,
1345
+ CreatedAt: newGroupPrivilege.CreatedAt,
1346
+ UpdatedById: newGroupPrivilege.UpdatedById,
1347
+ UpdatedAt: newGroupPrivilege.UpdatedAt,
1348
+ };
1349
+
1350
+ //Call Group._GroupPrivilegesRepo.create
1351
+ const groupPrivilege = await Group._GroupPrivilegeRepo.create(entityValueAfter, {
1352
+ transaction: dbTransaction,
1353
+ });
1354
+ action = ActionEnum.ADD;
1355
+ description = 'Create Group Privilege';
1356
+ entityId = groupPrivilege.GroupPrivilegeId;
1357
+ }
1358
+
1359
+ //Instantiate new activity from Activity class, call createId() method, then set:
1360
+ const activity = new Activity();
1361
+ activity.ActivityId = activity.createId();
1362
+ activity.Action = action;
1363
+ activity.Description = description;
1364
+ activity.EntityType = 'GroupPrivilege';
1365
+ activity.EntityId = entityId;
1366
+ activity.EntityValueBefore = JSON.stringify(entityValueBefore);
1367
+ activity.EntityValueAfter = JSON.stringify(entityValueAfter);
1368
+
1369
+ //Call new activity create method
1370
+ await activity.create(loginUser.ObjectId, dbTransaction);
1371
+ }
1372
+
1373
+ return 'Successfully added.';
1374
+ } catch (error) {
1375
+ throw error;
1376
+ }
1377
+ }
1378
+
1379
+ public static async deleteGroupPrivilege(
1380
+ loginUser: LoginUser,
1381
+ dbTransaction: any,
1382
+ GroupCode: string,
1383
+ PrivilegeCodes: string[],
1384
+ ) {
1385
+ try {
1386
+ // Part 1: Privilege Checking
1387
+ const systemCode = ApplicationConfig.getComponentConfigValue('system-code');
1388
+ const isPrivileged = await loginUser.checkPrivileges(
1389
+ systemCode,
1390
+ 'GROUP_PRIVILEGE_DELETE',
1391
+ );
1392
+
1393
+ if (!isPrivileged) {
1394
+ throw new ClassError(
1395
+ 'Group',
1396
+ 'GroupErrMsg06',
1397
+ 'You do not have the privilege to delete group privileges',
1398
+ );
1399
+ }
1400
+
1401
+ // Part 2: Validation, Create and Record Activity
1402
+ // For each Params.PrivilegesCodes.
1403
+ for (const PrivilegeCode of PrivilegeCodes) {
1404
+ //Check whether the record exist in database by calling Group._GroupPrivilegeRepo.findOne
1405
+ const groupPrivilege = await Group._GroupPrivilegeRepo.findOne({
1406
+ where: {
1407
+ GroupCode,
1408
+ PrivilegeCode,
1409
+ },
1410
+ transaction: dbTransaction,
1411
+ });
1412
+
1413
+ //If the record does not exist, throw a new ClassError
1414
+ if (!groupPrivilege) {
1415
+ throw new ClassError(
1416
+ 'Group',
1417
+ 'GroupErrMsg14',
1418
+ 'GroupPrivilege not found.',
1419
+ );
1420
+ }
1421
+
1422
+ //Set the EntityValueBefore to the GroupPrivilegesValue from step 1.c.
1423
+ const entityValueBefore = {
1424
+ GroupCode: groupPrivilege.GroupCode,
1425
+ PrivilegeCode: groupPrivilege.PrivilegeCode,
1426
+ Status: groupPrivilege.Status,
1427
+ CreatedById: groupPrivilege.CreatedById,
1428
+ CreatedAt: groupPrivilege.CreatedAt,
1429
+ UpdatedById: groupPrivilege.UpdatedById,
1430
+ UpdatedAt: groupPrivilege.UpdatedAt,
1431
+ };
1432
+
1433
+ //Call Group._GroupPrivilegeRepo.delete
1434
+ await Group._GroupPrivilegeRepo.delete(
1435
+ GroupCode,
1436
+ PrivilegeCode,
1437
+ dbTransaction,
1438
+ );
1439
+ // Instantiate new activity from Activity class, call createId() method, then set:
1440
+ const activity = new Activity();
1441
+ activity.ActivityId = activity.createId();
1442
+ activity.Action = ActionEnum.DELETE;
1443
+ activity.Description = 'DELETE Group Privilege';
1444
+ activity.EntityType = 'GroupPrivilege';
1445
+ activity.EntityId = groupPrivilege.GroupPrivilegeId.toString();
1446
+ activity.EntityValueBefore = JSON.stringify(entityValueBefore);
1447
+ activity.EntityValueAfter = JSON.stringify({});
1448
+ //Call new activity create method
1449
+ await activity.create(loginUser.ObjectId, dbTransaction);
1450
+ }
1451
+ return 'Successfully deleted.';
1452
+ } catch (error) {
1453
+ throw error;
1454
+ }
1455
+ }
1456
+ }