npm - @tomei/sso - Versions diffs - 0.33.8 → 0.34.1 - Mend

@tomei/sso 0.33.8 → 0.34.1

Files changed (150) hide show

package/coverage/test-report.xml CHANGED Viewed

@@ -1,129 +1,129 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<testExecutions version="1">
-  <file path="C:\Work\sso\__tests__\unit\components\login-user\login.spec.ts">
-    <testCase name="LoginUser init should initialize LoginUser with valid userId" duration="5"/>
-    <testCase name="LoginUser init should throw an error when user is not found" duration="20"/>
-    <testCase name="LoginUser checkSession should throw an error if session expired" duration="20"/>
-    <testCase name="LoginUser checkSession should refresh the session duration if session is valid" duration="2"/>
-    <testCase name="LoginUser shouldReleaseLock should return true if autoReleaseYN is &quot;Y&quot; and time difference is greater than minuteToAutoRelease" duration="2"/>
-    <testCase name="LoginUser shouldReleaseLock should return false if autoReleaseYN is &quot;Y&quot; and time difference is less than or equal to minuteToAutoRelease" duration="1"/>
-    <testCase name="LoginUser shouldReleaseLock should return false if autoReleaseYN is &quot;N&quot;" duration="1"/>
-    <testCase name="LoginUser releaseLock should release the lock for a user" duration="1"/>
-    <testCase name="LoginUser checkUserInfoDuplicated should throw an error if duplicate user info is found" duration="1"/>
-    <testCase name="LoginUser checkUserInfoDuplicated should not throw an error if duplicate user info is not found" duration="0"/>
-    <testCase name="LoginUser generateDefaultPassword should generate a default password with the specified length" duration="2"/>
-    <testCase name="LoginUser generateDefaultPassword should generate a default password with at least one capital letter" duration="1"/>
-    <testCase name="LoginUser generateDefaultPassword should generate a default password with at least one number" duration="1"/>
-    <testCase name="LoginUser generateDefaultPassword should generate a default password with at least one special character" duration="1"/>
-    <testCase name="LoginUser generateDefaultPassword should generate a default password without any non-acceptable characters" duration="1"/>
-    <testCase name="LoginUser setPassword should set the password for the user" duration="159"/>
-    <testCase name="LoginUser setPassword should throw an error if the password does not meet the security requirements" duration="13"/>
-    <testCase name="LoginUser create should create a new user record" duration="5"/>
-    <testCase name="LoginUser create should throw an error if user dont have the privilege to create new user" duration="2"/>
-    <testCase name="LoginUser create should throw an error if user email is missing" duration="2"/>
-    <testCase name="LoginUser incrementFailedLoginAttemptCount should increment FailedLoginAttemptCount and update user status" duration="1"/>
-    <testCase name="LoginUser incrementFailedLoginAttemptCount should throw an error if maxFailedLoginAttempts or autoReleaseYN is missing" duration="1"/>
-    <testCase name="LoginUser incrementFailedLoginAttemptCount should lock the user account if the failed login attempts exceed the maximum allowed" duration="1"/>
-    <testCase name="LoginUser incrementFailedLoginAttemptCount should permanently lock the user account if the failed login attempts exceed the maximum allowed and autoReleaseYN is N" duration="1"/>
-    <testCase name="LoginUser combineSystemAccess should combine user and group system access and remove duplicates" duration="1"/>
-    <testCase name="LoginUser checkPrivileges should return true if user has the specified privilege" duration="1"/>
-    <testCase name="LoginUser checkPrivileges should return false if user does not have the specified privilege" duration="1"/>
-    <testCase name="LoginUser checkPrivileges should throw an error if ObjectId is not set" duration="1"/>
-    <testCase name="LoginUser getObjectPrivileges should return an array of privileges" duration="1"/>
-    <testCase name="LoginUser getObjectPrivileges should throw an error if an exception occurs" duration="1"/>
-    <testCase name="LoginUser getUserPersonalPrivileges should return an array of privileges" duration="2"/>
-    <testCase name="LoginUser getUserPersonalPrivileges should throw an error if an error occurs" duration="1"/>
-    <testCase name="LoginUser getInheritedSystemAccess should return group system access with its parent group system access if applicable" duration="3"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\system\system.spec.ts">
-    <testCase name="System init should initialize a system when SystemCode is provided" duration="3"/>
-    <testCase name="System init should throw an error when SystemCode is not found" duration="8"/>
-    <testCase name="System init should initialize a new system when SystemCode is not provided" duration="1"/>
-    <testCase name="System createSystem should create a new system" duration="4"/>
-    <testCase name="System createSystem should throw an error when user does not have permission" duration="1"/>
-    <testCase name="System createSystem should throw an error when SystemCode is missing" duration="1"/>
-    <testCase name="System createSystem should throw an error when Name is missing" duration="1"/>
-    <testCase name="System createSystem should throw an error when Description is missing" duration="1"/>
-    <testCase name="System createSystem should throw an error when failed to create system" duration="5"/>
-    <testCase name="System setSystemCode should set the SystemCode when there is no duplicate" duration="1"/>
-    <testCase name="System setSystemCode should throw an error when SystemCode already exists" duration="1"/>
-    <testCase name="System setSystemCode should throw an error when failed to check duplicate SystemCode" duration="1"/>
-    <testCase name="System findAll should find all systems based on filter" duration="2"/>
-    <testCase name="System findAll should find all systems without pagination when page and rows are not provided" duration="1"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\group-object-privilege\group-object-privilege.spec.ts">
-    <testCase name="GroupObjectPrivilege should create an instance of GroupObjectPrivilege" duration="2"/>
-    <testCase name="GroupObjectPrivilege should have the correct TableName" duration="0"/>
-    <testCase name="GroupObjectPrivilege should have the correct properties" duration="1"/>
-    <testCase name="GroupObjectPrivilege init should return an instance of GroupObjectPrivilege when GroupObjectPrivilegeId is provided" duration="2"/>
-    <testCase name="GroupObjectPrivilege init should throw an error when GroupObjectPrivilegeId is provided but no GroupObjectPrivilege is found" duration="3"/>
-    <testCase name="GroupObjectPrivilege init should return a new instance of GroupObjectPrivilege when GroupObjectPrivilegeId is not provided" duration="3"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\group-system-access\group-system-access.spec.ts">
-    <testCase name="GroupSystemAccess should create a new GroupSystemAccess instance" duration="2"/>
-    <testCase name="GroupSystemAccess init should initialize GroupSystemAccess without GroupSystemAccessId" duration="2"/>
-    <testCase name="GroupSystemAccess init should initialize GroupSystemAccess with GroupSystemAccessId" duration="3"/>
-    <testCase name="GroupSystemAccess init should throw an error if GroupSystemAccessId is not found" duration="5"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\group\group.spec.ts">
-    <testCase name="Group should initialize a group with valid GroupCode" duration="4"/>
-    <testCase name="Group should throw an error when initializing a group with invalid GroupCode" duration="5"/>
-    <testCase name="Group should throw an error when initializing a group with an error" duration="2"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\group-reporting-user\group-reporting-user.spec.ts">
-    <testCase name="GroupReportingUser init should initialize GroupReportingUser without GroupReportingUserId" duration="3"/>
-    <testCase name="GroupReportingUser init should initialize GroupReportingUser with valid GroupReportingUserId" duration="2"/>
-    <testCase name="GroupReportingUser init should throw ClassError when GroupReportingUser is not found" duration="8"/>
-    <testCase name="GroupReportingUser init should throw ClassError when failed to initialize GroupReportingUser" duration="1"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\system-privilege\system-privilege.spec.ts">
-    <testCase name="SystemPrivilege constructor should create a new SystemPrivilege instance" duration="2"/>
-    <testCase name="SystemPrivilege init should initialize SystemPrivilege without PrivilegeCode" duration="1"/>
-    <testCase name="SystemPrivilege init should initialize SystemPrivilege with PrivilegeCode" duration="2"/>
-    <testCase name="SystemPrivilege init should throw an error if PrivilegeCode is not found" duration="4"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\user-group\user-group.spec.ts">
-    <testCase name="UserGroup constructor should create a new UserGroup instance" duration="3"/>
-    <testCase name="UserGroup init should initialize UserGroup with valid UserGroupId" duration="2"/>
-    <testCase name="UserGroup init should throw ClassError when UserGroupId is not found" duration="5"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\user-object-privilege\user-object-privilege.spec.ts">
-    <testCase name="UserObjectPrivilege constructor should create a new UserObjectPrivilege instance" duration="2"/>
-    <testCase name="UserObjectPrivilege init should initialize UserObjectPrivilege with valid ObjectPrivilegeId" duration="5"/>
-    <testCase name="UserObjectPrivilege init should throw ClassError when ObjectPrivilegeId is not found" duration="4"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\group-privilege\group-privilege.spec.ts">
-    <testCase name="GroupPrivilege should initialize with GroupPrivilegeAttr" duration="6"/>
-    <testCase name="GroupPrivilege should throw ClassError when GroupPrivilegeAttr is not found" duration="4"/>
-    <testCase name="GroupPrivilege should initialize with default values" duration="1"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\user-system-access\user-system-access.spec.ts">
-    <testCase name="UserSystemAccess constructor should create a new UserSystemAccess instance" duration="2"/>
-    <testCase name="UserSystemAccess init should initialize UserSystemAccess with valid UserSystemAccessId" duration="2"/>
-    <testCase name="UserSystemAccess init should throw ClassError when UserSystemAccessId is not found" duration="1"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\user-privilege\user-privilege.spec.ts">
-    <testCase name="UserPrivilege constructor should create a new UserPrivilege instance" duration="2"/>
-    <testCase name="UserPrivilege init should initialize UserPrivilege with valid UserPrivilegeId" duration="2"/>
-    <testCase name="UserPrivilege init should throw ClassError when UserPrivilegeId is not found" duration="4"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\session\session.service.spec.ts">
-    <testCase name="session.service should return session service when instansiated" duration="2"/>
-    <testCase name="session.service should able to write session data" duration="3"/>
-    <testCase name="session.service should able to refresh session data" duration="3"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\system-privilege\system-privilage.spec.ts">
-    <testCase name="SystemPrivilege should be true" duration="2"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\password-hash\password-hash.service.spec.ts">
-    <testCase name="password-hash.service should return hash password" duration="2"/>
-    <testCase name="password-hash.service should return true when verify password" duration="1"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\redis-client\redis.service.spec.ts">
-    <testCase name="redis.service should return redis service when instansiated" duration="1"/>
-    <testCase name="redis.service should able to write and read redis" duration="2"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\login-user\l.spec.ts">
-    <testCase name="SystemPrivilege should be true" duration="1"/>
-  </file>
+<?xml version="1.0" encoding="UTF-8"?>
+<testExecutions version="1">
+  <file path="C:\Work\sso\__tests__\unit\components\login-user\login.spec.ts">
+    <testCase name="LoginUser init should initialize LoginUser with valid userId" duration="5"/>
+    <testCase name="LoginUser init should throw an error when user is not found" duration="20"/>
+    <testCase name="LoginUser checkSession should throw an error if session expired" duration="20"/>
+    <testCase name="LoginUser checkSession should refresh the session duration if session is valid" duration="2"/>
+    <testCase name="LoginUser shouldReleaseLock should return true if autoReleaseYN is &quot;Y&quot; and time difference is greater than minuteToAutoRelease" duration="2"/>
+    <testCase name="LoginUser shouldReleaseLock should return false if autoReleaseYN is &quot;Y&quot; and time difference is less than or equal to minuteToAutoRelease" duration="1"/>
+    <testCase name="LoginUser shouldReleaseLock should return false if autoReleaseYN is &quot;N&quot;" duration="1"/>
+    <testCase name="LoginUser releaseLock should release the lock for a user" duration="1"/>
+    <testCase name="LoginUser checkUserInfoDuplicated should throw an error if duplicate user info is found" duration="1"/>
+    <testCase name="LoginUser checkUserInfoDuplicated should not throw an error if duplicate user info is not found" duration="0"/>
+    <testCase name="LoginUser generateDefaultPassword should generate a default password with the specified length" duration="2"/>
+    <testCase name="LoginUser generateDefaultPassword should generate a default password with at least one capital letter" duration="1"/>
+    <testCase name="LoginUser generateDefaultPassword should generate a default password with at least one number" duration="1"/>
+    <testCase name="LoginUser generateDefaultPassword should generate a default password with at least one special character" duration="1"/>
+    <testCase name="LoginUser generateDefaultPassword should generate a default password without any non-acceptable characters" duration="1"/>
+    <testCase name="LoginUser setPassword should set the password for the user" duration="159"/>
+    <testCase name="LoginUser setPassword should throw an error if the password does not meet the security requirements" duration="13"/>
+    <testCase name="LoginUser create should create a new user record" duration="5"/>
+    <testCase name="LoginUser create should throw an error if user dont have the privilege to create new user" duration="2"/>
+    <testCase name="LoginUser create should throw an error if user email is missing" duration="2"/>
+    <testCase name="LoginUser incrementFailedLoginAttemptCount should increment FailedLoginAttemptCount and update user status" duration="1"/>
+    <testCase name="LoginUser incrementFailedLoginAttemptCount should throw an error if maxFailedLoginAttempts or autoReleaseYN is missing" duration="1"/>
+    <testCase name="LoginUser incrementFailedLoginAttemptCount should lock the user account if the failed login attempts exceed the maximum allowed" duration="1"/>
+    <testCase name="LoginUser incrementFailedLoginAttemptCount should permanently lock the user account if the failed login attempts exceed the maximum allowed and autoReleaseYN is N" duration="1"/>
+    <testCase name="LoginUser combineSystemAccess should combine user and group system access and remove duplicates" duration="1"/>
+    <testCase name="LoginUser checkPrivileges should return true if user has the specified privilege" duration="1"/>
+    <testCase name="LoginUser checkPrivileges should return false if user does not have the specified privilege" duration="1"/>
+    <testCase name="LoginUser checkPrivileges should throw an error if ObjectId is not set" duration="1"/>
+    <testCase name="LoginUser getObjectPrivileges should return an array of privileges" duration="1"/>
+    <testCase name="LoginUser getObjectPrivileges should throw an error if an exception occurs" duration="1"/>
+    <testCase name="LoginUser getUserPersonalPrivileges should return an array of privileges" duration="2"/>
+    <testCase name="LoginUser getUserPersonalPrivileges should throw an error if an error occurs" duration="1"/>
+    <testCase name="LoginUser getInheritedSystemAccess should return group system access with its parent group system access if applicable" duration="3"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\system\system.spec.ts">
+    <testCase name="System init should initialize a system when SystemCode is provided" duration="3"/>
+    <testCase name="System init should throw an error when SystemCode is not found" duration="8"/>
+    <testCase name="System init should initialize a new system when SystemCode is not provided" duration="1"/>
+    <testCase name="System createSystem should create a new system" duration="4"/>
+    <testCase name="System createSystem should throw an error when user does not have permission" duration="1"/>
+    <testCase name="System createSystem should throw an error when SystemCode is missing" duration="1"/>
+    <testCase name="System createSystem should throw an error when Name is missing" duration="1"/>
+    <testCase name="System createSystem should throw an error when Description is missing" duration="1"/>
+    <testCase name="System createSystem should throw an error when failed to create system" duration="5"/>
+    <testCase name="System setSystemCode should set the SystemCode when there is no duplicate" duration="1"/>
+    <testCase name="System setSystemCode should throw an error when SystemCode already exists" duration="1"/>
+    <testCase name="System setSystemCode should throw an error when failed to check duplicate SystemCode" duration="1"/>
+    <testCase name="System findAll should find all systems based on filter" duration="2"/>
+    <testCase name="System findAll should find all systems without pagination when page and rows are not provided" duration="1"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\group-object-privilege\group-object-privilege.spec.ts">
+    <testCase name="GroupObjectPrivilege should create an instance of GroupObjectPrivilege" duration="2"/>
+    <testCase name="GroupObjectPrivilege should have the correct TableName" duration="0"/>
+    <testCase name="GroupObjectPrivilege should have the correct properties" duration="1"/>
+    <testCase name="GroupObjectPrivilege init should return an instance of GroupObjectPrivilege when GroupObjectPrivilegeId is provided" duration="2"/>
+    <testCase name="GroupObjectPrivilege init should throw an error when GroupObjectPrivilegeId is provided but no GroupObjectPrivilege is found" duration="3"/>
+    <testCase name="GroupObjectPrivilege init should return a new instance of GroupObjectPrivilege when GroupObjectPrivilegeId is not provided" duration="3"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\group-system-access\group-system-access.spec.ts">
+    <testCase name="GroupSystemAccess should create a new GroupSystemAccess instance" duration="2"/>
+    <testCase name="GroupSystemAccess init should initialize GroupSystemAccess without GroupSystemAccessId" duration="2"/>
+    <testCase name="GroupSystemAccess init should initialize GroupSystemAccess with GroupSystemAccessId" duration="3"/>
+    <testCase name="GroupSystemAccess init should throw an error if GroupSystemAccessId is not found" duration="5"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\group\group.spec.ts">
+    <testCase name="Group should initialize a group with valid GroupCode" duration="4"/>
+    <testCase name="Group should throw an error when initializing a group with invalid GroupCode" duration="5"/>
+    <testCase name="Group should throw an error when initializing a group with an error" duration="2"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\group-reporting-user\group-reporting-user.spec.ts">
+    <testCase name="GroupReportingUser init should initialize GroupReportingUser without GroupReportingUserId" duration="3"/>
+    <testCase name="GroupReportingUser init should initialize GroupReportingUser with valid GroupReportingUserId" duration="2"/>
+    <testCase name="GroupReportingUser init should throw ClassError when GroupReportingUser is not found" duration="8"/>
+    <testCase name="GroupReportingUser init should throw ClassError when failed to initialize GroupReportingUser" duration="1"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\system-privilege\system-privilege.spec.ts">
+    <testCase name="SystemPrivilege constructor should create a new SystemPrivilege instance" duration="2"/>
+    <testCase name="SystemPrivilege init should initialize SystemPrivilege without PrivilegeCode" duration="1"/>
+    <testCase name="SystemPrivilege init should initialize SystemPrivilege with PrivilegeCode" duration="2"/>
+    <testCase name="SystemPrivilege init should throw an error if PrivilegeCode is not found" duration="4"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\user-group\user-group.spec.ts">
+    <testCase name="UserGroup constructor should create a new UserGroup instance" duration="3"/>
+    <testCase name="UserGroup init should initialize UserGroup with valid UserGroupId" duration="2"/>
+    <testCase name="UserGroup init should throw ClassError when UserGroupId is not found" duration="5"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\user-object-privilege\user-object-privilege.spec.ts">
+    <testCase name="UserObjectPrivilege constructor should create a new UserObjectPrivilege instance" duration="2"/>
+    <testCase name="UserObjectPrivilege init should initialize UserObjectPrivilege with valid ObjectPrivilegeId" duration="5"/>
+    <testCase name="UserObjectPrivilege init should throw ClassError when ObjectPrivilegeId is not found" duration="4"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\group-privilege\group-privilege.spec.ts">
+    <testCase name="GroupPrivilege should initialize with GroupPrivilegeAttr" duration="6"/>
+    <testCase name="GroupPrivilege should throw ClassError when GroupPrivilegeAttr is not found" duration="4"/>
+    <testCase name="GroupPrivilege should initialize with default values" duration="1"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\user-system-access\user-system-access.spec.ts">
+    <testCase name="UserSystemAccess constructor should create a new UserSystemAccess instance" duration="2"/>
+    <testCase name="UserSystemAccess init should initialize UserSystemAccess with valid UserSystemAccessId" duration="2"/>
+    <testCase name="UserSystemAccess init should throw ClassError when UserSystemAccessId is not found" duration="1"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\user-privilege\user-privilege.spec.ts">
+    <testCase name="UserPrivilege constructor should create a new UserPrivilege instance" duration="2"/>
+    <testCase name="UserPrivilege init should initialize UserPrivilege with valid UserPrivilegeId" duration="2"/>
+    <testCase name="UserPrivilege init should throw ClassError when UserPrivilegeId is not found" duration="4"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\session\session.service.spec.ts">
+    <testCase name="session.service should return session service when instansiated" duration="2"/>
+    <testCase name="session.service should able to write session data" duration="3"/>
+    <testCase name="session.service should able to refresh session data" duration="3"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\system-privilege\system-privilage.spec.ts">
+    <testCase name="SystemPrivilege should be true" duration="2"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\password-hash\password-hash.service.spec.ts">
+    <testCase name="password-hash.service should return hash password" duration="2"/>
+    <testCase name="password-hash.service should return true when verify password" duration="1"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\redis-client\redis.service.spec.ts">
+    <testCase name="redis.service should return redis service when instansiated" duration="1"/>
+    <testCase name="redis.service should able to write and read redis" duration="2"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\login-user\l.spec.ts">
+    <testCase name="SystemPrivilege should be true" duration="1"/>
+  </file>
 </testExecutions>

package/create-sso-user.sql CHANGED Viewed

@@ -1,40 +1,40 @@
--- example to create sso-user
-CREATE USER 'sso_user'@'environment' IDENTIFIED BY 'password';
--- example to grant neccesary access to run migration
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_authorization_codes TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_bearer_tokens TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_building_types  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_buildings  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_cities TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_companies  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_countries TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_departments  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_grouproleprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_groupsystemaccess  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_groupsystemprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_groupsystemrole  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_oauth_tokens  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_roles  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_sequelize_meta  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_staff_types  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_staffs  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_states  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_system_accesses  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systemprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systemrole  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systemroleprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systems  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_updated_history  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_user_roles  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_usergroup  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_users  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_usersystemprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_usersystemrole  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_UserUserGroup  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production._prisma_migrations  TO 'sso_user'@'localhost' WITH GRANT OPTION;
--- Grant user to create, alter, drop, references on the database (required for creating shadow tables)
+-- example to create sso-user
+CREATE USER 'sso_user'@'environment' IDENTIFIED BY 'password';
+-- example to grant neccesary access to run migration
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_authorization_codes TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_bearer_tokens TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_building_types  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_buildings  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_cities TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_companies  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_countries TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_departments  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_grouproleprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_groupsystemaccess  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_groupsystemprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_groupsystemrole  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_oauth_tokens  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_roles  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_sequelize_meta  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_staff_types  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_staffs  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_states  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_system_accesses  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systemprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systemrole  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systemroleprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systems  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_updated_history  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_user_roles  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_usergroup  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_users  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_usersystemprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_usersystemrole  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_UserUserGroup  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production._prisma_migrations  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+-- Grant user to create, alter, drop, references on the database (required for creating shadow tables)
 GRANT CREATE, ALTER, DROP, REFERENCES ON shadow_database.* TO 'sso_user'@'localhost' WITH GRANT OPTION;

package/dist/src/components/group/group.d.ts CHANGED Viewed

@@ -56,6 +56,7 @@ export declare class Group extends ObjectBase {
         Status?: string;
     }): Promise<any>;
     private static getInheritedSystemAccess;
+    static checkParentHierarchy(dbTransaction: any, GroupCode: string, ListGroupCode?: string[]): Promise<boolean>;
     static getParentSystemAccesses(loginUser: LoginUser, dbTransaction: any, GroupCode: string): Promise<any[]>;
     static addSystemAccesses(loginUser: LoginUser, dbTransaction: any, GroupCode: string, SystemCodes: string[]): Promise<{
         Message: string;

package/dist/src/components/group/group.js CHANGED Viewed

@@ -353,6 +353,27 @@ class Group extends general_1.ObjectBase {
             return systemAccess;
         });
     }
+    static checkParentHierarchy(dbTransaction, GroupCode, ListGroupCode = []) {
+        return __awaiter(this, void 0, void 0, function* () {
+            ListGroupCode.push(GroupCode);
+            const group = yield Group._Repo.findOne({
+                where: { GroupCode },
+                transaction: dbTransaction,
+            });
+            if (group === null || group === void 0 ? void 0 : group.ParentGroupCode) {
+                const isGroupCodeExist = ListGroupCode.includes(group.ParentGroupCode);
+                if (!isGroupCodeExist) {
+                    yield this.checkParentHierarchy(dbTransaction, group.ParentGroupCode, ListGroupCode);
+                }
+                {
+                    return false;
+                }
+            }
+            else {
+                return true;
+            }
+        });
+    }
     static getParentSystemAccesses(loginUser, dbTransaction, GroupCode) {
         return __awaiter(this, void 0, void 0, function* () {
             const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
@@ -362,7 +383,7 @@ class Group extends general_1.ObjectBase {
             }
             try {
                 const group = yield Group.init(dbTransaction, GroupCode);
-                if (group.InheritParentSystemAccessYN !== 'Y' && !group.ParentGroupCode) {
+                if (group.InheritParentSystemAccessYN !== 'Y' || !group.ParentGroupCode) {
                     return [];
                 }
                 else {
@@ -505,7 +526,7 @@ class Group extends general_1.ObjectBase {
                     ],
                     transaction: dbTransaction,
                 });
-                let privileges = [];
+                const privileges = [];
                 for (const groupPrivilege of groupOwnPrivileges) {
                     const systemPrivilege = yield system_privilege_1.SystemPrivilege.init(dbTransaction);
                     systemPrivilege.setAttributes(groupPrivilege.Privilege.get({ plain: true }));
@@ -521,7 +542,7 @@ class Group extends general_1.ObjectBase {
     static getInheritedSystemPrivileges(dbTransaction, GroupCode, search) {
         return __awaiter(this, void 0, void 0, function* () {
             try {
-                let where = {
+                const where = {
                     GroupCode,
                 };
                 let groupPrivilegeWhere = {};
@@ -546,6 +567,7 @@ class Group extends general_1.ObjectBase {
                         {
                             model: group_privilege_entity_1.default,
                             where: groupPrivilegeWhere,
+                            separate: true,
                             include: [
                                 {
                                     model: system_privilege_entity_1.default,
@@ -556,10 +578,10 @@ class Group extends general_1.ObjectBase {
                     ],
                     transaction: dbTransaction,
                 });
-                let objectWhere = {
+                const objectWhere = {
                     GroupCode,
                 };
-                let systemWhere = {};
+                const systemWhere = {};
                 if (search) {
                     Object.entries(search).forEach(([key, value]) => {
                         if (key === 'SystemCode') {
@@ -599,9 +621,8 @@ class Group extends general_1.ObjectBase {
                     const inheritedPrivileges = yield Group.getInheritedSystemPrivileges(dbTransaction, group.ParentGroupCode, search);
                     privileges = privileges.concat(inheritedPrivileges);
                 }
-                const uniquePrivileges = Array.from(new Set(privileges.map(a => a.PrivilegeCode)))
-                    .map(PrivilegeCode => {
-                    return privileges.find(a => a.PrivilegeCode === PrivilegeCode);
+                const uniquePrivileges = Array.from(new Set(privileges.map((a) => a.PrivilegeCode))).map((PrivilegeCode) => {
+                    return privileges.find((a) => a.PrivilegeCode === PrivilegeCode);
                 });
                 return uniquePrivileges;
             }
@@ -619,7 +640,7 @@ class Group extends general_1.ObjectBase {
                     throw new general_1.ClassError('Group', 'GroupErrMsg11', 'You do not have the privilege to view group privileges');
                 }
                 const group = yield Group.init(dbTransaction, GroupCode);
-                if (group.InheritParentPrivilegeYN !== 'Y' && !group.ParentGroupCode) {
+                if (group.InheritParentPrivilegeYN !== 'Y' || !group.ParentGroupCode) {
                     return [];
                 }
                 const privileges = yield Group.getInheritedSystemPrivileges(dbTransaction, group.ParentGroupCode, search);
@@ -649,7 +670,9 @@ class Group extends general_1.ObjectBase {
                     const combinedSystemAccesses = Object.assign(Object.assign({}, groupSystemAccesses.rows), parentGroupSystemAccesses.rows);
                     const systemAccess = combinedSystemAccesses.find((systemAccess) => systemAccess.SystemCode === systemPrivilege.SystemCode);
                     if (!systemAccess) {
-                        throw new general_1.ClassError('Group', 'GroupErrMsg13', 'Failed to assign privilege ' + groupObjectPrivilege.PrivilegeCode + ' due to non-existent system access.');
+                        throw new general_1.ClassError('Group', 'GroupErrMsg13', 'Failed to assign privilege ' +
+                            groupObjectPrivilege.PrivilegeCode +
+                            ' due to non-existent system access.');
                     }
                     const groupObjectPrivilegeData = yield Group._GroupObjectPrivilegeRepo.findOne({
                         where: {
@@ -683,10 +706,10 @@ class Group extends general_1.ObjectBase {
                     throw new general_1.ClassError('Group', 'GroupErrMsg11', 'You do not have the privilege to view group privileges');
                 }
                 yield Group.init(dbTransaction, GroupCode);
-                let where = {
+                const where = {
                     GroupCode,
                 };
-                let systemWhere = {};
+                const systemWhere = {};
                 if (search) {
                     Object.entries(search).forEach(([key, value]) => {
                         if (key === 'SystemCode') {
@@ -711,15 +734,14 @@ class Group extends general_1.ObjectBase {
                     ],
                     transaction: dbTransaction,
                 });
-                let privileges = [];
+                const privileges = [];
                 for (const groupObjectPrivilege of groupObjectPrivileges) {
                     const systemPrivilege = yield system_privilege_1.SystemPrivilege.init(dbTransaction);
                     systemPrivilege.setAttributes(groupObjectPrivilege.Privilege.get({ plain: true }));
                     privileges.push(systemPrivilege);
                 }
-                const uniquePrivileges = Array.from(new Set(privileges.map(a => a.PrivilegeCode)))
-                    .map(PrivilegeCode => {
-                    return privileges.find(a => a.PrivilegeCode === PrivilegeCode);
+                const uniquePrivileges = Array.from(new Set(privileges.map((a) => a.PrivilegeCode))).map((PrivilegeCode) => {
+                    return privileges.find((a) => a.PrivilegeCode === PrivilegeCode);
                 });
                 return uniquePrivileges;
             }
@@ -744,10 +766,15 @@ class Group extends general_1.ObjectBase {
                 }
                 for (const PrivilegeCode of PrivilegeCodes) {
                     const systemPrivilege = yield system_privilege_1.SystemPrivilege.init(dbTransaction, PrivilegeCode);
-                    const combinedSystemAccesses = Object.assign(Object.assign({}, groupSystemAccesses.rows), parentGroupSystemAccesses.rows);
+                    const combinedSystemAccesses = [
+                        ...groupSystemAccesses.rows,
+                        ...parentGroupSystemAccesses.rows,
+                    ];
                     const systemAccess = combinedSystemAccesses.find((systemAccess) => systemAccess.SystemCode === systemPrivilege.SystemCode);
                     if (!systemAccess) {
-                        throw new general_1.ClassError('Group', 'GroupErrMsg13', 'Failed to assign privilege ' + PrivilegeCode + ' due to non-existent system access.');
+                        throw new general_1.ClassError('Group', 'GroupErrMsg13', 'Failed to assign privilege ' +
+                            PrivilegeCode +
+                            ' due to non-existent system access.');
                     }
                     const groupPrivilege = yield Group._GroupPrivilegeRepo.findOne({
                         where: {