@tomei/sso 0.45.3 → 0.46.0
Sign up to get free protection for your applications and to get access to all the features.
- package/dist/src/components/user-group/user-group.d.ts +14 -1
- package/dist/src/components/user-group/user-group.js +70 -0
- package/dist/src/components/user-group/user-group.js.map +1 -1
- package/dist/src/components/user-system-access/user-system-access.d.ts +22 -0
- package/dist/src/components/user-system-access/user-system-access.js +61 -0
- package/dist/src/components/user-system-access/user-system-access.js.map +1 -1
- package/dist/src/models/user-system-access.entity.js +13 -4
- package/dist/src/models/user-system-access.entity.js.map +1 -1
- package/dist/src/models/user.entity.js +8 -2
- package/dist/src/models/user.entity.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +1 -1
- package/src/components/user-group/user-group.ts +155 -2
- package/src/components/user-system-access/user-system-access.ts +105 -0
- package/src/models/user-system-access.entity.ts +13 -4
- package/src/models/user.entity.ts +8 -2
package/package.json
CHANGED
@@ -5,6 +5,9 @@ import { LoginUser, User } from '../../components/login-user';
|
|
5
5
|
import { Group } from '../../components/group';
|
6
6
|
import { ApplicationConfig } from '@tomei/config';
|
7
7
|
import { ActionEnum, Activity } from '@tomei/activity-history';
|
8
|
+
import GroupSystemAccessModel from '../../models/group-system-access.entity';
|
9
|
+
import GroupModel from '../../models/group.entity';
|
10
|
+
import SystemModel from 'models/system.entity';
|
8
11
|
|
9
12
|
export class UserGroup extends ObjectBase {
|
10
13
|
ObjectType = 'UserGroup';
|
@@ -22,6 +25,8 @@ export class UserGroup extends ObjectBase {
|
|
22
25
|
private _CreatedById: number;
|
23
26
|
private _UpdatedById: number;
|
24
27
|
|
28
|
+
protected static _Repository = new UserGroupRepository();
|
29
|
+
|
25
30
|
get CreatedAt() {
|
26
31
|
return this._CreatedAt;
|
27
32
|
}
|
@@ -38,8 +43,6 @@ export class UserGroup extends ObjectBase {
|
|
38
43
|
return this._UpdatedById;
|
39
44
|
}
|
40
45
|
|
41
|
-
private static _Repository = new UserGroupRepository();
|
42
|
-
|
43
46
|
private constructor(userGroupAttr?: IUserGroupAttr) {
|
44
47
|
super();
|
45
48
|
if (userGroupAttr) {
|
@@ -296,4 +299,154 @@ export class UserGroup extends ObjectBase {
|
|
296
299
|
throw error;
|
297
300
|
}
|
298
301
|
}
|
302
|
+
|
303
|
+
static async findAllInheritedSystemAccesses(
|
304
|
+
UserId: number,
|
305
|
+
loginUser: User,
|
306
|
+
dbTransaction: any,
|
307
|
+
): Promise<
|
308
|
+
{
|
309
|
+
GroupCode: string;
|
310
|
+
GroupName: string;
|
311
|
+
InheritGroupPrivilegeYN: string;
|
312
|
+
InheritedGroupSystemAccesses: {
|
313
|
+
SystemCode: string;
|
314
|
+
SystemName: string;
|
315
|
+
AccessStatus: string;
|
316
|
+
CreatedAt: Date;
|
317
|
+
UpdatedAt: Date;
|
318
|
+
}[];
|
319
|
+
}[]
|
320
|
+
> {
|
321
|
+
try {
|
322
|
+
// Part 1: Privilege Checking
|
323
|
+
// Call loginUser.checkPrivileges() to ensure the user has permission to retrieve system access information.
|
324
|
+
// SystemCode: Retrieve from app config.
|
325
|
+
// PrivilegeCode: 'USER_SYSTEM_ACCESS_LIST'.
|
326
|
+
// If the privilege check fails, throw an error with a 403 Forbidden status.
|
327
|
+
const systemCode =
|
328
|
+
ApplicationConfig.getComponentConfigValue('system-code');
|
329
|
+
const isPrivileged = await loginUser.checkPrivileges(
|
330
|
+
systemCode,
|
331
|
+
'USER_SYSTEM_ACCESS_LIST',
|
332
|
+
);
|
333
|
+
if (!isPrivileged) {
|
334
|
+
throw new ClassError(
|
335
|
+
'UserGroup',
|
336
|
+
'UserGroupErrMsg0X',
|
337
|
+
'User does not have privilege to view user system access.',
|
338
|
+
'findAllInheritedSystemAccesses',
|
339
|
+
403,
|
340
|
+
);
|
341
|
+
}
|
342
|
+
// Part 2: Retrieve User Groups
|
343
|
+
// Query the sso_UserGroup table to find all active groups the user belongs to.
|
344
|
+
// Join with the sso_Group table to retrieve the GroupCode, GroupName, and InheritGroupSystemAccessYNfields.
|
345
|
+
// Ensure that the value of InheritGroupSystemAccessYN is explicitly 'Y' or 'N' for each group.
|
346
|
+
// If InheritGroupSystemAccessYN is not set, default it to 'N'.
|
347
|
+
// Return only active groups (based on Status field).
|
348
|
+
// The query should return the following fields for each group:
|
349
|
+
// GroupCode
|
350
|
+
// GroupName
|
351
|
+
// InheritGroupSystemAccessYN
|
352
|
+
|
353
|
+
const userGroups = await UserGroup._Repository.findAll({
|
354
|
+
where: {
|
355
|
+
UserId,
|
356
|
+
InheritGroupSystemAccessYN: 'Y',
|
357
|
+
Status: 'Active',
|
358
|
+
},
|
359
|
+
include: [
|
360
|
+
{
|
361
|
+
model: GroupModel,
|
362
|
+
required: true,
|
363
|
+
where: {
|
364
|
+
Status: 'Active',
|
365
|
+
},
|
366
|
+
include: [
|
367
|
+
{
|
368
|
+
model: GroupSystemAccessModel,
|
369
|
+
where: {
|
370
|
+
Status: 'Active',
|
371
|
+
},
|
372
|
+
include: [
|
373
|
+
{
|
374
|
+
model: SystemModel,
|
375
|
+
},
|
376
|
+
],
|
377
|
+
},
|
378
|
+
],
|
379
|
+
},
|
380
|
+
],
|
381
|
+
transaction: dbTransaction,
|
382
|
+
});
|
383
|
+
const result: {
|
384
|
+
GroupCode: string;
|
385
|
+
GroupName: string;
|
386
|
+
InheritGroupPrivilegeYN: string;
|
387
|
+
InheritedGroupSystemAccesses: {
|
388
|
+
SystemCode: string;
|
389
|
+
SystemName: string;
|
390
|
+
AccessStatus: string;
|
391
|
+
CreatedAt: Date;
|
392
|
+
UpdatedAt: Date;
|
393
|
+
}[];
|
394
|
+
}[] = [];
|
395
|
+
for (const userGroup of userGroups) {
|
396
|
+
// Part 3: Retrieve System Access for Groups with Inheritance
|
397
|
+
// For each group where InheritGroupSystemAccessYN = 'Y', query the sso_GroupSystemAccess table to retrieve system access details.
|
398
|
+
// Join with the sso_System table to fetch system details (SystemName, SystemCode).
|
399
|
+
// Ensure only active system accesses (AccessStatus = 'Active') are included.
|
400
|
+
// For each system access, retrieve the following fields:
|
401
|
+
// SystemName (from sso_System.Name)
|
402
|
+
// SystemCode (from sso_System.SystemCode)
|
403
|
+
// AccessStatus (from sso_GroupSystemAccess.Status)
|
404
|
+
// CreatedAt (from sso_GroupSystemAccess.CreatedAt)
|
405
|
+
// UpdatedAt (from sso_GroupSystemAccess.UpdatedAt)
|
406
|
+
// Part 4: Handling Non-Inherited Groups
|
407
|
+
// For groups where InheritGroupSystemAccessYN = 'N', return the group details without system access records.
|
408
|
+
// Set the Systems field to an empty array or null to indicate no inherited access for those groups.
|
409
|
+
// Part 5: Grouping Results
|
410
|
+
// Group the results by GroupCode and GroupName.
|
411
|
+
// For each group, create an object with the following structure:
|
412
|
+
// GroupCode: Code of the group.
|
413
|
+
// GroupName: Name of the group.
|
414
|
+
// InheritGroupSystemAccessYN: 'Y' or 'N', indicating whether the user inherits system access from the group.
|
415
|
+
// Systems: An array of system access objects (for groups where InheritGroupSystemAccessYN = 'Y'), each including:
|
416
|
+
// SystemName
|
417
|
+
// SystemCode
|
418
|
+
// AccessStatus
|
419
|
+
// CreatedAt
|
420
|
+
// UpdatedAt
|
421
|
+
// For groups where InheritGroupSystemAccessYN = 'N', Systems will be an empty array.
|
422
|
+
const groupData = {
|
423
|
+
GroupCode: userGroup.GroupCode,
|
424
|
+
GroupName: userGroup.Group.Name,
|
425
|
+
InheritGroupPrivilegeYN: userGroup.InheritGroupPrivilegeYN,
|
426
|
+
InheritedGroupSystemAccesses: [],
|
427
|
+
};
|
428
|
+
|
429
|
+
if (userGroup.InheritGroupSystemAccessYN === 'Y') {
|
430
|
+
groupData.InheritedGroupSystemAccesses =
|
431
|
+
userGroup.Group.GroupSystemAccesses.map((groupSystemAccess) => {
|
432
|
+
return {
|
433
|
+
SystemCode: groupSystemAccess.System.SystemCode,
|
434
|
+
SystemName: groupSystemAccess.System.Name,
|
435
|
+
AccessStatus: groupSystemAccess.Status,
|
436
|
+
CreatedAt: groupSystemAccess.CreatedAt,
|
437
|
+
UpdatedAt: groupSystemAccess.UpdatedAt,
|
438
|
+
};
|
439
|
+
});
|
440
|
+
}
|
441
|
+
|
442
|
+
result.push(groupData);
|
443
|
+
}
|
444
|
+
|
445
|
+
// Part 6: Return Grouped Data
|
446
|
+
// Return the array of grouped system accesses for the user's groups, including both inherited ('Y') and non-inherited ('N') system accesses.
|
447
|
+
return result;
|
448
|
+
} catch (error) {
|
449
|
+
throw error;
|
450
|
+
}
|
451
|
+
}
|
299
452
|
}
|
@@ -1,6 +1,11 @@
|
|
1
1
|
import { ClassError, ObjectBase } from '@tomei/general';
|
2
2
|
import { UserSystemAccessRepository } from './user-system-access.repository';
|
3
3
|
import { IUserSystemAccess } from '../../interfaces/user-system-access.interface';
|
4
|
+
import { User } from '../login-user/user';
|
5
|
+
import { System } from '../system/system';
|
6
|
+
import { ApplicationConfig } from '@tomei/config';
|
7
|
+
import SystemModel from '../../models/system.entity';
|
8
|
+
import UserModel from '../../models/user.entity';
|
4
9
|
|
5
10
|
export class UserSystemAccess extends ObjectBase {
|
6
11
|
ObjectType = 'UserSystemAccess';
|
@@ -73,4 +78,104 @@ export class UserSystemAccess extends ObjectBase {
|
|
73
78
|
throw error;
|
74
79
|
}
|
75
80
|
}
|
81
|
+
|
82
|
+
public static async findAll(
|
83
|
+
loginUser: User, //The currently logged-in user initiating the request.
|
84
|
+
dbTransaction: any, //The active database transaction to ensure consistency during the query.
|
85
|
+
whereOption: {
|
86
|
+
//An object containing filter criteria, specifically:
|
87
|
+
UserId: number; //The ID of the user whose system access records are to be retrieved.
|
88
|
+
},
|
89
|
+
pagination: {
|
90
|
+
//An object containing pagination parameters:
|
91
|
+
page: number; //The current page number to retrieve.
|
92
|
+
limit: number; //The number of records to retrieve per page.
|
93
|
+
},
|
94
|
+
): Promise<{
|
95
|
+
records: {
|
96
|
+
SystemName: string;
|
97
|
+
SystemCode: string;
|
98
|
+
Status: string;
|
99
|
+
CreatedBy: string;
|
100
|
+
CreatedAt: Date;
|
101
|
+
UpdatedBy: string;
|
102
|
+
UpdatedAt: Date;
|
103
|
+
}[];
|
104
|
+
pagination: {
|
105
|
+
currentPage: number;
|
106
|
+
pageSize: number;
|
107
|
+
totalRecords: number;
|
108
|
+
};
|
109
|
+
}> {
|
110
|
+
try {
|
111
|
+
// Privilege Checking:
|
112
|
+
// Call loginUser.checkPrivileges() method by passing:
|
113
|
+
// SystemCode: Retrieve from app config.
|
114
|
+
// PrivilegeCode: 'USER_SYSTEM_ACCESS_LIST'.
|
115
|
+
const systemCode =
|
116
|
+
ApplicationConfig.getComponentConfigValue('system-code');
|
117
|
+
const privilegeCode = 'USER_SYSTEM_ACCESS_LIST';
|
118
|
+
const isPrivileged = await loginUser.checkPrivileges(
|
119
|
+
systemCode,
|
120
|
+
privilegeCode,
|
121
|
+
);
|
122
|
+
if (!isPrivileged) {
|
123
|
+
throw new ClassError(
|
124
|
+
'UserSystemAccess',
|
125
|
+
'UserSystemAccessErrMsg01',
|
126
|
+
'You do not have permission to access this resource.',
|
127
|
+
);
|
128
|
+
}
|
129
|
+
// Create a where condition using whereOption to filter by UserId.
|
130
|
+
// Set up pagination logic using the pagination parameter:
|
131
|
+
// Calculate offset based on page and limit.
|
132
|
+
const options: any = {
|
133
|
+
where: {
|
134
|
+
UserId: whereOption.UserId,
|
135
|
+
},
|
136
|
+
offset: (pagination.page - 1) * pagination.limit,
|
137
|
+
limit: pagination.limit,
|
138
|
+
transaction: dbTransaction,
|
139
|
+
include: [
|
140
|
+
{
|
141
|
+
model: SystemModel,
|
142
|
+
attributes: ['SystemName', 'SystemCode'],
|
143
|
+
},
|
144
|
+
{
|
145
|
+
model: UserModel,
|
146
|
+
as: 'CreatedByUser',
|
147
|
+
attributes: ['FullName'],
|
148
|
+
},
|
149
|
+
{
|
150
|
+
model: UserModel,
|
151
|
+
as: 'UpdatedByUser',
|
152
|
+
attributes: ['FullName'],
|
153
|
+
},
|
154
|
+
],
|
155
|
+
};
|
156
|
+
const userSystemAccesses = await this._Repository.findAllWithPagination(
|
157
|
+
options,
|
158
|
+
);
|
159
|
+
return {
|
160
|
+
records: userSystemAccesses.rows.map((userSystemAccess) => {
|
161
|
+
return {
|
162
|
+
SystemName: userSystemAccess.System.Name,
|
163
|
+
SystemCode: userSystemAccess.System.SystemCode,
|
164
|
+
Status: userSystemAccess.Status,
|
165
|
+
CreatedBy: userSystemAccess.CreatedByUser.FullName,
|
166
|
+
CreatedAt: userSystemAccess.CreatedAt,
|
167
|
+
UpdatedBy: userSystemAccess.UpdatedByUser.FullName,
|
168
|
+
UpdatedAt: userSystemAccess.UpdatedAt,
|
169
|
+
};
|
170
|
+
}),
|
171
|
+
pagination: {
|
172
|
+
currentPage: pagination.page,
|
173
|
+
pageSize: pagination.limit,
|
174
|
+
totalRecords: userSystemAccesses.count,
|
175
|
+
},
|
176
|
+
};
|
177
|
+
} catch (error) {
|
178
|
+
throw error;
|
179
|
+
}
|
180
|
+
}
|
76
181
|
}
|
@@ -64,15 +64,24 @@ export default class UserSystemAccessModel extends Model {
|
|
64
64
|
@UpdatedAt
|
65
65
|
UpdatedAt: Date;
|
66
66
|
|
67
|
-
@BelongsTo(() => User,
|
67
|
+
@BelongsTo(() => User, {
|
68
|
+
foreignKey: 'UserId',
|
69
|
+
as: 'User',
|
70
|
+
})
|
68
71
|
User: User;
|
69
72
|
|
70
|
-
@BelongsTo(() => SystemModel
|
73
|
+
@BelongsTo(() => SystemModel)
|
71
74
|
System: SystemModel;
|
72
75
|
|
73
|
-
@BelongsTo(() => User,
|
76
|
+
@BelongsTo(() => User, {
|
77
|
+
foreignKey: 'CreatedById',
|
78
|
+
as: 'CreatedByUser',
|
79
|
+
})
|
74
80
|
CreatedByUser: User;
|
75
81
|
|
76
|
-
@BelongsTo(() => User,
|
82
|
+
@BelongsTo(() => User, {
|
83
|
+
foreignKey: 'UpdatedById',
|
84
|
+
as: 'UpdatedByUser',
|
85
|
+
})
|
77
86
|
UpdatedByUser: User;
|
78
87
|
}
|
@@ -168,9 +168,15 @@ export default class User extends Model {
|
|
168
168
|
@HasMany(() => UserObjectPrivilegeModel)
|
169
169
|
UserObjectPrivileges: UserObjectPrivilegeModel[];
|
170
170
|
|
171
|
-
@BelongsTo(() => User,
|
171
|
+
@BelongsTo(() => User, {
|
172
|
+
as: 'CreatedBy',
|
173
|
+
foreignKey: 'CreatedById',
|
174
|
+
})
|
172
175
|
CreatedBy: User;
|
173
176
|
|
174
|
-
@BelongsTo(() => User,
|
177
|
+
@BelongsTo(() => User, {
|
178
|
+
as: 'UpdatedBy',
|
179
|
+
foreignKey: 'UpdatedById',
|
180
|
+
})
|
175
181
|
UpdatedBy: User;
|
176
182
|
}
|