@tomei/sso 0.45.3 → 0.46.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tomei/sso",
-  "version": "0.45.3",
+  "version": "0.46.1",
   "description": "Tomei SSO Package",
   "main": "dist/index.js",
   "scripts": {

package/src/components/user-group/user-group.ts

@@ -5,6 +5,9 @@ import { LoginUser, User } from '../../components/login-user';
 import { Group } from '../../components/group';
 import { ApplicationConfig } from '@tomei/config';
 import { ActionEnum, Activity } from '@tomei/activity-history';
+import GroupSystemAccessModel from '../../models/group-system-access.entity';
+import GroupModel from '../../models/group.entity';
+import SystemModel from 'models/system.entity';
 
 export class UserGroup extends ObjectBase {
   ObjectType = 'UserGroup';
@@ -22,6 +25,8 @@ export class UserGroup extends ObjectBase {
   private _CreatedById: number;
   private _UpdatedById: number;
 
+  protected static _Repository = new UserGroupRepository();
+
   get CreatedAt() {
     return this._CreatedAt;
   }
@@ -38,8 +43,6 @@ export class UserGroup extends ObjectBase {
     return this._UpdatedById;
   }
 
-  private static _Repository = new UserGroupRepository();
-
   private constructor(userGroupAttr?: IUserGroupAttr) {
     super();
     if (userGroupAttr) {
@@ -296,4 +299,155 @@ export class UserGroup extends ObjectBase {
       throw error;
     }
   }
+
+  static async findAllInheritedSystemAccesses(
+    UserId: number,
+    loginUser: User,
+    dbTransaction: any,
+  ): Promise<
+    {
+      GroupCode: string;
+      GroupName: string;
+      InheritGroupSystemAccessYN: string;
+      Systems: {
+        SystemCode: string;
+        SystemName: string;
+        AccessStatus: string;
+        CreatedAt: Date;
+        UpdatedAt: Date;
+      }[];
+    }[]
+  > {
+    try {
+      // Part 1: Privilege Checking
+      // Call  loginUser.checkPrivileges()  to ensure the user has permission to retrieve system access information.
+      // SystemCode: Retrieve from app config.
+      // PrivilegeCode:  'USER_SYSTEM_ACCESS_LIST'.
+      // If the privilege check fails, throw an error with a  403 Forbidden  status.
+      const systemCode =
+        ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'USER_SYSTEM_ACCESS_LIST',
+      );
+      if (!isPrivileged) {
+        throw new ClassError(
+          'UserGroup',
+          'UserGroupErrMsg0X',
+          'User does not have privilege to view user system access.',
+          'findAllInheritedSystemAccesses',
+          403,
+        );
+      }
+      // Part 2: Retrieve User Groups
+      // Query the  sso_UserGroup  table to find all active groups the user belongs to.
+      // Join with the  sso_Group  table to retrieve the  GroupCode,  GroupName, and  InheritGroupSystemAccessYNfields.
+      // Ensure that the value of  InheritGroupSystemAccessYN  is explicitly  'Y'  or  'N'  for each group.
+      // If  InheritGroupSystemAccessYN  is not set, default it to  'N'.
+      // Return only active groups (based on  Status  field).
+      // The query should return the following fields for each group:
+      // GroupCode
+      // GroupName
+      // InheritGroupSystemAccessYN
+
+      const userGroups = await UserGroup._Repository.findAll({
+        where: {
+          UserId,
+          InheritGroupSystemAccessYN: 'Y',
+          Status: 'Active',
+        },
+        include: [
+          {
+            model: GroupModel,
+            required: true,
+            where: {
+              Status: 'Active',
+            },
+            include: [
+              {
+                model: GroupSystemAccessModel,
+                where: {
+                  Status: 'Active',
+                },
+                include: [
+                  {
+                    model: SystemModel,
+                  },
+                ],
+              },
+            ],
+          },
+        ],
+        transaction: dbTransaction,
+      });
+      const result: {
+        GroupCode: string;
+        GroupName: string;
+        InheritGroupSystemAccessYN: string;
+        Systems: {
+          SystemCode: string;
+          SystemName: string;
+          AccessStatus: string;
+          CreatedAt: Date;
+          UpdatedAt: Date;
+        }[];
+      }[] = [];
+      for (const userGroup of userGroups) {
+        // Part 3: Retrieve System Access for Groups with Inheritance
+        // For each group where  InheritGroupSystemAccessYN = 'Y', query the  sso_GroupSystemAccess  table to retrieve system access details.
+        // Join with the  sso_System  table to fetch system details (SystemName,  SystemCode).
+        // Ensure only active system accesses (AccessStatus = 'Active') are included.
+        // For each system access, retrieve the following fields:
+        // SystemName  (from  sso_System.Name)
+        // SystemCode  (from  sso_System.SystemCode)
+        // AccessStatus  (from  sso_GroupSystemAccess.Status)
+        // CreatedAt  (from  sso_GroupSystemAccess.CreatedAt)
+        // UpdatedAt  (from  sso_GroupSystemAccess.UpdatedAt)
+        // Part 4: Handling Non-Inherited Groups
+        // For groups where  InheritGroupSystemAccessYN = 'N', return the group details without system access records.
+        // Set the  Systems  field to an empty array or  null  to indicate no inherited access for those groups.
+        // Part 5: Grouping Results
+        // Group the results by  GroupCode  and  GroupName.
+        // For each group, create an object with the following structure:
+        // GroupCode: Code of the group.
+        // GroupName: Name of the group.
+        // InheritGroupSystemAccessYN:  'Y'  or  'N', indicating whether the user inherits system access from the group.
+        // Systems: An array of system access objects (for groups where  InheritGroupSystemAccessYN = 'Y'), each including:
+        // SystemName
+        // SystemCode
+        // AccessStatus
+        // CreatedAt
+        // UpdatedAt
+        // For groups where  InheritGroupSystemAccessYN = 'N',  Systems  will be an empty array.
+        const groupData = {
+          GroupCode: userGroup.GroupCode,
+          GroupName: userGroup.Group.Name,
+          InheritGroupSystemAccessYN: userGroup.InheritGroupSystemAccessYN,
+          Systems: [],
+        };
+
+        if (userGroup.InheritGroupSystemAccessYN === 'Y') {
+          groupData.Systems = userGroup.Group.GroupSystemAccesses.map(
+            (groupSystemAccess) => {
+              return {
+                SystemCode: groupSystemAccess.System.SystemCode,
+                SystemName: groupSystemAccess.System.Name,
+                AccessStatus: groupSystemAccess.Status,
+                CreatedAt: groupSystemAccess.CreatedAt,
+                UpdatedAt: groupSystemAccess.UpdatedAt,
+              };
+            },
+          );
+        }
+
+        result.push(groupData);
+      }
+
+      // Part 6: Return Grouped Data
+      // Return the array of grouped system accesses for the user's groups, including both inherited ('Y') and non-inherited ('N') system accesses.
+      return result;
+    } catch (error) {
+      throw error;
+    }
+  }
 }

package/src/components/user-system-access/user-system-access.ts

@@ -1,6 +1,11 @@
 import { ClassError, ObjectBase } from '@tomei/general';
 import { UserSystemAccessRepository } from './user-system-access.repository';
 import { IUserSystemAccess } from '../../interfaces/user-system-access.interface';
+import { User } from '../login-user/user';
+import { System } from '../system/system';
+import { ApplicationConfig } from '@tomei/config';
+import SystemModel from '../../models/system.entity';
+import UserModel from '../../models/user.entity';
 
 export class UserSystemAccess extends ObjectBase {
   ObjectType = 'UserSystemAccess';
@@ -73,4 +78,104 @@ export class UserSystemAccess extends ObjectBase {
       throw error;
     }
   }
+
+  public static async findAll(
+    loginUser: User, //The currently logged-in user initiating the request.
+    dbTransaction: any, //The active database transaction to ensure consistency during the query.
+    whereOption: {
+      //An object containing filter criteria, specifically:
+      UserId: number; //The ID of the user whose system access records are to be retrieved.
+    },
+    pagination: {
+      //An object containing pagination parameters:
+      page: number; //The current page number to retrieve.
+      limit: number; //The number of records to retrieve per page.
+    },
+  ): Promise<{
+    records: {
+      SystemName: string;
+      SystemCode: string;
+      Status: string;
+      CreatedBy: string;
+      CreatedAt: Date;
+      UpdatedBy: string;
+      UpdatedAt: Date;
+    }[];
+    pagination: {
+      currentPage: number;
+      pageSize: number;
+      totalRecords: number;
+    };
+  }> {
+    try {
+      // Privilege Checking:
+      // Call loginUser.checkPrivileges() method by passing:
+      // SystemCode: Retrieve from app config.
+      //   PrivilegeCode: 'USER_SYSTEM_ACCESS_LIST'.
+      const systemCode =
+        ApplicationConfig.getComponentConfigValue('system-code');
+      const privilegeCode = 'USER_SYSTEM_ACCESS_LIST';
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        privilegeCode,
+      );
+      if (!isPrivileged) {
+        throw new ClassError(
+          'UserSystemAccess',
+          'UserSystemAccessErrMsg01',
+          'You do not have permission to access this resource.',
+        );
+      }
+      // Create a where condition using whereOption to filter by UserId.
+      //   Set up pagination logic using the pagination parameter:
+      //     Calculate offset based on page and limit.
+      const options: any = {
+        where: {
+          UserId: whereOption.UserId,
+        },
+        offset: (pagination.page - 1) * pagination.limit,
+        limit: pagination.limit,
+        transaction: dbTransaction,
+        include: [
+          {
+            model: SystemModel,
+            attributes: ['SystemName', 'SystemCode'],
+          },
+          {
+            model: UserModel,
+            as: 'CreatedByUser',
+            attributes: ['FullName'],
+          },
+          {
+            model: UserModel,
+            as: 'UpdatedByUser',
+            attributes: ['FullName'],
+          },
+        ],
+      };
+      const userSystemAccesses = await this._Repository.findAllWithPagination(
+        options,
+      );
+      return {
+        records: userSystemAccesses.rows.map((userSystemAccess) => {
+          return {
+            SystemName: userSystemAccess.System.Name,
+            SystemCode: userSystemAccess.System.SystemCode,
+            Status: userSystemAccess.Status,
+            CreatedBy: userSystemAccess.CreatedByUser.FullName,
+            CreatedAt: userSystemAccess.CreatedAt,
+            UpdatedBy: userSystemAccess.UpdatedByUser.FullName,
+            UpdatedAt: userSystemAccess.UpdatedAt,
+          };
+        }),
+        pagination: {
+          currentPage: pagination.page,
+          pageSize: pagination.limit,
+          totalRecords: userSystemAccesses.count,
+        },
+      };
+    } catch (error) {
+      throw error;
+    }
+  }
 }

package/src/models/user-system-access.entity.ts

@@ -64,15 +64,24 @@ export default class UserSystemAccessModel extends Model {
   @UpdatedAt
   UpdatedAt: Date;
 
-  @BelongsTo(() => User, 'UserId')
+  @BelongsTo(() => User, {
+    foreignKey: 'UserId',
+    as: 'User',
+  })
   User: User;
 
-  @BelongsTo(() => SystemModel, 'UserId')
+  @BelongsTo(() => SystemModel)
   System: SystemModel;
 
-  @BelongsTo(() => User, 'CreatedById')
+  @BelongsTo(() => User, {
+    foreignKey: 'CreatedById',
+    as: 'CreatedByUser',
+  })
   CreatedByUser: User;
 
-  @BelongsTo(() => User, 'UpdatedById')
+  @BelongsTo(() => User, {
+    foreignKey: 'UpdatedById',
+    as: 'UpdatedByUser',
+  })
   UpdatedByUser: User;
 }

package/src/models/user.entity.ts

@@ -168,9 +168,15 @@ export default class User extends Model {
   @HasMany(() => UserObjectPrivilegeModel)
   UserObjectPrivileges: UserObjectPrivilegeModel[];
 
-  @BelongsTo(() => User, 'CreatedById')
+  @BelongsTo(() => User, {
+    as: 'CreatedBy',
+    foreignKey: 'CreatedById',
+  })
   CreatedBy: User;
 
-  @BelongsTo(() => User, 'UpdatedById')
+  @BelongsTo(() => User, {
+    as: 'UpdatedBy',
+    foreignKey: 'UpdatedById',
+  })
   UpdatedBy: User;
 }