@tomei/sso 0.46.7 → 0.46.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@tomei/sso",
3
- "version": "0.46.7",
3
+ "version": "0.46.9",
4
4
  "description": "Tomei SSO Package",
5
5
  "main": "dist/index.js",
6
6
  "scripts": {
@@ -1,6 +1,14 @@
1
1
  import { ClassError, ObjectBase } from '@tomei/general';
2
2
  import { IUserPrivilegeAttr } from '../../interfaces/user-privilege.interface';
3
3
  import { UserPrivilegeRepository } from './user-privilege.repository';
4
+ import { User as UserClass } from '../login-user/user';
5
+ import { ApplicationConfig } from '@tomei/config';
6
+ import SystemPrivilegeModel from '../../models/system-privilege.entity';
7
+ import SystemModel from '../../models/system.entity';
8
+ import { UserGroupRepository } from '../user-group/user-group.repository';
9
+ import GroupModel from '../../models/group.entity';
10
+ import User from '../../models/user.entity';
11
+ import { GroupPrivilegeRepository } from '../group-privilege/group-privilege.repository';
4
12
 
5
13
  export class UserPrivilege extends ObjectBase {
6
14
  TableName = 'sso_UserPrivilege';
@@ -33,6 +41,8 @@ export class UserPrivilege extends ObjectBase {
33
41
  }
34
42
 
35
43
  private static _Repository = new UserPrivilegeRepository();
44
+ private static _UserGroupRepository = new UserGroupRepository();
45
+ private static _GroupPrivilegeRepository = new GroupPrivilegeRepository();
36
46
 
37
47
  private constructor(userPrivilegeAttr?: IUserPrivilegeAttr) {
38
48
  super();
@@ -71,4 +81,259 @@ export class UserPrivilege extends ObjectBase {
71
81
  throw error;
72
82
  }
73
83
  }
84
+
85
+ public static async findAll(
86
+ loginUser: UserClass, //The currently logged-in user initiating the request.
87
+ dbTransaction: any, //The active database transaction to ensure consistency during the query.
88
+ whereOption: {
89
+ //An object containing filter criteria, specifically:
90
+ UserId: number; //The ID of the user whose system access records are to be retrieved.
91
+ SystemCode?: string;
92
+ },
93
+ pagination: {
94
+ //An object containing pagination parameters:
95
+ page: number; //The current page number to retrieve.
96
+ limit: number; //The number of records to retrieve per page.
97
+ },
98
+ ): Promise<{
99
+ records: {
100
+ UserPrivilegeId: number;
101
+ SystemPrivilegeId: string;
102
+ PrivilegeCode: string;
103
+ SystemName: string;
104
+ Status: string;
105
+ CreatedBy: string;
106
+ CreatedAt: Date;
107
+ UpdatedBy: string;
108
+ UpdatedAt: Date;
109
+ }[];
110
+ pagination: {
111
+ currentPage: number;
112
+ pageSize: number;
113
+ totalRecords: number;
114
+ };
115
+ }> {
116
+ try {
117
+ // Privilege Checking:
118
+ // Call loginUser.checkPrivileges() method by passing:
119
+ // SystemCode: Retrieve from app config.
120
+ // PrivilegeCode: 'USER_PRIVILEGE_LIST'.
121
+ const systemCode =
122
+ ApplicationConfig.getComponentConfigValue('system-code');
123
+ const privilegeCode = 'USER_PRIVILEGE_LIST';
124
+ const isPrivileged = await loginUser.checkPrivileges(
125
+ systemCode,
126
+ privilegeCode,
127
+ );
128
+ if (!isPrivileged) {
129
+ throw new ClassError(
130
+ 'UserPrivilege',
131
+ 'UserPrivilegeErrMsg01',
132
+ 'You do not have permission to access this resource.',
133
+ );
134
+ }
135
+
136
+ const options: any = {
137
+ where: {
138
+ UserId: whereOption.UserId,
139
+ },
140
+ offset: (pagination.page - 1) * pagination.limit,
141
+ limit: pagination.limit,
142
+ transaction: dbTransaction,
143
+ include: [
144
+ {
145
+ model: SystemPrivilegeModel,
146
+ attributes: ['PrivilegeCode'],
147
+ include: [
148
+ {
149
+ model: SystemModel,
150
+ attributes: ['Name'],
151
+ },
152
+ ],
153
+ },
154
+ {
155
+ model: User,
156
+ as: 'CreatedByUser',
157
+ attributes: ['FullName'],
158
+ },
159
+ {
160
+ model: User,
161
+ as: 'UpdatedByUser',
162
+ attributes: ['FullName'],
163
+ },
164
+ ],
165
+ };
166
+ const { count, rows } = await this._Repository.findAllWithPagination(
167
+ options,
168
+ );
169
+ return {
170
+ records: rows.map((record) => {
171
+ return {
172
+ UserPrivilegeId: record.UserPrivilegeId,
173
+ SystemPrivilegeId: record.SystemPrivilegeId,
174
+ PrivilegeCode: record.Privilege.PrivilegeCode,
175
+ SystemName: record.Privilege.System.Name,
176
+ Status: record.Status,
177
+ CreatedBy: record.CreatedByUser.FullName,
178
+ CreatedAt: record.CreatedAt,
179
+ UpdatedBy: record.UpdatedByUser.FullName,
180
+ UpdatedAt: record.UpdatedAt,
181
+ };
182
+ }),
183
+ pagination: {
184
+ currentPage: pagination.page,
185
+ pageSize: pagination.limit,
186
+ totalRecords: count,
187
+ },
188
+ };
189
+ } catch (error) {
190
+ throw error;
191
+ }
192
+ }
193
+
194
+ public static async findAllInheritedPrivileges(
195
+ UserId: number, //The ID of the user for whom privileges are being retrieved.
196
+ loginUser: UserClass, //The currently logged-in user initiating the request.
197
+ dbTransaction: any, //The active database transaction to ensure consistency during the query.
198
+ ) {
199
+ try {
200
+ // Part 1: Privilege Checking
201
+ // Call loginUser.checkPrivileges() to ensure the user has permission to retrieve system access information.
202
+ // SystemCode: Retrieve from app config.
203
+ // PrivilegeCode: 'USER_PRIVILEGE_LIST'.
204
+ // If the privilege check fails, throw an error with a 403 Forbidden status.
205
+ const systemCode =
206
+ ApplicationConfig.getComponentConfigValue('system-code');
207
+ const privilegeCode = 'USER_PRIVILEGE_LIST';
208
+ const isPrivileged = await loginUser.checkPrivileges(
209
+ systemCode,
210
+ privilegeCode,
211
+ );
212
+ if (!isPrivileged) {
213
+ throw new ClassError(
214
+ 'UserPrivilege',
215
+ 'UserPrivilegeErrMsg01',
216
+ 'You do not have permission to access this resource.',
217
+ );
218
+ }
219
+
220
+ // Part 2: Retrieve User Groups
221
+ // Query the sso_UserGroup table to find all active groups the user belongs to.
222
+ // Join with the sso_Group table to retrieve the GroupCode, GroupName, and InheritGroupPrivilegeYNfields.
223
+ // Ensure that the value of InheritGroupPrivilegeYN is explicitly 'Y' or 'N' for each group.
224
+ // If InheritGroupPrivilegeYN is not set, default it to 'N'.
225
+ // Return only active groups (based on Status field).
226
+ // The query should return the following fields for each group:
227
+ // - GroupCode
228
+ // - GroupName
229
+ // - InheritPrivilegeYN
230
+
231
+ const userGroups = await UserPrivilege._UserGroupRepository.findAll({
232
+ where: {
233
+ UserId,
234
+ },
235
+ include: [
236
+ {
237
+ model: GroupModel,
238
+ attributes: ['GroupCode', 'Name', 'InheritParentPrivilegeYN'],
239
+ },
240
+ ],
241
+ transaction: dbTransaction,
242
+ });
243
+
244
+ const listOfGroups = userGroups.map((groups) => {
245
+ let inheritPrivilegeYN = groups.InheritGroupPrivilegeYN;
246
+ if (inheritPrivilegeYN !== 'Y') {
247
+ inheritPrivilegeYN = 'N';
248
+ }
249
+ return {
250
+ GroupCode: groups.GroupCode,
251
+ GroupName: groups.Group.Name,
252
+ InheritPrivilegeYN: inheritPrivilegeYN,
253
+ Status: groups.Status,
254
+ };
255
+ });
256
+
257
+ // Part 3: Retrieve System Privilege for Groups with Inheritance
258
+ // For each group where InheritGroupPrivilegeYN = 'Y', query the sso_GroupPrivilege table to retrieve system privilege details.
259
+ // Join with the sso_SystemPrivilege table to fetch system details (PrivilegeCode).
260
+ // Ensure only active group privilege (Status = 'Active') are included.
261
+ // For each privilege, retrieve the following fields:
262
+ // - GroupPrivilegeId (from sso_GroupPrivilege.GroupPrivilegeId)
263
+ // - SystemPrivilegeId (from sso_GroupPrivilege.SystemPrivilegeId)
264
+ // - PrivilegeCode (from sso_SystemPrivilege.SystemCode)
265
+ // - Status (from sso_GroupPrivilege.Status)
266
+ // - CreatedAt (from sso_GroupPrivilege.CreatedAt)
267
+ // - UpdatedAt (from sso_GroupPrivilege.UpdatedAt)
268
+
269
+ const userGroupPrivilege = [];
270
+ for (let i = 0; i < listOfGroups.length; i++) {
271
+ const group = await listOfGroups[i];
272
+ const data = {
273
+ GroupCode: group.GroupCode,
274
+ GroupName: group.GroupName,
275
+ InheritPrivilegeYN: group.InheritPrivilegeYN,
276
+ systems: [],
277
+ };
278
+
279
+ // Part 4: Handling Non-Inherited Groups
280
+ // For groups where InheritGroupSPrivilegeYN = 'N', return the group details without group privilege records.
281
+ // Set the Privileges field to an empty array or null to indicate no inherited privilege for those groups.
282
+ if (group.InheritPrivilegeYN === 'Y') {
283
+ if (group.Status === 'Active') {
284
+ const options: any = {
285
+ where: {
286
+ GroupCode: group.GroupCode,
287
+ Status: 'Active',
288
+ },
289
+ transaction: dbTransaction,
290
+ include: [
291
+ {
292
+ model: SystemPrivilegeModel,
293
+ attributes: ['PrivilegeCode'],
294
+ include: [
295
+ {
296
+ model: SystemModel,
297
+ attributes: ['Name'],
298
+ },
299
+ ],
300
+ },
301
+ {
302
+ model: User,
303
+ as: 'CreatedByUser',
304
+ attributes: ['FullName'],
305
+ },
306
+ {
307
+ model: User,
308
+ as: 'UpdatedByUser',
309
+ attributes: ['FullName'],
310
+ },
311
+ ],
312
+ };
313
+ const systemPrivilege =
314
+ await this._GroupPrivilegeRepository.findAll(options);
315
+
316
+ const privilegeDetails = systemPrivilege.map((record) => {
317
+ return {
318
+ GroupPrivilegeId: record.GroupPrivilegeId,
319
+ SystemPrivilegeId: record.SystemPrivilegeId,
320
+ PrivilegeCode: record.Privilege.PrivilegeCode,
321
+ Status: record.Status,
322
+ CreatedBy: record.CreatedByUser.FullName,
323
+ CreatedAt: record.CreatedAt,
324
+ UpdatedBy: record.UpdatedByUser.FullName,
325
+ UpdatedAt: record.UpdatedAt,
326
+ };
327
+ });
328
+
329
+ data.systems = privilegeDetails;
330
+ }
331
+ }
332
+ userGroupPrivilege.push(data);
333
+ }
334
+ return userGroupPrivilege;
335
+ } catch (error) {
336
+ throw error;
337
+ }
338
+ }
74
339
  }
@@ -8,4 +8,18 @@ export class UserSystemAccessRepository
8
8
  constructor() {
9
9
  super(UserSystemAccessModel);
10
10
  }
11
+
12
+ async delete(UserSystemAccessId: number, dbTransaction?: any) {
13
+ try {
14
+ const options = {
15
+ where: {
16
+ UserSystemAccessId: UserSystemAccessId,
17
+ },
18
+ transaction: dbTransaction,
19
+ };
20
+ await UserSystemAccessModel.destroy(options);
21
+ } catch (error) {
22
+ throw new Error(`An Error occured when delete : ${error.message}`);
23
+ }
24
+ }
11
25
  }
@@ -162,6 +162,7 @@ export class UserSystemAccess extends ObjectBase {
162
162
  return {
163
163
  records: userSystemAccesses.rows.map((userSystemAccess) => {
164
164
  return {
165
+ UserSystemAccessId: userSystemAccess.UserSystemAccessId,
165
166
  SystemName: userSystemAccess.System.Name,
166
167
  SystemCode: userSystemAccess.System.SystemCode,
167
168
  Status: userSystemAccess.Status,
@@ -301,4 +302,178 @@ export class UserSystemAccess extends ObjectBase {
301
302
  throw error;
302
303
  }
303
304
  }
305
+
306
+ public async update(
307
+ loginUser: User, //The user object representing the currently logged-in user.
308
+ dbTransaction: any, //The database transaction instance for managing the transaction scope.
309
+ Status: string, //The new access status (Active/Inactive) for the user system access.
310
+ ) {
311
+ try {
312
+ // Part 1: Update Access
313
+ // Call the UserSystemAccess._Repo.update() method to perform the update operation, passing:
314
+ // - Status: The new access status.
315
+ // - UpdatedById: loginUser.UserId (to indicate who updated the record).
316
+ // - UpdatedAt: Set to the current date and time.
317
+ // - dbTransaction: The database transaction instance.
318
+
319
+ const entityValueBefore = {
320
+ UserId: this.UserId,
321
+ SystemCode: this.SystemCode,
322
+ Status: this.Status,
323
+ CreatedById: this.CreatedById,
324
+ CreatedAt: this.CreatedAt,
325
+ UpdatedById: this.UpdatedById,
326
+ UpdatedAt: this.UpdatedAt,
327
+ };
328
+ await UserSystemAccess._Repository.update(
329
+ {
330
+ Status: Status,
331
+ UpdatedById: loginUser.UserId,
332
+ UpdatedAt: new Date(),
333
+ },
334
+ {
335
+ where: {
336
+ UserSystemAccessId: this.UserSystemAccessId,
337
+ },
338
+ transaction: dbTransaction,
339
+ },
340
+ );
341
+
342
+ const entityValueAfter = {
343
+ UserId: this.UserId,
344
+ SystemCode: this.SystemCode,
345
+ Status: Status,
346
+ CreatedById: this.CreatedById,
347
+ CreatedAt: this.CreatedAt,
348
+ UpdatedById: loginUser.UserId,
349
+ UpdatedAt: new Date(),
350
+ };
351
+
352
+ // Part 2: Record Activity History
353
+ // Initialize a variable entityValueBefore to store the current state of the user system access record before the update.
354
+ // Create an instance of the Activity class and set the following properties:
355
+ // - ActivityId: Call activity.createId().
356
+ // - Action: Set to ActionEnum.Update.
357
+ // - Description: Set to Update User System Access.
358
+ // - EntityType: Set to UserSystemAccess.
359
+ // - EntityId: Use the ID of the updated user system access record.
360
+ // - EntityValueBefore: Stringify entityValueBefore to capture the state before the update.
361
+ // - EntityValueAfter: Stringify the updated user system access record to capture the new state after the update.
362
+ // Call the activity create method with the following parameters:
363
+ // - dbTransaction
364
+ // - userId: loginUser.UserId
365
+ const activity = new Activity();
366
+ activity.ActivityId = activity.createId();
367
+ activity.Action = ActionEnum.UPDATE;
368
+ activity.Description = 'Update User System Access';
369
+ activity.EntityType = 'UserSystemAccess';
370
+ activity.EntityId = this.UserSystemAccessId + '';
371
+ activity.EntityValueBefore = JSON.stringify(entityValueBefore);
372
+ activity.EntityValueAfter = JSON.stringify(entityValueAfter);
373
+ await activity.create(loginUser.ObjectId, dbTransaction);
374
+
375
+ // Part 3: Return Updated Record
376
+ // Retrieve the updated user system access record from the database or return the updated instance as needed.
377
+
378
+ // Part 5: Return Newly Created Record
379
+ // Return the newly created UserSystemAccess instance with all relevant fields, including UserSystemAccessId, SystemCode, Status, CreatedAt, and CreatedById.
380
+ return entityValueAfter;
381
+ } catch (error) {
382
+ throw error;
383
+ }
384
+ }
385
+
386
+ public static async remove(
387
+ loginUser: User, //The currently logged-in user initiating the request.
388
+ dbTransaction: any, //The active database transaction to ensure consistency during the query.
389
+ UserSystemAccessId: number, //The unique identifier of the User System Access record to be deleted.
390
+ ) {
391
+ try {
392
+ // Part 1: Privilege Checking
393
+ // Call loginUser.checkPrivileges() method by passing:
394
+ // - SystemCode: Retrieve from app config.
395
+ // - PrivilegeCode: 'USER_SYSTEM_ACCESS_REMOVE'.
396
+ // If the user does not have the required privileges, throw an appropriate exception.
397
+ const systemCode =
398
+ ApplicationConfig.getComponentConfigValue('system-code');
399
+ const privilegeCode = 'USER_SYSTEM_ACCESS_REMOVE';
400
+ const isPrivileged = await loginUser.checkPrivileges(
401
+ systemCode,
402
+ privilegeCode,
403
+ );
404
+ if (!isPrivileged) {
405
+ throw new ClassError(
406
+ 'UserSystemAccess',
407
+ 'UserSystemAccessErrMsg01',
408
+ 'You do not have permission to access this resource.',
409
+ );
410
+ }
411
+
412
+ // Part 2: Retrieve Record
413
+ // Use the UserSystemAccessRepo.findById(UserSystemAccessId) method to retrieve the record.
414
+ // If the record does not exist, throw an exception indicating the record was not found.
415
+
416
+ const userSystemAccess = await UserSystemAccess._Repository.findOne({
417
+ where: {
418
+ UserSystemAccessId: UserSystemAccessId,
419
+ },
420
+ transaction: dbTransaction,
421
+ });
422
+
423
+ if (!userSystemAccess) {
424
+ throw new ClassError(
425
+ 'UserSystemAccess',
426
+ 'UserSystemAccessErrMsg02',
427
+ 'User System Access not Found',
428
+ );
429
+ }
430
+
431
+ // Part 3: Delete Record
432
+ // Call the UserSystemAccess._Repo.delete() method, passing:
433
+ // - UserSystemAccessId
434
+ // dbTransaction to permanently delete the record from the database.
435
+ await UserSystemAccess._Repository.delete(
436
+ UserSystemAccessId,
437
+ dbTransaction,
438
+ );
439
+
440
+ const entityValueBefore = {
441
+ UserId: userSystemAccess.UserId,
442
+ SystemCode: userSystemAccess.SystemCode,
443
+ Status: userSystemAccess.Status,
444
+ CreatedById: userSystemAccess.CreatedById,
445
+ CreatedAt: userSystemAccess.CreatedAt,
446
+ UpdatedById: userSystemAccess.UpdatedById,
447
+ UpdatedAt: userSystemAccess.UpdatedAt,
448
+ };
449
+
450
+ // Part 4: Record Activity History
451
+ // Instantiate a new activity from the Activity class, and set:
452
+ // - ActivityId: activity.createId()
453
+ // - Action: ActionEnum.Delete
454
+ // - Description: Delete User System Access
455
+ // - EntityType: UserSystemAccess
456
+ // - EntityId: UserSystemAccessId
457
+ // - EntityValueBefore: Stringified representation of the record before deletion.
458
+ // - EntityValueAfter: null.
459
+ // Call the activity.create() method by passing:
460
+ // - dbTransaction
461
+ // - userId: loginUser.UserId.
462
+
463
+ //Instantiate new activity
464
+ const activity = new Activity();
465
+ activity.ActivityId = activity.createId();
466
+ activity.Action = ActionEnum.DELETE;
467
+ activity.Description = 'Delete User System Access';
468
+ activity.EntityType = 'UserSystemAccess';
469
+ activity.EntityId = UserSystemAccessId?.toString();
470
+ activity.EntityValueBefore = JSON.stringify(entityValueBefore);
471
+ activity.EntityValueAfter = JSON.stringify({});
472
+
473
+ //Call Activity.create method
474
+ await activity.create(loginUser.ObjectId, dbTransaction);
475
+ } catch (error) {
476
+ throw error;
477
+ }
478
+ }
304
479
  }