@tomei/sso 0.46.8 → 0.46.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/components/user-privilege/user-privilege.d.ts +28 -0
- package/dist/src/components/user-privilege/user-privilege.js +173 -0
- package/dist/src/components/user-privilege/user-privilege.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +1 -1
- package/src/components/user-privilege/user-privilege.ts +265 -0
package/package.json
CHANGED
|
@@ -1,6 +1,14 @@
|
|
|
1
1
|
import { ClassError, ObjectBase } from '@tomei/general';
|
|
2
2
|
import { IUserPrivilegeAttr } from '../../interfaces/user-privilege.interface';
|
|
3
3
|
import { UserPrivilegeRepository } from './user-privilege.repository';
|
|
4
|
+
import { User as UserClass } from '../login-user/user';
|
|
5
|
+
import { ApplicationConfig } from '@tomei/config';
|
|
6
|
+
import SystemPrivilegeModel from '../../models/system-privilege.entity';
|
|
7
|
+
import SystemModel from '../../models/system.entity';
|
|
8
|
+
import { UserGroupRepository } from '../user-group/user-group.repository';
|
|
9
|
+
import GroupModel from '../../models/group.entity';
|
|
10
|
+
import User from '../../models/user.entity';
|
|
11
|
+
import { GroupPrivilegeRepository } from '../group-privilege/group-privilege.repository';
|
|
4
12
|
|
|
5
13
|
export class UserPrivilege extends ObjectBase {
|
|
6
14
|
TableName = 'sso_UserPrivilege';
|
|
@@ -33,6 +41,8 @@ export class UserPrivilege extends ObjectBase {
|
|
|
33
41
|
}
|
|
34
42
|
|
|
35
43
|
private static _Repository = new UserPrivilegeRepository();
|
|
44
|
+
private static _UserGroupRepository = new UserGroupRepository();
|
|
45
|
+
private static _GroupPrivilegeRepository = new GroupPrivilegeRepository();
|
|
36
46
|
|
|
37
47
|
private constructor(userPrivilegeAttr?: IUserPrivilegeAttr) {
|
|
38
48
|
super();
|
|
@@ -71,4 +81,259 @@ export class UserPrivilege extends ObjectBase {
|
|
|
71
81
|
throw error;
|
|
72
82
|
}
|
|
73
83
|
}
|
|
84
|
+
|
|
85
|
+
public static async findAll(
|
|
86
|
+
loginUser: UserClass, //The currently logged-in user initiating the request.
|
|
87
|
+
dbTransaction: any, //The active database transaction to ensure consistency during the query.
|
|
88
|
+
whereOption: {
|
|
89
|
+
//An object containing filter criteria, specifically:
|
|
90
|
+
UserId: number; //The ID of the user whose system access records are to be retrieved.
|
|
91
|
+
SystemCode?: string;
|
|
92
|
+
},
|
|
93
|
+
pagination: {
|
|
94
|
+
//An object containing pagination parameters:
|
|
95
|
+
page: number; //The current page number to retrieve.
|
|
96
|
+
limit: number; //The number of records to retrieve per page.
|
|
97
|
+
},
|
|
98
|
+
): Promise<{
|
|
99
|
+
records: {
|
|
100
|
+
UserPrivilegeId: number;
|
|
101
|
+
SystemPrivilegeId: string;
|
|
102
|
+
PrivilegeCode: string;
|
|
103
|
+
SystemName: string;
|
|
104
|
+
Status: string;
|
|
105
|
+
CreatedBy: string;
|
|
106
|
+
CreatedAt: Date;
|
|
107
|
+
UpdatedBy: string;
|
|
108
|
+
UpdatedAt: Date;
|
|
109
|
+
}[];
|
|
110
|
+
pagination: {
|
|
111
|
+
currentPage: number;
|
|
112
|
+
pageSize: number;
|
|
113
|
+
totalRecords: number;
|
|
114
|
+
};
|
|
115
|
+
}> {
|
|
116
|
+
try {
|
|
117
|
+
// Privilege Checking:
|
|
118
|
+
// Call loginUser.checkPrivileges() method by passing:
|
|
119
|
+
// SystemCode: Retrieve from app config.
|
|
120
|
+
// PrivilegeCode: 'USER_PRIVILEGE_LIST'.
|
|
121
|
+
const systemCode =
|
|
122
|
+
ApplicationConfig.getComponentConfigValue('system-code');
|
|
123
|
+
const privilegeCode = 'USER_PRIVILEGE_LIST';
|
|
124
|
+
const isPrivileged = await loginUser.checkPrivileges(
|
|
125
|
+
systemCode,
|
|
126
|
+
privilegeCode,
|
|
127
|
+
);
|
|
128
|
+
if (!isPrivileged) {
|
|
129
|
+
throw new ClassError(
|
|
130
|
+
'UserPrivilege',
|
|
131
|
+
'UserPrivilegeErrMsg01',
|
|
132
|
+
'You do not have permission to access this resource.',
|
|
133
|
+
);
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
const options: any = {
|
|
137
|
+
where: {
|
|
138
|
+
UserId: whereOption.UserId,
|
|
139
|
+
},
|
|
140
|
+
offset: (pagination.page - 1) * pagination.limit,
|
|
141
|
+
limit: pagination.limit,
|
|
142
|
+
transaction: dbTransaction,
|
|
143
|
+
include: [
|
|
144
|
+
{
|
|
145
|
+
model: SystemPrivilegeModel,
|
|
146
|
+
attributes: ['PrivilegeCode'],
|
|
147
|
+
include: [
|
|
148
|
+
{
|
|
149
|
+
model: SystemModel,
|
|
150
|
+
attributes: ['Name'],
|
|
151
|
+
},
|
|
152
|
+
],
|
|
153
|
+
},
|
|
154
|
+
{
|
|
155
|
+
model: User,
|
|
156
|
+
as: 'CreatedByUser',
|
|
157
|
+
attributes: ['FullName'],
|
|
158
|
+
},
|
|
159
|
+
{
|
|
160
|
+
model: User,
|
|
161
|
+
as: 'UpdatedByUser',
|
|
162
|
+
attributes: ['FullName'],
|
|
163
|
+
},
|
|
164
|
+
],
|
|
165
|
+
};
|
|
166
|
+
const { count, rows } = await this._Repository.findAllWithPagination(
|
|
167
|
+
options,
|
|
168
|
+
);
|
|
169
|
+
return {
|
|
170
|
+
records: rows.map((record) => {
|
|
171
|
+
return {
|
|
172
|
+
UserPrivilegeId: record.UserPrivilegeId,
|
|
173
|
+
SystemPrivilegeId: record.SystemPrivilegeId,
|
|
174
|
+
PrivilegeCode: record.Privilege.PrivilegeCode,
|
|
175
|
+
SystemName: record.Privilege.System.Name,
|
|
176
|
+
Status: record.Status,
|
|
177
|
+
CreatedBy: record.CreatedByUser.FullName,
|
|
178
|
+
CreatedAt: record.CreatedAt,
|
|
179
|
+
UpdatedBy: record.UpdatedByUser.FullName,
|
|
180
|
+
UpdatedAt: record.UpdatedAt,
|
|
181
|
+
};
|
|
182
|
+
}),
|
|
183
|
+
pagination: {
|
|
184
|
+
currentPage: pagination.page,
|
|
185
|
+
pageSize: pagination.limit,
|
|
186
|
+
totalRecords: count,
|
|
187
|
+
},
|
|
188
|
+
};
|
|
189
|
+
} catch (error) {
|
|
190
|
+
throw error;
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
|
|
194
|
+
public static async findAllInheritedPrivileges(
|
|
195
|
+
UserId: number, //The ID of the user for whom privileges are being retrieved.
|
|
196
|
+
loginUser: UserClass, //The currently logged-in user initiating the request.
|
|
197
|
+
dbTransaction: any, //The active database transaction to ensure consistency during the query.
|
|
198
|
+
) {
|
|
199
|
+
try {
|
|
200
|
+
// Part 1: Privilege Checking
|
|
201
|
+
// Call loginUser.checkPrivileges() to ensure the user has permission to retrieve system access information.
|
|
202
|
+
// SystemCode: Retrieve from app config.
|
|
203
|
+
// PrivilegeCode: 'USER_PRIVILEGE_LIST'.
|
|
204
|
+
// If the privilege check fails, throw an error with a 403 Forbidden status.
|
|
205
|
+
const systemCode =
|
|
206
|
+
ApplicationConfig.getComponentConfigValue('system-code');
|
|
207
|
+
const privilegeCode = 'USER_PRIVILEGE_LIST';
|
|
208
|
+
const isPrivileged = await loginUser.checkPrivileges(
|
|
209
|
+
systemCode,
|
|
210
|
+
privilegeCode,
|
|
211
|
+
);
|
|
212
|
+
if (!isPrivileged) {
|
|
213
|
+
throw new ClassError(
|
|
214
|
+
'UserPrivilege',
|
|
215
|
+
'UserPrivilegeErrMsg01',
|
|
216
|
+
'You do not have permission to access this resource.',
|
|
217
|
+
);
|
|
218
|
+
}
|
|
219
|
+
|
|
220
|
+
// Part 2: Retrieve User Groups
|
|
221
|
+
// Query the sso_UserGroup table to find all active groups the user belongs to.
|
|
222
|
+
// Join with the sso_Group table to retrieve the GroupCode, GroupName, and InheritGroupPrivilegeYNfields.
|
|
223
|
+
// Ensure that the value of InheritGroupPrivilegeYN is explicitly 'Y' or 'N' for each group.
|
|
224
|
+
// If InheritGroupPrivilegeYN is not set, default it to 'N'.
|
|
225
|
+
// Return only active groups (based on Status field).
|
|
226
|
+
// The query should return the following fields for each group:
|
|
227
|
+
// - GroupCode
|
|
228
|
+
// - GroupName
|
|
229
|
+
// - InheritPrivilegeYN
|
|
230
|
+
|
|
231
|
+
const userGroups = await UserPrivilege._UserGroupRepository.findAll({
|
|
232
|
+
where: {
|
|
233
|
+
UserId,
|
|
234
|
+
},
|
|
235
|
+
include: [
|
|
236
|
+
{
|
|
237
|
+
model: GroupModel,
|
|
238
|
+
attributes: ['GroupCode', 'Name', 'InheritParentPrivilegeYN'],
|
|
239
|
+
},
|
|
240
|
+
],
|
|
241
|
+
transaction: dbTransaction,
|
|
242
|
+
});
|
|
243
|
+
|
|
244
|
+
const listOfGroups = userGroups.map((groups) => {
|
|
245
|
+
let inheritPrivilegeYN = groups.InheritGroupPrivilegeYN;
|
|
246
|
+
if (inheritPrivilegeYN !== 'Y') {
|
|
247
|
+
inheritPrivilegeYN = 'N';
|
|
248
|
+
}
|
|
249
|
+
return {
|
|
250
|
+
GroupCode: groups.GroupCode,
|
|
251
|
+
GroupName: groups.Group.Name,
|
|
252
|
+
InheritPrivilegeYN: inheritPrivilegeYN,
|
|
253
|
+
Status: groups.Status,
|
|
254
|
+
};
|
|
255
|
+
});
|
|
256
|
+
|
|
257
|
+
// Part 3: Retrieve System Privilege for Groups with Inheritance
|
|
258
|
+
// For each group where InheritGroupPrivilegeYN = 'Y', query the sso_GroupPrivilege table to retrieve system privilege details.
|
|
259
|
+
// Join with the sso_SystemPrivilege table to fetch system details (PrivilegeCode).
|
|
260
|
+
// Ensure only active group privilege (Status = 'Active') are included.
|
|
261
|
+
// For each privilege, retrieve the following fields:
|
|
262
|
+
// - GroupPrivilegeId (from sso_GroupPrivilege.GroupPrivilegeId)
|
|
263
|
+
// - SystemPrivilegeId (from sso_GroupPrivilege.SystemPrivilegeId)
|
|
264
|
+
// - PrivilegeCode (from sso_SystemPrivilege.SystemCode)
|
|
265
|
+
// - Status (from sso_GroupPrivilege.Status)
|
|
266
|
+
// - CreatedAt (from sso_GroupPrivilege.CreatedAt)
|
|
267
|
+
// - UpdatedAt (from sso_GroupPrivilege.UpdatedAt)
|
|
268
|
+
|
|
269
|
+
const userGroupPrivilege = [];
|
|
270
|
+
for (let i = 0; i < listOfGroups.length; i++) {
|
|
271
|
+
const group = await listOfGroups[i];
|
|
272
|
+
const data = {
|
|
273
|
+
GroupCode: group.GroupCode,
|
|
274
|
+
GroupName: group.GroupName,
|
|
275
|
+
InheritPrivilegeYN: group.InheritPrivilegeYN,
|
|
276
|
+
systems: [],
|
|
277
|
+
};
|
|
278
|
+
|
|
279
|
+
// Part 4: Handling Non-Inherited Groups
|
|
280
|
+
// For groups where InheritGroupSPrivilegeYN = 'N', return the group details without group privilege records.
|
|
281
|
+
// Set the Privileges field to an empty array or null to indicate no inherited privilege for those groups.
|
|
282
|
+
if (group.InheritPrivilegeYN === 'Y') {
|
|
283
|
+
if (group.Status === 'Active') {
|
|
284
|
+
const options: any = {
|
|
285
|
+
where: {
|
|
286
|
+
GroupCode: group.GroupCode,
|
|
287
|
+
Status: 'Active',
|
|
288
|
+
},
|
|
289
|
+
transaction: dbTransaction,
|
|
290
|
+
include: [
|
|
291
|
+
{
|
|
292
|
+
model: SystemPrivilegeModel,
|
|
293
|
+
attributes: ['PrivilegeCode'],
|
|
294
|
+
include: [
|
|
295
|
+
{
|
|
296
|
+
model: SystemModel,
|
|
297
|
+
attributes: ['Name'],
|
|
298
|
+
},
|
|
299
|
+
],
|
|
300
|
+
},
|
|
301
|
+
{
|
|
302
|
+
model: User,
|
|
303
|
+
as: 'CreatedByUser',
|
|
304
|
+
attributes: ['FullName'],
|
|
305
|
+
},
|
|
306
|
+
{
|
|
307
|
+
model: User,
|
|
308
|
+
as: 'UpdatedByUser',
|
|
309
|
+
attributes: ['FullName'],
|
|
310
|
+
},
|
|
311
|
+
],
|
|
312
|
+
};
|
|
313
|
+
const systemPrivilege =
|
|
314
|
+
await this._GroupPrivilegeRepository.findAll(options);
|
|
315
|
+
|
|
316
|
+
const privilegeDetails = systemPrivilege.map((record) => {
|
|
317
|
+
return {
|
|
318
|
+
GroupPrivilegeId: record.GroupPrivilegeId,
|
|
319
|
+
SystemPrivilegeId: record.SystemPrivilegeId,
|
|
320
|
+
PrivilegeCode: record.Privilege.PrivilegeCode,
|
|
321
|
+
Status: record.Status,
|
|
322
|
+
CreatedBy: record.CreatedByUser.FullName,
|
|
323
|
+
CreatedAt: record.CreatedAt,
|
|
324
|
+
UpdatedBy: record.UpdatedByUser.FullName,
|
|
325
|
+
UpdatedAt: record.UpdatedAt,
|
|
326
|
+
};
|
|
327
|
+
});
|
|
328
|
+
|
|
329
|
+
data.systems = privilegeDetails;
|
|
330
|
+
}
|
|
331
|
+
}
|
|
332
|
+
userGroupPrivilege.push(data);
|
|
333
|
+
}
|
|
334
|
+
return userGroupPrivilege;
|
|
335
|
+
} catch (error) {
|
|
336
|
+
throw error;
|
|
337
|
+
}
|
|
338
|
+
}
|
|
74
339
|
}
|