fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PMCORE-4147

Browse Source
This commit is contained in:
Paula Quispe
2023-02-15 09:11:38 -04:00
parent 19f077b754
commit 99734449fd
6 changed files with 629 additions and 448 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
database/factories/DashletInstanceFactory.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
namespace Database\Factories;
use App\Factories\Factory;
use G;
class DashletInstanceFactory extends Factory
{
/**
* Define the model's default state.
*
* @return array
*/
public function definition()
{
return [
'DAS_INS_UID' => G::generateUniqueID(),
'DAS_UID' => G::generateUniqueID(),
'DAS_INS_OWNER_TYPE' => 'USER',
'DAS_INS_OWNER_UID' => G::generateUniqueID(),
];
}
}

158
tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/UserTest.php Normal file
View File

@@ -0,0 +1,158 @@
<?php
namespace ProcessMaker\BusinessModel;
use Exception;
use ProcessMaker\BusinessModel\User as BmUser;
use ProcessMaker\Model\DashletInstance;
use ProcessMaker\Model\GroupUser;
use ProcessMaker\Model\Groupwf;
use ProcessMaker\Model\ObjectPermission;
use ProcessMaker\Model\Process;
use ProcessMaker\Model\ProcessUser;
use ProcessMaker\Model\TaskUser;
use RBAC;
use Tests\TestCase;
use ProcessMaker\Model\User;
/**
* Class UserTest
*
* @coversDefaultClass \ProcessMaker\BusinessModel\User
*/
class UserTest extends TestCase
{
/**
* This method is called before the first test of this test class is run.
* @return void
*/
public static function setUpBeforeClass(): void
{
parent::setUpBeforeClass();
self::truncateNonInitialModels();
}
/**
* This get guest value
*
* @covers \ProcessMaker\BusinessModel\User::getGuestUser()
* @test
*/
public function it_test_get_guest_user()
{
$user = new BmUser();
$result = $user->getGuestUser();
$this->assertNotEmpty($result);
}
/**
* This checks the delete case admin
*
* @covers \ProcessMaker\BusinessModel\User::deleteGdpr()
* @test
*/
public function it_test_delete_user_gpdr_exception_when_user_is_admin()
{
$user = new BmUser();
$this->expectException(Exception::class);
$user->deleteGdpr(RBAC::ADMIN_USER_UID);
}
/**
* This checks the delete case guest
*
* @covers \ProcessMaker\BusinessModel\User::deleteGdpr()
* @test
*/
public function it_test_delete_user_gpdr_exception_when_user_is_guest()
{
$user = new BmUser();
$this->expectException(Exception::class);
$user->deleteGdpr(RBAC::GUEST_USER_UID);
}
/**
* This checks the delete case guest
*
* @covers \ProcessMaker\BusinessModel\User::deleteGdpr()
*
* @test
*/
public function it_test_delete_user_gpdr()
{
// Create a user
$user = User::factory()->create();
// Assign the user in a group
$groupwf = Groupwf::factory()->create();
GroupUser::factory()->create([
'GRP_UID' => $groupwf->GRP_UID,
'GRP_ID' => $groupwf->GRP_ID,
'USR_UID' => $user->USR_UID,
]);
// Assign the user in a task
TaskUser::factory()->create([
'USR_UID' => $user->USR_UID,
'TU_RELATION' => 1,
]);
// Assign the user in a process owner
Process::factory()->create([
'PRO_CREATE_USER' => $user->USR_UID,
]);
// Assign the user in a process permission
ObjectPermission::factory()->create([
'USR_UID' => $user->USR_UID,
'OP_USER_RELATION' => 1,
]);
// Assign the user in a process supervisor
ProcessUser::factory()->create([
'USR_UID' => $user->USR_UID,
'PU_TYPE' => 'SUPERVISOR',
]);
// Assign the user in a dashboard
DashletInstance::factory()->create([
'DAS_INS_OWNER_UID' => $user->USR_UID,
'DAS_INS_OWNER_TYPE' => 'USER',
]);
// Delete user
$usr = new BmUser();
$usr->deleteGdpr($user->USR_UID);
// Check if the user relation with the table are removed
$table = GroupUser::select()->where('USR_UID', $user->USR_UID)->first();
$this->assertEmpty($table);
$table = TaskUser::select()->where('USR_UID', $user->USR_UID)->first();
$this->assertEmpty($table);
$table = Process::select()->where('PRO_CREATE_USER', $user->USR_UID)->first();
$this->assertEmpty($table);
$table = ObjectPermission::select()->where('USR_UID', $user->USR_UID)->first();
$this->assertEmpty($table);
$table = ProcessUser::select()->where('USR_UID', $user->USR_UID)->first();
$this->assertEmpty($table);
$table = DashletInstance::select()->where('DAS_INS_OWNER_UID', $user->USR_UID)->first();
$this->assertEmpty($table);
$table = User::select()->where('USR_UID', $user->USR_UID)->first();
// Set the important fields with an specific value
$this->assertEquals($table->USR_STATUS, 'CLOSED');
$this->assertEquals($table->USR_STATUS_ID, 0);
$this->assertEquals($table->USR_FIRSTNAME, $usr::DELETE_USER);
$this->assertEquals($table->USR_LASTNAME, $usr::DELETE_USER);
// Clean the string fields
$this->assertEmpty($table->USR_USERNAME);
$this->assertEmpty($table->USR_EMAIL);
$this->assertEmpty($table->USR_COUNTRY);
$this->assertEmpty($table->USR_CITY);
$this->assertEmpty($table->USR_LOCATION);
$this->assertEmpty($table->USR_ADDRESS);
$this->assertEmpty($table->USR_PHONE);
$this->assertEmpty($table->USR_FAX);
$this->assertEmpty($table->USR_CELLULAR);
$this->assertEmpty($table->USR_ZIP_CODE);
$this->assertEmpty($table->USR_TIME_ZONE);
$this->assertEmpty($table->USR_EXTENDED_ATTRIBUTES_DATA);
// Clean the date fields
$this->assertEquals($table->USR_BIRTHDAY, '0000-00-00');
$this->assertEquals($table->USR_DUE_DATE, '0000-00-00');
// Clean the datetime fields
$this->assertEquals($table->USR_DUE_DATE, '0000-00-00 00:00:00');
$this->assertEquals($table->USR_DUE_DATE, '0000-00-00 00:00:00');
}
}

681
workflow/engine/classes/LdapAdvanced.php
View File

File diff suppressed because it is too large Load Diff

105
workflow/engine/methods/services/ldapadvanced.php
View File

@@ -29,9 +29,10 @@ class ldapadvancedClassCron
public $gCreatedUsers = "";
public $gRemovedUsers = "";
public $managersHierarchy = array();
public $oldManagersHierarchy = array();
public $managersToClear = array();
public $usersRemovedOu = [];
public $managersHierarchy = [];
public $oldManagersHierarchy = [];
public $managersToClear = [];
public $deletedManager = 0;
public function __construct()
@@ -39,9 +40,9 @@ class ldapadvancedClassCron
}
/**
function executed by the cron
this function will synchronize users from ldap/active directory to PM users tables
@return void
* function executed by the cron
* this function will synchronize users from ldap/active directory to PM users tables
* @return void
*/
public function executeCron($debug)
{
@@ -64,7 +65,6 @@ class ldapadvancedClassCron
$aGroups = $plugin->getGroups();
$plugin->frontEndShow("START");
$plugin->debugLog("START");
$plugin->stdLog(null, "cron execution started");
@@ -77,45 +77,37 @@ class ldapadvancedClassCron
$plugin->sAuthSource = $arrayAuthenticationSourceData["AUTH_SOURCE_UID"];
$plugin->ldapcnn = null;
$plugin->setArrayDepartmentUserSynchronizedChecked(array());
$plugin->setArrayUserUpdateChecked(array());
$plugin->setArrayDepartmentUserSynchronizedChecked([]);
$plugin->setArrayUserUpdateChecked([]);
//Get all User (USR_UID, USR_USERNAME, USR_AUTH_USER_DN) registered in RBAC with this Authentication Source
// Get all User (USR_UID, USR_USERNAME, USR_AUTH_USER_DN) registered in RBAC with this Authentication Source
$plugin->setArrayAuthenticationSourceUsers($arrayAuthenticationSourceData["AUTH_SOURCE_UID"]); //INITIALIZE DATA
// Set some logs to show
$plugin->frontEndShow("TEXT", "Authentication Source: " . $arrayAuthenticationSourceData["AUTH_SOURCE_NAME"]);
$plugin->log(null, "Executing cron for Authentication Source: " . $arrayAuthenticationSourceData["AUTH_SOURCE_NAME"]);
$context = [
"AUTH_SOURCE_NAME" => $arrayAuthenticationSourceData["AUTH_SOURCE_NAME"]
];
$plugin->stdLog(null, "authentication source", $context);
$plugin->stdLog(null, "authentication source", ["AUTH_SOURCE_NAME" => $arrayAuthenticationSourceData["AUTH_SOURCE_NAME"]]);
//Get all departments from Ldap/ActiveDirectory and build a hierarchy using dn (ou->ou parent)
// Get all departments from Ldap/ActiveDirectory and build a hierarchy using dn (ou->ou parent)
$aLdapDepts = $plugin->searchDepartments();
//Obtain all departments from PM with a valid department in LDAP/ActiveDirectory
// Obtain all departments from PM with a valid department in LDAP/ActiveDirectory
$aRegisteredDepts = $plugin->getRegisteredDepartments($aLdapDepts, $aDepartments);
// Set some logs to show
$plugin->debugLog("ldapadvanced.php > function executeCron() > foreach > \$aRegisteredDepts ---->\n" . print_r($aRegisteredDepts, true));
$plugin->stdLog(null, "RegisteredDepartments", ["result" => $aRegisteredDepts]);
//Get all group from Ldap/ActiveDirectory
// Get all group from Ldap/ActiveDirectory
$aLdapGroups = $plugin->searchGroups();
//Obtain all groups from PM with a valid group in LDAP/ActiveDirectory
// Obtain all groups from PM with a valid group in LDAP/ActiveDirectory
$aRegisteredGroups = $plugin->getRegisteredGroups($aLdapGroups, $aGroups);
// Set some logs to show
$plugin->debugLog("ldapadvanced.php > function executeCron() > foreach > \$aRegisteredGroups ---->\n" . print_r($aRegisteredGroups, true));
$plugin->stdLog(null, "RegisteredGroups", ["result" => $aRegisteredGroups]);
//Get all users from Removed OU
// Get all users from Removed OU
$this->usersRemovedOu = $plugin->getUsersFromRemovedOu($arrayAuthenticationSourceData);
//Variables
// Variables
$this->deletedRemoved = count($this->usersRemovedOu);
$this->deletedRemovedUsers = "";
// Variables related to the department
$this->dAlready = 0;
$this->dMoved = 0;
$this->dImpossible = 0;
@@ -126,7 +118,7 @@ class ldapadvancedClassCron
$this->dImpossibleUsers = "";
$this->dCreatedUsers = "";
$this->dRemovedUsers = "";
// Variables related to the group
$this->gAlready = 0;
$this->gMoved = 0;
$this->gImpossible = 0;
@@ -161,7 +153,6 @@ class ldapadvancedClassCron
);
$plugin->frontEndShow("TEXT", $logResults);
$plugin->log(null, $logResults);
$context = [
"existingUsers" => $this->dAlready,
@@ -171,8 +162,7 @@ class ldapadvancedClassCron
"removed" => $this->dRemoved
];
$plugin->stdLog(null, "departments", $context);
//Group - Synchronize Users
// Group - Synchronize Users
$numGroups = count($aRegisteredGroups);
$count = 0;
@@ -184,7 +174,7 @@ class ldapadvancedClassCron
$arrayAux = $this->groupSynchronizeUsers($plugin, $numGroups, $count, $registeredGroup);
}
//Group - Print log
// Group - Print log
$logResults = sprintf(
"- Groups -> Existing users: %d, moved: %d, impossible: %d, created: %d, removed: %d",
$this->gAlready,
@@ -206,7 +196,7 @@ class ldapadvancedClassCron
];
$plugin->stdLog(null, "groups", $context);
//Manager
// Manager
$plugin->clearManager($this->managersToClear);
if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["DEPARTMENTS_TO_UNASSIGN"])) {
@@ -244,7 +234,7 @@ class ldapadvancedClassCron
$dataset = UsersPeer::doSelectRS($criteria);
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$dataset->next();
$users = array();
$users = [];
while ($row = $dataset->getRow()) {
$users[] = $row["USR_UID"];
@@ -279,7 +269,7 @@ class ldapadvancedClassCron
$dataset = RbacUsersPeer::doSelectRS($criteria);
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$dataset->next();
$existingUsers = array();
$existingUsers = [];
while ($row = $dataset->getRow()) {
$existingUsers[] = $row["USR_AUTH_USER_DN"];
@@ -297,9 +287,9 @@ class ldapadvancedClassCron
$deletedManagersAssignments = self::array_diff_assoc_recursive($this->oldManagersHierarchy, $this->managersHierarchy);
$newManagersAssignments = self::array_diff_assoc_recursive($this->managersHierarchy, $this->oldManagersHierarchy);
$deletedManagers = array();
$newManagers = array();
$movedManagers = array();
$deletedManagers = [];
$newManagers = [];
$movedManagers = [];
if (is_array($deletedManagersAssignments)) {
foreach ($deletedManagersAssignments as $dn1 => $subordinates1) {
@@ -334,10 +324,9 @@ class ldapadvancedClassCron
}
}
}
//Print and log the users's information
//Deleted/Removed Users
$logResults = sprintf("- Deleted/Removed Users: %d", $this->deletedRemoved);
//Retired/Deactivated Users
$logResults = sprintf("- Retired/Deactivated Users: %d", $this->deletedRemoved);
$plugin->frontEndShow("TEXT", $logResults);
@@ -345,15 +334,15 @@ class ldapadvancedClassCron
$context = [
"deletedRemoved" => $this->deletedRemoved
];
$plugin->stdLog(null, "deleted/removed users", $context);
$plugin->stdLog(null, "retired/deactivated users", $context);
if ($this->deletedRemoved > 0) {
$plugin->log(null, "Deleted/Removed Users: ");
$plugin->log(null, "Retired/Deactivated Users: ");
$plugin->log(null, $this->deletedRemovedUsers);
$context = [
"deletedRemovedUsers" => $this->deletedRemovedUsers
];
$plugin->stdLog(null, "deleted/removed users", $context);
$plugin->stdLog(null, "retired/deactivated users", $context);
}
if ($this->dAlready + $this->gAlready > 0) {
@@ -424,8 +413,14 @@ class ldapadvancedClassCron
];
$plugin->stdLog(null, "managers assignments", $context);
//Update Users data based on the LDAP Server
$plugin->usersUpdateData($arrayAuthenticationSourceData["AUTH_SOURCE_UID"]);
// Update Users data based on the LDAP Server
$plugin->stdLog(null, "usersUpdateData", [$arrayAuthenticationSourceData["AUTH_SOURCE_UID"]]);
$result = $plugin->usersUpdateData($arrayAuthenticationSourceData["AUTH_SOURCE_UID"]);
$logResults = sprintf("- Deleted/Removed Users: %d", $result['countUserDeleted']);
$plugin->frontEndShow("TEXT", $logResults);
$plugin->log(null, $logResults);
// Deactive Users
$plugin->stdLog(null, "deactiveArrayOfUsers", [$this->usersRemovedOu]);
$plugin->deactiveArrayOfUsers($this->usersRemovedOu);
} catch (Exception $e) {
$plugin = new LdapAdvanced();
@@ -468,7 +463,7 @@ class ldapadvancedClassCron
}
}
return (!isset($difference))? array() : $difference;
return (!isset($difference))? [] : $difference;
}
public function departmentRemoveUsers($departmentUid, array $arrayUserUid)
@@ -534,7 +529,7 @@ class ldapadvancedClassCron
$ldapAdvanced->setArrayDepartmentUsers($arrayDepartmentData["DEP_UID"]); //INITIALIZE DATA
//Clear the manager assignments
$arrayUserUid = array();
$arrayUserUid = [];
foreach ($ldapAdvanced->arrayDepartmentUsersByUid as $key => $user) {
$arrayUserUid[] = $user["USR_UID"];
@@ -544,7 +539,7 @@ class ldapadvancedClassCron
if ($dn != "") {
if (!isset($this->oldManagersHierarchy[$dn])) {
$this->oldManagersHierarchy[$dn] = array();
$this->oldManagersHierarchy[$dn] = [];
}
$this->oldManagersHierarchy[$dn][$user["USR_UID"]] = $user["USR_UID"];
@@ -567,7 +562,7 @@ class ldapadvancedClassCron
"createdUsers" => $this->dCreatedUsers,
"managersHierarchy" => $this->managersHierarchy,
"arrayUserUid" => array(),
"arrayUserUid" => [],
"n" => $numDepartments,
"i" => $count
@@ -624,7 +619,7 @@ class ldapadvancedClassCron
$ldapAdvanced->setArrayGroupUsers($arrayGroupData["GRP_UID"]); //INITIALIZE DATA
//Clear the manager assignments
$arrayUserUid = array();
$arrayUserUid = [];
foreach ($ldapAdvanced->arrayGroupUsersByUid as $key => $user) {
$arrayUserUid[] = $user["USR_UID"];
@@ -634,7 +629,7 @@ class ldapadvancedClassCron
if ($dn != "") {
if (!isset($this->oldManagersHierarchy[$dn])) {
$this->oldManagersHierarchy[$dn] = array();
$this->oldManagersHierarchy[$dn] = [];
}
$this->oldManagersHierarchy[$dn][$user["USR_UID"]] = $user["USR_UID"];
@@ -657,7 +652,7 @@ class ldapadvancedClassCron
"createdUsers" => $this->gCreatedUsers,
"managersHierarchy" => $this->managersHierarchy,
"arrayUserUid" => array(),
"arrayUserUid" => [],
"n" => $numGroups,
"i" => $count

89
workflow/engine/src/ProcessMaker/BusinessModel/User.php
View File

@@ -24,6 +24,14 @@ use ListParticipatedLast;
use OauthClients;
use PMmemcached;
use ProcessMaker\BusinessModel\ProcessSupervisor as BmProcessSupervisor;
use ProcessMaker\Model\DashletInstance;
use ProcessMaker\Model\GroupUser;
use ProcessMaker\Model\ObjectPermission;
use ProcessMaker\Model\Process as ModelProcess;
use ProcessMaker\Model\ProcessUser as ModelProcessUser;
use ProcessMaker\Model\RbacUsers as ModelRbacUsers;
use ProcessMaker\Model\TaskUser;
use ProcessMaker\Model\User as ModelUser;
use ProcessMaker\Plugins\PluginRegistry;
use ProcessMaker\Util\DateTime;
use ProcessMaker\Util\System;
@@ -45,6 +53,7 @@ use UsersRolesPeer;
class User
{
const DELETE_USER = 'unknown';
private $arrayFieldDefinition = array(
"USR_UID" => array(
"type" => "string",
@@ -1210,11 +1219,11 @@ class User
* @access public
*
* @param array $userData
* @param string $sRolCode
* @param string $rolCode
*
* @return void
*/
public function updateUser($userData = array(), $sRolCode = '')
public function updateUser($userData = [], $rolCode = '')
{
$this->userObj = new RbacUsers();
if (isset($userData['USR_STATUS'])) {
@@ -1223,9 +1232,9 @@ class User
}
}
$this->userObj->update($userData);
if ($sRolCode != '') {
if (!empty($rolCode)) {
$this->removeRolesFromUser($userData['USR_UID']);
$this->assignRoleToUser($userData['USR_UID'], $sRolCode);
$this->assignRoleToUser($userData['USR_UID'], $rolCode);
}
}
@@ -1285,7 +1294,7 @@ class User
public function delete($usrUid)
{
try {
//Verify data
// Verify data
$this->throwExceptionIfNotExistsUser($usrUid, $this->arrayFieldNameForException["usrUid"]);
// Check user admin
if (RBAC::isAdminUserUid($usrUid)) {
@@ -1340,6 +1349,76 @@ class User
}
}
/**
* Delete User
*
* @param string $usrUid Unique id of User
*
* @throws Exception
*/
public function deleteGdpr($usrUid)
{
try {
// Verify data
$this->throwExceptionIfNotExistsUser($usrUid, $this->arrayFieldNameForException["usrUid"]);
// Check user admin
if (RBAC::isAdminUserUid($usrUid)) {
throw new Exception(G::LoadTranslation("ID_MSG_CANNOT_DELETE_USER", [$usrUid]));
}
// Check user guest
if (RBAC::isGuestUserUid($usrUid)) {
throw new Exception(G::LoadTranslation("ID_MSG_CANNOT_DELETE_USER", [$usrUid]));
}
// Remove the user from groups
GroupUser::where('USR_UID', $usrUid)->delete();
// Remove the user from tasks assigment
TaskUser::where('USR_UID', $usrUid)->where('TU_RELATION', 1)->delete();
// Remove the user from process owner and assign to admin
ModelProcess::where('PRO_CREATE_USER', $usrUid)
->update(['PRO_CREATE_USER' => RBAC::ADMIN_USER_UID]);
// Remove the user from process permission
ObjectPermission::where('USR_UID', $usrUid)->where('OP_USER_RELATION', 1)->delete();
// Remove the user from process supervisor
ModelProcessUser::where('USR_UID', $usrUid)->where('PU_TYPE', 'SUPERVISOR')->delete();
// Mark the user with the deleted status
$fields = [
'USR_STATUS' => 'CLOSED',
'USR_USERNAME' => '',
'USR_FIRSTNAME' => self::DELETE_USER,
'USR_LASTNAME' => self::DELETE_USER,
'USR_EMAIL' => '',
'USR_DUE_DATE' => '0000-00-00',
'USR_CREATE_DATE' => '0000-00-00 00:00:00',
'USR_UPDATE_DATE' => '0000-00-00 00:00:00',
];
ModelRbacUsers::where('USR_UID', $usrUid)->update($fields);
$fields = array_merge(
$fields, [
'USR_STATUS_ID' => 0,
'USR_COUNTRY' => '',
'USR_CITY' => '',
'USR_LOCATION' => '',
'USR_ADDRESS' => '',
'USR_PHONE' => '',
'USR_FAX' => '',
'USR_CELLULAR' => '',
'USR_ZIP_CODE' => '',
'USR_BIRTHDAY' => '0000-00-00',
'USR_TIME_ZONE' => '',
'USR_EXTENDED_ATTRIBUTES_DATA' => '{}',
]
);
ModelUser::where('USR_UID', $usrUid)->update($fields);
// Delete Dashboard
DashletInstance::where('DAS_INS_OWNER_UID', $usrUid)->where('DAS_INS_OWNER_TYPE', 'USER')->delete();
// Destroy session after delete user
RBAC::destroySessionUser($usrUid);
(new OauthClients())->removeByUser($usrUid);
} catch (Exception $e) {
throw $e;
}
}
/**
* Get all Users
*

18
workflow/engine/src/ProcessMaker/Model/DashletInstance.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
namespace ProcessMaker\Model;
use App\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
class DashletInstance extends Model
{
use HasFactory;
// Set our table name
protected $table = "DASHLET_INSTANCE";
// Set the PK
protected $primaryKey = 'DAS_INS_UID';
// No timestamps
public $timestamps = false;
}