verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 64 Releases Wiki Activity

2177-accountModule #373

Merged
juan merged 8 commits from 2177-userModule into dev 2020-09-21 15:58:12 +00:00
Conversation 0 Commits 8 Files Changed 228 +6257 -596
228 changed files with 6257 additions and 596 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
back/methods/account/change-password.js Normal file
View File

@ -0,0 +1,34 @@
module.exports = Self => {
Self.remoteMethod('changePassword', {
description: 'Changes the user password',
accepts: [
{
arg: 'id',
type: 'Number',
description: 'The user id',
http: {source: 'path'}
}, {
arg: 'oldPassword',
type: 'String',
description: 'The old password',
required: true
}, {
arg: 'newPassword',
type: 'String',
description: 'The new password',
required: true
}
],
http: {
path: `/:id/changePassword`,
verb: 'PATCH'
}
});
Self.changePassword = async function(id, oldPassword, newPassword) {
await Self.rawSql(`CALL account.user_changePassword(?, ?, ?)`,
[id, oldPassword, newPassword]);
await Self.app.models.UserAccount.syncById(id, newPassword);
};
};

17
back/methods/account/login.js
View File

@ -26,9 +26,9 @@ module.exports = Self => {
});
Self.login = async function(user, password) {
let $ = Self.app.models;
let token;
let usesEmail = user.indexOf('@') !== -1;
let User = Self.app.models.User;
let loginInfo = {password};
@ -38,7 +38,7 @@ module.exports = Self => {
loginInfo.username = user;
try {
token = await User.login(loginInfo, 'user');
token = await $.User.login(loginInfo, 'user');
} catch (err) {
if (err.code != 'LOGIN_FAILED' || usesEmail)
throw err;
@ -49,17 +49,8 @@ module.exports = Self => {
if (!instance || instance.password !== md5(password || ''))
throw err;
let where = {id: instance.id};
let userData = {
id: instance.id,
username: user,
password: password,
email: instance.email,
created: instance.created,
updated: instance.updated
};
await User.upsertWithWhere(where, userData);
token = await User.login(loginInfo, 'user');
await $.UserAccount.sync(user, password);
token = await $.User.login(loginInfo, 'user');
}
return {token: token.id};

29
back/methods/account/set-password.js Normal file
View File

@ -0,0 +1,29 @@
module.exports = Self => {
Self.remoteMethod('setPassword', {
description: 'Sets the user password',
accepts: [
{
arg: 'id',
type: 'Number',
description: 'The user id',
http: {source: 'path'}
}, {
arg: 'newPassword',
type: 'String',
description: 'The new password',
required: true
}
],
http: {
path: `/:id/setPassword`,
verb: 'PATCH'
}
});
Self.setPassword = async function(id, newPassword) {
await Self.rawSql(`CALL account.user_setPassword(?, ?)`,
[id, newPassword]);
await Self.app.models.UserAccount.syncById(id, newPassword);
};
};

9
back/methods/account/specs/change-password.spec.js Normal file
View File

@ -0,0 +1,9 @@
const app = require('vn-loopback/server/server');
describe('account changePassword()', () => {
it('should throw an error when old password is wrong', async() => {
let req = app.models.Account.changePassword(null, 1, 'wrongOldPass', 'newPass');
await expectAsync(req).toBeRejected();
});
});

15
back/methods/account/specs/set-password.spec.js Normal file
View File

@ -0,0 +1,15 @@
const app = require('vn-loopback/server/server');
describe('account changePassword()', () => {
it('should throw an error when password does not meet requirements', async() => {
let req = app.models.Account.setPassword(1, 'insecurePass');
await expectAsync(req).toBeRejected();
});
it('should update password when it passes requirements', async() => {
let req = app.models.Account.setPassword(1, 'Very$ecurePa22.');
await expectAsync(req).toBeResolved();
});
});

3
back/model-config.json
View File

@ -38,6 +38,9 @@
"ImageCollectionSize": {
"dataSource": "vn"
},
"Language": {
"dataSource": "vn"
},
"Province": {
"dataSource": "vn"
},

12
back/models/account.js
View File

@ -4,6 +4,8 @@ module.exports = Self => {
require('../methods/account/login')(Self);
require('../methods/account/logout')(Self);
require('../methods/account/acl')(Self);
require('../methods/account/change-password')(Self);
require('../methods/account/set-password')(Self);
require('../methods/account/validate-token')(Self);
// Validations
@ -38,17 +40,9 @@ module.exports = Self => {
Self.getCurrentUserData = async function(ctx) {
let userId = ctx.req.accessToken.userId;
let account = await Self.findById(userId, {
return await Self.findById(userId, {
fields: ['id', 'name', 'nickname']
});
let worker = await Self.app.models.Worker.findOne({
fields: ['id'],
where: {userFk: userId}
});
return Object.assign(account, {workerId: worker.id});
};
/**

51
back/models/account.json
View File

@ -5,7 +5,7 @@
"mysql": {
"table": "account.user"
}
},
},
"properties": {
"id": {
"type": "number",
@ -24,10 +24,16 @@
"nickname": {
"type": "string"
},
"lang": {
"type": "string"
},
"password": {
"type": "string",
"required": true
},
"bcryptPassword": {
"type": "string"
},
"active": {
"type": "boolean"
},
@ -41,44 +47,47 @@
"type": "date"
}
},
"relations": {
"role": {
"type": "belongsTo",
"model": "Role",
"foreignKey": "roleFk"
},
"emailUser": {
"type": "hasOne",
"model": "EmailUser",
"foreignKey": "userFk"
"relations": {
"role": {
"type": "belongsTo",
"model": "Role",
"foreignKey": "roleFk"
},
"roles": {
"type": "hasMany",
"model": "RoleRole",
"foreignKey": "role"
},
"emailUser": {
"type": "hasOne",
"model": "EmailUser",
"foreignKey": "userFk"
},
"worker": {
"type": "hasOne",
"model": "Worker",
"foreignKey": "userFk"
}
},
"acls": [
{
}
},
"acls": [
{
"property": "login",
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
},
{
}, {
"property": "logout",
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW"
},
{
}, {
"property": "validateToken",
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW"
}
]
}
]
}

34
back/models/language.json Normal file
View File

@ -0,0 +1,34 @@
{
"name": "Language",
"base": "VnModel",
"options": {
"mysql": {
"table": "hedera.language"
}
},
"properties": {
"code": {
"type": "string",
"id": true
},
"name": {
"type": "string",
"required": true
},
"orgName": {
"type": "string",
"required": true
},
"isActive": {
"type": "boolean"
}
},
"acls": [
{
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
}
]
}

127
db/changes/10221-accountModule/00-account.sql Normal file
View File

@ -0,0 +1,127 @@
ALTER TABLE `account`.`role`
MODIFY COLUMN `hasLogin` tinyint(3) unsigned DEFAULT 1 NOT NULL;
ALTER TABLE `account`.`roleInherit`
ADD UNIQUE( `role`, `inheritsFrom`);
ALTER TABLE `account`.`roleInherit`
DROP PRIMARY KEY;
ALTER TABLE `account`.`roleInherit`
ADD `id` INT UNSIGNED NOT NULL AUTO_INCREMENT FIRST,
ADD PRIMARY KEY (`id`);
ALTER TABLE `account`.`mailAlias`
ADD `description` VARCHAR(255) NULL AFTER `alias`;
ALTER TABLE `account`.`mailAliasAccount`
ADD UNIQUE( `mailAlias`, `account`);
ALTER TABLE `account`.`mailAliasAccount`
DROP PRIMARY KEY;
ALTER TABLE `account`.`mailAliasAccount`
ADD `id` INT UNSIGNED NOT NULL AUTO_INCREMENT FIRST,
ADD PRIMARY KEY (`id`);
ALTER TABLE account.ldapConfig
ADD groupDn varchar(255) NULL;
UPDATE account.ldapConfig SET groupDn = 'ou=groups,dc=verdnatura,dc=es';
DROP PROCEDURE IF EXISTS account.user_syncPassword;
ALTER TABLE account.`user`
MODIFY COLUMN sync tinyint(4) DEFAULT 0 NOT NULL COMMENT 'Deprecated';
CREATE TABLE account.userSync (
name varchar(30) NOT NULL,
CONSTRAINT userSync_PK PRIMARY KEY (name)
)
ENGINE=InnoDB
DEFAULT CHARSET=utf8
COLLATE=utf8_general_ci;
USE account;
DELIMITER $$
DROP TRIGGER IF EXISTS account.user_beforeUpdate$$
CREATE DEFINER=`root`@`%` TRIGGER `user_beforeUpdate`
BEFORE UPDATE ON `user` FOR EACH ROW
BEGIN
IF !(NEW.`name` <=> OLD.`name`) THEN
CALL user_checkName (NEW.`name`);
END IF;
IF !(NEW.`password` <=> OLD.`password`) THEN
SET NEW.bcryptPassword = NULL;
SET NEW.lastPassChange = NOW();
END IF;
END$$
DROP TRIGGER IF EXISTS account.user_afterUpdate$$
CREATE DEFINER=`root`@`%` TRIGGER `user_afterUpdate`
AFTER UPDATE ON `user` FOR EACH ROW
BEGIN
INSERT IGNORE INTO userSync SET `name` = NEW.`name`;
IF !(OLD.`name` <=> NEW.`name`) THEN
INSERT IGNORE INTO userSync SET `name` = OLD.`name`;
END IF;
IF !(NEW.`role` <=> OLD.`role`)
THEN
INSERT INTO vn.mail SET
`sender` = 'jgallego@verdnatura.es',
`replyTo` = 'jgallego@verdnatura.es',
`subject` = 'Rol modificado',
`body` = CONCAT(myUserGetName(), ' ha modificado el rol del usuario ',
NEW.`name`, ' de ', OLD.role, ' a ', NEW.role);
END IF;
END$$
CREATE DEFINER=`root`@`%` TRIGGER `user_afterInsert`
AFTER INSERT ON `user` FOR EACH ROW
BEGIN
INSERT IGNORE INTO userSync SET `name` = NEW.`name`;
END$$
CREATE DEFINER=`root`@`%` TRIGGER `user_afterDelete`
AFTER DELETE ON `user` FOR EACH ROW
BEGIN
INSERT IGNORE INTO userSync SET `name` = OLD.`name`;
END$$
DROP TRIGGER IF EXISTS account.account_afterInsert$$
CREATE DEFINER=`root`@`%` TRIGGER `account_afterInsert`
AFTER INSERT ON `account` FOR EACH ROW
BEGIN
INSERT IGNORE INTO userSync (`name`)
SELECT `name` FROM `user` WHERE id = NEW.id;
END$$
DROP TRIGGER IF EXISTS account.account_afterDelete$$
CREATE DEFINER=`root`@`%` TRIGGER `account_afterDelete`
AFTER DELETE ON `account` FOR EACH ROW
BEGIN
INSERT IGNORE INTO userSync (`name`)
SELECT `name` FROM `user` WHERE id = OLD.id;
END$$
CREATE TRIGGER role_beforeInsert
BEFORE INSERT ON `role` FOR EACH ROW
BEGIN
CALL role_checkName(NEW.`name`);
END$$
CREATE TRIGGER role_beforeUpdate
BEFORE UPDATE ON `role` FOR EACH ROW
BEGIN
IF !(NEW.`name` <=> OLD.`name`) THEN
CALL role_checkName (NEW.`name`);
END IF;
END$$
DELIMITER ;

13
db/changes/10221-accountModule/00-myUserChangePassword.sql Normal file
View File

@ -0,0 +1,13 @@
DROP PROCEDURE IF EXISTS account.myUserChangePassword;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`myUserChangePassword`(vOldPassword VARCHAR(255), vPassword VARCHAR(255))
BEGIN
/**
* @deprecated Use myUser_changePassword()
*/
CALL myUser_changePassword(vOldPassword, vPassword);
END$$
DELIMITER ;
GRANT EXECUTE ON PROCEDURE account.myUserChangePassword TO account@localhost;

15
db/changes/10221-accountModule/00-myUserCheckLogin.sql Normal file
View File

@ -0,0 +1,15 @@
DROP FUNCTION IF EXISTS account.myUserCheckLogin;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`myUserCheckLogin`() RETURNS tinyint(1)
READS SQL DATA
DETERMINISTIC
BEGIN
/**
* @deprecated Use myUser_checkLogin()
*/
RETURN myUser_checkLogin();
END$$
DELIMITER ;
GRANT EXECUTE ON FUNCTION account.myUserCheckLogin TO guest@localhost;

15
db/changes/10221-accountModule/00-myUserGetId.sql Normal file
View File

@ -0,0 +1,15 @@
DROP FUNCTION IF EXISTS account.myUserGetId;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`myUserGetId`() RETURNS int(11)
READS SQL DATA
DETERMINISTIC
BEGIN
/**
* @deprecated Use myUser_getId()
*/
RETURN myUser_getId();
END$$
DELIMITER ;
GRANT EXECUTE ON FUNCTION account.myUserGetId TO guest@localhost;

15
db/changes/10221-accountModule/00-myUserGetName.sql Normal file
View File

@ -0,0 +1,15 @@
DROP FUNCTION IF EXISTS account.myUserGetName;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`myUserGetName`() RETURNS varchar(30) CHARSET utf8
NO SQL
DETERMINISTIC
BEGIN
/**
* @deprecated Use myUser_getName()
*/
RETURN myUser_getName();
END$$
DELIMITER ;
GRANT EXECUTE ON FUNCTION account.myUserGetName TO guest@localhost;

14
db/changes/10221-accountModule/00-myUserHasRole.sql Normal file
View File

@ -0,0 +1,14 @@
DROP FUNCTION IF EXISTS account.myUserHasRole;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`myUserHasRole`(vRoleName VARCHAR(255)) RETURNS tinyint(1)
DETERMINISTIC
BEGIN
/**
* @deprecated Use myUser_hasRole()
*/
RETURN myUser_hasRole(vRoleName);
END$$
DELIMITER ;
GRANT EXECUTE ON FUNCTION account.myUserHasRole TO guest@localhost;

14
db/changes/10221-accountModule/00-myUserHasRoleId.sql Normal file
View File

@ -0,0 +1,14 @@
DROP FUNCTION IF EXISTS account.myUserHasRoleId;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`myUserHasRoleId`(vRoleId INT) RETURNS tinyint(1)
DETERMINISTIC
BEGIN
/**
* @deprecated Use myUser_hasRoleId()
*/
RETURN myUser_hasRoleId(vRoleId);
END$$
DELIMITER ;
GRANT EXECUTE ON FUNCTION account.myUserHasRoleId TO guest@localhost;

17
db/changes/10221-accountModule/00-myUser_changePassword.sql Normal file
View File

@ -0,0 +1,17 @@
DROP PROCEDURE IF EXISTS account.myUser_changePassword;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`myUser_changePassword`(vOldPassword VARCHAR(255), vPassword VARCHAR(255))
BEGIN
/**
* Changes the current user password, if user is in recovery mode ignores the
* current password.
*
* @param vOldPassword The current password
* @param vPassword The new password
*/
CALL user_changePassword(myUser_getId(), vOldPassword, vPassword);
END$$
DELIMITER ;
GRANT EXECUTE ON PROCEDURE account.myUser_changePassword TO account@localhost;

29
db/changes/10221-accountModule/00-myUser_checkLogin.sql Normal file
View File

@ -0,0 +1,29 @@
DROP FUNCTION IF EXISTS account.myUser_checkLogin;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`myUser_checkLogin`() RETURNS tinyint(1)
READS SQL DATA
DETERMINISTIC
BEGIN
/**
* Checks that variables @userId and @userName haven't been altered.
*
* @return %TRUE if they are unaltered or unset, otherwise %FALSE
*/
DECLARE vSignature VARCHAR(128);
DECLARE vKey VARCHAR(255);
IF @userId IS NOT NULL
AND @userName IS NOT NULL
AND @userSignature IS NOT NULL
THEN
SELECT loginKey INTO vKey FROM userConfig;
SET vSignature = util.hmacSha2(256, CONCAT_WS('/', @userId, @userName), vKey);
RETURN vSignature = @userSignature;
END IF;
RETURN FALSE;
END$$
DELIMITER ;
GRANT EXECUTE ON FUNCTION account.myUser_checkLogin TO guest@localhost;

27
db/changes/10221-accountModule/00-myUser_getId.sql Normal file
View File

@ -0,0 +1,27 @@
DROP FUNCTION IF EXISTS account.myUser_getId;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`myUser_getId`() RETURNS int(11)
READS SQL DATA
DETERMINISTIC
BEGIN
/**
* Returns the current user id.
*
* @return The user id
*/
DECLARE vUser INT DEFAULT NULL;
IF myUser_checkLogin()
THEN
SET vUser = @userId;
ELSE
SELECT id INTO vUser FROM user
WHERE name = LEFT(USER(), INSTR(USER(), '@') - 1);
END IF;
RETURN vUser;
END$$
DELIMITER ;
GRANT EXECUTE ON FUNCTION account.myUser_getId TO guest@localhost;

27
db/changes/10221-accountModule/00-myUser_getName.sql Normal file
View File

@ -0,0 +1,27 @@
DROP FUNCTION IF EXISTS account.myUser_getName;
DELIMITER $$
$$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`myUser_getName`() RETURNS varchar(30) CHARSET utf8
NO SQL
DETERMINISTIC
BEGIN
/**
* Returns the current user name.
*
* @return The user name
*/
DECLARE vUser VARCHAR(30) DEFAULT NULL;
IF myUser_checkLogin()
THEN
SET vUser = @userName;
ELSE
SET vUser = LEFT(USER(), INSTR(USER(), '@') - 1);
END IF;
RETURN vUser;
END$$
DELIMITER ;
GRANT EXECUTE ON FUNCTION account.myUser_getName TO guest@localhost;

17
db/changes/10221-accountModule/00-myUser_hasRole.sql Normal file
View File

@ -0,0 +1,17 @@
DROP FUNCTION IF EXISTS account.myUser_hasRole;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`myUser_hasRole`(vRoleName VARCHAR(255)) RETURNS tinyint(1)
DETERMINISTIC
BEGIN
/**
* Checks if current user has/inherits a role.
*
* @param vRoleName Role to check
* @return %TRUE if it has role, %FALSE otherwise
*/
RETURN user_hasRole(myUser_getName(), vRoleName);
END$$
DELIMITER ;
GRANT EXECUTE ON FUNCTION account.myUser_hasRole TO guest@localhost;

17
db/changes/10221-accountModule/00-myUser_hasRoleId.sql Normal file
View File

@ -0,0 +1,17 @@
DROP FUNCTION IF EXISTS account.myUser_hasRoleId;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`myUser_hasRoleId`(vRoleId INT) RETURNS tinyint(1)
DETERMINISTIC
BEGIN
/**
* Checks if current user has/inherits a role.
*
* @param vRoleName Role id to check
* @return %TRUE if it has role, %FALSE otherwise
*/
RETURN user_hasRoleId(myUserGetName(), vRoleId);
END$$
DELIMITER ;
GRANT EXECUTE ON FUNCTION account.myUser_hasRoleId TO guest@localhost;

29
db/changes/10221-accountModule/00-myUser_login.sql Normal file
View File

@ -0,0 +1,29 @@
DROP PROCEDURE IF EXISTS account.myUser_login;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`myUser_login`(vUserName VARCHAR(255), vPassword VARCHAR(255))
READS SQL DATA
BEGIN
/**
* Logs in using the user credentials.
*
* @param vUserName The user name
* @param vPassword The user password
*/
DECLARE vAuthIsOk BOOLEAN DEFAULT FALSE;
SELECT COUNT(*) = 1 INTO vAuthIsOk FROM user
WHERE name = vUserName
AND password = MD5(vPassword)
AND active;
IF vAuthIsOk
THEN
CALL myUser_loginWithName (vUserName);
ELSE
CALL util.throw ('INVALID_CREDENTIALS');
END IF;
END$$
DELIMITER ;
GRANT EXECUTE ON PROCEDURE account.myUser_login TO guest@localhost;

25
db/changes/10221-accountModule/00-myUser_loginWithKey.sql Normal file
View File

@ -0,0 +1,25 @@
DROP PROCEDURE IF EXISTS account.myUser_loginWithKey;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`myUser_loginWithKey`(vUserName VARCHAR(255), vKey VARCHAR(255))
READS SQL DATA
BEGIN
/**
* Logs in using the user name and MySQL master key.
*
* @param vUserName The user name
* @param vKey The MySQL master key
*/
DECLARE vLoginKey VARCHAR(255);
SELECT loginKey INTO vLoginKey FROM userConfig;
IF vLoginKey = vKey THEN
CALL user_loginWithName(vUserName);
ELSE
CALL util.throw('INVALID_KEY');
END IF;
END$$
DELIMITER ;
GRANT EXECUTE ON PROCEDURE account.myUser_loginWithKey TO guest@localhost;

26
db/changes/10221-accountModule/00-myUser_loginWithName.sql Normal file
View File

@ -0,0 +1,26 @@
DROP PROCEDURE IF EXISTS account.myUser_loginWithName;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`myUser_loginWithName`(vUserName VARCHAR(255))
READS SQL DATA
BEGIN
/**
* Logs in using only the user name. This procedure is intended to be executed
* by users with a high level of privileges so that normal users should not have
* execute permissions on it.
*
* @param vUserName The user name
*/
DECLARE vUserId INT DEFAULT NULL;
DECLARE vKey VARCHAR(255);
SELECT id INTO vUserId FROM user
WHERE name = vUserName;
SELECT loginKey INTO vKey FROM userConfig;
SET @userId = vUserId;
SET @userName = vUserName;
SET @userSignature = util.hmacSha2(256, CONCAT_WS('/', vUserId, vUserName), vKey);
END$$
DELIMITER ;

15
db/changes/10221-accountModule/00-myUser_logout.sql Normal file
View File

@ -0,0 +1,15 @@
DROP PROCEDURE IF EXISTS account.myUser_logout;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`myUser_logout`()
BEGIN
/**
* Logouts the user.
*/
SET @userId = NULL;
SET @userName = NULL;
SET @userSignature = NULL;
END$$
DELIMITER ;
GRANT EXECUTE ON PROCEDURE account.myUser_logout TO account@localhost;

52
db/changes/10221-accountModule/00-passwordGenerate.sql Normal file
View File

@ -0,0 +1,52 @@
DROP FUNCTION IF EXISTS account.passwordGenerate;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`passwordGenerate`() RETURNS text CHARSET utf8
BEGIN
/**
* Generates a random password that meets the minimum requirements.
*
* @return Generated password
*/
DECLARE vMinLength TINYINT;
DECLARE vMinAlpha TINYINT;
DECLARE vMinUpper TINYINT;
DECLARE vMinDigits TINYINT;
DECLARE vMinPunct TINYINT;
DECLARE vAlpha TINYINT DEFAULT 0;
DECLARE vUpper TINYINT DEFAULT 0;
DECLARE vDigits TINYINT DEFAULT 0;
DECLARE vPunct TINYINT DEFAULT 0;
DECLARE vRandIndex INT;
DECLARE vPwd TEXT DEFAULT '';
DECLARE vAlphaChars TEXT DEFAULT 'abcdefghijklmnopqrstuvwxyz';
DECLARE vUpperChars TEXT DEFAULT 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
DECLARE vDigitChars TEXT DEFAULT '1234567890';
DECLARE vPunctChars TEXT DEFAULT '!$%&()=.';
SELECT length, nAlpha, nUpper, nDigits, nPunct
INTO vMinLength, vMinAlpha, vMinUpper, vMinDigits, vMinPunct FROM userPassword;
WHILE LENGTH(vPwd) < vMinLength OR vAlpha < vMinAlpha
OR vUpper < vMinUpper OR vDigits < vMinDigits OR vPunct < vMinPunct DO
SET vRandIndex = FLOOR((RAND() * 4) + 1);
CASE
WHEN vRandIndex = 1 THEN
SET vPwd = CONCAT(vPwd, SUBSTRING(vAlphaChars, FLOOR((RAND() * 26) + 1), 1));
SET vAlpha = vAlpha + 1;
WHEN vRandIndex = 2 THEN
SET vPwd = CONCAT(vPwd, SUBSTRING(vUpperChars, FLOOR((RAND() * 26) + 1), 1));
SET vUpper = vUpper + 1;
WHEN vRandIndex = 3 THEN
SET vPwd = CONCAT(vPwd, SUBSTRING(vDigitChars, FLOOR((RAND() * 10) + 1), 1));
SET vDigits = vDigits + 1;
WHEN vRandIndex = 4 THEN
SET vPwd = CONCAT(vPwd, SUBSTRING(vPunctChars, FLOOR((RAND() * LENGTH(vPunctChars)) + 1), 1));
SET vPunct = vPunct + 1;
END CASE;
END WHILE;
RETURN vPwd;
END$$
DELIMITER ;

18
db/changes/10221-accountModule/00-role_checkName.sql Normal file
View File

@ -0,0 +1,18 @@
DROP PROCEDURE IF EXISTS account.role_checkName;
DELIMITER $$
CREATE PROCEDURE account.role_checkName(vRoleName VARCHAR(255))
BEGIN
/**
* Checks that role name meets the necessary syntax requirements, otherwise it
* throws an exception.
* Role name must be written in camelCase.
*
* @param vRoleName The role name
*/
IF BINARY vRoleName NOT REGEXP '^[a-z][a-zA-Z]+$' THEN
SIGNAL SQLSTATE '45000'
SET MESSAGE_TEXT = 'Role name must be written in camelCase';
END IF;
END$$
DELIMITER ;

66
db/changes/10221-accountModule/00-role_getDescendents.sql Normal file
View File

@ -0,0 +1,66 @@
DROP PROCEDURE IF EXISTS account.role_getDescendents;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`role_getDescendents`(vSelf INT)
BEGIN
/**
* Gets the identifiers of all the subroles implemented by a role (Including
* itself).
*
* @param vSelf The role identifier
* @table tmp.role Subroles implemented by the role
*/
DECLARE vIsRoot BOOL;
DROP TEMPORARY TABLE IF EXISTS
tmp.role, parents, childs;
CREATE TEMPORARY TABLE tmp.role
(UNIQUE (id))
ENGINE = MEMORY
SELECT vSelf AS id;
CREATE TEMPORARY TABLE parents
ENGINE = MEMORY
SELECT vSelf AS id;
CREATE TEMPORARY TABLE childs
LIKE parents;
REPEAT
DELETE FROM childs;
INSERT INTO childs
SELECT DISTINCT r.inheritsFrom id
FROM parents p
JOIN roleInherit r ON r.role = p.id
LEFT JOIN tmp.role t ON t.id = r.inheritsFrom
WHERE t.id IS NULL;
DELETE FROM parents;
INSERT INTO parents
SELECT * FROM childs;
INSERT INTO tmp.role
SELECT * FROM childs;
UNTIL ROW_COUNT() <= 0
END REPEAT;
-- If it is root all the roles are added
SELECT COUNT(*) > 0 INTO vIsRoot
FROM tmp.role t
JOIN role r ON r.id = t.id
WHERE r.`name` = 'root';
IF vIsRoot THEN
INSERT IGNORE INTO tmp.role (id)
SELECT id FROM role;
END IF;
-- Cleaning
DROP TEMPORARY TABLE
parents, childs;
END$$
DELIMITER ;

53
db/changes/10221-accountModule/00-role_sync.sql Normal file
View File

@ -0,0 +1,53 @@
DROP PROCEDURE IF EXISTS account.role_sync;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`role_sync`()
BEGIN
/**
* Synchronize the @roleRole table with the current role hierarchy. This
* procedure must be called every time the @roleInherit table is modified so
* that the changes made on it are effective.
*/
DECLARE vRoleId INT;
DECLARE vDone BOOL;
DECLARE cur CURSOR FOR
SELECT id FROM role;
DECLARE CONTINUE HANDLER FOR NOT FOUND SET vDone = TRUE;
DROP TEMPORARY TABLE IF EXISTS tRoleRole;
CREATE TEMPORARY TABLE tRoleRole
ENGINE = MEMORY
SELECT * FROM roleRole LIMIT 0;
OPEN cur;
l: LOOP
SET vDone = FALSE;
FETCH cur INTO vRoleId;
IF vDone THEN
LEAVE l;
END IF;
CALL role_getDescendents(vRoleId);
INSERT INTO tRoleRole (role, inheritsFrom)
SELECT vRoleId, id FROM tmp.role;
DROP TEMPORARY TABLE tmp.role;
END LOOP;
CLOSE cur;
START TRANSACTION;
DELETE FROM roleRole;
INSERT INTO roleRole SELECT * FROM tRoleRole;
COMMIT;
DROP TEMPORARY TABLE tRoleRole;
CALL role_syncPrivileges;
END$$
DELIMITER ;

494
db/changes/10221-accountModule/00-role_syncPrivileges.sql Normal file
View File

@ -0,0 +1,494 @@
DROP PROCEDURE IF EXISTS account.role_syncPrivileges;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`role_syncPrivileges`()
BEGIN
/**
* Synchronizes permissions of MySQL role users based on role hierarchy.
* The computed role users of permission mix will be named according to
* pattern z-[role_name].
*
* If any@localhost user exists, it will be taken as a template for basic
* attributes.
*
* Warning! This procedure should only be called when MySQL privileges
* are modified. If role hierarchy is modified, you must call the role_sync()
* procedure wich calls this internally.
*/
DECLARE vIsMysql BOOL DEFAULT VERSION() NOT LIKE '%MariaDB%';
DECLARE vVersion INT DEFAULT SUBSTRING_INDEX(VERSION(), '.', 1);
DECLARE vTplUser VARCHAR(255) DEFAULT 'any';
DECLARE vTplHost VARCHAR(255) DEFAULT '%';
DECLARE vRoleHost VARCHAR(255) DEFAULT 'localhost';
DECLARE vAllHost VARCHAR(255) DEFAULT '%';
DECLARE vPrefix VARCHAR(2) DEFAULT 'z-';
DECLARE vPrefixedLike VARCHAR(255);
DECLARE vPassword VARCHAR(255) DEFAULT '';
-- Deletes computed role users
SET vPrefixedLike = CONCAT(vPrefix, '%');
DELETE FROM mysql.user
WHERE `User` LIKE vPrefixedLike;
DELETE FROM mysql.db
WHERE `User` LIKE vPrefixedLike;
DELETE FROM mysql.tables_priv
WHERE `User` LIKE vPrefixedLike;
DELETE FROM mysql.columns_priv
WHERE `User` LIKE vPrefixedLike;
DELETE FROM mysql.procs_priv
WHERE `User` LIKE vPrefixedLike;
DELETE FROM mysql.proxies_priv
WHERE `Proxied_user` LIKE vPrefixedLike;
-- Temporary tables
DROP TEMPORARY TABLE IF EXISTS tRole;
CREATE TEMPORARY TABLE tRole
(INDEX (id))
ENGINE = MEMORY
SELECT
id,
`name` role,
CONCAT(vPrefix, `name`) prefixedRole
FROM role
WHERE hasLogin;
DROP TEMPORARY TABLE IF EXISTS tRoleInherit;
CREATE TEMPORARY TABLE tRoleInherit
(INDEX (inheritsFrom))
ENGINE = MEMORY
SELECT
r.prefixedRole,
ri.`name` inheritsFrom
FROM tRole r
JOIN roleRole rr ON rr.role = r.id
JOIN role ri ON ri.id = rr.inheritsFrom;
-- Recreate role users
IF vIsMysql THEN
DROP TEMPORARY TABLE IF EXISTS tUser;
CREATE TEMPORARY TABLE tUser
SELECT
r.prefixedRole `User`,
vTplHost `Host`,
IFNULL(t.`authentication_string`,
'') `authentication_string`,
IFNULL(t.`plugin`,
'mysql_native_password') `plugin`,
IFNULL(IF('' != u.`ssl_type`,
u.`ssl_type`, t.`ssl_type`),
'') `ssl_type`,
IFNULL(IF('' != u.`ssl_cipher`,
u.`ssl_cipher`, t.`ssl_cipher`),
'') `ssl_cipher`,
IFNULL(IF('' != u.`x509_issuer`,
u.`x509_issuer`, t.`x509_issuer`),
'') `x509_issuer`,
IFNULL(IF('' != u.`x509_subject`,
u.`x509_subject`, t.`x509_subject`),
'') `x509_subject`,
IFNULL(IF(0 != u.`max_questions`,
u.`max_questions`, t.`max_questions`),
0) `max_questions`,
IFNULL(IF(0 != u.`max_updates`,
u.`max_updates`, t.`max_updates`),
0) `max_updates`,
IFNULL(IF(0 != u.`max_connections`,
u.`max_connections`, t.`max_connections`),
0) `max_connections`,
IFNULL(IF(0 != u.`max_user_connections`,
u.`max_user_connections`, t.`max_user_connections`),
0) `max_user_connections`
FROM tRole r
LEFT JOIN mysql.user t
ON t.`User` = vTplUser
AND t.`Host` = vRoleHost
LEFT JOIN mysql.user u
ON u.`User` = r.role
AND u.`Host` = vRoleHost;
IF vVersion <= 5 THEN
SELECT `Password` INTO vPassword
FROM mysql.user
WHERE `User` = vTplUser
AND `Host` = vRoleHost;
INSERT INTO mysql.user (
`User`,
`Host`,
`Password`,
`authentication_string`,
`plugin`,
`ssl_type`,
`ssl_cipher`,
`x509_issuer`,
`x509_subject`,
`max_questions`,
`max_updates`,
`max_connections`,
`max_user_connections`
)
SELECT
`User`,
`Host`,
vPassword,
`authentication_string`,
`plugin`,
`ssl_type`,
`ssl_cipher`,
`x509_issuer`,
`x509_subject`,
`max_questions`,
`max_updates`,
`max_connections`,
`max_user_connections`
FROM tUser;
ELSE
INSERT INTO mysql.user (
`User`,
`Host`,
`authentication_string`,
`plugin`,
`ssl_type`,
`ssl_cipher`,
`x509_issuer`,
`x509_subject`,
`max_questions`,
`max_updates`,
`max_connections`,
`max_user_connections`
)
SELECT
`User`,
`Host`,
`authentication_string`,
`plugin`,
`ssl_type`,
`ssl_cipher`,
`x509_issuer`,
`x509_subject`,
`max_questions`,
`max_updates`,
`max_connections`,
`max_user_connections`
FROM tUser;
END IF;
DROP TEMPORARY TABLE IF EXISTS tUser;
ELSE
INSERT INTO mysql.global_priv (
`User`,
`Host`,
`Priv`
)
SELECT
r.prefixedRole,
vTplHost,
JSON_MERGE_PATCH(
IFNULL(t.`Priv`, '{}'),
IFNULL(u.`Priv`, '{}')
)
FROM tRole r
LEFT JOIN mysql.global_priv t
ON t.`User` = vTplUser
AND t.`Host` = vRoleHost
LEFT JOIN mysql.global_priv u
ON u.`User` = r.role
AND u.`Host` = vRoleHost;
END IF;
INSERT INTO mysql.proxies_priv (
`User`,
`Host`,
`Proxied_user`,
`Proxied_host`,
`Grantor`
)
SELECT
'',
vAllHost,
prefixedRole,
vTplHost,
CONCAT(prefixedRole, '@', vTplHost)
FROM tRole;
-- Copies global privileges
DROP TEMPORARY TABLE IF EXISTS tUserPriv;
IF vIsMysql THEN
CREATE TEMPORARY TABLE tUserPriv
(INDEX (prefixedRole))
ENGINE = MEMORY
SELECT
r.prefixedRole,
MAX(u.`Select_priv`) `Select_priv`,
MAX(u.`Insert_priv`) `Insert_priv`,
MAX(u.`Update_priv`) `Update_priv`,
MAX(u.`Delete_priv`) `Delete_priv`,
MAX(u.`Create_priv`) `Create_priv`,
MAX(u.`Drop_priv`) `Drop_priv`,
MAX(u.`Reload_priv`) `Reload_priv`,
MAX(u.`Shutdown_priv`) `Shutdown_priv`,
MAX(u.`Process_priv`) `Process_priv`,
MAX(u.`File_priv`) `File_priv`,
MAX(u.`Grant_priv`) `Grant_priv`,
MAX(u.`References_priv`) `References_priv`,
MAX(u.`Index_priv`) `Index_priv`,
MAX(u.`Alter_priv`) `Alter_priv`,
MAX(u.`Show_db_priv`) `Show_db_priv`,
MAX(u.`Super_priv`) `Super_priv`,
MAX(u.`Create_tmp_table_priv`) `Create_tmp_table_priv`,
MAX(u.`Lock_tables_priv`) `Lock_tables_priv`,
MAX(u.`Execute_priv`) `Execute_priv`,
MAX(u.`Repl_slave_priv`) `Repl_slave_priv`,
MAX(u.`Repl_client_priv`) `Repl_client_priv`,
MAX(u.`Create_view_priv`) `Create_view_priv`,
MAX(u.`Show_view_priv`) `Show_view_priv`,
MAX(u.`Create_routine_priv`) `Create_routine_priv`,
MAX(u.`Alter_routine_priv`) `Alter_routine_priv`,
MAX(u.`Create_user_priv`) `Create_user_priv`,
MAX(u.`Event_priv`) `Event_priv`,
MAX(u.`Trigger_priv`) `Trigger_priv`,
MAX(u.`Create_tablespace_priv`) `Create_tablespace_priv`
FROM tRoleInherit r
JOIN mysql.user u
ON u.`User` = r.inheritsFrom
AND u.`Host`= vRoleHost
GROUP BY r.prefixedRole;
UPDATE mysql.user u
JOIN tUserPriv t
ON u.`User` = t.prefixedRole
AND u.`Host` = vTplHost
SET
u.`Select_priv`
= t.`Select_priv`,
u.`Insert_priv`
= t.`Insert_priv`,
u.`Update_priv`
= t.`Update_priv`,
u.`Delete_priv`
= t.`Delete_priv`,
u.`Create_priv`
= t.`Create_priv`,
u.`Drop_priv`
= t.`Drop_priv`,
u.`Reload_priv`
= t.`Reload_priv`,
u.`Shutdown_priv`
= t.`Shutdown_priv`,
u.`Process_priv`
= t.`Process_priv`,
u.`File_priv`
= t.`File_priv`,
u.`Grant_priv`
= t.`Grant_priv`,
u.`References_priv`
= t.`References_priv`,
u.`Index_priv`
= t.`Index_priv`,
u.`Alter_priv`
= t.`Alter_priv`,
u.`Show_db_priv`
= t.`Show_db_priv`,
u.`Super_priv`
= t.`Super_priv`,
u.`Create_tmp_table_priv`
= t.`Create_tmp_table_priv`,
u.`Lock_tables_priv`
= t.`Lock_tables_priv`,
u.`Execute_priv`
= t.`Execute_priv`,
u.`Repl_slave_priv`
= t.`Repl_slave_priv`,
u.`Repl_client_priv`
= t.`Repl_client_priv`,
u.`Create_view_priv`
= t.`Create_view_priv`,
u.`Show_view_priv`
= t.`Show_view_priv`,
u.`Create_routine_priv`
= t.`Create_routine_priv`,
u.`Alter_routine_priv`
= t.`Alter_routine_priv`,
u.`Create_user_priv`
= t.`Create_user_priv`,
u.`Event_priv`
= t.`Event_priv`,
u.`Trigger_priv`
= t.`Trigger_priv`,
u.`Create_tablespace_priv`
= t.`Create_tablespace_priv`;
ELSE
CREATE TEMPORARY TABLE tUserPriv
(INDEX (prefixedRole))
SELECT
r.prefixedRole,
BIT_OR(JSON_VALUE(p.`Priv`, '$.access')) access
FROM tRoleInherit r
JOIN mysql.global_priv p
ON p.`User` = r.inheritsFrom
AND p.`Host`= vRoleHost
GROUP BY r.prefixedRole;
UPDATE mysql.global_priv p
JOIN tUserPriv t
ON p.`User` = t.prefixedRole
AND p.`Host` = vTplHost
SET
p.`Priv` = JSON_SET(p.`Priv`, '$.access', t.access);
END IF;
DROP TEMPORARY TABLE tUserPriv;
-- Copy schema level privileges
INSERT INTO mysql.db (
`User`,
`Host`,
`Db`,
`Select_priv`,
`Insert_priv`,
`Update_priv`,
`Delete_priv`,
`Create_priv`,
`Drop_priv`,
`Grant_priv`,
`References_priv`,
`Index_priv`,
`Alter_priv`,
`Create_tmp_table_priv`,
`Lock_tables_priv`,
`Create_view_priv`,
`Show_view_priv`,
`Create_routine_priv`,
`Alter_routine_priv`,
`Execute_priv`,
`Event_priv`,
`Trigger_priv`
)
SELECT
r.prefixedRole,
vTplHost,
t.`Db`,
MAX(t.`Select_priv`),
MAX(t.`Insert_priv`),
MAX(t.`Update_priv`),
MAX(t.`Delete_priv`),
MAX(t.`Create_priv`),
MAX(t.`Drop_priv`),
MAX(t.`Grant_priv`),
MAX(t.`References_priv`),
MAX(t.`Index_priv`),
MAX(t.`Alter_priv`),
MAX(t.`Create_tmp_table_priv`),
MAX(t.`Lock_tables_priv`),
MAX(t.`Create_view_priv`),
MAX(t.`Show_view_priv`),
MAX(t.`Create_routine_priv`),
MAX(t.`Alter_routine_priv`),
MAX(t.`Execute_priv`),
MAX(t.`Event_priv`),
MAX(t.`Trigger_priv`)
FROM tRoleInherit r
JOIN mysql.db t
ON t.`User` = r.inheritsFrom
AND t.`Host`= vRoleHost
GROUP BY r.prefixedRole, t.`Db`;
-- Copy table level privileges
INSERT INTO mysql.tables_priv (
`User`,
`Host`,
`Db`,
`Table_name`,
`Grantor`,
`Timestamp`,
`Table_priv`,
`Column_priv`
)
SELECT
r.prefixedRole,
vTplHost,
t.`Db`,
t.`Table_name`,
t.`Grantor`,
MAX(t.`Timestamp`),
IFNULL(GROUP_CONCAT(NULLIF(t.`Table_priv`, '')), ''),
IFNULL(GROUP_CONCAT(NULLIF(t.`Column_priv`, '')), '')
FROM tRoleInherit r
JOIN mysql.tables_priv t
ON t.`User` = r.inheritsFrom
AND t.`Host`= vRoleHost
GROUP BY r.prefixedRole, t.`Db`, t.`Table_name`;
-- Copy column level privileges
INSERT INTO mysql.columns_priv (
`User`,
`Host`,
`Db`,
`Table_name`,
`Column_name`,
`Timestamp`,
`Column_priv`
)
SELECT
r.prefixedRole,
vTplHost,
t.`Db`,
t.`Table_name`,
t.`Column_name`,
MAX(t.`Timestamp`),
IFNULL(GROUP_CONCAT(NULLIF(t.`Column_priv`, '')), '')
FROM tRoleInherit r
JOIN mysql.columns_priv t
ON t.`User` = r.inheritsFrom
AND t.`Host`= vRoleHost
GROUP BY r.prefixedRole, t.`Db`, t.`Table_name`, t.`Column_name`;
-- Copy routine privileges
INSERT IGNORE INTO mysql.procs_priv (
`User`,
`Host`,
`Db`,
`Routine_name`,
`Routine_type`,
`Grantor`,
`Timestamp`,
`Proc_priv`
)
SELECT
r.prefixedRole,
vTplHost,
t.`Db`,
t.`Routine_name`,
t.`Routine_type`,
t.`Grantor`,
t.`Timestamp`,
t.`Proc_priv`
FROM tRoleInherit r
JOIN mysql.procs_priv t
ON t.`User` = r.inheritsFrom
AND t.`Host`= vRoleHost;
-- Free memory
DROP TEMPORARY TABLE
tRole,
tRoleInherit;
FLUSH PRIVILEGES;
END$$
DELIMITER ;

15
db/changes/10221-accountModule/00-userGetId.sql Normal file
View File

@ -0,0 +1,15 @@
DROP FUNCTION IF EXISTS account.userGetId;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`userGetId`() RETURNS int(11)
READS SQL DATA
DETERMINISTIC
BEGIN
/**
* @deprecated Use myUser_getId()
*/
RETURN myUser_getId();
END$$
DELIMITER ;
GRANT EXECUTE ON FUNCTION account.userGetId TO guest@localhost;

11
db/changes/10221-accountModule/00-userGetMysqlRole.sql Normal file
View File

@ -0,0 +1,11 @@
DROP FUNCTION IF EXISTS account.userGetMysqlRole;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`userGetMysqlRole`(vUserName VARCHAR(255)) RETURNS varchar(255) CHARSET utf8
BEGIN
/**
* @deprecated Use user_getMysqlRole()
*/
RETURN user_getMysqlRole();
END$$
DELIMITER ;

15
db/changes/10221-accountModule/00-userGetName.sql Normal file
View File

@ -0,0 +1,15 @@
DROP FUNCTION IF EXISTS account.userGetName;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`userGetName`() RETURNS varchar(30) CHARSET utf8
NO SQL
DETERMINISTIC
BEGIN
/**
* @deprecated Use myUser_getName()
*/
RETURN myUser_getName();
END$$
DELIMITER ;
GRANT EXECUTE ON FUNCTION account.userGetName TO guest@localhost;

11
db/changes/10221-accountModule/00-userGetNameFromId.sql Normal file
View File

@ -0,0 +1,11 @@
DROP FUNCTION IF EXISTS account.userGetNameFromId;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`userGetNameFromId`(vSelf INT) RETURNS varchar(30) CHARSET utf8
BEGIN
/**
* @deprecated Use user_getNameFromId();
*/
RETURN user_getNameFromId(vSelf);
END$$
DELIMITER ;

12
db/changes/10221-accountModule/00-userHasRole.sql Normal file
View File

@ -0,0 +1,12 @@
DROP FUNCTION IF EXISTS account.userHasRole;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`userHasRole`(vUserName VARCHAR(255), vRoleName VARCHAR(255)) RETURNS tinyint(1)
DETERMINISTIC
BEGIN
/**
* @deprecated Use user_hasRole()
*/
RETURN user_hasRole(vUserName, vRoleName);
END$$
DELIMITER ;

12
db/changes/10221-accountModule/00-userHasRoleId.sql Normal file
View File

@ -0,0 +1,12 @@
DROP FUNCTION IF EXISTS account.userHasRoleId;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`userHasRoleId`(vUser VARCHAR(255), vRoleId INT) RETURNS tinyint(1)
DETERMINISTIC
BEGIN
/**
* @deprecated Use user_hasRoleId()
*/
RETURN user_hasRoleId(vUser, vRoleId);
END$$
DELIMITER ;

14
db/changes/10221-accountModule/00-userLogin.sql Normal file
View File

@ -0,0 +1,14 @@
DROP PROCEDURE IF EXISTS account.userLogin;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`userLogin`(vUserName VARCHAR(255), vPassword VARCHAR(255))
READS SQL DATA
BEGIN
/**
* @deprecated Use myUser_login()
*/
CALL myUser_login(vUserName, vPassword);
END$$
DELIMITER ;
GRANT EXECUTE ON PROCEDURE account.userLogin TO guest@localhost;

14
db/changes/10221-accountModule/00-userLoginWithKey.sql Normal file
View File

@ -0,0 +1,14 @@
DROP PROCEDURE IF EXISTS account.userLoginWithKey;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`userLoginWithKey`(vUserName VARCHAR(255), vKey VARCHAR(255))
READS SQL DATA
BEGIN
/**
* @deprecated Use myUser_loginWithKey()
*/
CALL myUser_loginWithKey(vUserName, vKey);
END$$
DELIMITER ;
GRANT EXECUTE ON PROCEDURE account.userLoginWithKey TO guest@localhost;

12
db/changes/10221-accountModule/00-userLoginWithName.sql Normal file
View File

@ -0,0 +1,12 @@
DROP PROCEDURE IF EXISTS account.userLoginWithName;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`userLoginWithName`(vUserName VARCHAR(255))
READS SQL DATA
BEGIN
/**
* @deprecated Use myUser_loginWithName()
*/
CALL myUser_loginWithName(vUserName);
END$$
DELIMITER ;

14
db/changes/10221-accountModule/00-userLogout.sql Normal file
View File

@ -0,0 +1,14 @@
DROP PROCEDURE IF EXISTS account.myUserLogout;
DELIMITER $$
$$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`myUserLogout`()
BEGIN
/**
* @deprecated Use myUser_Logout()
*/
CALL myUser_logout;
END$$
DELIMITER ;
GRANT EXECUTE ON PROCEDURE account.myUserLogout TO account@localhost;

16
db/changes/10221-accountModule/00-userSetPassword.sql Normal file
View File

@ -0,0 +1,16 @@
DROP PROCEDURE IF EXISTS account.userSetPassword;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`userSetPassword`(vUserName VARCHAR(255), vPassword VARCHAR(255))
BEGIN
/**
* @deprecated Use user_setPassword()
*/
DECLARE vUserId INT;
SELECT id INTO vUserId
FROM user WHERE `name` = vUserName;
CALL user_setPassword(vUserId, vPassword);
END$$
DELIMITER ;

27
db/changes/10221-accountModule/00-user_changePassword.sql Normal file
View File

@ -0,0 +1,27 @@
DROP PROCEDURE IF EXISTS account.user_changePassword;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE account.user_changePassword(vSelf INT, vOldPassword VARCHAR(255), vPassword VARCHAR(255))
BEGIN
/**
* Changes the user password.
*
* @param vSelf The user id
* @param vOldPassword The current password
* @param vPassword The new password
*/
DECLARE vPasswordOk BOOL;
DECLARE vUserName VARCHAR(255);
SELECT `password` = MD5(vOldPassword), `name`
INTO vPasswordOk, vUserName
FROM user WHERE id = vSelf;
IF NOT vPasswordOk THEN
SIGNAL SQLSTATE '45000'
SET MESSAGE_TEXT = 'Invalid password';
END IF;
CALL user_setPassword(vSelf, vPassword);
END$$
DELIMITER ;

17
db/changes/10221-accountModule/00-user_checkName.sql Normal file
View File

@ -0,0 +1,17 @@
DROP PROCEDURE IF EXISTS account.user_checkName;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE `account`.`user_checkName`(vUserName VARCHAR(255))
BEGIN
/**
* Checks that username meets the necessary syntax requirements, otherwise it
* throws an exception.
* The user name must only contain lowercase letters or, starting with second
* character, numbers or underscores.
*/
IF vUserName NOT REGEXP '^[a-z0-9_-]*$' THEN
SIGNAL SQLSTATE '45000'
SET MESSAGE_TEXT = 'INVALID_USER_NAME';
END IF;
END$$
DELIMITER ;

22
db/changes/10221-accountModule/00-user_getMysqlRole.sql Normal file
View File

@ -0,0 +1,22 @@
DROP FUNCTION IF EXISTS account.user_getMysqlRole;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`user_getMysqlRole`(vUserName VARCHAR(255)) RETURNS varchar(255) CHARSET utf8
BEGIN
/**
* From a username, it returns the associated MySQL wich should be used when
* using external authentication systems.
*
* @param vUserName The user name
* @return The associated MySQL role
*/
DECLARE vRole VARCHAR(255);
SELECT CONCAT(IF(r.hasLogin, 'z-', ''), r.name) INTO vRole
FROM role r
JOIN user u ON u.role = r.id
WHERE u.name = vUserName;
RETURN vRole;
END$$
DELIMITER ;

20
db/changes/10221-accountModule/00-user_getNameFromId.sql Normal file
View File

@ -0,0 +1,20 @@
DROP FUNCTION IF EXISTS account.user_getNameFromId;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`user_getNameFromId`(vSelf INT) RETURNS varchar(30) CHARSET utf8
BEGIN
/**
* Gets user name from it's id.
*
* @param vSelf The user id
* @return The user name
*/
DECLARE vName VARCHAR(30);
SELECT `name` INTO vName
FROM user
WHERE id = vId;
RETURN vSelf;
END$$
DELIMITER ;

25
db/changes/10221-accountModule/00-user_hasRole.sql Normal file
View File

@ -0,0 +1,25 @@
DROP FUNCTION IF EXISTS account.user_hasRole;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`user_hasRole`(vUserName VARCHAR(255), vRoleName VARCHAR(255)) RETURNS tinyint(1)
DETERMINISTIC
BEGIN
/**
* Checks if user has/inherits a role.
*
* @param vUserName The user name
* @param vRoleName Role to check
* @return %TRUE if it has role, %FALSE otherwise
*/
DECLARE vHasRole BOOL DEFAULT FALSE;
SELECT COUNT(*) > 0 INTO vHasRole
FROM user u
JOIN roleRole rr ON rr.role = u.role
JOIN role r ON r.id = rr.inheritsFrom
WHERE u.`name` = vUserName
AND r.`name` = vRoleName COLLATE 'utf8_unicode_ci';
RETURN vHasRole;
END$$
DELIMITER ;

25
db/changes/10221-accountModule/00-user_hasRoleId.sql Normal file
View File

@ -0,0 +1,25 @@
DROP FUNCTION IF EXISTS account.user_hasRoleId;
DELIMITER $$
CREATE DEFINER=`root`@`%` FUNCTION `account`.`user_hasRoleId`(vUser VARCHAR(255), vRoleId INT) RETURNS tinyint(1)
DETERMINISTIC
BEGIN
/**
* Checks if user has/inherits a role.
*
* @param vUserName The user name
* @param vRoleId Role id to check
* @return %TRUE if it has role, %FALSE otherwise
*/
DECLARE vHasRole BOOL DEFAULT FALSE;
SELECT COUNT(*) > 0 INTO vHasRole
FROM user u
JOIN roleRole rr ON rr.role = u.role
JOIN role r ON r.id = rr.inheritsFrom
WHERE u.`name` = vUser
AND r.id = vRoleId;
RETURN vHasRole;
END$$
DELIMITER ;

21
db/changes/10221-accountModule/00-user_setPassword.sql Normal file
View File

@ -0,0 +1,21 @@
DROP PROCEDURE IF EXISTS account.user_setPassword;
DELIMITER $$
CREATE DEFINER=`root`@`%` PROCEDURE account.user_setPassword(vSelf INT, vPassword VARCHAR(255))
BEGIN
/**
* Change the password of the passed as a parameter. Only administrators should
* have execute privileges on the procedure since it does not request the user's
* current password.
*
* @param vSelf The user id
* @param vPassword New password
*/
CALL user_checkPassword(vPassword);
UPDATE user SET
`password` = MD5(vPassword),
`recoverPass` = FALSE
WHERE id = vSelf;
END$$
DELIMITER ;

30
db/dump/dumpedFixtures.sql
View File

File diff suppressed because one or more lines are too long

35
db/dump/fixtures.sql
View File

@ -12,10 +12,6 @@ INSERT INTO `vn`.`ticketConfig` (`id`, `scopeDays`)
VALUES
('1', '6');
INSERT INTO `account`.`mailConfig` (`id`, `domain`)
VALUES
('1', 'verdnatura.es');
INSERT INTO `vn`.`bionicConfig` (`generalInflationCoeficient`, `minimumDensityVolumetricWeight`, `verdnaturaVolumeBox`, `itemCarryBox`)
VALUES
(1.30, 167.00, 138000, 71);
@ -33,12 +29,16 @@ INSERT INTO `vn`.`packagingConfig`(`upperGap`)
('10');
UPDATE `account`.`role` SET id = 100 WHERE id = 0;
CALL `account`.`role_sync`;
INSERT INTO `account`.`user`(`id`,`name`, `nickname`, `password`,`role`,`active`,`email`, `lang`)
SELECT id, name, CONCAT(name, 'Nick'),MD5('nightmare'), id, 1, CONCAT(name, '@mydomain.com'), 'en'
FROM `account`.`role` WHERE id <> 20
ORDER BY id;
INSERT INTO `account`.`account`(`id`)
SELECT id FROM `account`.`user`;
INSERT INTO `vn`.`worker`(`id`,`code`, `firstName`, `lastName`, `userFk`, `bossFk`)
SELECT id,UPPER(LPAD(role, 3, '0')), name, name, id, 9
FROM `vn`.`user`;
@ -68,6 +68,24 @@ INSERT INTO `account`.`user`(`id`,`name`,`nickname`, `password`,`role`,`active`,
(111, 'Missing', 'Missing', 'ac754a330530832ba1bf7687f577da91', 2, 0, NULL, 'en'),
(112, 'Trash', 'Trash', 'ac754a330530832ba1bf7687f577da91', 2, 0, NULL, 'en');
INSERT INTO `account`.`mailAlias`(`id`, `alias`, `description`, `isPublic`)
VALUES
(1, 'general', 'General mailing list', FALSE),
(2, 'it' , 'IT department' , TRUE),
(3, 'sales' , 'Sales department' , TRUE);
INSERT INTO `account`.`mailAliasAccount`(`mailAlias`, `account`)
VALUES
(1, 1),
(1, 18),
(3, 18),
(1, 9),
(2, 9);
INSERT INTO `account`.`mailForward`(`account`, `forwardTo`)
VALUES
(1, 'employee@domain.local');
INSERT INTO `vn`.`worker`(`id`, `code`, `firstName`, `lastName`, `userFk`,`bossFk`, `phone`)
VALUES
(106, 'LGN', 'David Charles', 'Haller', 106, 19, 432978106),
@ -88,6 +106,15 @@ INSERT INTO `vn`.`country`(`id`, `country`, `isUeeMember`, `code`, `currencyFk`,
(19,'Francia', 1, 'FR', 1, 27),
(30,'Canarias', 1, 'IC', 1, 24);
INSERT INTO `hedera`.`language` (`code`, `name`, `orgName`, `isActive`)
VALUES
('ca', 'Català' , 'Catalan' , TRUE),
('en', 'English' , 'English' , TRUE),
('es', 'Español' , 'Spanish' , TRUE),
('fr', 'Français' , 'French' , TRUE),
('mn', 'Португалий', 'Mongolian' , TRUE),
('pt', 'Português' , 'Portuguese', TRUE);
INSERT INTO `vn`.`warehouseAlias`(`id`, `name`)
VALUES
(1, 'Main Warehouse'),

3
db/export-data.sh
View File

@ -22,6 +22,9 @@ TABLES=(
role
roleInherit
roleRole
userPassword
accountConfig
mailConfig
)
dump_tables ${TABLES[@]}

2
front/core/components/crud-model/crud-model.js
View File

@ -134,7 +134,7 @@ export default class CrudModel extends ModelProxy {
*/
save() {
if (!this.isChanged)
return null;
return this.$q.resolve();
let deletes = [];
let updates = [];

1
front/core/components/data-viewer/index.html
View File

@ -1,6 +1,7 @@
<div ng-if="$ctrl.isReady">
<div ng-transclude></div>
<vn-pagination
ng-if="$ctrl.model"
model="$ctrl.model"
class="vn-pt-md">
</vn-pagination>

5
front/core/components/list/style.scss
View File

@ -32,7 +32,6 @@ vn-list,
vn-item,
.vn-item {
@extend %clickable;
display: flex;
align-items: center;
color: inherit;
@ -85,4 +84,6 @@ vn-item,
}
}
a.vn-item {
@extend %clickable;
}

1
front/core/components/menu/menu.js
View File

@ -1,5 +1,6 @@
import ngModule from '../../module';
import Popover from '../popover';
import './style.scss';
export default class Menu extends Popover {
show(parent) {

7
front/core/components/menu/style.scss Normal file
View File

@ -0,0 +1,7 @@
@import "./effects";
.vn-menu {
vn-item, .vn-item {
@extend %clickable;
}
}

23
front/core/components/model-proxy/model-proxy.js
View File

@ -107,15 +107,16 @@ export default class ModelProxy extends DataModel {
* Removes a row from the model and emits the 'rowRemove' event.
*
* @param {Number} index The row index
* @return {Promise} The save request promise
*/
remove(index) {
let [item] = this.data.splice(index, 1);
let [row] = this.data.splice(index, 1);
let proxiedIndex = this.proxiedData.indexOf(item);
let proxiedIndex = this.proxiedData.indexOf(row);
this.proxiedData.splice(proxiedIndex, 1);
if (!item.$isNew)
this.removed.push(item);
if (!row.$isNew)
this.removed.push(row);
this.isChanged = true;
if (!this.data.length)
@ -125,7 +126,19 @@ export default class ModelProxy extends DataModel {
this.emit('dataUpdate');
if (this.autoSave)
this.save();
return this.save();
else
return this.$q.resolve();
}
/**
* Removes a row from the model and emits the 'rowRemove' event.
*
* @param {Object} row The row object
* @return {Promise} The save request promise
*/
removeRow(row) {
return this.remove(this.data.indexOf(row));
}
/**

2
front/core/components/searchbar/locale/en.yml
View File

@ -1 +1 @@
Search by: Search by {{module | translate}}
Search for: Search {{module}}

2
front/core/components/searchbar/locale/es.yml
View File

@ -1 +1 @@
Search by: Buscar por {{module | translate}}
Search for: Buscar {{module}}

19
front/core/components/searchbar/searchbar.js
View File

@ -16,6 +16,7 @@ import './style.scss';
* @property {Function} onSearch Function to call when search is submited
* @property {CrudModel} model The model used for searching
* @property {Function} exprBuilder If defined, is used to build each non-null param expresion
* @property {String} baseState The base state for searchs
*/
export default class Searchbar extends Component {
constructor($element, $) {
@ -23,6 +24,8 @@ export default class Searchbar extends Component {
this.searchState = '.';
this.placeholder = 'Search';
this.autoState = true;
this.separateIndex = true;
this.entityState = 'card.summary';
this.deregisterCallback = this.$transitions.onSuccess(
{}, transition => this.onStateChange(transition));
@ -33,11 +36,13 @@ export default class Searchbar extends Component {
if (!this.baseState) {
let stateParts = this.$state.current.name.split('.');
this.baseState = stateParts[0];
}
this.searchState = `${this.baseState}.index`;
} else
this.searchState = this.baseState;
this.searchState = `${this.baseState}.index`;
this.placeholder = this.$t('Search by', {
module: this.baseState
let description = this.$state.get(this.baseState).description;
this.placeholder = this.$t('Search for', {
module: this.$t(description).toLowerCase()
});
}
@ -222,7 +227,7 @@ export default class Searchbar extends Component {
subState += '.index';
break;
default:
subState = 'card.summary';
subState = this.entityState;
}
if (this.stateParams)
@ -292,8 +297,10 @@ ngModule.vnComponent('vnSearchbar', {
panel: '@',
info: '@?',
onSearch: '&?',
baseState: '@?',
autoState: '<?',
baseState: '@?',
entityState: '@?',
separateIndex: '<?',
stateParams: '&?',
model: '<?',
exprBuilder: '&?',

5
front/core/components/tooltip/tooltip.js
View File

@ -1,5 +1,6 @@
import ngModule from '../../module';
import Component from '../../lib/component';
import {kebabToCamel} from '../../lib/string';
import './style.scss';
let positions = ['left', 'right', 'up', 'down'];
@ -206,8 +207,8 @@ ngModule.vnComponent('vnTooltip', {
}
});
directive.$inject = ['$document', '$compile', '$templateRequest'];
export function directive($document, $compile, $templateRequest) {
directive.$inject = ['$document', '$compile'];
export function directive($document, $compile) {
return {
restrict: 'A',
link: function($scope, $element, $attrs) {

382
front/core/components/watcher/watcher.js
View File

@ -1,70 +1,220 @@
import ngModule from '../../module';
import Component from '../../lib/component';
import getModifiedData from '../../lib/modified';
import copyObject from '../../lib/copy';
import isEqual from '../../lib/equals';
import isFullEmpty from '../../lib/full-empty';
import UserError from '../../lib/user-error';
import {mergeFilters} from 'vn-loopback/util/filter';
/**
* Component that checks for changes on a specific model property and
* asks the user to save or discard it when the state changes.
* Also it can save the data to the server when the @url and @idField
* properties are provided.
* Component that checks for changes on a specific model property and asks the
* user to save or discard it when the state changes.
* Also it can save the data to the server when the @url and @idField properties
* are provided.
*
* @property {String} idField The id field name, 'id' if not specified
* @property {*} idValue The id field value
* @property {Boolean} isNew Whether is a new instance
* @property {Boolean} insertMode Whether to enable insert mode
* @property {String} url The base HTTP request path
* @property {Boolean} get Whether to fetch initial data
*/
export default class Watcher extends Component {
constructor($element, $, $state, $stateParams, $transitions, $http, vnApp, $translate, $attrs, $q) {
super($element);
Object.assign(this, {
$,
$state,
$stateParams,
$http,
_: $translate,
$attrs,
vnApp,
$q
});
constructor(...args) {
super(...args);
this.idField = 'id';
this.get = true;
this.insertMode = false;
this.state = null;
this.deregisterCallback = $transitions.onStart({},
this.deregisterCallback = this.$transitions.onStart({},
transition => this.callback(transition));
this.updateOriginalData();
this.snapshot();
}
$onInit() {
if (this.get && this.url)
this.fetchData();
else if (this.get && !this.url)
throw new Error('URL parameter ommitted');
}
let fetch = !this.insertMode
&& this.get
&& this.url
&& this.idValue;
$onChanges() {
if (this.data)
this.updateOriginalData();
if (fetch)
this.fetch();
else {
this.isNew = !!this.insertMode;
this.snapshot();
}
}
$onDestroy() {
this.deregisterCallback();
}
/**
* @type {Booelan} The computed instance HTTP path
*/
get instanceUrl() {
return `${this.url}/${this.idValue}`;
}
/**
* @type {Object} The instance data
*/
get data() {
return this._data;
}
set data(value) {
this._data = value;
this.isNew = !!this.insertMode;
this.snapshot();
}
/**
* @type {Booelan} Whether it's popullated with data
*/
get hasData() {
return !!this.data;
}
set hasData(value) {
if (value)
this.fill();
else
this.delete();
}
/**
* @type {Booelan} Whether instance data have been modified
*/
get dirty() {
return this.form && this.form.$dirty || this.dataChanged();
}
dataChanged() {
let data = this.copyInNewObject(this.data);
return !isEqual(data, this.orgData);
fetch() {
let filter = mergeFilters({
fields: this.fields,
where: this.where,
include: this.include
}, this.filter);
let params = filter ? {filter} : null;
return this.$http.get(this.instanceUrl, params)
.then(json => {
this.overwrite(json.data);
this.isNew = false;
this.snapshot();
})
.catch(err => {
if (!(err.name == 'HttpError' && err.status == 404))
throw err;
if (this.autoFill) {
this.insert();
this.snapshot();
}
});
}
fetchData() {
let id = this.data[this.idField];
return this.$http.get(`${this.url}/${id}`).then(
json => {
this.data = copyObject(json.data);
this.updateOriginalData();
}
);
insert(data) {
this.assign({[this.idField]: this.idValue}, data);
this.isNew = true;
this.deleted = null;
}
delete() {
if (!this.hasData) return;
this.deleted = this.makeSnapshot();
this.clear();
this.isNew = false;
}
recover() {
if (!this.deleted) return;
this.restoreSnapshot(this.deleted);
}
fill() {
if (this.hasData)
return;
if (this.deleted)
this.recover();
else if (this.original && this.original.data)
this.reset();
else
this.insert();
}
reset() {
this.restoreSnapshot(this.original);
this.setPristine();
}
snapshot() {
const snapshot = this.makeSnapshot();
if (snapshot.data) {
const idValue = snapshot.data[this.idField];
if (idValue) this.idValue = idValue;
}
this.original = snapshot;
this.orgData = snapshot.data;
this.deleted = null;
this.setPristine();
}
makeSnapshot() {
return {
data: this.copyData(),
isNew: this.isNew,
ref: this.data
};
}
restoreSnapshot(snapshot) {
if (!snapshot) return;
this._data = snapshot.ref;
this.overwrite(snapshot.data);
this.isNew = snapshot.isNew;
this.deleted = null;
}
writeData(res) {
if (this.hasData)
this.assign(res.data);
this.isNew = false;
this.snapshot();
return res;
}
clear() {
this._data = null;
}
overwrite(data) {
if (data) {
if (!this.data) this._data = {};
overwrite(this.data, data);
} else
this._data = null;
}
assign(...args) {
this._data = Object.assign(this.data || {}, ...args);
}
copyData() {
return copyObject(this.data);
}
refresh() {
return this.fetch();
}
dataChanged() {
return !isEqual(this.orgData, this.copyData());
}
/**
@ -100,9 +250,10 @@ export default class Watcher extends Component {
*/
submit() {
try {
if (this.requestMethod() !== 'post')
if (this.isNew)
this.isInvalid();
else
this.check();
else this.isInvalid();
} catch (err) {
return this.$q.reject(err);
}
@ -122,65 +273,42 @@ export default class Watcher extends Component {
if (this.form)
this.form.$setSubmitted();
const isPost = (this.requestMethod() === 'post');
if (!this.dataChanged() && !isPost) {
this.updateOriginalData();
if (!this.dataChanged() && !this.isNew) {
this.snapshot();
return this.$q.resolve();
}
let changedData = isPost
let changedData = this.isNew
? this.data
: getModifiedData(this.data, this.orgData);
let id = this.idField ? this.orgData[this.idField] : null;
// If watcher is associated to mgCrud
if (this.save && this.save.accept) {
if (id)
changedData[this.idField] = id;
this.save.model = changedData;
return this.$q((resolve, reject) => {
this.save.accept().then(
json => this.writeData({data: json}, resolve),
reject
);
});
return this.save.accept()
.then(json => this.writeData({data: json}));
}
// When mgCrud is not used
if (id) {
return this.$q((resolve, reject) => {
this.$http.patch(`${this.url}/${id}`, changedData).then(
json => this.writeData(json, resolve),
reject
);
});
}
let req;
return this.$q((resolve, reject) => {
this.$http.post(this.url, changedData).then(
json => this.writeData(json, resolve),
reject
);
});
}
/**
* return the request method.
*/
if (this.deleted)
req = this.$http.delete(this.instanceUrl);
else if (this.isNew)
req = this.$http.post(this.url, changedData);
else
req = this.$http.patch(this.instanceUrl, changedData);
requestMethod() {
return this.$attrs.save && this.$attrs.save.toLowerCase();
return req.then(res => this.writeData(res));
}
/**
* Checks if data is ready to send.
*/
check() {
if (this.form && this.form.$invalid)
throw new UserError('Some fields are invalid');
this.isInvalid();
if (!this.dirty)
throw new UserError('No changes to save');
}
@ -220,62 +348,82 @@ export default class Watcher extends Component {
onConfirmResponse(response) {
if (response === 'accept') {
if (this.data)
Object.assign(this.data, this.orgData);
this.reset();
this.$state.go(this.state);
} else
this.state = null;
}
writeData(json, resolve) {
Object.assign(this.data, json.data);
this.updateOriginalData();
resolve(json);
}
updateOriginalData() {
this.orgData = this.copyInNewObject(this.data);
this.setPristine();
}
/**
* @deprecated Use reset()
*/
loadOriginalData() {
const orgData = JSON.parse(JSON.stringify(this.orgData));
this.data = Object.assign(this.data, orgData);
this.setPristine();
this.reset();
}
copyInNewObject(data) {
let newCopy = {};
if (data && typeof data === 'object') {
Object.keys(data).forEach(
key => {
let value = data[key];
if (value instanceof Date)
newCopy[key] = new Date(value.getTime());
else if (!isFullEmpty(value)) {
if (typeof value === 'object')
newCopy[key] = this.copyInNewObject(value);
else
newCopy[key] = value;
}
}
);
}
return newCopy;
/**
* @deprecated Use snapshot()
*/
updateOriginalData() {
this.snapshot();
}
}
Watcher.$inject = ['$element', '$scope', '$state', '$stateParams', '$transitions', '$http', 'vnApp', '$translate', '$attrs', '$q'];
Watcher.$inject = ['$element', '$scope'];
function copyObject(data) {
let newCopy;
if (data && typeof data === 'object') {
newCopy = {};
Object.keys(data).forEach(
key => {
let value = data[key];
if (value instanceof Date)
newCopy[key] = new Date(value.getTime());
else if (!isFullEmpty(value)) {
if (typeof value === 'object')
newCopy[key] = copyObject(value);
else
newCopy[key] = value;
}
}
);
} else
newCopy = data;
return newCopy;
}
function clearObject(obj) {
if (!obj) return;
for (let key in obj) {
if (obj.hasOwnProperty(key))
delete obj[key];
}
}
function overwrite(obj, data) {
if (!obj) return;
clearObject(obj);
Object.assign(obj, data);
}
ngModule.vnComponent('vnWatcher', {
template: require('./watcher.html'),
bindings: {
url: '@?',
idField: '@?',
data: '<',
idValue: '<?',
data: '=',
form: '<',
save: '<',
get: '<?'
save: '<?',
get: '<?',
insertMode: '<?',
autoFill: '<?',
filter: '<?',
fields: '<?',
where: '<?',
include: '<?'
},
controller: Watcher
});

188
front/core/components/watcher/watcher.spec.js
View File

@ -1,5 +1,4 @@
import './watcher.js';
import getModifiedData from '../../lib/modified';
describe('Component vnWatcher', () => {
let $scope;
@ -9,10 +8,16 @@ describe('Component vnWatcher', () => {
let controller;
let $attrs;
let $q;
let data;
beforeEach(ngModule('vnCore'));
beforeEach(inject(($componentController, $rootScope, _$httpBackend_, _$state_, _$q_) => {
data = {
id: 1,
foo: 'bar'
};
$scope = $rootScope.$new();
$element = angular.element('<div></div>');
$state = _$state_;
@ -25,38 +30,49 @@ describe('Component vnWatcher', () => {
}));
describe('$onInit()', () => {
it('should call fetchData() if controllers get and url properties are defined', () => {
controller.get = () => {};
controller.url = 'test.com';
jest.spyOn(controller, 'fetchData').mockReturnThis();
it('should set data empty by default', () => {
controller.$onInit();
expect(controller.fetchData).toHaveBeenCalledWith();
expect(controller.data).toBeUndefined();
});
it(`should throw an error if $onInit is called without url defined`, () => {
controller.get = () => {};
it('should set new data when insert mode is enabled', () => {
controller.insertMode = true;
controller.data = data;
expect(function() {
controller.$onInit();
}).toThrowError(/parameter/);
controller.$onInit();
expect(controller.orgData).toEqual(data);
expect(controller.orgData).toEqual(data);
expect(controller.isNew).toBeTruthy();
});
it('should call backend and fetch data if url and idValue properties are defined', () => {
controller.url = 'Foos';
controller.idValue = 1;
$httpBackend.expectGET('Foos/1').respond(data);
controller.$onInit();
$httpBackend.flush();
expect(controller.orgData).toEqual(data);
expect(controller.orgData).toEqual(data);
expect(controller.orgData).not.toBe(controller.data);
});
});
describe('fetchData()', () => {
it(`should perform a query then store the received data into controller.data and call updateOriginalData()`, () => {
jest.spyOn(controller, 'updateOriginalData');
let json = {data: 'some data'};
controller.data = [1];
controller.idField = 0;
controller.url = 'test.com';
$httpBackend.whenGET('test.com/1').respond(json);
$httpBackend.expectGET('test.com/1');
controller.fetchData();
describe('fetch()', () => {
it(`should perform a query then store the received data into data property and make an snapshot into orgData`, () => {
controller.url = 'Bars';
controller.idValue = 1;
$httpBackend.expectGET('Bars/1').respond(data);
controller.$onInit();
$httpBackend.flush();
expect(controller.data).toEqual({data: 'some data'});
expect(controller.updateOriginalData).toHaveBeenCalledWith();
expect(controller.orgData).toEqual(data);
expect(controller.orgData).toEqual(data);
expect(controller.orgData).not.toBe(controller.data);
});
});
@ -95,14 +111,6 @@ describe('Component vnWatcher', () => {
controller.check();
}).toThrowError();
});
it(`should throw error if controller.dirty is true`, () => {
controller.form = {$invalid: true};
expect(function() {
controller.check();
}).toThrowError();
});
});
describe('realSubmit()', () => {
@ -130,59 +138,60 @@ describe('Component vnWatcher', () => {
});
});
describe('when id is defined', () => {
it(`should perform a query then call controller.writeData()`, done => {
controller.dataChanged = () => {
return true;
};
controller.data = {id: 2};
controller.orgData = {id: 1};
let changedData = getModifiedData(controller.data, controller.orgData);
controller.idField = 'id';
controller.url = 'test.com';
let json = {data: 'some data'};
jest.spyOn(controller, 'writeData');
$httpBackend.whenPATCH(`${controller.url}/1`, changedData).respond(json);
$httpBackend.expectPATCH(`${controller.url}/1`);
controller.realSubmit()
.then(() => {
expect(controller.writeData).toHaveBeenCalledWith(jasmine.any(Object), jasmine.any(Function));
done();
}).catch(done.fail);
describe('should perform a PATCH query and save the data', () => {
it(`should perform a query then call controller.writeData()`, () => {
controller.url = 'Foos';
controller.data = data;
const changedData = {baz: 'value'};
Object.assign(controller.data, changedData);
$httpBackend.expectPATCH('Foos/1', changedData).respond({newProp: 'some'});
controller.realSubmit();
$httpBackend.flush();
expect(controller.data).toEqual(Object.assign({}, data, changedData));
});
});
it(`should perform a POST query then call controller.writeData()`, done => {
controller.dataChanged = () => {
return true;
};
controller.data = {id: 2};
controller.orgData = {id: 1};
controller.url = 'test.com';
let json = {data: 'some data'};
jest.spyOn(controller, 'writeData');
$httpBackend.whenPOST(`${controller.url}`, controller.data).respond(json);
$httpBackend.expectPOST(`${controller.url}`, controller.data);
controller.realSubmit()
.then(() => {
expect(controller.writeData).toHaveBeenCalledWith(jasmine.any(Object), jasmine.any(Function));
done();
}).catch(done.fail);
it(`should perform a POST query and save the data`, () => {
controller.insertMode = true;
controller.url = 'Foos';
controller.data = data;
const changedData = {baz: 'value'};
Object.assign(controller.data, changedData);
$httpBackend.expectPOST('Foos', controller.data).respond({newProp: 'some'});
controller.realSubmit();
$httpBackend.flush();
expect(controller.data).toEqual(Object.assign({}, data, changedData));
});
describe('should perform a DELETE query and save empty data', () => {
it(`should perform a query then call controller.writeData()`, () => {
controller.url = 'Foos';
controller.data = data;
controller.delete();
$httpBackend.expectDELETE('Foos/1').respond();
controller.realSubmit();
$httpBackend.flush();
expect(controller.data).toBeNull();
});
});
});
describe('writeData()', () => {
it(`should call Object.asssign() function over controllers.data with json.data, then call updateOriginalData function and finally call resolve() function`, () => {
jest.spyOn(controller, 'updateOriginalData');
controller.data = {};
let json = {data: 'some data'};
let resolve = jasmine.createSpy('resolve');
controller.writeData(json, resolve);
it(`should save data into orgData`, () => {
controller.data = data;
Object.assign(controller.data, {baz: 'value'});
expect(controller.updateOriginalData).toHaveBeenCalledWith();
expect(resolve).toHaveBeenCalledWith(json);
controller.writeData({});
expect(controller.data).toEqual(controller.orgData);
});
});
@ -224,37 +233,38 @@ describe('Component vnWatcher', () => {
describe(`onConfirmResponse()`, () => {
describe(`when response is accept`, () => {
it(`should call Object.assing on controlle.data with controller.orgData then call go() on state`, () => {
let response = 'accept';
controller.data = {};
controller.orgData = {name: 'Batman'};
it(`should reset data them go to state`, () => {
let data = {key: 'value'};
controller.data = data;
data.foo = 'bar';
controller.$state = {go: jasmine.createSpy('go')};
controller.state = 'Batman';
controller.onConfirmResponse(response);
controller.state = 'foo.bar';
controller.onConfirmResponse('accept');
expect(controller.data).toEqual(controller.orgData);
expect(controller.data).toEqual({key: 'value'});
expect(controller.$state.go).toHaveBeenCalledWith(controller.state);
});
});
describe(`when response is not accept`, () => {
it(`should set controller.state to null`, () => {
let response = 'anything but accept';
controller.state = 'Batman';
controller.onConfirmResponse(response);
controller.onConfirmResponse('cancel');
expect(controller.state).toBeFalsy();
});
});
});
describe(`loadOriginalData()`, () => {
it(`should iterate over the current data object, delete all properties then assign the ones from original data`, () => {
controller.data = {name: 'Bruce'};
controller.orgData = {name: 'Batman'};
controller.loadOriginalData();
describe(`reset()`, () => {
it(`should reset data as it was before changing it`, () => {
let data = {key: 'value'};
expect(controller.data).toEqual(controller.orgData);
controller.data = data;
data.foo = 'bar';
controller.reset();
expect(data).toEqual({key: 'value'});
});
});
});

2
front/core/directives/rule.js
View File

@ -65,7 +65,7 @@ export function directive($translate, $window) {
};
if (form)
$scope.$watch(form.$submitted, refreshError);
$scope.$watch(() => form.$submitted, refreshError);
}
}
ngModule.directive('rule', directive);

6
front/core/styles/effects.scss
View File

@ -25,4 +25,10 @@
%active {
background-color: $color-active;
color: $color-active-font;
&:hover,
&:focus {
background-color: $color-active;
color: $color-active-font;
}
}

BIN
front/core/styles/icons/MaterialIcons-Regular.woff2
View File

Binary file not shown.

1
front/module-import.js
View File

@ -18,5 +18,6 @@ export default function moduleImport(moduleName) {
case 'invoiceOut' : return import('invoiceOut/front');
case 'route' : return import('route/front');
case 'entry' : return import('entry/front');
case 'account' : return import('account/front');
}
}

4
front/salix/components/descriptor/index.html
View File

@ -8,13 +8,13 @@
<div class="header">
<a
translate-attr="{title: 'Go to module index'}"
ui-sref="{{::$ctrl.module}}.index"
ui-sref="{{::$ctrl.indexState}}"
name="goToModuleIndex">
<vn-icon icon="{{$ctrl.moduleMap[$ctrl.module].icon}}"></vn-icon>
</a>
<a
translate-attr="{title: 'Preview'}"
ui-sref="{{::$ctrl.module}}.card.summary({id: $ctrl.descriptor.id})">
ui-sref="{{::$ctrl.summaryState}}({id: $ctrl.descriptor.id})">
<vn-icon icon="desktop_windows"></vn-icon>
</a>
<vn-icon-button

11
front/salix/components/descriptor/index.js
View File

@ -15,6 +15,8 @@ export default class Descriptor extends Component {
}
$postLink() {
super.$postLink();
const content = this.element.querySelector('vn-descriptor-content');
if (!content) throw new Error('Directive vnDescriptorContent not found');
@ -104,6 +106,14 @@ export class DescriptorContent {
this.$transclude = $transclude;
this.moduleMap = vnModules.getMap();
}
get summaryState() {
return `${this.baseState || this.module}.card.summary`;
}
get indexState() {
return this.baseState || `${this.module}.index`;
}
}
DescriptorContent.$inject = ['$transclude', 'vnModules'];
@ -112,6 +122,7 @@ ngModule.vnComponent('vnDescriptorContent', {
controller: DescriptorContent,
bindings: {
module: '@',
baseState: '@?',
description: '<',
descriptor: '<?'
},

2
front/salix/components/layout/index.js
View File

@ -15,7 +15,7 @@ export class Layout extends Component {
getUserData() {
this.$http.get('Accounts/getCurrentUserData').then(json => {
this.$.$root.user = json.data;
window.localStorage.currentUserWorkerId = json.data.workerId;
window.localStorage.currentUserWorkerId = json.data.id;
});
}
}

4
front/salix/components/left-menu/left-menu.html
View File

@ -1,6 +1,6 @@
<ul class="vn-list" ng-if="::$ctrl.items.length > 0">
<li ng-repeat="item in ::$ctrl.items" name="{{::item.description}}">
<a ng-if="!item.external"
<a ng-if="::!item.external"
ui-sref="{{::item.state}}"
class="vn-item"
ng-class="{active: item.active && !item.childs, expanded: item.active}"
@ -15,7 +15,7 @@
<vn-icon icon="keyboard_arrow_down" ng-if="::item.childs.length > 0"></vn-icon>
</vn-item-section>
</a>
<a ng-if="item.external"
<a ng-if="::item.external"
href="{{::item.url}}"
class="vn-item">
<vn-item-section avatar>

119
front/salix/components/left-menu/left-menu.js
View File

@ -32,73 +32,86 @@ export default class LeftMenu {
let moduleIndex = this.$state.current.data.moduleIndex;
let moduleFile = window.routes[moduleIndex] || [];
let menu = moduleFile.menus && moduleFile.menus[this.source] || [];
let items = [];
let addItem = (items, item) => {
let state = states[item.state];
if (state) {
state = state.self;
let acl = state.data.acl;
let cloneItems = (items, parent) => {
let myItems = [];
if (acl && !this.aclService.hasAny(acl))
return;
} else if (!item.external) {
console.warn('wrong left-menu definition');
return;
for (let item of items) {
let state = states[item.state];
if (state) {
state = state.self;
let acl = state.data.acl;
if (acl && !this.aclService.hasAny(acl))
continue;
}
let myItem = {
icon: item.icon,
description: item.description || state.description,
state: item.state,
external: item.external,
url: item.url,
parent
};
if (item.childs) {
let myChilds = cloneItems(item.childs, myItem);
if (myChilds.length > 0) {
myItem.childs = myChilds;
myItems.push(myItem);
}
} else
myItems.push(myItem);
}
items.push({
icon: item.icon,
description: item.description || state.description,
state: item.state,
external: item.external,
url: item.url
});
return myItems;
};
for (let item of menu) {
if (item.state || item.external)
addItem(items, item);
else {
let childs = [];
for (let child of item.childs)
addItem(childs, child);
if (childs.length > 0) {
items.push({
icon: item.icon,
description: item.description,
childs: childs
});
}
}
}
return items;
return cloneItems(menu);
}
activateItem() {
let myState = this.$state.current.name
.split('.')
.slice(0, this._depth)
.join('.');
let re = new RegExp(`^${myState}(\\..*)?$`);
if (!this.items) return;
let currentState = this.$state.current.name;
let maxSpecificity = 0;
let selectedItem;
if (this.items) {
// Check items matching current path
for (let item of this.items) {
item.active = re.test(item.state);
function isParentState(state, currentState) {
if (!state) return 0;
let match = state.match(/^(.*)\.index$/);
if (match) state = match[1];
if (item.childs) {
for (let child of item.childs) {
child.active = re.test(child.state);
if (child.active)
item.active = child.active;
}
let isParent =
currentState.startsWith(`${state}.`) ||
currentState === state;
return isParent
? (state.match(/\./g) || []).length + 1
: 0;
}
function selectItem(items) {
if (!items) return;
for (let item of items) {
item.active = false;
let specificity = isParentState(item.state, currentState);
if (specificity > maxSpecificity) {
selectedItem = item;
maxSpecificity = specificity;
}
selectItem(item.childs);
}
}
// Check items matching current path
selectItem(this.items);
while (selectedItem) {
selectedItem.active = true;
selectedItem = selectedItem.parent;
}
}
setActive(item) {

2
front/salix/components/user-popover/index.html
View File

@ -36,7 +36,7 @@
</vn-icon-button>
</div>
<a
ui-sref="worker.card.summary({id: $root.user.workerId})"
ui-sref="worker.card.summary({id: $root.user.id})"
class="vn-button colored"
translate>
My account

1
front/salix/locale/es.yml
View File

@ -44,6 +44,7 @@ Routes: Rutas
Locator: Localizador
Invoices out: Facturas emitidas
Entries: Entradas
Users: Usuarios
# Common

11
loopback/locale/es.json
View File

@ -134,5 +134,14 @@
"This ticket is deleted": "Este ticket está eliminado",
"A travel with this data already exists": "Ya existe un travel con estos datos",
"This thermograph id already exists": "La id del termógrafo ya existe",
"Choose a date range or days forward": "Selecciona un rango de fechas o días en adelante"
"Choose a date range or days forward": "Selecciona un rango de fechas o días en adelante",
"ORDER_ALREADY_CONFIRMED": "ORDER_ALREADY_CONFIRMED",
"Invalid password": "Invalid password",
"Password does not meet requirements": "Password does not meet requirements",
"Role already assigned": "Role already assigned",
"Invalid role name": "Invalid role name",
"Role name must be written in camelCase": "Role name must be written in camelCase",
"can't be set": "can't be set",
"Email already exists": "Email already exists",
"User already exists": "User already exists"
}

114
modules/account/back/methods/role-inherit/sync.js Normal file
View File

@ -0,0 +1,114 @@
const ldap = require('../../util/ldapjs-extra');
module.exports = Self => {
Self.remoteMethod('sync', {
description: 'Synchronizes the user with the other user databases',
http: {
path: `/sync`,
verb: 'PATCH'
}
});
Self.sync = async function() {
let $ = Self.app.models;
let ldapConfig = await $.LdapConfig.findOne({
fields: ['host', 'rdn', 'password', 'groupDn']
});
let accountConfig = await $.AccountConfig.findOne({
fields: ['idBase']
});
if (!ldapConfig) return;
// Connect
let client = ldap.createClient({
url: `ldap://${ldapConfig.host}:389`
});
let ldapPassword = Buffer
.from(ldapConfig.password, 'base64')
.toString('ascii');
await client.bind(ldapConfig.rdn, ldapPassword);
let err;
try {
// Delete roles
let opts = {
scope: 'sub',
attributes: ['dn'],
filter: 'objectClass=posixGroup'
};
res = await client.search(ldapConfig.groupDn, opts);
let reqs = [];
await new Promise((resolve, reject) => {
res.on('error', err => {
if (err.name === 'NoSuchObjectError')
err = new Error(`Object '${ldapConfig.groupDn}' does not exist`);
reject(err);
});
res.on('searchEntry', e => {
reqs.push(client.del(e.object.dn));
});
res.on('end', resolve);
});
await Promise.all(reqs);
// Recreate roles
let roles = await $.Role.find({
fields: ['id', 'name']
});
let accounts = await $.UserAccount.find({
fields: ['id'],
include: {
relation: 'user',
scope: {
fields: ['name'],
include: {
relation: 'roles',
scope: {
fields: ['inheritsFrom']
}
}
}
}
});
let map = new Map();
for (let account of accounts) {
let user = account.user();
for (let inherit of user.roles()) {
let roleId = inherit.inheritsFrom;
if (!map.has(roleId)) map.set(roleId, []);
map.get(roleId).push(user.name);
}
}
reqs = [];
for (let role of roles) {
let newEntry = {
objectClass: ['top', 'posixGroup'],
cn: role.name,
gidNumber: accountConfig.idBase + role.id
};
let memberUid = map.get(role.id);
if (memberUid) newEntry.memberUid = memberUid;
let dn = `cn=${role.name},${ldapConfig.groupDn}`;
reqs.push(client.add(dn, newEntry));
}
await Promise.all(reqs);
} catch (e) {
err = e;
}
// FIXME: Cannot disconnect, hangs on undind() call
// await client.unbind();
if (err) throw err;
};
};

27
modules/account/back/methods/user-account/sync-by-id.js Normal file
View File

@ -0,0 +1,27 @@
module.exports = Self => {
Self.remoteMethod('syncById', {
description: 'Synchronizes the user with the other user databases',
accepts: [
{
arg: 'id',
type: 'number',
description: 'The user id',
required: true
}, {
arg: 'password',
type: 'string',
description: 'The password'
}
],
http: {
path: `/:id/syncById`,
verb: 'PATCH'
}
});
Self.syncById = async function(id, password) {
let user = await Self.app.models.Account.findById(id, {fields: ['name']});
await Self.sync(user.name, password);
};
};

267
modules/account/back/methods/user-account/sync.js Normal file
View File

@ -0,0 +1,267 @@
const ldap = require('../../util/ldapjs-extra');
const nthash = require('smbhash').nthash;
const ssh = require('node-ssh');
const crypto = require('crypto');
module.exports = Self => {
Self.remoteMethod('sync', {
description: 'Synchronizes the user with the other user databases',
accepts: [
{
arg: 'userName',
type: 'string',
description: 'The user name',
required: true
}, {
arg: 'password',
type: 'string',
description: 'The password'
}
],
http: {
path: `/sync`,
verb: 'PATCH'
}
});
Self.sync = async function(userName, password) {
let $ = Self.app.models;
let user = await $.Account.findOne({
fields: ['id'],
where: {name: userName}
});
let isSync = !await $.UserSync.exists(userName);
if (user && isSync) return;
let accountConfig;
let mailConfig;
let extraParams;
let hasAccount = false;
if (user) {
accountConfig = await $.AccountConfig.findOne({
fields: ['homedir', 'shell', 'idBase']
});
mailConfig = await $.MailConfig.findOne({
fields: ['domain']
});
user = await $.Account.findById(user.id, {
fields: [
'id',
'nickname',
'email',
'lang',
'roleFk',
'sync',
'active',
'created',
'updated'
],
where: {name: userName},
include: {
relation: 'roles',
scope: {
include: {
relation: 'inherits',
scope: {
fields: ['name']
}
}
}
}
});
extraParams = {
corporateMail: `${userName}@${mailConfig.domain}`,
uidNumber: accountConfig.idBase + user.id
};
hasAccount = user.active
&& await $.UserAccount.exists(user.id);
}
if (user) {
let bcryptPassword = $.User.hashPassword(password);
await $.Account.upsertWithWhere({id: user.id},
{bcryptPassword}
);
await $.user.upsert({
id: user.id,
username: userName,
password: bcryptPassword,
email: user.email,
created: user.created,
updated: user.updated
});
}
// SIP
if (hasAccount) {
await Self.rawSql('CALL pbx.sip_setPassword(?, ?)',
[user.id, password]
);
}
// LDAP
let ldapConfig = await $.LdapConfig.findOne({
fields: ['host', 'rdn', 'password', 'baseDn', 'groupDn']
});
if (ldapConfig) {
let ldapClient = ldap.createClient({
url: `ldap://${ldapConfig.host}:389`
});
let ldapPassword = Buffer
.from(ldapConfig.password, 'base64')
.toString('ascii');
await ldapClient.bind(ldapConfig.rdn, ldapPassword);
let err;
try {
// Deletes user
try {
let dn = `uid=${userName},${ldapConfig.baseDn}`;
await ldapClient.del(dn);
} catch (e) {
if (e.name !== 'NoSuchObjectError') throw e;
}
// Removes user from groups
let opts = {
scope: 'sub',
attributes: ['dn'],
filter: `&(memberUid=${userName})(objectClass=posixGroup)`
};
res = await ldapClient.search(ldapConfig.groupDn, opts);
let oldGroups = [];
await new Promise((resolve, reject) => {
res.on('error', reject);
res.on('searchEntry', e => oldGroups.push(e.object));
res.on('end', resolve);
});
let reqs = [];
for (oldGroup of oldGroups) {
let change = new ldap.Change({
operation: 'delete',
modification: {memberUid: userName}
});
reqs.push(ldapClient.modify(oldGroup.dn, change));
}
await Promise.all(reqs);
if (hasAccount) {
// Recreates user
let nameArgs = user.nickname.split(' ');
let sshaPassword = crypto
.createHash('sha1')
.update(password)
.digest('base64');
let dn = `uid=${userName},${ldapConfig.baseDn}`;
let newEntry = {
uid: userName,
objectClass: [
'inetOrgPerson',
'posixAccount',
'sambaSamAccount'
],
cn: user.nickname || userName,
displayName: user.nickname,
givenName: nameArgs[0],
sn: nameArgs[1] || 'Empty',
mail: extraParams.corporateMail,
userPassword: `{SSHA}${sshaPassword}`,
preferredLanguage: user.lang,
homeDirectory: `${accountConfig.homedir}/${userName}`,
loginShell: accountConfig.shell,
uidNumber: extraParams.uidNumber,
gidNumber: accountConfig.idBase + user.roleFk,
sambaSID: '-',
sambaNTPassword: nthash(password)
};
await ldapClient.add(dn, newEntry);
// Adds user to groups
let reqs = [];
for (let role of user.roles()) {
let change = new ldap.Change({
operation: 'add',
modification: {memberUid: userName}
});
let roleName = role.inherits().name;
let dn = `cn=${roleName},${ldapConfig.groupDn}`;
reqs.push(ldapClient.modify(dn, change));
}
await Promise.all(reqs);
}
} catch (e) {
err = e;
}
// FIXME: Cannot disconnect, hangs on undind() call
// await ldapClient.unbind();
if (err) throw err;
}
// Samba
let sambaConfig = await $.SambaConfig.findOne({
fields: ['host', 'sshUser', 'sshPass']
});
if (sambaConfig) {
let sshPassword = Buffer
.from(sambaConfig.sshPass, 'base64')
.toString('ascii');
let sshClient = new ssh.NodeSSH();
await sshClient.connect({
host: sambaConfig.host,
username: sambaConfig.sshUser,
password: sshPassword
});
let commands;
if (hasAccount) {
commands = [
`samba-tool user create "${userName}" `
+ `--uid-number=${extraParams.uidNumber} `
+ `--mail-address="${extraParams.corporateMail}" `
+ `--random-password`,
`samba-tool user setexpiry "${userName}" `
+ `--noexpiry`,
`samba-tool user setpassword "${userName}" `
+ `--newpassword="${password}"`,
`mkhomedir_helper "${userName}" 0027`
];
} else {
commands = [
`samba-tool user delete "${userName}"`
];
}
for (let command of commands)
await sshClient.execCommand(command);
await sshClient.dispose();
}
// Mark as synchronized
await $.UserSync.destroyById(userName);
};
};

38
modules/account/back/model-config.json Normal file
View File

@ -0,0 +1,38 @@
{
"AccountConfig": {
"dataSource": "vn"
},
"LdapConfig": {
"dataSource": "vn"
},
"MailAlias": {
"dataSource": "vn"
},
"MailAliasAccount": {
"dataSource": "vn"
},
"MailConfig": {
"dataSource": "vn"
},
"MailForward": {
"dataSource": "vn"
},
"RoleInherit": {
"dataSource": "vn"
},
"RoleRole": {
"dataSource": "vn"
},
"SambaConfig": {
"dataSource": "vn"
},
"UserAccount": {
"dataSource": "vn"
},
"UserPassword": {
"dataSource": "vn"
},
"UserSync": {
"dataSource": "vn"
}
}

43
modules/account/back/models/account-config.json Normal file
View File

@ -0,0 +1,43 @@
{
"name": "AccountConfig",
"base": "VnModel",
"options": {
"mysql": {
"table": "account.accountConfig"
}
},
"properties": {
"id": {
"type": "number",
"id": true
},
"homedir": {
"type": "string",
"required": true
},
"shell": {
"type": "string",
"required": true
},
"idBase": {
"type": "number",
"required": true
},
"min": {
"type": "number",
"required": true
},
"max": {
"type": "number",
"required": true
},
"warn": {
"type": "number",
"required": true
},
"inact": {
"type": "number",
"required": true
}
}
}

36
modules/account/back/models/ldap-config.json Normal file
View File

@ -0,0 +1,36 @@
{
"name": "LdapConfig",
"base": "VnModel",
"options": {
"mysql": {
"table": "account.ldapConfig"
}
},
"properties": {
"id": {
"type": "number",
"id": true
},
"host": {
"type": "string",
"required": true
},
"rdn": {
"type": "string",
"required": true
},
"password": {
"type": "string",
"required": true
},
"baseDn": {
"type": "string"
},
"filter": {
"type": "string"
},
"groupDn": {
"type": "string"
}
}
}

27
modules/account/back/models/mail-alias-account.json Normal file
View File

@ -0,0 +1,27 @@
{
"name": "MailAliasAccount",
"base": "VnModel",
"options": {
"mysql": {
"table": "account.mailAliasAccount"
}
},
"properties": {
"id": {
"type": "number",
"id": true
}
},
"relations": {
"alias": {
"type": "belongsTo",
"model": "MailAlias",
"foreignKey": "mailAlias"
},
"user": {
"type": "belongsTo",
"model": "Account",
"foreignKey": "account"
}
}
}

33
modules/account/back/models/mail-alias.json Normal file
View File

@ -0,0 +1,33 @@
{
"name": "MailAlias",
"base": "VnModel",
"options": {
"mysql": {
"table": "account.mailAlias"
}
},
"properties": {
"id": {
"type": "number",
"id": true
},
"alias": {
"type": "string",
"required": true
},
"description": {
"type": "string"
},
"isPublic": {
"type": "boolean"
}
},
"relations": {
"accounts": {
"type": "hasMany",
"model": "MailAliasAccount",
"foreignKey": "mailAlias",
"property": "id"
}
}
}

19
modules/account/back/models/mail-config.json Normal file
View File

@ -0,0 +1,19 @@
{
"name": "MailConfig",
"base": "VnModel",
"options": {
"mysql": {
"table": "account.mailConfig"
}
},
"properties": {
"id": {
"type": "number",
"id": true
},
"domain": {
"type": "string",
"required": true
}
}
}

25
modules/account/back/models/mail-forward.json Normal file
View File

@ -0,0 +1,25 @@
{
"name": "MailForward",
"base": "VnModel",
"options": {
"mysql": {
"table": "account.mailForward"
}
},
"properties": {
"account": {
"id": true
},
"forwardTo": {
"type": "string",
"required": true
}
},
"relations": {
"user": {
"type": "belongsTo",
"model": "Account",
"foreignKey": "account"
}
}
}

22
modules/account/back/models/role-inherit.js Normal file
View File

@ -0,0 +1,22 @@
const app = require('vn-loopback/server/server');
module.exports = Self => {
require('../methods/role-inherit/sync')(Self);
app.on('started', function() {
let hooks = ['after save', 'after delete'];
for (let hook of hooks) {
Self.observe(hook, async() => {
try {
await Self.rawSql(`
CREATE EVENT account.role_sync
ON SCHEDULE AT CURRENT_TIMESTAMP + INTERVAL 5 SECOND
DO CALL role_sync;
`);
} catch (err) {
if (err.code != 'ER_EVENT_ALREADY_EXISTS') throw err;
}
});
}
});
};

27
modules/account/back/models/role-inherit.json Normal file
View File

@ -0,0 +1,27 @@
{
"name": "RoleInherit",
"base": "VnModel",
"options": {
"mysql": {
"table": "account.roleInherit"
}
},
"properties": {
"id": {
"type": "number",
"id": true
}
},
"relations": {
"owner": {
"type": "belongsTo",
"model": "Role",
"foreignKey": "role"
},
"inherits": {
"type": "belongsTo",
"model": "Role",
"foreignKey": "inheritsFrom"
}
}
}

26
modules/account/back/models/role-role.json Normal file
View File

@ -0,0 +1,26 @@
{
"name": "RoleRole",
"base": "VnModel",
"options": {
"mysql": {
"table": "account.roleRole"
}
},
"properties": {
"role": {
"id": true
}
},
"relations": {
"owner": {
"type": "belongsTo",
"model": "Role",
"foreignKey": "role"
},
"inherits": {
"type": "belongsTo",
"model": "Role",
"foreignKey": "inheritsFrom"
}
}
}

25
modules/account/back/models/samba-config.json Normal file
View File

@ -0,0 +1,25 @@
{
"name": "SambaConfig",
"base": "VnModel",
"options": {
"mysql": {
"table": "account.sambaConfig"
}
},
"properties": {
"id": {
"type": "number",
"id": true
},
"host": {
"type": "string",
"required": true
},
"sshUser": {
"type": "string"
},
"sshPass": {
"type": "string"
}
}
}

5
modules/account/back/models/user-account.js Normal file
View File

@ -0,0 +1,5 @@
module.exports = Self => {
require('../methods/user-account/sync')(Self);
require('../methods/user-account/sync-by-id')(Self);
};

26
modules/account/back/models/user-account.json Normal file
View File

@ -0,0 +1,26 @@
{
"name": "UserAccount",
"base": "VnModel",
"options": {
"mysql": {
"table": "account.account"
}
},
"properties": {
"id": {
"id": true
}
},
"relations": {
"user": {
"type": "belongsTo",
"model": "Account",
"foreignKey": "id"
},
"aliases": {
"type": "hasMany",
"model": "MailAliasAccount",
"foreignKey": "account"
}
}
}

34
modules/account/back/models/user-password.json Normal file
View File

@ -0,0 +1,34 @@
{
"name": "UserPassword",
"base": "VnModel",
"options": {
"mysql": {
"table": "account.userPassword"
}
},
"properties": {
"id": {
"id": true
},
"length": {
"type": "number",
"required": true
},
"nAlpha": {
"type": "number",
"required": true
},
"nUpper": {
"type": "number",
"required": true
},
"nDigits": {
"type": "number",
"required": true
},
"nPunct": {
"type": "number",
"required": true
}
}
}

15
modules/account/back/models/user-sync.json Normal file
View File

@ -0,0 +1,15 @@
{
"name": "UserSync",
"base": "VnModel",
"options": {
"mysql": {
"table": "account.userSync"
}
},
"properties": {
"name": {
"type": "string",
"id": true
}
}
}

30
modules/account/back/util/ldapjs-extra.js Normal file
View File

@ -0,0 +1,30 @@
const ldap = require('ldapjs');
const promisifyObject = require('./promisify').promisifyObject;
module.exports = {
createClient,
Change: ldap.Change
};
/**
* Creates a promisified version of LDAP client.
*
* @param {Object} opts Client options
* @return {Client} The promisified LDAP client
*/
function createClient(opts) {
let client = ldap.createClient(opts);
promisifyObject(client, [
'bind',
'add',
'compare',
'del',
'exop',
'modify',
'modifyDN',
'search',
'starttls',
'unbind'
]);
return client;
}

47
modules/account/back/util/promisify.js Normal file
View File

@ -0,0 +1,47 @@
module.exports = {
promisify,
promisifyObject
};
/**
* Promisifies a function wich follows the (err, res) => {} pattern as last
* function argument and returns the promisified version.
*
* @param {Function} fn Function to promisify
* @return {Function} The promisified function
*/
function promisify(fn) {
return function(...args) {
let thisArg = this;
let orgCb = args[args.length - 1];
if (typeof orgCb !== 'function') orgCb = null;
return new Promise(function(resolve, reject) {
function cb(err, res) {
if (orgCb) orgCb(err, res);
err ? reject(err) : resolve(res);
}
if (orgCb)
args[args.length - 1] = cb;
else
args.push(cb);
fn.apply(thisArg, args);
});
};
}
/**
* Promisifies object methods.
*
* @param {Object} obj Object to promisify
* @param {Array<String>} methods Array of method names to promisify
*/
function promisifyObject(obj, methods) {
for (let method of methods) {
let orgMethod = obj[method];
obj[method] = promisify(orgMethod);
}
}

65
modules/account/front/acl/create/index.html Normal file
View File

@ -0,0 +1,65 @@
<vn-watcher
vn-id="watcher"
url="ACLs"
data="$ctrl.acl"
id-value="$ctrl.$params.id"
insert-mode="!$ctrl.$params.id"
form="form">
</vn-watcher>
<form
name="form"
vn-http-submit="watcher.submitGo('account.acl')"
class="vn-w-md">
<vn-card class="vn-pa-lg">
<vn-horizontal>
<vn-autocomplete
label="Role"
ng-model="$ctrl.acl.principalId"
url="Roles"
id-field="name"
value-field="name"
vn-focus>
</vn-autocomplete>
</vn-horizontal>
<vn-horizontal>
<vn-autocomplete
label="Model"
ng-model="$ctrl.acl.model"
data="$ctrl.models"
id-field="name"
value-field="name">
</vn-autocomplete>
</vn-horizontal>
<vn-horizontal>
<vn-textfield
label="Property"
ng-model="$ctrl.acl.property"
info="Use * to match all properties">
</vn-textfield>
</vn-horizontal>
<vn-horizontal>
<vn-autocomplete
label="Access type"
ng-model="$ctrl.acl.accessType"
data="$ctrl.accessTypes"
id-field="name"
value-field="name">
</vn-autocomplete>
</vn-horizontal>
<vn-horizontal>
<vn-autocomplete
label="Permission"
ng-model="$ctrl.acl.permission"
data="$ctrl.permissions"
id-field="name"
value-field="name">
</vn-autocomplete>
</vn-horizontal>
</vn-card>
<vn-submit
icon="check"
vn-tooltip="Create"
class="round"
fixed-bottom-right>
</vn-submit>
</form>

33
modules/account/front/acl/create/index.js Normal file
View File

@ -0,0 +1,33 @@
import ngModule from '../../module';
import Section from 'salix/components/section';
export default class Controller extends Section {
constructor(...args) {
super(...args);
this.accessTypes = [
{name: '*'},
{name: 'READ'},
{name: 'WRITE'}
];
this.permissions = [
{name: 'ALLOW'},
{name: 'DENY'}
];
this.models = [];
for (let model in window.validations)
this.models.push({name: model});
this.acl = {
property: '*',
principalType: 'ROLE',
accessType: 'READ',
permission: 'ALLOW'
};
}
}
ngModule.component('vnAclCreate', {
template: require('./index.html'),
controller: Controller
});

4
modules/account/front/acl/index.js Normal file
View File

@ -0,0 +1,4 @@
import './main';
import './index/';
import './create';
import './search-panel';

51
modules/account/front/acl/index/index.html Normal file
View File

@ -0,0 +1,51 @@
<vn-auto-search
model="model">
</vn-auto-search>
<vn-data-viewer
model="model"
class="vn-w-sm">
<vn-card>
<vn-list class="separated">
<a
ng-repeat="row in model.data track by row.id"
ui-sref="account.acl.edit(::{id: row.id})"
translate-attr="{title: 'Edit ACL'}"
class="vn-item search-result">
<vn-item-section>
<h6>{{::row.model}}.{{::row.property}}</h6>
<vn-label-value
label="Role"
value="{{::row.principalId}}">
</vn-label-value>
<vn-label-value
label="Access type"
value="{{::row.accessType}}">
</vn-label-value>
<vn-label-value
label="Permission"
value="{{::row.permission}}">
</vn-label-value>
</vn-item-section>
<vn-item-section side>
<vn-icon-button
vn-click-stop="deleteAcl.show(row)"
vn-tooltip="Delete"
icon="delete">
</vn-icon-button>
</vn-item-section>
</a>
</vn-list>
</vn-card>
</vn-data-viewer>
<a ui-sref="account.acl.create"
vn-tooltip="New ACL"
vn-bind="+"
fixed-bottom-right>
<vn-float-button icon="add"></vn-float-button>
</a>
<vn-confirm
vn-id="deleteAcl"
on-accept="$ctrl.onDelete($data)"
question="Are you sure you want to continue?"
message="ACL will be removed">
</vn-confirm>

Some files were not shown because too many files have changed in this diff Show More