Skip to content

Commit

Permalink
Merge pull request #723 from bcgov/dev
Browse files Browse the repository at this point in the history 
Release 1.2.6 changes
  • Loading branch information
@ikethecoder
ikethecoder committed Jan 20, 2023
2 parents 2cbdd3e + 6dfebf1 commit d0d8ab2
Show file tree
Hide file tree
Showing 35 changed files with 499 additions and 282 deletions.
7 changes: 7 additions & 0 deletions src/authz/actions/filterByUserNSorSharedTrue.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
const actionFilterNSorSharedTrue = (context, value) => {
const namespace = context['user']['namespace'];

return { OR: [{ namespace: namespace }, { isShared: true }] };
};

module.exports = actionFilterNSorSharedTrue;
1 change: 1 addition & 0 deletions src/authz/enforcement.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ const actions: any = {
filterByProductNSOrActiveEnvironment: require('./actions/filterByProductNSOrActiveEnvironment'),
filterByTemporaryIdentity: require('./actions/filterByTemporaryIdentity'),
filterByUserNS: require('./actions/filterByUserNS'),
filterByUserNSorSharedTrue: require('./actions/filterByUserNSorSharedTrue'),
filterByUserNSOrNull: require('./actions/filterByUserNSOrNull'),
filterByActive: require('./actions/filterByActive'),
filterByActiveEnvironment: require('./actions/filterByActiveEnvironment'),
Expand Down
4 changes: 3 additions & 1 deletion src/authz/matrix.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,12 @@ ACCESS MANAGER,,,GatewayConsumer,read,,,,,access-manager,,,allow,
ACCESS MANAGER,,BusinessProfile,,,,,,,access-manager,,,allow,
CREDENTIAL ADMIN,,,CredentialIssuer,,"update,delete",,,,credential-admin,,,allow,filterByUserNS
CREDENTIAL ADMIN,,,CredentialIssuer,create,,,,,credential-admin,,,allow,
CREDENTIAL ADMIN,,,CredentialIssuer,read,,,,,credential-admin,,,allow,filterByUserNS
CREDENTIAL ADMIN,,,CredentialIssuer,read,,,,,credential-admin,,,allow,filterByUserNSorSharedTrue
CREDENTIAL ADMIN,,,CredentialIssuer,update,,namespace,,,credential-admin,,,deny,
CREDENTIAL ADMIN,,,CredentialIssuer,,"create,read",namespace,,,credential-admin,,,allow,
CREDENTIAL ADMIN,,sharedIdPs,,,,,,,credential-admin,,,allow,
CREDENTIAL ADMIN,,allSharedIdPs,,,,,,,credential-admin,,,allow,
CREDENTIAL ADMIN,,allProviderUsers,,,,,,,credential-admin,,,allow,
CREDENTIAL ADMIN,,OwnedCredentialIssuer,,,,,,,credential-admin,,,allow,
CREDENTIAL ADMIN,,allCredentialIssuersByNamespace,,,,,,,credential-admin,,,allow,filterByUserNS
CREDENTIAL ADMIN,,,User,read,,,,,credential-admin,,,allow,
Expand Down
6 changes: 3 additions & 3 deletions src/batch/data-rules.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -477,10 +477,10 @@ const metadata = {
environmentDetails: { name: 'toString' },
inheritFrom: {
name: 'connectOne',
list: 'allCredentialIssuers',
list: 'allSharedIdPs',
refKey: 'name',
},
owner: { name: 'connectOne', list: 'allUsers', refKey: 'username' },
owner: { name: 'connectOne', list: 'allProviderUsers', refKey: 'email' },
},
validations: {
isShared: { type: 'boolean' },
Expand All @@ -505,7 +505,7 @@ const metadata = {
clientAuthenticator: 'client-secret',
mode: 'auto',
environmentDetails: [],
owner: 'acope@idir',
owner: 'janis@gov.bc.ca',
},
},
IssuerEnvironmentConfig: {
Expand Down
306 changes: 158 additions & 148 deletions src/batch/feed-worker.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,173 +335,183 @@ export const syncRecords = async function (
buildQueryResponse(md)
);
if (localRecord == null) {
const data: any = {};
for (const field of md.sync) {
if (field in json) {
data[field] = json[field];
try {
const data: any = {};
for (const field of md.sync) {
if (field in json) {
data[field] = json[field];
}
}
}

if ('transformations' in md) {
for (const transformKey of Object.keys(md.transformations)) {
const transformInfo = md.transformations[transformKey];
if (transformInfo.syncFirst) {
// handle these children independently first - return a list of IDs
const allIds = await syncListOfRecords(
if ('transformations' in md) {
for (const transformKey of Object.keys(md.transformations)) {
const transformInfo = md.transformations[transformKey];
if (transformInfo.syncFirst) {
// handle these children independently first - return a list of IDs
const allIds = await syncListOfRecords(
context,
transformInfo,
json[transformKey]
);
logger.debug('CHILDREN [%s] %j', transformKey, allIds);
assert.strictEqual(
allIds.filter((record) => record.status != 200).length,
0,
'Failed updating children'
);
assert.strictEqual(
allIds.filter((record) => typeof record.ownedBy != 'undefined')
.length,
0,
'There are some child records that have exclusive ownership already!'
);
json[transformKey + '_ids'] = allIds.map((status) => status.id);

childResults.push(...allIds);
}
const transformMutation = await transformations[transformInfo.name](
context,
transformInfo,
json[transformKey]
);
logger.debug('CHILDREN [%s] %j', transformKey, allIds);
assert.strictEqual(
allIds.filter((record) => record.status != 200).length,
0,
'Failed updating children'
);
assert.strictEqual(
allIds.filter((record) => typeof record.ownedBy != 'undefined')
.length,
0,
'There are some child records that have exclusive ownership already!'
null,
json,
transformKey
);
json[transformKey + '_ids'] = allIds.map((status) => status.id);

childResults.push(...allIds);
}
const transformMutation = await transformations[transformInfo.name](
context,
transformInfo,
null,
json,
transformKey
);
if (transformMutation != null) {
logger.debug(
' -- Updated [' +
transformKey +
'] ' +
JSON.stringify(data[transformKey]) +
' to ' +
JSON.stringify(transformMutation)
);
data[transformKey] = transformMutation;
if (transformMutation != null) {
logger.debug(
' -- Updated [' +
transformKey +
'] ' +
JSON.stringify(data[transformKey]) +
' to ' +
JSON.stringify(transformMutation)
);
data[transformKey] = transformMutation;
}
}
}
}
data[md.refKey] = eid;
const nr = await batchService.create(entity, data);
if (nr == null) {
logger.error('CREATE FAILED (%s) %j', nr, data);
data[md.refKey] = eid;
const nr = await batchService.create(entity, data);
if (nr == null) {
logger.error('CREATE FAILED (%s) %j', nr, data);
return { status: 400, result: 'create-failed', childResults };
} else {
return { status: 200, result: 'created', id: nr, childResults };
}
} catch (ex) {
logger.error('Caught exception %s', ex);
return { status: 400, result: 'create-failed', childResults };
} else {
return { status: 200, result: 'created', id: nr, childResults };
}
} else {
const transformKeys =
'transformations' in md ? Object.keys(md.transformations) : [];
const data: any = {};

for (const field of md.sync) {
if (!transformKeys.includes(field)) {
logger.debug(
' -- changed? (%s) %j -> %j',
field,
localRecord[field],
json[field]
);
if (field in json && json[field] !== localRecord[field]) {
logger.debug(' -- updated');
data[field] = json[field];
try {
const transformKeys =
'transformations' in md ? Object.keys(md.transformations) : [];
const data: any = {};

for (const field of md.sync) {
if (!transformKeys.includes(field)) {
logger.debug(
' -- changed? (%s) %j -> %j',
field,
localRecord[field],
json[field]
);
if (field in json && json[field] !== localRecord[field]) {
logger.debug(' -- updated');
data[field] = json[field];
}
}
}
}

if ('transformations' in md) {
for (const transformKey of transformKeys) {
logger.debug(' -- changed trans? (%s)', transformKey);
// unset transformKey from data[]
delete data[transformKey];
const transformInfo = md.transformations[transformKey];
if (transformInfo.syncFirst) {
// handle these children independently first - return a list of IDs
const allIds = await syncListOfRecords(
if ('transformations' in md) {
for (const transformKey of transformKeys) {
logger.debug(' -- changed trans? (%s)', transformKey);
// unset transformKey from data[]
delete data[transformKey];
const transformInfo = md.transformations[transformKey];
if (transformInfo.syncFirst) {
// handle these children independently first - return a list of IDs
const allIds = await syncListOfRecords(
context,
transformInfo,
json[transformKey]
);
logger.debug('CHILDREN [%s] %j', transformKey, allIds);
assert.strictEqual(
allIds.filter((record) => record.status != 200).length,
0,
'Failed updating children'
);
logger.debug('%j', localRecord);
assert.strictEqual(
allIds.filter(
(record) =>
typeof record.ownedBy != 'undefined' &&
record.ownedBy != localRecord.id
).length,
0,
'There are some child records that had ownership already (w/ local record)!'
);

json[transformKey + '_ids'] = allIds.map((status) => status.id);
childResults.push(...allIds);
}

const transformMutation = await transformations[transformInfo.name](
context,
transformInfo,
json[transformKey]
);
logger.debug('CHILDREN [%s] %j', transformKey, allIds);
assert.strictEqual(
allIds.filter((record) => record.status != 200).length,
0,
'Failed updating children'
localRecord,
json,
transformKey
);
logger.debug('%j', localRecord);
assert.strictEqual(
allIds.filter(
(record) =>
typeof record.ownedBy != 'undefined' &&
record.ownedBy != localRecord.id
).length,
0,
'There are some child records that had ownership already (w/ local record)!'
);

json[transformKey + '_ids'] = allIds.map((status) => status.id);
childResults.push(...allIds);
}

const transformMutation = await transformations[transformInfo.name](
context,
transformInfo,
localRecord,
json,
transformKey
);
if (transformMutation && transformMutation != null) {
logger.debug(
' -- updated trans (%s) %j -> %j',
transformKey,
localRecord[transformKey],
transformMutation
);
data[transformKey] = transformMutation;
if (transformMutation && transformMutation != null) {
logger.debug(
' -- updated trans (%s) %j -> %j',
transformKey,
localRecord[transformKey],
transformMutation
);
data[transformKey] = transformMutation;
}
}
}
}
if (Object.keys(data).length === 0) {
logger.debug('[%s] [%s] no update', entity, localRecord.id);
return {
status: 200,
result: 'no-change',
id: localRecord['id'],
childResults,
ownedBy:
md.ownedBy && localRecord[md.ownedBy]
? localRecord[md.ownedBy].id
: undefined,
};
}
logger.info(
'[%s] [%s] keys triggering update %j',
entity,
localRecord.id,
Object.keys(data)
);
const nr = await batchService.update(entity, localRecord.id, data);
if (nr == null) {
logger.error('UPDATE FAILED (%s) %j', nr, data);
if (Object.keys(data).length === 0) {
logger.debug('[%s] [%s] no update', entity, localRecord.id);
return {
status: 200,
result: 'no-change',
id: localRecord['id'],
childResults,
ownedBy:
md.ownedBy && localRecord[md.ownedBy]
? localRecord[md.ownedBy].id
: undefined,
};
}
logger.info(
'[%s] [%s] keys triggering update %j',
entity,
localRecord.id,
Object.keys(data)
);
const nr = await batchService.update(entity, localRecord.id, data);
if (nr == null) {
logger.error('UPDATE FAILED (%s) %j', nr, data);
return { status: 400, result: 'update-failed', childResults };
} else {
return {
status: 200,
result: 'updated',
id: nr,
childResults,
ownedBy:
md.ownedBy && localRecord[md.ownedBy]
? localRecord[md.ownedBy].id
: undefined,
};
}
} catch (ex) {
logger.error('Caught exception %s', ex);
return { status: 400, result: 'update-failed', childResults };
} else {
return {
status: 200,
result: 'updated',
id: nr,
childResults,
ownedBy:
md.ownedBy && localRecord[md.ownedBy]
? localRecord[md.ownedBy].id
: undefined,
};
}
}
};
Expand Down
Loading

0 comments on commit d0d8ab2

Please sign in to comment.