Release 1.2.6 changes

src/authz/actions/filterByUserNSorSharedTrue.js

@@ -0,0 +1,7 @@
+const actionFilterNSorSharedTrue = (context, value) => {
+  const namespace = context['user']['namespace'];
+
+  return { OR: [{ namespace: namespace }, { isShared: true }] };
+};
+
+module.exports = actionFilterNSorSharedTrue;

src/authz/enforcement.ts

@@ -63,6 +63,7 @@ const actions: any = {
   filterByProductNSOrActiveEnvironment: require('./actions/filterByProductNSOrActiveEnvironment'),
   filterByTemporaryIdentity: require('./actions/filterByTemporaryIdentity'),
   filterByUserNS: require('./actions/filterByUserNS'),
+  filterByUserNSorSharedTrue: require('./actions/filterByUserNSorSharedTrue'),
   filterByUserNSOrNull: require('./actions/filterByUserNSOrNull'),
   filterByActive: require('./actions/filterByActive'),
   filterByActiveEnvironment: require('./actions/filterByActiveEnvironment'),

src/authz/matrix.csv

@@ -47,10 +47,12 @@ ACCESS MANAGER,,,GatewayConsumer,read,,,,,access-manager,,,allow,
 ACCESS MANAGER,,BusinessProfile,,,,,,,access-manager,,,allow,
 CREDENTIAL ADMIN,,,CredentialIssuer,,"update,delete",,,,credential-admin,,,allow,filterByUserNS
 CREDENTIAL ADMIN,,,CredentialIssuer,create,,,,,credential-admin,,,allow,
-CREDENTIAL ADMIN,,,CredentialIssuer,read,,,,,credential-admin,,,allow,filterByUserNS
+CREDENTIAL ADMIN,,,CredentialIssuer,read,,,,,credential-admin,,,allow,filterByUserNSorSharedTrue
 CREDENTIAL ADMIN,,,CredentialIssuer,update,,namespace,,,credential-admin,,,deny,
 CREDENTIAL ADMIN,,,CredentialIssuer,,"create,read",namespace,,,credential-admin,,,allow,
 CREDENTIAL ADMIN,,sharedIdPs,,,,,,,credential-admin,,,allow,
+CREDENTIAL ADMIN,,allSharedIdPs,,,,,,,credential-admin,,,allow,
+CREDENTIAL ADMIN,,allProviderUsers,,,,,,,credential-admin,,,allow,
 CREDENTIAL ADMIN,,OwnedCredentialIssuer,,,,,,,credential-admin,,,allow,
 CREDENTIAL ADMIN,,allCredentialIssuersByNamespace,,,,,,,credential-admin,,,allow,filterByUserNS
 CREDENTIAL ADMIN,,,User,read,,,,,credential-admin,,,allow,

src/batch/data-rules.js

@@ -477,10 +477,10 @@ const metadata = {
       environmentDetails: { name: 'toString' },
       inheritFrom: {
         name: 'connectOne',
-        list: 'allCredentialIssuers',
+        list: 'allSharedIdPs',
         refKey: 'name',
       },
-      owner: { name: 'connectOne', list: 'allUsers', refKey: 'username' },
+      owner: { name: 'connectOne', list: 'allProviderUsers', refKey: 'email' },
     },
     validations: {
       isShared: { type: 'boolean' },
@@ -505,7 +505,7 @@ const metadata = {
       clientAuthenticator: 'client-secret',
       mode: 'auto',
       environmentDetails: [],
-      owner: 'acope@idir',
+      owner: 'janis@gov.bc.ca',
     },
   },
   IssuerEnvironmentConfig: {

src/batch/feed-worker.ts

@@ -335,173 +335,183 @@ export const syncRecords = async function (
     buildQueryResponse(md)
   );
   if (localRecord == null) {
-    const data: any = {};
-    for (const field of md.sync) {
-      if (field in json) {
-        data[field] = json[field];
+    try {
+      const data: any = {};
+      for (const field of md.sync) {
+        if (field in json) {
+          data[field] = json[field];
+        }
       }
-    }
 
-    if ('transformations' in md) {
-      for (const transformKey of Object.keys(md.transformations)) {
-        const transformInfo = md.transformations[transformKey];
-        if (transformInfo.syncFirst) {
-          // handle these children independently first - return a list of IDs
-          const allIds = await syncListOfRecords(
+      if ('transformations' in md) {
+        for (const transformKey of Object.keys(md.transformations)) {
+          const transformInfo = md.transformations[transformKey];
+          if (transformInfo.syncFirst) {
+            // handle these children independently first - return a list of IDs
+            const allIds = await syncListOfRecords(
+              context,
+              transformInfo,
+              json[transformKey]
+            );
+            logger.debug('CHILDREN [%s] %j', transformKey, allIds);
+            assert.strictEqual(
+              allIds.filter((record) => record.status != 200).length,
+              0,
+              'Failed updating children'
+            );
+            assert.strictEqual(
+              allIds.filter((record) => typeof record.ownedBy != 'undefined')
+                .length,
+              0,
+              'There are some child records that have exclusive ownership already!'
+            );
+            json[transformKey + '_ids'] = allIds.map((status) => status.id);
+
+            childResults.push(...allIds);
+          }
+          const transformMutation = await transformations[transformInfo.name](
             context,
             transformInfo,
-            json[transformKey]
-          );
-          logger.debug('CHILDREN [%s] %j', transformKey, allIds);
-          assert.strictEqual(
-            allIds.filter((record) => record.status != 200).length,
-            0,
-            'Failed updating children'
-          );
-          assert.strictEqual(
-            allIds.filter((record) => typeof record.ownedBy != 'undefined')
-              .length,
-            0,
-            'There are some child records that have exclusive ownership already!'
+            null,
+            json,
+            transformKey
           );
-          json[transformKey + '_ids'] = allIds.map((status) => status.id);
-
-          childResults.push(...allIds);
-        }
-        const transformMutation = await transformations[transformInfo.name](
-          context,
-          transformInfo,
-          null,
-          json,
-          transformKey
-        );
-        if (transformMutation != null) {
-          logger.debug(
-            ' -- Updated [' +
-              transformKey +
-              '] ' +
-              JSON.stringify(data[transformKey]) +
-              ' to ' +
-              JSON.stringify(transformMutation)
-          );
-          data[transformKey] = transformMutation;
+          if (transformMutation != null) {
+            logger.debug(
+              ' -- Updated [' +
+                transformKey +
+                '] ' +
+                JSON.stringify(data[transformKey]) +
+                ' to ' +
+                JSON.stringify(transformMutation)
+            );
+            data[transformKey] = transformMutation;
+          }
         }
       }
-    }
-    data[md.refKey] = eid;
-    const nr = await batchService.create(entity, data);
-    if (nr == null) {
-      logger.error('CREATE FAILED (%s) %j', nr, data);
+      data[md.refKey] = eid;
+      const nr = await batchService.create(entity, data);
+      if (nr == null) {
+        logger.error('CREATE FAILED (%s) %j', nr, data);
+        return { status: 400, result: 'create-failed', childResults };
+      } else {
+        return { status: 200, result: 'created', id: nr, childResults };
+      }
+    } catch (ex) {
+      logger.error('Caught exception %s', ex);
       return { status: 400, result: 'create-failed', childResults };
-    } else {
-      return { status: 200, result: 'created', id: nr, childResults };
     }
   } else {
-    const transformKeys =
-      'transformations' in md ? Object.keys(md.transformations) : [];
-    const data: any = {};
-
-    for (const field of md.sync) {
-      if (!transformKeys.includes(field)) {
-        logger.debug(
-          ' -- changed? (%s) %j -> %j',
-          field,
-          localRecord[field],
-          json[field]
-        );
-        if (field in json && json[field] !== localRecord[field]) {
-          logger.debug(' -- updated');
-          data[field] = json[field];
+    try {
+      const transformKeys =
+        'transformations' in md ? Object.keys(md.transformations) : [];
+      const data: any = {};
+
+      for (const field of md.sync) {
+        if (!transformKeys.includes(field)) {
+          logger.debug(
+            ' -- changed? (%s) %j -> %j',
+            field,
+            localRecord[field],
+            json[field]
+          );
+          if (field in json && json[field] !== localRecord[field]) {
+            logger.debug(' -- updated');
+            data[field] = json[field];
+          }
         }
       }
-    }
 
-    if ('transformations' in md) {
-      for (const transformKey of transformKeys) {
-        logger.debug(' -- changed trans? (%s)', transformKey);
-        // unset transformKey from data[]
-        delete data[transformKey];
-        const transformInfo = md.transformations[transformKey];
-        if (transformInfo.syncFirst) {
-          // handle these children independently first - return a list of IDs
-          const allIds = await syncListOfRecords(
+      if ('transformations' in md) {
+        for (const transformKey of transformKeys) {
+          logger.debug(' -- changed trans? (%s)', transformKey);
+          // unset transformKey from data[]
+          delete data[transformKey];
+          const transformInfo = md.transformations[transformKey];
+          if (transformInfo.syncFirst) {
+            // handle these children independently first - return a list of IDs
+            const allIds = await syncListOfRecords(
+              context,
+              transformInfo,
+              json[transformKey]
+            );
+            logger.debug('CHILDREN [%s] %j', transformKey, allIds);
+            assert.strictEqual(
+              allIds.filter((record) => record.status != 200).length,
+              0,
+              'Failed updating children'
+            );
+            logger.debug('%j', localRecord);
+            assert.strictEqual(
+              allIds.filter(
+                (record) =>
+                  typeof record.ownedBy != 'undefined' &&
+                  record.ownedBy != localRecord.id
+              ).length,
+              0,
+              'There are some child records that had ownership already (w/ local record)!'
+            );
+
+            json[transformKey + '_ids'] = allIds.map((status) => status.id);
+            childResults.push(...allIds);
+          }
+
+          const transformMutation = await transformations[transformInfo.name](
             context,
             transformInfo,
-            json[transformKey]
-          );
-          logger.debug('CHILDREN [%s] %j', transformKey, allIds);
-          assert.strictEqual(
-            allIds.filter((record) => record.status != 200).length,
-            0,
-            'Failed updating children'
+            localRecord,
+            json,
+            transformKey
           );
-          logger.debug('%j', localRecord);
-          assert.strictEqual(
-            allIds.filter(
-              (record) =>
-                typeof record.ownedBy != 'undefined' &&
-                record.ownedBy != localRecord.id
-            ).length,
-            0,
-            'There are some child records that had ownership already (w/ local record)!'
-          );
-
-          json[transformKey + '_ids'] = allIds.map((status) => status.id);
-          childResults.push(...allIds);
-        }
-
-        const transformMutation = await transformations[transformInfo.name](
-          context,
-          transformInfo,
-          localRecord,
-          json,
-          transformKey
-        );
-        if (transformMutation && transformMutation != null) {
-          logger.debug(
-            ' -- updated trans (%s) %j -> %j',
-            transformKey,
-            localRecord[transformKey],
-            transformMutation
-          );
-          data[transformKey] = transformMutation;
+          if (transformMutation && transformMutation != null) {
+            logger.debug(
+              ' -- updated trans (%s) %j -> %j',
+              transformKey,
+              localRecord[transformKey],
+              transformMutation
+            );
+            data[transformKey] = transformMutation;
+          }
         }
       }
-    }
-    if (Object.keys(data).length === 0) {
-      logger.debug('[%s] [%s] no update', entity, localRecord.id);
-      return {
-        status: 200,
-        result: 'no-change',
-        id: localRecord['id'],
-        childResults,
-        ownedBy:
-          md.ownedBy && localRecord[md.ownedBy]
-            ? localRecord[md.ownedBy].id
-            : undefined,
-      };
-    }
-    logger.info(
-      '[%s] [%s] keys triggering update %j',
-      entity,
-      localRecord.id,
-      Object.keys(data)
-    );
-    const nr = await batchService.update(entity, localRecord.id, data);
-    if (nr == null) {
-      logger.error('UPDATE FAILED (%s) %j', nr, data);
+      if (Object.keys(data).length === 0) {
+        logger.debug('[%s] [%s] no update', entity, localRecord.id);
+        return {
+          status: 200,
+          result: 'no-change',
+          id: localRecord['id'],
+          childResults,
+          ownedBy:
+            md.ownedBy && localRecord[md.ownedBy]
+              ? localRecord[md.ownedBy].id
+              : undefined,
+        };
+      }
+      logger.info(
+        '[%s] [%s] keys triggering update %j',
+        entity,
+        localRecord.id,
+        Object.keys(data)
+      );
+      const nr = await batchService.update(entity, localRecord.id, data);
+      if (nr == null) {
+        logger.error('UPDATE FAILED (%s) %j', nr, data);
+        return { status: 400, result: 'update-failed', childResults };
+      } else {
+        return {
+          status: 200,
+          result: 'updated',
+          id: nr,
+          childResults,
+          ownedBy:
+            md.ownedBy && localRecord[md.ownedBy]
+              ? localRecord[md.ownedBy].id
+              : undefined,
+        };
+      }
+    } catch (ex) {
+      logger.error('Caught exception %s', ex);
       return { status: 400, result: 'update-failed', childResults };
-    } else {
-      return {
-        status: 200,
-        result: 'updated',
-        id: nr,
-        childResults,
-        ownedBy:
-          md.ownedBy && localRecord[md.ownedBy]
-            ? localRecord[md.ownedBy].id
-            : undefined,
-      };
     }
   }
 };