Dev 2.0

.github/FUNDING.yml

@@ -0,0 +1 @@
+github: [equalframework]

lib/equal/access/AccessController.class.php

@@ -18,6 +18,8 @@
 
 class AccessController extends Service {
 
+    private $is_request_compliant;
+
     private $permissionsTable;
 
     private $groupsTable;
@@ -30,6 +32,7 @@ class AccessController extends Service {
      * This method cannot be called directly (should be invoked through Singleton::getInstance).
      */
     protected function __construct(Container $container) {
+        $this->is_request_compliant = false;
         $this->permissionsTable = array();
         $this->groupsTable = array();
         $this->usersTable = array();
@@ -614,6 +617,10 @@ public function canPerform($user_id, $action, $object_class, $object_ids) {
     }
 
     public function isRequestCompliant($user_id, $ip_address) {
+        // if compliance has already been evaluated to true, do not re-run the process
+        if($this->is_request_compliant) {
+            return true;
+        }
         $result = true;
         $time = time();
 
@@ -640,10 +647,13 @@ public function isRequestCompliant($user_id, $ip_address) {
                     foreach($values as $value) {
                         switch($rule['policy_rule_type']) {
                             case 'ip_address':
-                                $is_match = self::validateIpAddress($ip_address, $value['value']);
+                                $is_match = $this->validateIpAddress($ip_address, $value['value']);
                                 break;
                             case 'time_range':
-                                $is_match = self::validateTimeRange($time, $value['value']);
+                                $is_match = $this->validateTimeRange($time, $value['value']);
+                                break;
+                            case 'user_group':
+                                $is_match = $this->validateUserGroup($user_id, $value['value']);
                                 break;
                         }
                         // request match with one of the value of the rule
@@ -665,13 +675,18 @@ public function isRequestCompliant($user_id, $ip_address) {
                 }
             }
         }
+        $this->is_request_compliant = $result;
         return $result;
     }
 
+    private function validateUserGroup($user_id, $group) {
+        return $this->hasGroup($group, $user_id);
+    }
+
     /**
      * tests: 192.168.1.123, 192.168.1.0/24, 192.168.*.*
      */
-    private static function validateIpAddress($ip, $pattern) {
+    private function validateIpAddress($ip, $pattern) {
         if(strpos($pattern, '*') !== false) {
             $pattern = str_replace(['.', '*'], ['\.', '[0-9]+'], $pattern);
             if(preg_match('/^' . $pattern . '$/', $ip)) {
@@ -699,7 +714,7 @@ private static function validateIpAddress($ip, $pattern) {
      * var_dump(validate_time_range(1719925622, 'mon@09:00-mon@11:00')); // false
      * var_dump(validate_time_range(1719925622, 'tue@13:00-tue@14:00')); // true
      */
-    private static function validateTimeRange($time, $pattern) {
+    private function validateTimeRange($time, $pattern) {
         list($hours, $minutes) = explode(':', date('H:i', $time));
         $time_of_day = ($hours * 3600) + ($minutes * 60);
 

packages/core/apps/app/version

@@ -1 +1 @@
-053bbb953267581e4d7ec81cdfbf6401
+f4df4f2244e13b43c802d55eb9d12a4b

packages/core/apps/apps/version

@@ -1 +1 @@
-f6e02e9deeff421e0946277e3ec079a3
+3259247aafc763abdbb52639061536cb

packages/core/apps/settings/version

@@ -1 +1 @@
-fdce1bc93d370cd012e91789631d69eb
+d774a26460bc9591c407a6868fe36eff

packages/core/apps/workbench/version

@@ -1 +1 @@
-a9c3e541d1d5650a19556ebc9a76737b
+d85e1ea1561f68f47fa57aad8707abec

packages/core/classes/security/SecurityPolicyRule.class.php

@@ -54,7 +54,7 @@ public static function getColumns() {
                     'user_login',
                     'time_range'
                 ],
-                'dependents'        => ['description'],
+                'dependents'        => ['name', 'description'],
                 'description'       => 'Type of rule (kind of test to perform).'
             ],
 
@@ -97,23 +97,37 @@ public static function calcDescription($self) {
         $self->read(['policy_rule_type']);
 
         foreach($self as $id => $rule) {
-            switch($rule['policy_rule_type']) {
-                case 'ip_address':
-                    $result[$id] = 'Request IP address match against one or more values.';
-                    break;
-                case 'location':
-                    $result[$id] = 'Request geo-location matching one value against a set of cities or regions.';
-                    break;
-                case 'user_group':
-                    $result[$id] = 'User belonging to at least one of the listed groups.';
-                    break;
-                case 'user_login':
-                    $result[$id] = 'User login (email) matching a given pattern.';
-                    break;
-                case 'time_range':
-                    $result[$id] = 'Time of Request included in at least one the listed time ranges.';
-                    break;
-            }
+            $result[$id] = self::computeDescription($rule['policy_rule_type']);
+        }
+        return $result;
+    }
+
+    public static function onchange($event) {
+        $result = [];
+        if(isset($event['policy_rule_type'])) {
+            $result['role'] = self::computeDescription($event['policy_rule_type']);
+        }
+        return $result;
+    }
+
+    public static function computeDescription($rule_type) {
+        $result = '';
+        switch($rule_type) {
+            case 'ip_address':
+                $result = 'Request IP address match against one or more values.';
+                break;
+            case 'location':
+                $result = 'Request geo-location matching one value against a set of cities or regions.';
+                break;
+            case 'user_group':
+                $result = 'User belonging to at least one of the listed groups.';
+                break;
+            case 'user_login':
+                $result = 'User login (email) matching a given pattern.';
+                break;
+            case 'time_range':
+                $result = 'Time of Request included in at least one the listed time ranges.';
+                break;
         }
         return $result;
     }

packages/core/classes/setting/Setting.class.php

@@ -86,7 +86,7 @@ public static function getColumns() {
             'is_sequence' => [
                 'type'              => 'boolean',
                 'description'       => "Marks the setting as a numeric sequence.",
-                 'help'              => "Some settings must have a numeric value, meant to be incremented, and that must match a numeric SQL field in the related table. For tht reason, we use a distinct entity `SettingSequence` for which the `value` field/column is an integer.",
+                'help'              => "Some settings must have a numeric value, meant to be incremented, and that must match a numeric SQL field in the related table. For tht reason, we use a distinct entity `SettingSequence` for which the `value` field/column is an integer.",
                 'default'           => false
             ],
 
@@ -118,10 +118,8 @@ public static function getColumns() {
                     'input',
                     'textarea'
                 ],
-                'usage'             => 'text/plain',
                 'description'       => 'Way in which the form is presented to the User.',
                 'default'           => 'input',
-                'multilang'         => true,
                 'visible'           => ['is_sequence', '=', false]
             ],
 

packages/core/views/menu.workbench.left.json

@@ -8,26 +8,31 @@
     "layout": {
         "items": [
             {
+                "id": "components",
                 "type": "entry",
                 "label": "Components",
                 "icon": "category",
-                "context": [],
-                "children": []
+                "route": "/"
             },
             {
-                "id": "uml.drawer",
+                "id": "pipelines",
+                "type": "entry",
+                "label": "Pipelines",
+                "icon": "insights",
+                "route": "/pipelines"
+            },
+            {
+                "id": "uml",
                 "type": "parent",
                 "label": "UML",
                 "icon": "schema",
-                "context": [],
                 "children": [
                     {
-                        "id": "uml",
+                        "id": "uml.erd",
                         "type": "entry",
                         "label": "ERD",
                         "icon": "account_tree",
-                        "context": [],
-                        "children": []
+                        "route": "/uml"
                     }
                 ]
             }