Merge branch 'Internet2:main' into CO-2677

Internet2 · Oct 16, 2023 · c97089a · c97089a
2 parents 52c1f62 + 9628024
commit c97089a
Show file tree

Hide file tree

Showing 64 changed files with 2,677 additions and 226 deletions.
diff --git a/...ePlugin/DuplicateCheckEnroller/Controller/DuplicateCheckEnrollerCoPetitionsController.php b/...ePlugin/DuplicateCheckEnroller/Controller/DuplicateCheckEnrollerCoPetitionsController.php
@@ -70,7 +70,7 @@ protected function execute_plugin_start($id, $onFinish) {
     $this->set('vv_duplicate_account', $duplicate_account);
     $this->set('vv_petition_id', $id);
 
-    $remote_user = getenv($duplicate_account['DuplicateCheckEnroller']['env_remote_user']);
+    $remote_user = getenv($duplicate_account['DuplicateCheckEnroller']['env_remote_user'] ?? IdentifierEnum::ePPN);
 
     if(empty($remote_user)) {
       throw new RuntimeException(_txt('er.duplicate_check_enrollers.remote_user.notfound'));

diff --git a/app/AvailablePlugin/DuplicateCheckEnroller/Lib/lang.php b/app/AvailablePlugin/DuplicateCheckEnroller/Lib/lang.php
@@ -44,7 +44,7 @@
 
   // Fields
   'fd.duplicate_check_enrollers.env_remote_user'          => 'Enviromental Variable',
-  'fd.duplicate_check_enrollers.env_remote_user.desc'     => 'Enviromental Variable used to save the REMOTE USER',
+  'fd.duplicate_check_enrollers.env_remote_user.desc'     => 'Enviromental Variable used to save the REMOTE USER, defaults to ePPN type',
   'fd.duplicate_check_enrollers.identifier_type'          => 'Identifier Type',
   'fd.duplicate_check_enrollers.identifier_type.desc'     => 'Identifier Type to query for (e.g. ePPN)',
   'fd.duplicate_check_enrollers.redirect_url'             => 'Redirect URL',

diff --git a/app/AvailablePlugin/EligibilityWidget/Controller/CoEligibilityWidgetsController.php b/app/AvailablePlugin/EligibilityWidget/Controller/CoEligibilityWidgetsController.php
@@ -188,18 +188,22 @@ public function assign($id) {
     $this->layout = 'ajax';
 
     if (empty($this->request->params['pass'][0])) {
+      $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array(_txt('ct.eligibility_widget.1') . ' Id')), LOG_ERROR);
       throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array(_txt('ct.eligibility_widget.1') . ' Id')));
     }
     if (empty($this->request->data['cou_id'])) {
+      $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array('cou_id')), LOG_ERROR);
       throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array('cou_id')));
     }
     if(empty($this->request->data['co_person_id'])) {
+      $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array('co_person_id')), LOG_ERROR);
       throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array('co_person_id')));
     }
 
     // I need to verify that the CO Person is part of the CO
     $copersonid = $this->request->data['co_person_id'];
     if(!$this->Role->isCoPerson($copersonid, $this->cur_co["Co"]["id"])) {
+      $this->log(__METHOD__ . "::message " . _txt('er.cop.nf', array($copersonid)), LOG_ERROR);
       throw new NotFoundException(_txt('er.cop.nf', array($copersonid)));
     }
 
@@ -217,6 +221,7 @@ public function assign($id) {
     $this->CoPersonRole->save($copr);
 
     if(!$this->CoPersonRole->save($copr)) {
+      $this->log(__METHOD__ . "::message " . _txt('er.db.save'), LOG_ERROR);
       throw new InternalErrorException(_txt('er.db.save'));
     }
 
@@ -292,19 +297,23 @@ public function eligibility($id) {
     $this->layout = 'ajax';
 
     if (empty($this->request->params['pass'][0])) {
+      $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array(_txt('ct.eligibility_widget.1') . ' Id')), LOG_ERROR);
       throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array(_txt('ct.eligibility_widget.1') . ' Id')));
     }
 
     if (empty($this->request->data['ois_id'])) {
+      $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array('ois_id')), LOG_ERROR);
       throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array('ois_id')));
     }
     if(empty($this->request->data['co_person_id'])) {
+      $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array('co_person_id')), LOG_ERROR);
       throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array('co_person_id')));
     }
 
     // I need to verify that the CO Person is part of the CO
     $copersonid = $this->request->data['co_person_id'];
     if(!$this->Role->isCoPerson($copersonid, $this->cur_co["Co"]["id"])) {
+      $this->log(__METHOD__ . "::message " . _txt('er.cop.nf', array($copersonid)), LOG_ERROR);
       throw new NotFoundException(_txt('er.cop.nf', array($copersonid)));
     }
 
@@ -313,6 +322,7 @@ public function eligibility($id) {
                                                               $this->cur_co["Co"]["id"],
                                                               $this->request->data['co_person_id']);
     } catch(Exception $e) {
+      $this->log(__METHOD__ . "::message " .$e->getMessage(), LOG_ERROR);
       // Double quotes are not JSON accepted
       throw new BadRequestException(str_replace('"', "", $e->getMessage()));
     }
@@ -343,9 +353,11 @@ public function personroles($id) {
     $this->layout = 'ajax';
 
     if (empty($this->request->params['pass'][0])) {
+      $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array(_txt('ct.eligibility_widget.1') . ' Id')), LOG_ERROR);
       throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array(_txt('ct.eligibility_widget.1') . ' Id')));
     }
     if(empty($this->request->query["copersonid"])) {
+      $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array('copersonid')), LOG_ERROR);
       throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array('copersonid')));
     }
 
@@ -369,6 +381,7 @@ public function personroles($id) {
 
       $roles = $this->CoPersonRole->find('all', $args);
     } catch(Exception $e) {
+      $this->log(__METHOD__ . "::message " .$e->getMessage(), LOG_ERROR);
       // Double quotes are not JSON accepted
       throw new BadRequestException(str_replace('"', "", $e->getMessage()));
     }
@@ -393,12 +406,14 @@ public function sync($id) {
     $this->layout = 'ajax';
 
     if(empty($this->request->query["copersonrole"])) {
+      $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.specify'), LOG_ERROR);
       throw new InvalidArgumentException(_txt('pl.er.eligibilitywidget.param.specify'));
     }
 
     try{
       $data = $this->CoEligibilityWidget->syncEligibility($this->request->query["copersonrole"]);
     } catch(Exception $e) {
+      $this->log(__METHOD__ . "::message " .$e->getMessage(), LOG_ERROR);
       throw new BadRequestException(str_replace('"', "", $e->getMessage()));
     }
 

diff --git a/app/AvailablePlugin/EligibilityWidget/Model/CoEligibilityWidget.php b/app/AvailablePlugin/EligibilityWidget/Model/CoEligibilityWidget.php
@@ -130,6 +130,7 @@ public function allPersonOrgIdentityFromSource($coId, $coPersonId) {
     $args['conditions']['CoOrgIdentityLink.co_person_id'] = $coPersonId;
     $args['conditions'][] = 'PipelineCoPersonRole.source_org_identity_id IS NOT NULL';
     $args['conditions']['OrgIdentity.co_id'] = $coId;
+    $args['contain'] = false;
 
     $OrgIdentity = ClassRegistry::init('OrgIdentity');
     $org_identities = $OrgIdentity->find('all', $args);
@@ -180,7 +181,6 @@ public function checkEligibility($oidId, $coId, $coPersonId) {
       throw new InvalidArgumentException(_txt('pl.er.eligibilitywidget.ois.inappropriate'));
     }
 
-    $ret = array();
     foreach($emailAddresses as $ea) {
       if (!empty($ea['EmailAddress']['mail'])) {
         try {
@@ -307,7 +307,9 @@ public function personCouMembership($copersonid,
     $args['joins'][0]['table'] = 'cous';
     $args['joins'][0]['alias'] = 'Cou';
     $args['joins'][0]['type'] = 'INNER';
-    $args['joins'][0]['conditions'][0] = 'CoPersonRole.cou_id=Cou.id';
+    $args['joins'][0]['conditions'][] = 'CoPersonRole.cou_id=Cou.id';
+    $args['joins'][0]['conditions'][] = 'Cou.deleted IS NOT TRUE';
+    $args['joins'][0]['conditions'][] = 'Cou.cou_id IS NULL';
     $args['conditions']['CoPersonRole.co_person_id'] = $copersonid;
     $args['conditions'][] = 'CoPersonRole.deleted IS NOT true';
     $args['conditions'][] = 'CoPersonRole.co_person_role_id IS NULL';

diff --git a/app/AvailablePlugin/SqlSource/Lib/lang.php b/app/AvailablePlugin/SqlSource/Lib/lang.php
@@ -42,11 +42,9 @@
     SqlSourceTableModeEnum::Relational  => 'Relational Tables'
   ),
 
-  /*
   // Error messages
-  'er.sqlsource.placeholder'    => 'Placeholder',
-  */
-
+  'er.sqlsource.source_table'     => 'Source Table Name must consist only of alphanumeric characters, dots, dashes, and underscores',
+
   // Plugin texts
   'pl.sqlsource.source_table'     => 'Source Table',
   'pl.sqlsource.table_mode'       => 'Table Mode',

diff --git a/app/AvailablePlugin/SqlSource/Model/SqlSource.php b/app/AvailablePlugin/SqlSource/Model/SqlSource.php
@@ -67,9 +67,11 @@ class SqlSource extends AppModel {
       // We need to constrain the table name here not just for SQL conformance
       // but because SqlSourceBackend will construct raw SQL queries using the
       // source_table name.
-      'rule' => '/^[a-zA-Z0-9\-\.]+$/',
+// Commit with PMO 1156
+      'rule' => '/^[a-zA-Z0-9_\-\.]+$/',
       'required' => true,
-      'allowEmpty' => false
+      'allowEmpty' => false,
+      'message' => 'Source Table Name must consist only of alphanumeric characters, dots, dashes, and underscores'
     ),
     'server_id' => array(
       'content' => array(

diff --git a/app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php b/app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php
@@ -85,21 +85,27 @@ protected function getAdHocAttributes() {
       );
 
       // Introspect the inbound attributes
-      $SourceRecord = $this->getRecordModel();
-
-      $columnTypes = $SourceRecord->getColumnTypes();
+      try {
+        $SourceRecord = $this->getRecordModel();
+
+        $columnTypes = $SourceRecord->getColumnTypes();
+      }
+      catch(MissingTableException $e) {
+        // If there is no AdHocAttribute table just return an empty array
+        return array();
+      }
 
       return array_diff(array_keys($columnTypes), $standardAttrs);
     } else {
       // In Relational mode, we pull the unique tags
 
-      $AdHoc = $this->getRecordModel('AdHocAttribute');
-
-      $args = array();
-      $args['fields'] = 'DISTINCT '.$AdHoc->alias.'.tag';
-      $args['contain'] = false;
-
       try {
+        $AdHoc = $this->getRecordModel('AdHocAttribute');
+
+        $args = array();
+        $args['fields'] = 'DISTINCT '.$AdHoc->alias.'.tag';
+        $args['contain'] = false;
+
         // find('list') would make more sense but because of the nature of our
         // query doesn't work so well
         $tags = $AdHoc->find('all', $args);
@@ -204,6 +210,14 @@ protected function getChangeListFromArchive() {
       // and in Full Mode OrgIdentitySource::syncOrgIdentitySource will separately
       // calculate the list of new IDs. Note order is important, if $archiveTableName
       // and $sourceTableName are swapped, the query will generate INSERTs but not DELETEs.
+
+      // Note that because we can't return new rows here bootstrapping an existing
+      // instannce gets a bit complicated. Basically we won't be able to detect any 
+      // changes until the archive tables are populated, and we need an external event
+      // to make that happen. In FULL mode, a new record will trigger a call to updateCache(),
+      // but that might happen after several updates get ignored. In UPDATE mode
+      // new records won't get processed so we never have the cache updated. The
+      // solution (for now) is for the deployer to prepopulate the tables.
       $diffQuery = "SELECT * FROM " . $archiveTableName . " EXCEPT
                     SELECT * FROM " . $sourceTableName;
 
@@ -226,7 +240,7 @@ protected function getChangeListFromArchive() {
     }
 
     // We perform an array_unique here once rather than after each merge
-    return !empty($changedSorids) ? array_unique($changedSorids) : false;
+    return !empty($changedSorids) ? array_unique($changedSorids) : array();
   }
 
   /**

diff --git a/app/Config/Schema/schema.xml b/app/Config/Schema/schema.xml
@@ -450,10 +450,19 @@
     <field name="remote_ip" type="C" size="80" />
     <field name="created" type="T" />
     <field name="modified" type="T" />
-
+    <field name="api_user_id" type="I">
+      <constraint>REFERENCES cm_api_users(id)</constraint>
+    </field>
+    <field name="revision" type="I" />
+    <field name="deleted" type="L" />
+    <field name="actor_identifier" type="C" size="256" />
+
     <index name="api_users_i1">
       <col>username</col>
-      <unique />
+    </index>
+
+    <index name="api_users_i2">
+      <col>api_user_id</col>
     </index>
   </table>
 
@@ -1254,7 +1263,36 @@
       <col>source_label</col>
     </index>
   </table>
-
+
+  <table name="co_provisioning_targets">
+    <field name="id" type="I">
+      <key />
+      <autoincrement />
+    </field>
+    <field name="co_id" type="I">
+      <notnull />
+      <constraint>REFERENCES cm_cos(id)</constraint>
+    </field>
+    <field name="description" type="C" size="256" />
+    <field name="plugin" type="C" size="32" />
+    <field name="provision_co_group_id" type="I">
+      <constraint>REFERENCES cm_co_groups(id)</constraint>
+    </field>
+    <field name="skip_org_identity_source_id" type="I">
+      <constraint>REFERENCES cm_org_identity_sources(id)</constraint>
+    </field>
+    <field name="status" type="C" size="2" />
+    <field name="retry_interval" type="I" />
+    <field name="max_retry" type="I" />
+    <field name="ordr" type="I" />
+    <field name="created" type="T" />
+    <field name="modified" type="T" />
+
+    <index name="co_provisioning_targets_i1">
+      <col>co_id</col>
+    </index>
+  </table>
+
   <table name="co_provisioning_counts">
     <field name="id" type="I">
       <key />
@@ -1288,35 +1326,6 @@
     </index>
   </table>
 
-  <table name="co_provisioning_targets">
-    <field name="id" type="I">
-      <key />
-      <autoincrement />
-    </field>
-    <field name="co_id" type="I">
-      <notnull />
-      <constraint>REFERENCES cm_cos(id)</constraint>
-    </field>
-    <field name="description" type="C" size="256" />
-    <field name="plugin" type="C" size="32" />
-    <field name="provision_co_group_id" type="I">
-      <constraint>REFERENCES cm_co_groups(id)</constraint>
-    </field>
-    <field name="skip_org_identity_source_id" type="I">
-      <constraint>REFERENCES cm_org_identity_sources(id)</constraint>
-    </field>
-    <field name="status" type="C" size="2" />
-    <field name="retry_interval" type="I" />
-    <field name="max_retry" type="I" />
-    <field name="ordr" type="I" />
-    <field name="created" type="T" />
-    <field name="modified" type="T" />
-
-    <index name="co_provisioning_targets_i1">
-      <col>co_id</col>
-    </index>
-  </table>
-
   <table name="identifiers">
     <field name="id" type="I">
       <key />

diff --git a/app/Config/VERSION b/app/Config/VERSION
@@ -1 +1 @@
-4.2.1
+4.3.0
diff --git a/app/Controller/CoPeopleController.php b/app/Controller/CoPeopleController.php
@@ -237,6 +237,14 @@ public function beforeRender() {
       $args['contain'] = false;
 
       $this->set('vv_vetting_step_count', $this->Co->VettingStep->find('count', $args));
+
+      // Calculate COU node path from root in case the role COU has a parent id.
+      foreach($this->viewVars["co_people"][0]["CoPersonRole"] as $idx => $prole) {
+        if(isset($prole['Cou']['id'])) {
+          // Add the path to parent node under the COU record
+          $this->viewVars["co_people"][0]["CoPersonRole"][$idx]["Cou"]["path"] = $this->constructTreeParentPath($prole['Cou']['id']);
+        }
+      }
     }
 
     parent::beforeRender();
@@ -474,7 +482,29 @@ public function compare($id) {
       $this->view($id);
     }
   }
-
+
+  /**
+   * Create path from parent
+   *
+   * @param  int    $nodeId   The ID of the node
+   * @return string           The path
+   *
+   * @since  COmanage Registry        v4.3.0
+   */
+  public function constructTreeParentPath($nodeId) {
+    if(empty($nodeId)) return "";
+    if(!$this->CoPerson->CoPersonRole->Cou->Behaviors->enabled('Tree')) {
+      return "";
+    }
+
+    $parents = $this->CoPerson->CoPersonRole->Cou->getPath($nodeId);
+
+    if(empty($parents)) return "";
+
+    $parent_names = Hash::extract($parents, '{n}.Cou.name');
+    return implode(" / ", $parent_names);
+  }
+
   /**
    * Expunge (delete with intelligent clean up) a CO Person.
    * - precondition: <id> must exist

diff --git a/app/Controller/CoSettingsController.php b/app/Controller/CoSettingsController.php
@@ -83,6 +83,12 @@ public function add() {
     $this->redirect(array('action' => 'edit', $settingId));
   }
 
+
+  /**
+   * Register GarbageCollector job
+   *
+   * @since  COmanage Registry v4.1.0
+   */
   public function job($id) {
     $this->Co = ClassRegistry::init('Co');
     // Get the delay interval from Platform Settings
@@ -107,7 +113,7 @@ public function job($id) {
           'object_type' => 'Co',
         ),
         0,                                // $delay (in seconds)
-        $interval                         // $requeueInterval (in seconds)
+        $interval*60                      // $requeueInterval (in seconds)
       );
 
       $this->Flash->set(_txt('rs.jb.registered', array($jobid)), array('key' => 'success'));