Pipeline External Match Strategy (CFM-375) and related functionality

app/availableplugins/ApiConnector/config/routes.php

@@ -55,21 +55,21 @@
 
   $builder->delete(
     '/{id}/v2/sorPeople/{sorlabel}/{sorid}',
-    ['plugin' => 'ApiConnector', 'controller' => 'ApiV2', 'action' => 'delete']
+    ['plugin' => 'ApiConnector', 'controller' => 'SorApiV2', 'action' => 'delete']
   )
   ->setPass(['id', 'sorlabel', 'sorid'])
   ->setPatterns(['id' => '[0-9]+']);
 
   $builder->get(
     '/{id}/v2/sorPeople/{sorlabel}/{sorid}',
-    ['plugin' => 'ApiConnector', 'controller' => 'ApiV2', 'action' => 'get']
+    ['plugin' => 'ApiConnector', 'controller' => 'SorApiV2', 'action' => 'get']
   )
   ->setPass(['id', 'sorlabel', 'sorid'])
   ->setPatterns(['id' => '[0-9]+']);
 
   $builder->put(
     '/{id}/v2/sorPeople/{sorlabel}/{sorid}',
-    ['plugin' => 'ApiConnector', 'controller' => 'ApiV2', 'action' => 'upsert']
+    ['plugin' => 'ApiConnector', 'controller' => 'SorApiV2', 'action' => 'upsert']
   )
   ->setPass(['id', 'sorlabel', 'sorid'])
   ->setPatterns(['id' => '[0-9]+']);

app/availableplugins/ApiConnector/resources/locales/en_US/api_connector.po

@@ -25,6 +25,10 @@
 msgid "controller.ApiSources"
 #msgstr "{0,plural,=1{API Source} other{API Sources}}"
 
+# XXX this should autodetect and use the controller key?
+msgid "field.api_source_id"
+msgstr "API Source"
+
 msgid "field.ApiSources.push_mode"
 msgstr "Push Mode"
 

app/availableplugins/ApiConnector/src/Controller/ApiSourceEndpointsController.php

@@ -0,0 +1,70 @@
+<?php
+/**
+ * COmanage Registry Api Source Endpoints Controller
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.2.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types=1);
+
+namespace ApiConnector\Controller;
+
+use Cake\Routing\Router;
+use App\Controller\StandardPluginController;
+
+class ApiSourceEndpointsController extends StandardPluginController {
+  public $paginate = [
+    'order' => [
+      'ApiSourceEndpoints.id' => 'asc'
+    ]
+  ];
+
+  /**
+   * Callback run prior to the request render.
+   *
+   * @since  COmanage Registry v5.2.0
+   * @param  EventInterface $event Cake Event
+   * @return \Cake\Http\Response   HTTP Response
+   */
+
+  public function beforeRender(\Cake\Event\EventInterface $event) {
+    $vv_obj = $this->viewBuilder()->getVar('vv_obj');
+
+    if(!empty($vv_obj)) {
+      $apiSource = $this->ApiSourceEndpoints->ApiSources->get(
+        $vv_obj->api_source_id,
+        ['contain' => 'ExternalIdentitySources']
+      );
+
+      $this->set(
+        'vv_push_endpoint',
+        Router::url(
+          url: '/api/apisource/' . $apiSource->id . '/v2/sorPeople/' . $apiSource->external_identity_source->sor_label,
+          full: true
+        )
+      );
+    }
+
+    return parent::beforeRender($event);
+  }
+}

app/availableplugins/ApiConnector/src/Controller/ApiSourcesController.php

@@ -38,29 +38,4 @@ class ApiSourcesController extends StandardPluginController {
       'ApiSources.id' => 'asc'
     ]
   ];
-
-  /**
-   * Callback run prior to the request render.
-   *
-   * @since  COmanage Registry v5.0.0
-   * @param  EventInterface $event Cake Event
-   * @return \Cake\Http\Response   HTTP Response
-   */
-
-  public function beforeRender(\Cake\Event\EventInterface $event) {
-    $apiSource = $this->ApiSources->get(
-      $this->request->getParam('pass.0'), 
-      ['contain' => 'ExternalIdentitySources']
-    );
-
-    $this->set(
-      'vv_push_endpoint',
-      Router::url(
-        url: '/api/apisource/' . $apiSource->id . '/v2/sorPeople/' . $apiSource->external_identity_source->sor_label,
-        full: true
-      )
-    );
-
-    return parent::beforeRender($event);
-  }
 }

app/availableplugins/ApiConnector/src/Controller/ApiV2Controller.php → app/availableplugins/ApiConnector/src/Controller/SorApiV2Controller.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * COmanage Registry Api Sources API v2 Controller
+ * COmanage Registry Api Sources SOR API v2 Controller
  *
  * Portions licensed to the University Corporation for Advanced Internet
  * Development, Inc. ("UCAID") under one or more contributor license agreements.
@@ -32,7 +32,14 @@
 use \Cake\ORM\TableRegistry;
 use \App\Controller\StandardApiController;
 
-class ApiV2Controller extends StandardApiController {
+class SorApiV2Controller extends StandardApiController {
+  // Map the actions to the Entry Point Model that controls the configuration.
+
+  public $entryPointMap = [
+    'delete' => 'ApiSourceEndpoints',
+    'get'    => 'ApiSourceEndpoints',
+    'upsert' => 'ApiSourceEndpoints'
+  ];
 
   /**
    * Calculate the CO ID associated with the request.
@@ -46,42 +53,11 @@ public function calculateRequestedCOID(): ?int {
 
     $ApiSource = TableRegistry::getTableLocator()->get('ApiConnector.ApiSources');
 
-    $cfg = $ApiSource->get($apiSourceId, ['contain' => 'ExternalIdentitySources']);
+    return $ApiSource->findCoForRecord((int)$apiSourceId);
 
-    return $cfg->external_identity_source->co_id ?? null;
-  }
-
-  /**
-   * Calculate authorization for the current request.
-   * 
-   * @since  COmanage Registry v5.0.0
-   * @return bool     True if the current request is permitted, false otherwise
-   */
+    // $cfg = $ApiSource->get($apiSourceId, ['contain' => 'ExternalIdentitySources']);
 
-  public function calculatePermission(): bool {
-    $request = $this->getRequest();
-    $action = $request->getParam('action');
-    $authUser = $this->RegistryAuth->getAuthenticatedUser();
-
-    $authorized = false;
-
-    // Our authorization is pretty straightforward, the configured API User
-    // is permitted to perform all actions.
-
-    // This should be set or the route won't match
-    $apiSourceId = $this->request->getParam('id');
-
-    $ApiSource = TableRegistry::getTableLocator()->get('ApiConnector.ApiSources');
-
-    $cfg = $ApiSource->get($apiSourceId, ['contain' => 'ApiUsers']);
-
-    if(!empty($cfg->api_user->username) 
-       && !empty($authUser)
-       && $authUser == $cfg->api_user->username) {
-      $authorized = true;
-    }
-
-    return $authorized;
+    // return $cfg->external_identity_source->co_id ?? null;
   }
 
   /**
@@ -193,17 +169,4 @@ public function upsert(string $id, string $sorlabel, string $sorid) {
     $this->response = $this->response->withStatus($resultCode);
     $this->set('vv_results', $results);
   }
-
-  /**
-   * Indicate whether this Controller will handle some or all authnz.
-   * 
-   * @since  COmanage Registry v5.0.0
-   * @param  EventInterface   $event  Cake event, ie: from beforeFilter
-   * @return string                   "no", "open", "authz", or "yes"
-   */
-
-  public function willHandleAuth(\Cake\Event\EventInterface $event): string {
-    // We always take over authz
-    return 'authz';
-  }
 }

app/availableplugins/ApiConnector/src/Model/Entity/ApiSource.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * COmanage Registry Api Source Table
+ * COmanage Registry Api Source Entity
  *
  * Portions licensed to the University Corporation for Advanced Internet
  * Development, Inc. ("UCAID") under one or more contributor license agreements.

app/availableplugins/ApiConnector/src/Model/Entity/ApiSourceEndpoint.php

@@ -0,0 +1,49 @@
+<?php
+/**
+ * COmanage Registry Api Source Endpoint Entity
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.2.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types=1);
+
+namespace ApiConnector\Model\Entity;
+
+use Cake\ORM\Entity;
+
+class ApiSourceEndpoint extends Entity {
+  /**
+   * Fields that can be mass assigned using newEntity() or patchEntity().
+   *
+   * Note that when '*' is set to true, this allows all unspecified fields to
+   * be mass assigned. For security purposes, it is advised to set '*' to false
+   * (or remove it), and explicitly make individual fields accessible as needed.
+   *
+   * @var array<string, bool>
+   */
+  protected $_accessible = [
+    '*' => true,
+    'id' => false,
+    'slug' => false,
+  ];
+}

app/availableplugins/ApiConnector/src/Model/Entity/ApiSourceRecord.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * COmanage Registry Api Source Record Table
+ * COmanage Registry Api Source Record Entity
  *
  * Portions licensed to the University Corporation for Advanced Internet
  * Development, Inc. ("UCAID") under one or more contributor license agreements.