Identifier Mapper Pipeline Plugin (CFM-33)

app/availableplugins/PipelineToolkit/resources/locales/en_US/pipeline_toolkit.po

@@ -22,12 +22,21 @@
 # @since         COmanage Registry v5.0.0
 # @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
 
+msgid "controller.IdentifierMappers"
+msgstr "{0,plural,=1{Identifier Mapper} other{Identifier Mappers}}"
+
+msgid "controller.LoginIdentifierTypes"
+msgstr "{0,plural,=1{Login Identifier Type} other{Login Identifier Types}}"
+
 msgid "controller.PersonRoleMappers"
 msgstr "{0,plural,=1{Person Role Mapper} other{Person Role Mappers}}"
 
 msgid "controller.PersonRoleMappings"
 msgstr "{0,plural,=1{Person Role Mapping} other{Person Role Mappings}}"
 
+msgid "error.LoginIdentifierType.already"
+msgstr "Type {0} is already configured (ID {1}) for this Identifier Mapper"
+
 msgid "field.PersonRoleMappings.ad_hoc_tag"
 msgstr "Ad Hoc Attribute Tag"
 

app/availableplugins/PipelineToolkit/templates/PersonRoleMappers/fields-links.inc → app/availableplugins/PipelineToolkit/src/Controller/IdentifierMappersController.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * COmanage Registry Person Role Mappers Links
+ * COmanage Registry Identifier Mappers Controller
  *
  * Portions licensed to the University Corporation for Advanced Internet
  * Development, Inc. ("UCAID") under one or more contributor license agreements.
@@ -21,19 +21,20 @@
  *
  * @link          https://www.internet2.edu/comanage COmanage Project
  * @package       registry-plugins
- * @since         COmanage Registry v5.0.0
+ * @since         COmanage Registry v5.1.0
  * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
  */
 
-$topLinks[] = [
-  'icon'  => 'transform',
-  'order' => 'Default',
-  'label' => __d('pipeline_toolkit', 'controller.PersonRoleMappings', [99]),
-  'link'  => [
-    'plugin'                => 'PipelineToolkit',
-    'controller'            => 'PersonRoleMappings',
-    'action'                => 'index',
-    'person_role_mapper_id' => $vv_obj->id
-  ],
-  'class' => ''
-];
+declare(strict_types=1);
+
+namespace PipelineToolkit\Controller;
+
+use App\Controller\StandardPluginController;
+
+class IdentifierMappersController extends StandardPluginController {
+  public $paginate = [
+    'order' => [
+      'IdentifierMappers.id' => 'asc'
+    ]
+  ];
+}

app/availableplugins/PipelineToolkit/src/Controller/LoginIdentifierTypesController.php

@@ -0,0 +1,40 @@
+<?php
+/**
+ * COmanage Registry Login Identifier Types Controller
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.1.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types=1);
+
+namespace PipelineToolkit\Controller;
+
+use App\Controller\StandardPluginController;
+
+class LoginIdentifierTypesController extends StandardPluginController {
+  public $paginate = [
+    'order' => [
+      'LoginIdentifierTypes.id' => 'asc'
+    ]
+  ];
+}

app/availableplugins/PipelineToolkit/src/Model/Entity/IdentifierMapper.php

@@ -0,0 +1,49 @@
+<?php
+/**
+ * COmanage Registry Identifier Mapper Entity
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.1.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types=1);
+
+namespace PipelineToolkit\Model\Entity;
+
+use Cake\ORM\Entity;
+
+class IdentifierMapper extends Entity {
+  /**
+   * Fields that can be mass assigned using newEntity() or patchEntity().
+   *
+   * Note that when '*' is set to true, this allows all unspecified fields to
+   * be mass assigned. For security purposes, it is advised to set '*' to false
+   * (or remove it), and explicitly make individual fields accessible as needed.
+   *
+   * @var array<string, bool>
+   */
+  protected $_accessible = [
+    '*' => true,
+    'id' => false,
+    'slug' => false,
+  ];
+}

app/availableplugins/PipelineToolkit/src/Model/Entity/LoginIdentifierType.php

@@ -0,0 +1,51 @@
+<?php
+/**
+ * COmanage Registry Login Identifier Type Entity
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.1.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types=1);
+
+namespace PipelineToolkit\Model\Entity;
+
+use Cake\ORM\Entity;
+// use \App\Lib\Enum\ComparisonEnum;
+// use \App\Model\Entity\ExternalIdentityRole;
+
+class LoginIdentifierType extends Entity {
+  /**
+   * Fields that can be mass assigned using newEntity() or patchEntity().
+   *
+   * Note that when '*' is set to true, this allows all unspecified fields to
+   * be mass assigned. For security purposes, it is advised to set '*' to false
+   * (or remove it), and explicitly make individual fields accessible as needed.
+   *
+   * @var array<string, bool>
+   */
+  protected $_accessible = [
+    '*' => true,
+    'id' => false,
+    'slug' => false,
+  ];
+}

app/availableplugins/PipelineToolkit/src/Model/Table/IdentifierMappersTable.php

@@ -0,0 +1,158 @@
+<?php
+/**
+ * COmanage Registry Identifier Mappers Table
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry
+ * @since         COmanage Registry v5.1.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types = 1);
+
+namespace PipelineToolkit\Model\Table;
+
+use Cake\ORM\Table;
+use Cake\Validation\Validator;
+
+class IdentifierMappersTable extends Table {
+  use \App\Lib\Traits\ChangelogBehaviorTrait;
+  use \App\Lib\Traits\CoLinkTrait;
+  use \App\Lib\Traits\LabeledLogTrait;
+  use \App\Lib\Traits\PermissionsTrait;
+  use \App\Lib\Traits\PrimaryLinkTrait;
+  use \App\Lib\Traits\TableMetaTrait;
+  use \App\Lib\Traits\ValidationTrait;
+
+  /**
+   * Perform Cake Model initialization.
+   *
+   * @since  COmanage Registry v5.1.0
+   * @param  array  $config Configuration options passed to constructor
+   */
+
+  public function initialize(array $config): void {
+    // Timestamp behavior handles created/modified updates
+    $this->addBehavior('Changelog');
+    $this->addBehavior('Log');
+    $this->addBehavior('Timestamp');
+
+    $this->setTableType(\App\Lib\Enum\TableTypeEnum::Configuration);
+
+    // Define associations
+    $this->belongsTo('Flanges');
+
+    $this->hasMany('PipelineToolkit.LoginIdentifierTypes')
+         ->setDependent(true)
+         ->setCascadeCallbacks(true);
+
+    $this->setDisplayField('id');
+
+    $this->setPrimaryLink(['flange_id']);
+    $this->setRequiresCO(true);
+
+    $this->setPermissions([
+      // Actions that operate over an entity (ie: require an $id)
+      'entity' => [
+        'delete' =>   false, // Delete the pluggable object instead
+        'edit' =>     ['platformAdmin', 'coAdmin'],
+        'view' =>     ['platformAdmin', 'coAdmin']
+      ],
+      // Actions that operate over a table (ie: do not require an $id)
+      'table' => [
+        'add' =>      false,
+        'index' =>    ['platformAdmin', 'coAdmin']
+      ],
+      // Related models whose permissions we'll need, typically for table views
+      'related' => [
+        'table' => [
+          'PipelineToolkit.LoginIdentifierTypes'
+        ]
+      ]
+    ]);
+  }
+
+  /**
+   * Apply mappings for vuildRelatedAttributes.
+   * 
+   * @since  COmanage Registry v5.1.0
+   * @param  Flange   $flange   Flange, including top level plugin configuration
+   * @param  array    $newdata  Array of new Entity data
+   * @param  string   $model    Model name (eg: "EmailAddresses")
+   * @param  Entity   $entity   Original Entity data
+   * @return array              Updated array of new Entity data
+   */
+
+  public function buildRelatedAttributes(
+    \App\Model\Entity\Flange $flange,
+    array $newdata,
+    string $model,
+    ?\Cake\ORM\Entity $entity=null
+  ): array {
+    // We only operate over Identifiers
+    if($model != 'Identifiers') {
+      return $newdata;
+    }
+
+    $retdata = $newdata;
+
+    // Pull our type configuration
+    $typeSettings = $this->LoginIdentifierTypes->find()
+                         ->where(['identifier_mapper_id' => $flange->identifier_mapper->id])
+                         ->all();
+
+    // Note we don't (and can't) preserve login flags if the configuration is changed and
+    // the Pipeline is rerun, but that's probably the correct behavior. Specifically, if
+    // an Identifier is flagged as login, then the configuration is changed so that type
+    // is no longer flagged as login, then the next time the Pipeline runs the Identifier
+    // will be updated to be not login.
+
+    foreach($typeSettings as $ts) {
+      if($ts->type_id == $retdata['type_id'] && $ts->login) {
+        $this->llog('trace', $flange->description . " setting Identifier " . $ts->identifier
+                             . " to be flagged as login=true");
+        $retdata['login'] = true;
+      }
+    }
+
+    return $retdata;
+  }
+
+  /**
+   * Set validation rules.
+   * 
+   * @since  COmanage Registry v5.1.0
+   * @param  Validator $validator Validator
+   * @return Validator            Validator
+   * @throws InvalidArgumentException
+   * @throws RecordNotFoundException
+   */
+
+  public function validationDefault(Validator $validator): Validator {
+    $schema = $this->getSchema();
+
+    $validator->add('flange_id', [
+      'content' => ['rule' => 'isInteger']
+    ]);
+    $validator->notEmptyString('flange_id');
+
+    return $validator; 
+  }
+}