Additional changes to setup script (CFM-28)

app/config/database.php.dist

@@ -0,0 +1,126 @@
+<?php
+return [
+    /**
+     * Connection information used by the ORM to connect
+     * to your application's datastores.
+     * Do not use periods in database name - it may lead to error.
+     * See https://github.com/cakephp/cakephp/issues/6471 for details.
+     * Drivers include Mysql Postgres Sqlite Sqlserver
+     * See vendor\cakephp\cakephp\src\Database\Driver for complete list
+     */
+    'Datasources' => [
+        'default' => [
+            'className' => 'Cake\Database\Connection',
+            // Cake supports "Mysql", "Postgres", "Sqlite", or "Sqlserver",
+            // but Registry only supports the first two.
+            'driver' => 'Cake\Database\Driver\Postgres',
+            'persistent' => false,
+            'host' => 'localhost',
+            'username' => 'comanage',
+            'password' => 'somepasswordhere',
+            'database' => 'registry',
+           /**
+             * CakePHP will use the default DB port based on the driver selected
+             * MySQL on MAMP uses port 8889, MAMP users will want to uncomment
+             * the following line and set the port accordingly
+             */
+            //'port' => 'non_standard_port_number',
+            'encoding' => 'utf8',
+            'timezone' => 'UTC',
+            'flags' => [],
+            'cacheMetadata' => true,
+            'log' => false,
+
+            /**
+             * Set identifier quoting to true if you are using reserved words or
+             * special characters in your table or column names. Enabling this
+             * setting will result in queries built using the Query Builder having
+             * identifiers quoted when creating SQL. It should be noted that this
+             * decreases performance because each query needs to be traversed and
+             * manipulated before being executed.
+             */
+            // Set this to true for MySQL
+            'quoteIdentifiers' => false,
+
+            /**
+             * During development, if using MySQL < 5.6, uncommenting the
+             * following line could boost the speed at which schema metadata is
+             * fetched from the database. It can also be set directly with the
+             * mysql configuration directive 'innodb_stats_on_metadata = 0'
+             * which is the recommended value in production environments
+             */
+            //'init' => ['SET GLOBAL innodb_stats_on_metadata = 0'],
+
+            'url' => env('DATABASE_URL', null),
+        ],
+
+        /**
+         * The test connection is used during the test suite.
+         */
+        'test' => [
+            'className' => 'Cake\Database\Connection',
+            'driver' => 'Cake\Database\Driver\Postgres',
+            'persistent' => false,
+            'host' => 'localhost',
+            //'port' => 'non_standard_port_number',
+            'username' => 'my_app',
+            'password' => 'secret',
+            'database' => 'test_myapp',
+            'encoding' => 'utf8',
+            'timezone' => 'UTC',
+            'cacheMetadata' => true,
+            'quoteIdentifiers' => false,
+            'log' => false,
+            //'init' => ['SET GLOBAL innodb_stats_on_metadata = 0'],
+            'url' => env('DATABASE_TEST_URL', null),
+        ],
+
+        /**
+         * For data migration from v4 to v5
+         */
+        'transmogrify' => [
+          'className' => 'Cake\Database\Connection',
+          // Cake supports "Mysql", "Postgres", "Sqlite", or "Sqlserver",
+          // but Registry only supports the first two.
+          'driver' => 'Cake\Database\Driver\Postgres',
+          'persistent' => false,
+          'host' => 'localhost',
+          'username' => 'comanage',
+          'password' => 'somepasswordhere',
+          'database' => 'registryv4',
+          /**
+           * CakePHP will use the default DB port based on the driver selected
+           * MySQL on MAMP uses port 8889, MAMP users will want to uncomment
+           * the following line and set the port accordingly
+           */
+          //'port' => 'non_standard_port_number',
+          'encoding' => 'utf8',
+          'timezone' => 'UTC',
+          'flags' => [],
+          'cacheMetadata' => true,
+          'log' => false,
+
+          /**
+           * Set identifier quoting to true if you are using reserved words or
+           * special characters in your table or column names. Enabling this
+           * setting will result in queries built using the Query Builder having
+           * identifiers quoted when creating SQL. It should be noted that this
+           * decreases performance because each query needs to be traversed and
+           * manipulated before being executed.
+           */
+          // Set to true for MySQL
+          'quoteIdentifiers' => false,
+
+          /**
+           * During development, if using MySQL < 5.6, uncommenting the
+           * following line could boost the speed at which schema metadata is
+           * fetched from the database. It can also be set directly with the
+           * mysql configuration directive 'innodb_stats_on_metadata = 0'
+           * which is the recommended value in production environments
+           */
+          //'init' => ['SET GLOBAL innodb_stats_on_metadata = 0'],
+
+          'url' => env('DATABASE_URL', null),
+        ]
+    ]
+];

app/config/schema/schema.json

@@ -28,6 +28,14 @@
   },
 
   "tables": {
+    "meta": {
+      "columns": {
+        "upgrade_version": { "type": "string", "size": 16 }
+      },
+      "changelog": false,
+      "timestamps": false
+    },
+
     "cos": {
       "columns": {
         "id": {},

app/resources/locales/en_US/command.po

@@ -33,6 +33,12 @@ msgstr "Database schema update successful"
 msgid "db.schema"
 msgstr "Loading database schema from {0}"
 
+msgid "opt.admin-family-name"
+msgstr "Family Name of initial platform administrator"
+
+msgid "opt.admin-given-name"
+msgstr "Given Name of initial platform administrator"
+
 msgid "opt.admin-username"
 msgstr "Username of initial platform administrator"
 
@@ -51,12 +57,21 @@ msgstr "Calculate changes but do not apply"
 msgid "se.already"
 msgstr "Setup appears to have already run"
 
+msgid "se.db.cmpadmin"
+msgstr "Creating the Platform Administrator"
+
 msgid "se.db.co"
 msgstr "Creating COmanage CO"
 
 msgid "se.db.co.done"
 msgstr "COmanage CO created - CO Id: {0}"
 
+msgid "se.done"
+msgstr "Done"
+
+msgid "se.person_role.title"
+msgstr "COmanage Platform Administrator"
+
 msgid "se.salt"
 msgstr "Generating salt file"
 

app/src/Command/SetupCommand.php

@@ -35,7 +35,7 @@
 use Cake\Console\ConsoleOptionParser;
 use Cake\Utility\Security;
 use App\Lib\Enum\PermissionEnum;
-
+use App\Lib\Enum\SuspendableStatusEnum;
 
 class SetupCommand extends Command
 {
@@ -52,6 +52,10 @@ public function buildOptionParser(ConsoleOptionParser $parser): ConsoleOptionPar
   {
     $parser->addOption('admin-username', [
       'help' => __d('command', 'opt.admin-username'),
+    ])->addOption('admin-given-name', [
+      'help' => __d('command', 'opt.admin-given-name'),
+    ])->addOption('admin-family-name', [
+      'help' => __d('command', 'opt.admin-family-name'),
     ])->addOption('force', [
       'help'    => __d('command', 'opt.force'),
       'boolean' => true,
@@ -76,44 +80,89 @@ public function execute(Arguments $args, ConsoleIo $io)
     // Check if the security salt file already exists, and if so abort.
 
     $securitySaltFile = LOCAL . DS . "config" . DS . "security.salt";
-
+    
     if(file_exists($securitySaltFile)) {
       $io->out(__d('command', 'se.already'));
 
       if(!$args->getOption('force')) {
         exit;
       }
     }
-
-    // Set the salt now in case we need it. Normally this is done in bootstrap.php.
-    $salt = hash('sha256', Security::randomBytes(64));
-    Security::setSalt($salt);
-
-    // Write out the salt file
-    $io->out(__d('command', 'se.salt'));
-
-    if(file_put_contents($securitySaltFile, $salt) === false) {
-      $err = error_get_last();
-      throw new \RuntimeException($err[message]);
+
+    // Collect the admin info before we try to do anything
+
+    $givenName = $args->getOption('admin-given-name');
+    $sn = $args->getOption('admin-family-name');
+    $username = $args->getOption('admin-username');
+
+    if(empty($givenName)) {
+      $givenName = $io->ask(__d('command', 'opt.admin-given-name'));
     }
-    // We set 444 to prevent accidental changing of the salt, but also so the
-    // web server user can read it if this script is run by (say) root.
-    // We assume we're not installed on a shared, semi-public server.
-    chmod($securitySaltFile, 0444);
-
-    // We need the following:
-    // - The COmanage CO
-    // - Register the current version for future upgrade purposes
-
-    // Start with the COmanage CO
-
-    $io->out(__d('command', 'se.db.co'));
-
-    $coTable = $this->getTableLocator()->get("Cos");
-
-    $co_id = $coTable->setupCOmanageCO();
-    if(!is_null($co_id)) {
-      $io->out(__d('command', 'se.db.co.done', [$co_id]));
+
+    if(empty($sn)) {
+      $sn = $io->ask(__d('command', 'opt.admin-family-name'));
+    }
+
+    if(empty($username)) {
+      $username = $io->ask(__d('command', 'opt.admin-username'));
     }
+
+    $coTable = $this->getTableLocator()->get('Cos');
+
+    // Add the first CMP Administrator
+
+    $io->out(__d('command', 'se.db.cmpadmin'));
+
+    // We disable validation here because there may be dependencies on
+    // validation aspects that aren't set up yet or aren't available here
+
+    $person = $coTable->People->newEntity([
+      'co_id'   => $co_id,
+      'status'  => SuspendableStatusEnum::Active
+    ],
+    ['validate' => false]);
+
+    $person->names = [$coTable->People->Names->newEntity([
+      'type_id'       => $coTable->Types->getTypeId(coId:       $co_id, 
+                                                    attribute:  'Names.type',
+                                                    value:      'official'),
+      'given'         => $givenName,
+      'family'        => $sn,
+      'primary_name'  => true
+    ],
+    ['validate' => false])];
+
+    $person->identifiers = [$coTable->People->Identifiers->newEntity([
+      'type_id'       => $coTable->Types->getTypeId(coId:       $co_id, 
+                                                    attribute:  'Identifiers.type',
+                                                    value:      'network'),
+      'identifier'    => $username,
+      'login'         => true,
+      'status'        => SuspendableStatusEnum::Active
+    ],
+    ['validate' => false])];
+
+    $person->person_roles = [$coTable->People->PersonRoles->newEntity([
+      'affiliation_type_id'   => $coTable->Types->getTypeId(coId:       $co_id, 
+                                                            attribute:  'PersonRoles.affiliation',
+                                                            value:      'staff'),
+      'title'                 => __d('command', 'se.person_role.title'),
+      'status'                => SuspendableStatusEnum::Active
+    ],
+    ['validate' => false])];
+
+    $person->group_members = [$coTable->People->GroupMembers->newEntity([
+      'group_id' => $coTable->Groups->getAdminGroupId(coId: $co_id)
+    ],
+    ['validate' => false])];
+
+    $person->group_owners = [$coTable->People->GroupOwners->newEntity([
+      'group_id' => $coTable->Groups->getAdminGroupId(coId: $co_id)
+    ],
+    ['validate' => false])];
+
+    $coTable->People->save($person);
+
+    $io->out(__d('command', 'se.done'));
   }
 }

app/src/Command/TransmogrifyCommand.php

@@ -506,6 +506,13 @@ public function execute(Arguments $args, ConsoleIo $io) {
       $schemaPrefix = $outcfg['database'] . '.';
     }
 
+    // Register the current version for future upgrade purposes
+
+    $targetVersion = rtrim(file_get_contents(CONFIG . DS . "VERSION"));
+
+    $metaTable = $this->getTableLocator()->get('Meta');
+    $metaTable->setUpgradeVersion($targetVersion, true);
+
     foreach(array_keys($this->tables) as $t) {
       // If we were given a list of tables see if this table is in the list
       if(!empty($atables) && !in_array($t, $atables))

app/src/Lib/Traits/HistoryTrait.php

@@ -74,9 +74,14 @@ public function changesToString($entity): string {
     if($entity->isNew() || $entity->deleted) {
       // Generate a changeset of non-empty fields
       foreach($diffFields as $field) {
+        if(!is_string($field)) {
+          // This is a related model, skip
+          continue;
+        }
+
         $newValue = $entity->get($field);
 
-        if(!empty($newValue)) {
+        if(!empty($newValue) && is_string($newValue)) {
           if($field == 'type_id') {
             $newValue = $Types->getTypeLabel((int)$newValue);
           }

app/src/Model/Entity/Meta.php

@@ -0,0 +1,40 @@
+<?php
+/**
+ * COmanage Registry Meta Entity
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry
+ * @since         COmanage Registry v5.0.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types = 1);
+
+namespace App\Model\Entity;
+
+use Cake\ORM\Entity;
+
+class Meta extends Entity {
+  protected $_accessible = [
+    '*' => true,
+    'id' => false,
+    'slug' => false, 
+  ];
+}