Initial implementation of Person Role Mapper Pipeline Plugin (CFM-371)

NOTICE

@@ -1,6 +1,6 @@
 COmanage Registry
 
-Copyright (C) 2010-2020
+Copyright (C) 2010-2024
 University Corporation for Advanced Internet Development, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");

app/availableplugins/PipelineToolkit/README.md

@@ -0,0 +1,11 @@
+# PipelineToolkit plugin for CakePHP
+
+## Installation
+
+You can install this plugin into your CakePHP application using [composer](https://getcomposer.org).
+
+The recommended way to install composer packages is:
+
+```
+composer require your-name-here/pipeline-toolkit
+```

app/availableplugins/PipelineToolkit/composer.json

@@ -0,0 +1,24 @@
+{
+    "name": "your-name-here/pipeline-toolkit",
+    "description": "PipelineToolkit plugin for CakePHP",
+    "type": "cakephp-plugin",
+    "license": "MIT",
+    "require": {
+        "php": ">=7.2",
+        "cakephp/cakephp": "4.5.*"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "^8.5 || ^9.3"
+    },
+    "autoload": {
+        "psr-4": {
+            "PipelineToolkit\\": "src/"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "PipelineToolkit\\Test\\": "tests/",
+            "Cake\\Test\\": "vendor/cakephp/cakephp/tests/"
+        }
+    }
+}

app/availableplugins/PipelineToolkit/phpunit.xml.dist

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit
+    colors="true"
+    processIsolation="false"
+    stopOnFailure="false"
+    bootstrap="tests/bootstrap.php"
+    >
+    <php>
+        <ini name="memory_limit" value="-1"/>
+        <ini name="apc.enable_cli" value="1"/>
+    </php>
+
+    <!-- Add any additional test suites you want to run here -->
+    <testsuites>
+        <testsuite name="PipelineToolkit">
+            <directory>tests/TestCase/</directory>
+        </testsuite>
+    </testsuites>
+
+    <!-- Setup fixture extension -->
+    <extensions>
+        <extension class="Cake\TestSuite\Fixture\PHPUnitExtension" />
+    </extensions>
+
+    <filter>
+        <whitelist>
+            <directory suffix=".php">src/</directory>
+        </whitelist>
+    </filter>
+</phpunit>

app/availableplugins/PipelineToolkit/resources/locales/en_US/pipeline_toolkit.po

@@ -0,0 +1,50 @@
+# COmanage Registry Localizations (pipeline_toolkit domain)
+#
+# Portions licensed to the University Corporation for Advanced Internet
+# Development, Inc. ("UCAID") under one or more contributor license agreements.
+# See the NOTICE file distributed with this work for additional information
+# regarding copyright ownership.
+#
+# UCAID licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @link          https://www.internet2.edu/comanage COmanage Project
+# @package       registry
+# @since         COmanage Registry v5.0.0
+# @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+
+msgid "controller.PersonRoleMappers"
+msgstr "{0,plural,=1{Person Role Mapper} other{Person Role Mappers}}"
+
+msgid "controller.PersonRoleMappings"
+msgstr "{0,plural,=1{Person Role Mapping} other{Person Role Mappings}}"
+
+msgid "field.PersonRoleMappings.ad_hoc_tag"
+msgstr "Ad Hoc Attribute Tag"
+
+msgid "field.PersonRoleMappings.affiliation_type_id"
+msgstr "Affilation Type"
+
+msgid "field.PersonRoleMappings.comparison"
+msgstr "Comparison"
+
+msgid "field.PersonRoleMappings.pattern"
+msgstr "Pattern"
+
+msgid "field.PersonRoleMappings.pattern.desc"
+msgstr "For regular expressions, including leading and trailing slashes (eg: /foo.*/)"
+
+msgid "field.PersonRoleMappings.target_cou_id"
+msgstr "Target COU"
+
+msgid "field.PersonRoleMappings.target_affiliation_type_id"
+msgstr "Target Affilation Type"

app/availableplugins/PipelineToolkit/src/Controller/AppController.php

@@ -0,0 +1,10 @@
+<?php
+declare(strict_types=1);
+
+namespace PipelineToolkit\Controller;
+
+use App\Controller\AppController as BaseController;
+
+class AppController extends BaseController
+{
+}

app/availableplugins/PipelineToolkit/src/Controller/PersonRoleMappersController.php

@@ -0,0 +1,40 @@
+<?php
+/**
+ * COmanage Registry Person Role Mappers Controller
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.0.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types=1);
+
+namespace PipelineToolkit\Controller;
+
+use App\Controller\StandardPluginController;
+
+class PersonRoleMappersController extends StandardPluginController {
+  public $paginate = [
+    'order' => [
+      'PersonRoleMappers.id' => 'asc'
+    ]
+  ];
+}

app/availableplugins/PipelineToolkit/src/Controller/PersonRoleMappingsController.php

@@ -0,0 +1,40 @@
+<?php
+/**
+ * COmanage Registry Person Role Mappings Controller
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.0.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types=1);
+
+namespace PipelineToolkit\Controller;
+
+use App\Controller\StandardPluginController;
+
+class PersonRoleMappingsController extends StandardPluginController {
+  public $paginate = [
+    'order' => [
+      'PersonRoleMappings.id' => 'asc'
+    ]
+  ];
+}

app/availableplugins/PipelineToolkit/src/Model/Entity/PersonRoleMapper.php

@@ -0,0 +1,49 @@
+<?php
+/**
+ * COmanage Registry Person Role Mapper Entity
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.0.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types=1);
+
+namespace PipelineToolkit\Model\Entity;
+
+use Cake\ORM\Entity;
+
+class PersonRoleMapper extends Entity {
+  /**
+   * Fields that can be mass assigned using newEntity() or patchEntity().
+   *
+   * Note that when '*' is set to true, this allows all unspecified fields to
+   * be mass assigned. For security purposes, it is advised to set '*' to false
+   * (or remove it), and explicitly make individual fields accessible as needed.
+   *
+   * @var array<string, bool>
+   */
+  protected $_accessible = [
+    '*' => true,
+    'id' => false,
+    'slug' => false,
+  ];
+}

app/availableplugins/PipelineToolkit/src/Model/Entity/PersonRoleMapping.php

@@ -0,0 +1,112 @@
+<?php
+/**
+ * COmanage Registry Person Role Mapping Entity
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.0.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types=1);
+
+namespace PipelineToolkit\Model\Entity;
+
+use Cake\ORM\Entity;
+use \App\Lib\Enum\ComparisonEnum;
+use \App\Model\Entity\ExternalIdentityRole;
+
+class PersonRoleMapping extends Entity {
+  /**
+   * Fields that can be mass assigned using newEntity() or patchEntity().
+   *
+   * Note that when '*' is set to true, this allows all unspecified fields to
+   * be mass assigned. For security purposes, it is advised to set '*' to false
+   * (or remove it), and explicitly make individual fields accessible as needed.
+   *
+   * @var array<string, bool>
+   */
+  protected $_accessible = [
+    '*' => true,
+    'id' => false,
+    'slug' => false,
+  ];
+
+  /**
+   * Determine if the provided array of Person Role attributes matches the
+   * conditions of this Mapping.
+   * 
+   * @since  COmanage Registry v5.0.0
+   * @param  array                 $attributes  Array of Person Role attributes, as currently assembled
+   * @param  ExternalIdentityRole  $eirdata     External Identity Role data, from the backend
+   * @return bool                  true if the conditions match, false otherwise
+   */
+
+  public function matches(array $attributes, ExternalIdentityRole $eirdata): bool {
+    // Some conditions use special tests, most use ComparisonEnum.
+    // In general, we want to use the original EIR data for comparisons.
+
+    if($this->attribute == 'AdHocAttribute.value') {
+      // We first need an AdHocAttribute that matches the configured tag.
+      // Note we only look at AdHocAttributes attached to the EIR, not the
+      // External Identity.
+
+      if(!empty($this->ad_hoc_tag) && !empty($eirdata->ad_hoc_attributes)) {
+        // In the event there is more than one AdHocAttribute with the configured
+        // tag, we'll check each of them, and return true if any match.
+        foreach($eirdata->ad_hoc_attributes as $adhoc) {
+          if(!empty($adhoc->tag) && $this->ad_hoc_tag == $adhoc->tag) {
+            // Correct tag, now compare the value. We only return if compare()
+            // returns true, otherwise we keep iterating.
+
+            if(ComparisonEnum::compare(
+              value:      $adhoc->value,
+              comparison: $this->comparison,
+              pattern:    $this->pattern
+            )) {
+              return true;
+            }
+          }
+        }
+      }
+    } elseif($this->attribute == 'ExternalIdentityRole.affiliation') {
+      // We should be given the affilation type id as mapped from the inbound EIR data,
+      // in which case we simply compare against the configured value
+      return (!empty($eirdata->affiliation_type_id)
+              && !empty($this->affiliation_type_id)
+              && ($eirdata->affiliation_type_id == $this->affiliation_type_id));
+    } else {
+      // This is something like ExternalIdentityRole.title, etc
+
+      $bits = explode('.', $this->attribute, 2);
+      $attr = $bits[1];
+
+      if(!empty($this->comparison) && !empty($this->pattern)) {
+        return ComparisonEnum::compare(
+          value:      $eirdata->$attr,
+          comparison: $this->comparison,
+          pattern:    $this->pattern
+        );
+      }
+    }
+
+    return false;
+  }
+}