Moved the anr status and access validation to the middleware, refactored the anr related functionality and cleaned up the entities.

Author: ruslanbaidan

Module.php

@@ -1,24 +1,14 @@
-<?php
+<?php declare(strict_types=1);
 /**
  * @link      https://github.com/monarc-project for the canonical source repository
- * @copyright Copyright (c) 2016-2022 SMILE GIE Securitymadein.lu - Licensed under GNU Affero GPL v3
+ * @copyright Copyright (c) 2016-2024 Luxembourg House of Cybersecurity LHC.lu - Licensed under GNU Affero GPL v3
  * @license   MONARC is licensed under GNU Affero General Public License version 3
  */
 
 namespace Monarc\FrontOffice;
 
-use DateTime;
 use Laminas\Stdlib\ResponseInterface;
-use Monarc\Core\Model\Entity\AnrSuperClass;
 use Monarc\Core\Service\ConnectedUserService;
-use Monarc\FrontOffice\CronTask\Service\CronTaskService;
-use Monarc\FrontOffice\Model\Entity\Anr;
-use Monarc\FrontOffice\Model\Entity\CronTask;
-use Monarc\FrontOffice\Model\Entity\Snapshot;
-use Monarc\FrontOffice\Model\Table\InstanceTable;
-use Monarc\FrontOffice\Model\Table\SnapshotTable;
-use Monarc\FrontOffice\Table\AnrTable;
-use Monarc\FrontOffice\Table\UserAnrTable;
 use Laminas\Http\Request;
 use Laminas\Mvc\ModuleRouteListener;
 use Laminas\Mvc\MvcEvent;
@@ -166,164 +156,14 @@ public function checkRbac(MvcEvent $mvcEvent)
             $roles = $connectedUser->getRoles();
         }
 
-        $isGranted = false;
-        /** @var SnapshotTable $snapshotTable */
-        $snapshotTable = $serviceManager->get(SnapshotTable::class);
-        /** @var UserAnrTable $userAnrTable */
-        $userAnrTable = $serviceManager->get(UserAnrTable::class);
         foreach ($roles as $role) {
             if ($mvcEvent->getViewModel()->rbac->isGranted($role, $route)) {
-                $anrId = (int)$mvcEvent->getRouteMatch()->getParam('id');
-                if (($route === 'monarc_api_client_anr' && $anrId !== 0)
-                    || strncmp($route, 'monarc_api_global_client_anr/', 29) === 0
-                ) {
-                    if ($route !== 'monarc_api_client_anr') {
-                        $anrId = (int)$mvcEvent->getRouteMatch()->getParam('anrid');
-                    }
-                    if ($anrId === 0) {
-                        break;
-                    }
-
-                    $result = $this->validateAnrStatusAndGetResponseIfInvalid($anrId, $mvcEvent, $route);
-                    if ($result !== null) {
-                        return $result;
-                    }
-
-                    $userAnr = $userAnrTable->findByAnrIdAndUser($anrId, $connectedUser);
-                    if ($userAnr === null) {
-                        // We authorise the access for snapshot, but for read only (GET).
-                        if ($mvcEvent->getRequest()->getMethod() !== 'GET'
-                            && !$this->authorizedPost($route, $mvcEvent->getRequest()->getMethod())
-                        ) {
-                            break;
-                        }
-                        /** @var Snapshot|false $snapshot */
-                        $snapshot = current($snapshotTable->getEntityByFields(['anr' => $anrId]));
-                        if ($snapshot === false) {
-                            break;
-                        }
-                        $userAnr = $userAnrTable->findByAnrAndUser($snapshot->getAnrReference(), $connectedUser);
-                        if ($userAnr === null) {
-                            // the user did not have access to the anr, from which this snapshot was created.
-                            break;
-                        }
-                        $isGranted = true;
-                        break;
-                    }
-
-                    if (!$userAnr->hasWriteAccess() && $mvcEvent->getRequest()->getMethod() !== 'GET') {
-                        // We authorize POST for the specific actions.
-                        if ($this->authorizedPost($route, $mvcEvent->getRequest()->getMethod())) {
-                            $isGranted = true;
-                        }
-                        break;
-                    }
-                }
-
-                $isGranted = true;
-                break;
-            }
-        }
-
-        if (!$isGranted) {
-            $response = $mvcEvent->getResponse();
-            $response->setStatusCode($connectedUser === null ? 401 : 403);
-
-            return $response;
-        }
-    }
-
-    private function authorizedPost($route, $method)
-    {
-        return $method === 'POST'
-            && ($route === 'monarc_api_global_client_anr/export' // export ANR
-                || $route === 'monarc_api_global_client_anr/instance_export' // export Instance
-                || $route === 'monarc_api_global_client_anr/objects_export' // export  Object
-                || $route === 'monarc_api_global_client_anr/deliverable' // generate a report
-            );
-    }
-
-    /**
-     * Validates the anr status for NON GET method requests exclude DELETE (cancellation of background import).
-     */
-    private function validateAnrStatusAndGetResponseIfInvalid(
-        int $anrId,
-        MvcEvent $mvcEvent,
-        string $route
-    ): ?ResponseInterface {
-        /* GET requests are always allowed and cancellation of import (delete import process -> PID). */
-        if ($mvcEvent->getRequest()->getMethod() === Request::METHOD_GET
-            || (
-                $mvcEvent->getRequest()->getMethod() === Request::METHOD_DELETE
-                && $route === 'monarc_api_global_client_anr/instance_import'
-            )
-        ) {
-            return null;
-        }
-
-        $serviceManager = $mvcEvent->getApplication()->getServiceManager();
-
-        /** @var Anr $anr */
-        $anr = $serviceManager->get(AnrTable::class)->findById($anrId);
-        if ($anr->isActive()) {
-            return null;
-        }
-
-        /* Allow deleting anr if the status is waiting for import or there is an import error. */
-        if ($route === 'monarc_api_client_anr'
-            && $mvcEvent->getRequest()->getMethod() === Request::METHOD_DELETE
-            && ($anr->getStatus() === AnrSuperClass::STATUS_IMPORT_ERROR
-                || $anr->getStatus() === AnrSuperClass::STATUS_AWAITING_OF_IMPORT
-            )
-        ) {
-            return null;
-        }
-
-        /* Allow to restore a snapshot if there is an import error. */
-        if ($route === 'monarc_api_global_client_anr/snapshot_restore'
-            && $anr->getStatus() === AnrSuperClass::STATUS_IMPORT_ERROR
-            && $mvcEvent->getRequest()->getMethod() === Request::METHOD_POST
-        ) {
-            return null;
-        }
-
-        $result = [
-            'status' => $anr->getStatusName(),
-            'importStatus' => [],
-        ];
-        /** @var CronTaskService $cronTaskService */
-        $cronTaskService = $serviceManager->get(CronTaskService::class);
-
-        if ($anr->getStatus() === AnrSuperClass::STATUS_UNDER_IMPORT) {
-            $importCronTask = $cronTaskService->getLatestTaskByNameWithParam(
-                CronTask::NAME_INSTANCE_IMPORT,
-                ['anrId' => $anrId]
-            );
-            if ($importCronTask !== null && $importCronTask->getStatus() === CronTask::STATUS_IN_PROGRESS) {
-                /** @var InstanceTable $instanceTable */
-                $instanceTable = $serviceManager->get(InstanceTable::class);
-                $timeDiff = $importCronTask->getUpdatedAt()->diff(new DateTime());
-                $instancesNumber = $instanceTable->countByAnrIdFromDate($anrId, $importCronTask->getUpdatedAt());
-                $result['importStatus'] = [
-                    'executionTime' => $timeDiff->h . ' hours ' . $timeDiff->i . ' min ' . $timeDiff->s . ' sec',
-                    'createdInstances' => $instancesNumber,
-                ];
-            }
-        } elseif ($anr->getStatus() === AnrSuperClass::STATUS_IMPORT_ERROR) {
-            $importCronTask = $cronTaskService->getLatestTaskByNameWithParam(
-                CronTask::NAME_INSTANCE_IMPORT,
-                ['anrId' => $anrId]
-            );
-            if ($importCronTask !== null && $importCronTask->getStatus() === CronTask::STATUS_FAILURE) {
-                $result['importStatus'] = [
-                    'errorMessage' => $importCronTask->getResultMessage(),
-                ];
+                return;
             }
         }
 
         $response = $mvcEvent->getResponse();
-        $response->setContent(json_encode($result, JSON_THROW_ON_ERROR));
-        $response->setStatusCode(409);
+        $response->setStatusCode($connectedUser === null ? 401 : 403);
 
         return $response;
     }

config/module.config.php

@@ -1248,9 +1248,7 @@
                     ],
                     'defaults' => [
                         'controller' => PipeSpec::class,
-                        'middleware' => new PipeSpec(
-                            Controller\ApiUserTwoFAController::class,
-                        ),
+                        'middleware' => new PipeSpec(Controller\ApiUserTwoFAController::class),
                     ],
                 ],
             ],

migrations/db/20230901112005_fix_positions_cleanup_db.php

@@ -343,15 +343,23 @@ public function change()
 
         $this->table('recommandations')
             ->removeColumn('token_import')
+            ->removeColumn('original_code')
             ->update();
 
         $this->table('deliveries')
             ->renameColumn('resp_smile', 'responsible_manager')
             ->update();
 
         $this->table('scales_impact_types')
-             ->removeColumn('position')
-             ->update();
+            ->removeColumn('position')
+            ->update();
+
+        $this->table('objects_categories')
+            ->changeColumn('label1', 'string', ['null' => false, 'default' => '', 'limit' => 2048])
+            ->changeColumn('label2', 'string', ['null' => false, 'default' => '', 'limit' => 2048])
+            ->changeColumn('label3', 'string', ['null' => false, 'default' => '', 'limit' => 2048])
+            ->changeColumn('label4', 'string', ['null' => false, 'default' => '', 'limit' => 2048])
+            ->save();
 
         /* TODO: Should be added to the next release migration, to perform this release in a safe mode.
         $this->table('anr_instance_metadata_fields')->removeColumn('label_translation_key')->update();

src/Controller/ApiAnrController.php

@@ -1,7 +1,7 @@
 <?php declare(strict_types=1);
 /**
  * @link      https://github.com/monarc-project for the canonical source repository
- * @copyright Copyright (c) 2016-2023 Luxembourg House of Cybersecurity LHC.lu - Licensed under GNU Affero GPL v3
+ * @copyright Copyright (c) 2016-2024 Luxembourg House of Cybersecurity LHC.lu - Licensed under GNU Affero GPL v3
  * @license   MONARC is licensed under GNU Affero General Public License version 3
  */
 
@@ -17,45 +17,38 @@ class ApiAnrController extends AbstractRestfulControllerRequestHandler
 {
     use ControllerRequestResponseHandlerTrait;
 
-    private CreateAnrDataInputValidator $createAnrDataInputValidator;
-
-    private AnrService $anrService;
-
-    public function __construct(CreateAnrDataInputValidator $createAnrDataInputValidator, AnrService $anrService)
-    {
-        $this->createAnrDataInputValidator = $createAnrDataInputValidator;
-        $this->anrService = $anrService;
+    public function __construct(
+        private CreateAnrDataInputValidator $createAnrDataInputValidator,
+        private AnrService $anrService
+    ) {
     }
 
     public function getList()
     {
-        $page = $this->params()->fromQuery('page');
-        $limit = $this->params()->fromQuery('limit');
-        $order = $this->params()->fromQuery('order');
-        $filter = $this->params()->fromQuery('filter');
-
-        $result = $this->anrService->getList($page, $limit, $order, $filter);
-        // protected $dependencies = ['referentials'];
-        if (count($this->dependencies)) {
-            foreach ($result as $key => $entity) {
-                $this->formatDependencies($result[$key], $this->dependencies);
-            }
-        }
+        $result = $this->anrService->getList();
 
         return $this->getPreparedJsonResponse([
             'count' => \count($result),
             'anrs' => $result,
         ]);
     }
 
+    public function get($id)
+    {
+        /** @var Anr $anr */
+        $anr = $this->getRequest()->getAttribute('anr');
+
+        return $this->getSuccessfulJsonResponse($this->anrService->getAnrData($anr));
+    }
+
     /**
      * @param array $data
      */
     public function create($data)
     {
         $this->validatePostParams($this->createAnrDataInputValidator, $data);
 
-        $anr = $this->anrService->createFromModelToClient($this->createAnrDataInputValidator->getValidData());
+        $anr = $this->anrService->createBasedOnModel($this->createAnrDataInputValidator->getValidData());
 
         return $this->getSuccessfulJsonResponse(['id' => $anr->getId()]);
     }
@@ -73,4 +66,14 @@ public function patch($id, $data)
 
         return $this->getSuccessfulJsonResponse(['id' => $id]);
     }
+
+    public function delete(mixed $id)
+    {
+        /** @var Anr $anr */
+        $anr = $this->getRequest()->getAttribute('anr');
+
+        $this->anrService->delete($anr);
+
+        return $this->getSuccessfulJsonResponse();
+    }
 }

src/Controller/ApiModelVerifyLanguageController.php

@@ -9,16 +9,16 @@
 
 use Laminas\Mvc\Controller\AbstractRestfulController;
 use Laminas\View\Model\JsonModel;
-use Monarc\FrontOffice\Service\AnrService;
+use Monarc\FrontOffice\Service\AnrModelService;
 
 class ApiModelVerifyLanguageController extends AbstractRestfulController
 {
-    public function __construct(private AnrService $anrService)
+    public function __construct(private AnrModelService $anrModelService)
     {
     }
 
     public function get($id)
     {
-        return new JsonModel($this->anrService->getModelAvailableLanguages((int)$id));
+        return new JsonModel($this->anrModelService->getAvailableLanguages((int)$id));
     }
 }