diff --git a/business_objects/dog/role.py b/business_objects/dog/role.py index c398a5d..eee1e66 100644 --- a/business_objects/dog/role.py +++ b/business_objects/dog/role.py @@ -65,7 +65,7 @@ class Role(SQLAlchemy_ABC, Base): def from_json(cls, json): _m = f'{cls.__qualname__}.from_json' role = cls() - if json is None: return Role + if json is None: return role role.id_role = json.get(cls.ATTR_ID_ROLE, -1) role.name = json[cls.FLAG_NAME] role.code = json.get(cls.FLAG_CODE, role.name.upper().replace(" ", "_")) diff --git a/business_objects/dog/user.py b/business_objects/dog/user.py index 1ca06c4..1b3efdf 100644 --- a/business_objects/dog/user.py +++ b/business_objects/dog/user.py @@ -197,18 +197,18 @@ class User_Temp(db.Model, Base): super().__init__() @classmethod - def from_user(cls, role): + def from_user(cls, user): _m = f'{cls.__qualname__}.from_user' temp = cls() temp.id_user = user.id_user - temp.id_role = user.role.id_role + temp.id_role = user.id_role temp.id_user_auth0 = user.id_user_auth0 temp.firstname = user.firstname temp.surname = user.surname temp.email = user.email temp.is_email_verified = user.is_email_verified temp.is_super_user = user.is_super_user - temp.active = role.active + temp.active = user.active return temp diff --git a/datastores/datastore_user.py b/datastores/datastore_user.py index 6b602c7..88c8379 100644 --- a/datastores/datastore_user.py +++ b/datastores/datastore_user.py @@ -98,8 +98,8 @@ class DataStore_User(DataStore_Base): Helper_App.console_log(f'saving users: {users}') rows = [] - for user in users: - row = User_Temp.from_user(user) + for obj_user in users: + row = User_Temp.from_user(obj_user) row.guid = guid rows.append(row) diff --git a/static/MySQL/00000_combined.sql b/static/MySQL/00000_combined.sql index 099fb44..f600c13 100644 --- a/static/MySQL/00000_combined.sql +++ b/static/MySQL/00000_combined.sql @@ -1,26 +1,48 @@ - -DROP PROCEDURE IF EXISTS p_dog_save_user; +USE demo; + +-- Clear previous proc +DROP PROCEDURE IF EXISTS demo.p_dog_get_many_user; DELIMITER // -CREATE PROCEDURE p_dog_save_user ( - IN a_comment VARCHAR(500), - IN a_guid BINARY(36), - IN a_id_user INT, - IN a_debug BIT +CREATE PROCEDURE demo.p_dog_get_many_user ( + IN a_id_user INT + , IN a_auth0_id_user VARCHAR(200) + , IN a_get_all_user BIT + , IN a_get_inactive_user BIT + , IN a_ids_user TEXT + , IN a_auth0_ids_user TEXT + , IN a_names_user TEXT + , IN a_emails_user TEXT + , IN a_get_all_company BIT + , IN a_get_inactive_company BIT + , IN a_ids_company TEXT + , IN a_require_all_id_search_filters_met BIT + , IN a_require_any_id_search_filters_met BIT + , IN a_require_all_non_id_search_filters_met BIT + , IN a_require_any_non_id_search_filters_met BIT + , IN a_debug BIT ) BEGIN - DECLARE v_code_type_error_bad_data VARCHAR(100); + DECLARE v_code_type_error_bad_data VARCHAR(50); + DECLARE v_guid BINARY(36); + DECLARE v_has_filter_user_auth0_id BIT; + DECLARE v_has_filter_user_id BIT; + DECLARE v_has_filter_user_name BIT; + DECLARE v_id_access_level_admin INT; + DECLARE v_id_access_level_view INT; + DECLARE v_id_permission_dog_admin INT; + DECLARE v_id_permission_user INT; + DECLARE v_id_permission_user_admin INT; DECLARE v_id_type_error_bad_data INT; - DECLARE v_id_permission_product INT; - DECLARE v_id_permission_user_edit INT; - DECLARE v_id_change_set INT; - DECLARE v_id_access_level_edit INT; + DECLARE v_ids_user TEXT; + DECLARE v_is_new BIT; DECLARE v_is_super_user BIT; - DECLARE v_can_edit_user BIT; + DECLARE v_priority_access_level_edit INT; DECLARE v_priority_access_level_none INT; - DECLARE v_priority_access_level_user INT; + DECLARE v_priority_access_level_user_view_user INT; + DECLARE v_rank_max INT; DECLARE v_time_start TIMESTAMP(6); DECLARE exit handler for SQLEXCEPTION @@ -34,465 +56,579 @@ BEGIN ROLLBACK; CREATE TEMPORARY TABLE IF NOT EXISTS tmp_Msg_Error ( - display_order INT NOT NULL PRIMARY KEY AUTO_INCREMENT + id_error INT NOT NULL PRIMARY KEY AUTO_INCREMENT , id_type INT , code VARCHAR(250) NOT NULL , msg TEXT NOT NULL ); + INSERT INTO tmp_Msg_Error ( - id_type + id_type , code , msg ) SELECT - MET.id_type + MET.id_type , @errno , @text FROM demo.CORE_Msg_Error_Type MET WHERE MET.code = 'MYSQL_ERROR' ; - SELECT * - FROM tmp_Msg_Error; + + SELECT + t_ERROR.id_error + , t_ERROR.id_type + , t_ERROR.code + , ERROR_TYPE.name + , ERROR_TYPE.description + , ERROR_TYPE.is_breaking_error + , ERROR_TYPE.background_colour + , ERROR_TYPE.text_colour + , t_ERROR.msg + FROM tmp_Msg_Error t_ERROR + INNER JOIN demo.CORE_Msg_Error_Type ERROR_TYPE ON t_ERROR.id_type = ERROR_TYPE.id_type + ; + DROP TABLE IF EXISTS tmp_Msg_Error; END; SET v_time_start := CURRENT_TIMESTAMP(6); + SET v_guid := UUID(); + SET v_id_access_level_admin := (SELECT ACCESS_LEVEL.id_access_level FROM demo.DOG_Access_Level ACCESS_LEVEL WHERE code = 'ADMIN' LIMIT 1); + SET v_id_access_level_view := (SELECT ACCESS_LEVEL.id_access_level FROM demo.DOG_Access_Level ACCESS_LEVEL WHERE code = 'VIEW' LIMIT 1); + SET v_priority_access_level_edit := (SELECT ACCESS_LEVEL.id_access_level FROM demo.DOG_Access_Level ACCESS_LEVEL WHERE code = 'EDIT' LIMIT 1); + SET v_priority_access_level_none := (SELECT ACCESS_LEVEL.id_access_level FROM demo.DOG_Access_Level ACCESS_LEVEL WHERE code = 'NONE' LIMIT 1); + SET v_id_permission_dog_admin := (SELECT id_permission FROM demo.DOG_Permission WHERE code = 'DOG_ADMIN' LIMIT 1); + SET v_id_permission_user := (SELECT id_permission FROM demo.DOG_Permission WHERE code = 'USER_VIEW' LIMIT 1); + SET v_id_permission_user_admin := (SELECT id_permission FROM demo.DOG_Permission WHERE code = 'USER_ADMIN' LIMIT 1); SET v_code_type_error_bad_data := 'BAD_DATA'; - SET v_id_type_error_bad_data := (SELECT ERROR_TYPE.id_type FROM demo.CORE_Msg_Error_Type ERROR_TYPE WHERE ERROR_TYPE.code = v_code_type_error_bad_data LIMIT 1); - SET v_id_access_level_edit := (SELECT ACCESS_LEVEL.id_access_level FROM demo.DOG_Access_Level ACCESS_LEVEL WHERE ACCESS_LEVEL.code = 'EDIT' LIMIT 1); - SET v_id_permission_user_edit := (SELECT GROUP_CONCAT(PERMISSION.id_permission SEPARATOR ',') FROM demo.DOG_Permission PERMISSION WHERE PERMISSION.code = 'USER_CREATE' LIMIT 1); - SET v_priority_access_level_none := (SELECT ACCESS_LEVEL.priority FROM demo.DOG_Access_Level ACCESS_LEVEL WHERE ACCESS_LEVEL.code = 'NONE' LIMIT 1); + SET v_id_type_error_bad_data := (SELECT id_type FROM demo.CORE_Msg_Error_Type WHERE code = v_code_type_error_bad_data LIMIT 1); + SET v_is_new := FALSE; - CALL demo.p_core_validate_guid ( a_guid ); + SET a_get_all_user := IFNULL(a_get_all_user, 1); + SET a_get_inactive_user := IFNULL(a_get_inactive_user, 0); + SET a_ids_user := TRIM(IFNULL(a_ids_user, '')); + SET a_auth0_ids_user := TRIM(IFNULL(a_auth0_ids_user, '')); + SET a_names_user := TRIM(IFNULL(a_names_user, '')); + SET a_emails_user := TRIM(IFNULL(a_emails_user, '')); + SET a_require_all_id_search_filters_met := IFNULL(a_require_all_id_search_filters_met, 1); + SET a_require_any_id_search_filters_met := IFNULL(a_require_any_id_search_filters_met, 1); + SET a_require_all_non_id_search_filters_met := IFNULL(a_require_all_non_id_search_filters_met, 0); + SET a_require_any_non_id_search_filters_met := IFNULL(a_require_any_non_id_search_filters_met, 1); + SET a_debug := IFNULL(a_debug, 0); - DROP TABLE IF EXISTS tmp_Msg_Error; - DROP TABLE IF EXISTS tmp_User_Save_User; - - CREATE TABLE tmp_User_Save_User ( - id_user INT NOT NULL - , id_role INT - , id_role_previous INT - , id_user_auth0 VARCHAR(250) - , firstname VARCHAR(250) - , surname VARCHAR(250) - , email VARCHAR(254) - , is_email_verified BIT - , is_super_user BIT - , active BIT - , name_error VARCHAR(1000) - ); - - CREATE TABLE tmp_Msg_Error ( - display_order INT NOT NULL PRIMARY KEY AUTO_INCREMENT, - id_type INT NOT NULL, - code VARCHAR(250) NOT NULL, - msg TEXT NOT NULL - ); - - -- Get data from Temp table - INSERT INTO tmp_User_Save_User ( - id_user - , id_user_auth0 - , id_role - , firstname - , surname - , email - , is_email_verified - , is_super_user - , active - ) - SELECT - USER_T.id_user - , USER_T.id_user_auth0 - , USER_T.id_role - , IFNULL(USER_T.firstname, USER.firstname) AS firstname - , IFNULL(USER_T.surname, USER.surname) AS surname - , IFNULL(USER_T.email, USER.email) AS email - , IFNULL(USER_T.is_email_verified, USER.is_email_verified) AS is_email_verified - , IFNULL(USER_T.is_super_user, USER.is_super_user) AS is_super_user - , COALESCE(USER_T.active, USER.active, 1) AS active - FROM demo.DOG_User_Temp USER_T - LEFT JOIN demo.DOG_User USER ON USER_T.id_user = USER.id_user - WHERE USER_T.guid = a_guid - ; - - UPDATE tmp_User_Save_User t_USER - SET - t_USER.name_error = IFNULL(t_USER.email, t_USER.id_user_auth0) - ; - - -- Validation - -- Missing mandatory fields - -- role - IF EXISTS ( - SELECT * - FROM tmp_User_Save_User t_USER - LEFT JOIN demo.DOG_Role ROLES ON t_USER.id_role = ROLES.id_role - WHERE - ISNULL(t_USER.id_role) - OR ISNULL(ROLES.id_role) - LIMIT 1 - ) THEN - INSERT INTO tmp_Msg_Error ( - id_type - , code - , msg - ) - SELECT - v_id_type_error_bad_data - , v_code_type_error_bad_data - , CONCAT('The following User(s) do not have a role: ', GROUP_CONCAT(t_USER.name_error SEPARATOR ', ')) AS msg - FROM tmp_User_Save_User t_USER - LEFT JOIN demo.DOG_Role ROLES ON t_USER.id_role = ROLES.id_role - WHERE - ISNULL(t_USER.id_role) - OR ISNULL(ROLES.id_role) - ; - END IF; - -- email - IF EXISTS (SELECT * FROM tmp_User_Save_User t_USER WHERE ISNULL(t_USER.email) LIMIT 1) THEN - INSERT INTO tmp_Msg_Error ( - id_type - , code - , msg - ) - SELECT - v_id_type_error_bad_data - , v_code_type_error_bad_data - , CONCAT('The following User(s) do not have an email: ', GROUP_CONCAT(t_USER.name_error SEPARATOR ', ')) AS msg - FROM tmp_User_Save_User t_USER - WHERE ISNULL(t_USER.email) - ; - END IF; - -- is_super_user - IF EXISTS (SELECT * FROM tmp_User_Save_User t_USER WHERE ISNULL(t_USER.is_super_user) LIMIT 1) THEN - INSERT INTO tmp_Msg_Error ( - id_type - , code - , msg - ) - SELECT - v_id_type_error_bad_data - , v_code_type_error_bad_data - , CONCAT('The following User(s) do not have an is super user field: ', GROUP_CONCAT(t_USER.name_error SEPARATOR ', ')) AS msg - FROM tmp_User_Save_User t_USER - WHERE ISNULL(t_USER.is_super_user) - ; - END IF; - -- is_email_verified - IF EXISTS (SELECT * FROM tmp_User_Save_User t_USER WHERE ISNULL(t_USER.is_email_verified) LIMIT 1) THEN - INSERT INTO tmp_Msg_Error ( - id_type - , code - , msg - ) - SELECT - v_id_type_error_bad_data - , v_code_type_error_bad_data - , CONCAT('The following User(s) do not have an is email verified: ', GROUP_CONCAT(t_USER.name_error SEPARATOR ', ')) AS msg - FROM tmp_User_Save_User t_USER - WHERE ISNULL(t_USER.is_email_verified) - ; - END IF; - - -- Get old role - UPDATE tmp_User_Save_User t_USER - INNER JOIN demo.DOG_User_Role_Link USER_ROLE_LINK - ON t_USER.id_user = USER_ROLE_LINK.id_user - AND USER_ROLE_LINK.active = 1 - INNER JOIN demo.DOG_Role ROLES - ON USER_ROLE_LINK.id_role = ROLES.id_role - AND ROLES.active = 1 - SET t_USER.id_role_previous = USER_ROLE_LINK.id_role - WHERE t_USER.id_user > 0 - ; - - -- Permissions IF a_debug = 1 THEN - SELECT - a_guid -- a_guid + SELECT + a_id_user + , a_auth0_id_user + , a_get_all_user + , a_get_inactive_user + , a_ids_user + , a_auth0_ids_user + , a_names_user + , a_emails_user + , a_require_all_id_search_filters_met + , a_require_any_id_search_filters_met + , a_require_all_non_id_search_filters_met + , a_require_any_non_id_search_filters_met + , a_debug + ; + END IF; + + DROP TEMPORARY TABLE IF EXISTS tmp_Msg_Error; + DROP TEMPORARY TABLE IF EXISTS tmp_User_Access; + DROP TEMPORARY TABLE IF EXISTS tmp_User; + DROP TEMPORARY TABLE IF EXISTS tmp_Company; + + CREATE TEMPORARY TABLE tmp_Company ( + id_company INT NOT NULL + , name VARCHAR(250) NOT NULL + , website VARCHAR(1000) + , active BIT NOT NULL + , does_meet_id_filters BIT NOT NULL + , does_meet_non_id_filters BIT NOT NULL + ); + + CREATE TEMPORARY TABLE tmp_User ( + id_temp INT PRIMARY KEY AUTO_INCREMENT NOT NULL + , id_user INT + , id_company INT + , id_role INT + , id_permission_required INT NOT NULL + , priority_access_level_required INT NOT NULL + , is_super_user BIT + , priority_access_level_user INT + , has_access BIT + , can_view BIT + , can_edit BIT + , can_admin BIT + , can_admin_dog BIT + , can_admin_user BIT + ); + + CREATE TEMPORARY TABLE tmp_User_Access ( + id_temp INT PRIMARY KEY AUTO_INCREMENT NOT NULL + , id_user INT + , id_permission_required INT NOT NULL + , priority_access_level_required INT NOT NULL + , is_super_user BIT + , priority_access_level_user INT + , has_access BIT + , can_view BIT + , can_edit BIT + , can_admin BIT + ); + + CREATE TEMPORARY TABLE tmp_Msg_Error ( + id_error INT NOT NULL PRIMARY KEY AUTO_INCREMENT + , id_type INT NOT NULL + , code VARCHAR(250) NOT NULL + , msg TEXT NOT NULL + ); + + + -- Permissions + -- Can View + IF NOT EXISTS (SELECT * FROM tmp_Msg_Error t_ERROR INNER JOIN demo.CORE_Msg_Error_Type ERROR_TYPE ON t_ERROR.id_type = ERROR_TYPE.id_type WHERE ERROR_TYPE.is_breaking_error = 1 LIMIT 1) THEN + IF a_debug = 1 THEN + SELECT + v_guid -- guid + , 0 -- get_all_user + , 0 -- get_inactive_user + , a_id_user -- ids_user + , a_auth0_id_user -- a_auth0_ids_user + , '' -- a_names_user + , '' -- a_emails_user + , 1 -- a_require_all_id_search_filters_met + , 1 -- a_require_any_id_search_filters_met + , 0 -- a_require_all_non_id_search_filters_met + , 0 -- a_require_any_non_id_search_filters_met + , v_id_permission_user -- ids_permission + , v_id_access_level_view -- ids_access_level + , 0 -- a_show_errors + , 0 -- a_debug + ; + SELECT * FROM demo.DOG_Calc_User_Access_Temp CUA_T WHERE CUA_T.GUID = v_guid; + END IF; + + CALL demo.p_dog_calc_user_access( + v_guid -- guid , 0 -- get_all_user , 0 -- get_inactive_user , a_id_user -- ids_user - , '' -- a_auth0_ids_user + , a_auth0_id_user -- a_auth0_ids_user , '' -- a_names_user , '' -- a_emails_user , 1 -- a_require_all_id_search_filters_met , 1 -- a_require_any_id_search_filters_met , 0 -- a_require_all_non_id_search_filters_met , 0 -- a_require_any_non_id_search_filters_met - , v_id_permission_user_edit -- ids_permission - , v_id_access_level_edit -- ids_access_level + , v_id_permission_user -- ids_permission + , v_id_access_level_view -- ids_access_level , 0 -- a_show_errors - , 0 -- a_debug + , 0 -- a_debug + ); + + INSERT INTO tmp_User_Access ( + id_user + , id_permission_required + , priority_access_level_required + , is_super_user + , priority_access_level_user + , has_access + , can_view + , can_edit + , can_admin + ) + SELECT + CALC_USER_T.id_user + , CALC_USER_T.id_permission_required + , CALC_USER_T.priority_access_level_required + , CALC_USER_T.is_super_user + , CALC_USER_T.priority_access_level_user + , CALC_USER_T.has_access + , CALC_USER_T.can_view + , CALC_USER_T.can_edit + , CALC_USER_T.can_admin + FROM demo.DOG_Calc_User_Access_Temp CALC_USER_T + WHERE CALC_USER_T.guid = v_guid ; - END IF; + + IF a_debug = 1 THEN + SELECT * FROM tmp_User_Access; + END IF; + + IF NOT EXISTS (SELECT * FROM tmp_User_Access t_USER_ACCESS WHERE t_USER_ACCESS.has_access = 1) THEN + INSERT INTO tmp_Msg_Error ( + id_type + , code + , msg + ) + VALUES ( + v_id_type_error_bad_data + , v_code_type_error_bad_data + , CONCAT( + 'You do not have view permissions for ' + , (SELECT PERMISSION.name FROM demo.DOG_Permission PERMISSION WHERE PERMISSION.id_permission = v_id_permission_user LIMIT 1) + ) + ) + ; + END IF; + + CALL demo.p_dog_clear_calc_user_access( v_guid, FALSE ); + END IF; - CALL demo.p_dog_calc_user_access( - a_guid -- a_guid - , 0 -- get_all_user - , 0 -- get_inactive_user - , a_id_user -- ids_user - , '' -- a_auth0_ids_user - , '' -- a_names_user - , '' -- a_emails_user - , 1 -- a_require_all_id_search_filters_met - , 1 -- a_require_any_id_search_filters_met - , 0 -- a_require_all_non_id_search_filters_met - , 0 -- a_require_any_non_id_search_filters_met - , v_id_permission_user_edit -- ids_permission - , v_id_access_level_edit -- ids_access_level - , 0 -- a_show_errors - , 0 -- a_debug - ); - - SELECT - CASE WHEN IFNULL(CALC_USER_T.can_edit, 0) = 1 THEN 1 ELSE 0 END AS can_edit - , IFNULL(CALC_USER_T.is_super_user, 0) AS is_super_user - , IFNULL(CALC_USER_T.priority_access_level_user, v_priority_access_level_none) AS priority_access_level - INTO - v_can_edit_user - , v_is_super_user - , v_priority_access_level_user - FROM demo.DOG_Calc_User_Access_Temp CALC_USER_T - WHERE - CALC_USER_T.GUID = a_guid - AND CALC_USER_T.id_user = a_id_user - AND CALC_USER_T.id_permission_required = v_id_permission_user_edit + SELECT + IFNULL(t_USER_ACCESS.is_super_user, 0) AS v_is_super_user + , IFNULL(t_USER_ACCESS.id_user, a_id_user) AS a_id_user + , IFNULL(t_USER_ACCESS.priority_access_level_user, v_priority_access_level_none) AS v_priority_access_level_user_view_user + INTO + v_is_super_user + , a_id_user + , v_priority_access_level_user_view_user + FROM tmp_User_Access t_USER_ACCESS + LIMIT 1 ; - IF ( - v_is_super_user = 0 - AND EXISTS ( - WITH User_Company AS ( - SELECT USER_COMPANY_LINK.id_company - FROM demo.DOG_User_Company_Link USER_COMPANY_LINK - WHERE USER_COMPANY_LINK.id_user = a_id_user - ) - SELECT * - FROM tmp_User_Save_User t_USER - LEFT JOIN User_Company USER_COMPANY ON t_USER.id_company = USER_COMPANY.id_company - WHERE USER_COMPANY.id_company IS NULL - ) - ) THEN - DELETE FROM tmp_Msg_Error; - INSERT INTO tmp_Msg_Error ( - id_type - , code - , msg - ) - VALUES ( - v_id_type_error_no_permission - , v_code_type_error_no_permission - , 'You do not have permission to edit User(s) in other Company(s).' - ) + IF a_debug = 1 THEN + SELECT + v_is_super_user AS v_is_super_user + , a_id_user AS a_id_user + , v_priority_access_level_user_view_user AS v_priority_access_level_user_view_user ; END IF; - IF ( - v_is_super_user = 0 - AND v_priority_access_level_user > v_priority_access_level_admin - AND EXISTS ( - SELECT * - FROM tmp_User_Save_User t_USER - WHERE t_USER.id_user <> a_id_user - ) - ) THEN - DELETE FROM tmp_Msg_Error; - INSERT INTO tmp_Msg_Error ( - id_type - , code - , msg - ) - VALUES ( - v_id_type_error_no_permission - , v_code_type_error_no_permission - , 'You do not have permission to edit other Users.' - ) - ; - END IF; - - -- Attempt to change role they can't access - -- role from - IF EXISTS ( - SELECT * - FROM tmp_User_Save_User t_USER - INNER JOIN demo.DOG_User USER ON t_USER.id_user = USER.id_user - INNER JOIN demo.DOG_User_Role_Link USER_ROLE_LINK ON t_USER.id_user = USER_ROLE_LINK.id_user - INNER JOIN demo.DOG_Role ROLES ON USER_ROLE_LINK.id_role = ROLES.id_role - INNER JOIN demo.DOG_Access_Level ACCESS_LEVEL ON ROLES.id_access_level_required = ACCESS_LEVEL.id_access_level - WHERE ACCESS_LEVEL.priority < v_priority_access_level_user - LIMIT 1 - ) THEN - INSERT INTO tmp_Msg_Error ( - id_type - , code - , msg - ) - SELECT - v_id_type_error_bad_data - , v_code_type_error_bad_data - , CONCAT('The following User(s) have role(s) you cannot access: ', GROUP_CONCAT(t_USER.name_error SEPARATOR ', ')) AS msg - FROM tmp_User_Save_User t_USER - INNER JOIN demo.DOG_User USER ON t_USER.id_user = USER.id_user - INNER JOIN demo.DOG_User_Role_Link USER_ROLE_LINK ON t_USER.id_user = USER_ROLE_LINK.id_user - INNER JOIN demo.DOG_Role ROLES ON USER_ROLE_LINK.id_role = ROLES.id_role - INNER JOIN demo.DOG_Access_Level ACCESS_LEVEL ON ROLES.id_access_level_required = ACCESS_LEVEL.id_access_level - WHERE ACCESS_LEVEL.priority < v_priority_access_level_user - ; - END IF; - -- role to - IF EXISTS ( - SELECT * - FROM tmp_User_Save_User t_USER - INNER JOIN demo.DOG_Role ROLES ON t_USER.id_role = ROLES.id_role - INNER JOIN demo.DOG_Access_Level ACCESS_LEVEL ON ROLES.id_access_level_required = ACCESS_LEVEL.id_access_level - WHERE ACCESS_LEVEL.priority < v_priority_access_level_user - LIMIT 1 - ) THEN - INSERT INTO tmp_Msg_Error ( - id_type - , code - , msg - ) - SELECT - v_id_type_error_bad_data - , v_code_type_error_bad_data - , CONCAT('The following User(s) have role(s) you cannot access: ', GROUP_CONCAT(t_USER.name_error SEPARATOR ', ')) AS msg - FROM tmp_User_Save_User t_USER - INNER JOIN demo.DOG_Role ROLES ON t_USER.id_role = ROLES.id_role - INNER JOIN demo.DOG_Access_Level ACCESS_LEVEL ON ROLES.id_access_level_required = ACCESS_LEVEL.id_access_level - WHERE ACCESS_LEVEL.priority < v_priority_access_level_user - ; - END IF; - - CALL demo.p_dog_clear_calc_user_access( a_guid, 0 ); - - - IF NOT EXISTS (SELECT * FROM tmp_Msg_Error LIMIT 1) THEN - START TRANSACTION; + -- Companies + IF NOT EXISTS(SELECT * FROM tmp_Msg_Error t_ERROR INNER JOIN demo.CORE_Msg_Error_Type ERROR_TYPE ON t_ERROR.id_type = ERROR_TYPE.id_type WHERE ERROR_TYPE.is_breaking_error = 1 LIMIT 1) THEN + IF a_debug = 1 THEN + SELECT + v_guid -- v_guid + , a_id_user -- a_id_user + , a_get_all_company -- a_get_all_company + , a_get_inactive_company -- a_get_inactive_company + , a_ids_company -- a_ids_company + , NULL -- a_names_company + , NULL -- a_websites_company + , a_require_all_id_search_filters_met -- a_require_all_id_search_filters_met + , 0 -- a_require_any_id_search_filters_met + , a_require_all_non_id_search_filters_met -- a_require_all_non_id_search_filters_met + , 0 -- a_require_any_non_id_search_filters_met + , 0 -- a_show_errors + , 0 -- a_debug + ; + END IF; - INSERT INTO demo.DOG_User_Change_Set ( comment ) - VALUES ( a_comment ) - ; - - SET v_id_change_set := LAST_INSERT_ID(); - - UPDATE demo.DOG_User USER - INNER JOIN tmp_User_Save_User t_USER ON USER.id_user = t_USER.id_user - SET - USER.id_user_auth0 = t_USER.id_user_auth0 - , USER.firstname = t_USER.firstname - , USER.surname = t_USER.surname - , USER.email = t_USER.email - , USER.is_email_verified = t_USER.is_email_verified - , USER.is_super_user = t_USER.is_super_user - , USER.active = t_USER.active - , USER.id_change_set = v_id_change_set - ; + CALL demo.p_dog_calc_company ( + v_guid -- v_guid + , a_id_user -- a_id_user + , a_get_all_company -- a_get_all_company + , a_get_inactive_company -- a_get_inactive_company + , a_ids_company -- a_ids_company + , NULL -- a_names_company + , NULL -- a_websites_company + , a_require_all_id_search_filters_met -- a_require_all_id_search_filters_met + , 0 -- a_require_any_id_search_filters_met -- a_require_any_id_search_filters_met + , 0 -- a_require_all_non_id_search_filters_met + , 0 -- a_require_any_non_id_search_filters_met -- a_require_any_non_id_search_filters_met + , 0 -- a_show_errors + , 0 -- a_debug + ); + + INSERT INTO tmp_Company ( + id_company + , name + , website + , active - IF EXISTS ( - SELECT * - FROM tmp_User_Save_User t_USER - WHERE - t_USER.id_role IS NOT NULL - AND t_USER.id_role_previous IS NULL - LIMIT 1 - ) THEN - INSERT INTO demo.DOG_User_Role_Link ( - id_user - , id_role - , active - , id_user_created_by + , does_meet_id_filters + , does_meet_non_id_filters + ) + SELECT + COMPANY_T.id_company + , COMPANY_T.name + , COMPANY_T.website + , COMPANY_T.active + + , COMPANY_T.does_meet_id_filters + , COMPANY_T.does_meet_non_id_filters + FROM demo.DOG_Company_Temp COMPANY_T + WHERE COMPANY_T.GUID = v_guid + ; + + IF a_debug = 1 THEN + SELECT 'After get permissions user companies'; + SELECT * FROM tmp_Company; + END IF; + END IF; + + -- Calculated fields + -- Can admin dog + IF NOT EXISTS (SELECT * FROM tmp_Msg_Error t_ERROR INNER JOIN demo.CORE_Msg_Error_Type ERROR_TYPE ON t_ERROR.id_type = ERROR_TYPE.id_type WHERE ERROR_TYPE.is_breaking_error = 1 LIMIT 1) THEN + IF a_debug = 1 THEN + SELECT + v_guid -- guid + , a_get_all_user -- get_all_user + , a_get_inactive_user -- get_inactive_user + , a_ids_user -- ids_user + , a_auth0_ids_user -- a_auth0_ids_user + , a_names_user -- a_names_user + , a_emails_user -- a_emails_user + , a_require_all_id_search_filters_met -- a_require_all_id_search_filters_met + , a_require_any_id_search_filters_met -- a_require_any_id_search_filters_met + , a_require_all_non_id_search_filters_met -- a_require_all_non_id_search_filters_met + , a_require_any_non_id_search_filters_met -- a_require_any_non_id_search_filters_met + , v_id_permission_dog_admin -- ids_permission + , v_id_access_level_admin -- ids_access_level + , 0 -- a_show_errors + , 0 -- a_debug + ; + SELECT * FROM demo.DOG_Calc_User_Access_Temp; + END IF; + + CALL demo.p_dog_calc_user_access( + v_guid -- guid + , a_get_all_user -- get_all_user + , a_get_inactive_user -- get_inactive_user + , a_ids_user -- ids_user + , a_auth0_ids_user -- a_auth0_ids_user + , a_names_user -- a_names_user + , a_emails_user -- a_emails_user + , a_require_all_id_search_filters_met -- a_require_all_id_search_filters_met + , a_require_any_id_search_filters_met -- a_require_any_id_search_filters_met + , a_require_all_non_id_search_filters_met -- a_require_all_non_id_search_filters_met + , a_require_any_non_id_search_filters_met -- a_require_any_non_id_search_filters_met + , v_id_permission_dog_admin -- ids_permission + , v_id_access_level_admin -- ids_access_level + , 0 -- a_show_errors + , 0 -- a_debug + ); + + INSERT INTO tmp_User ( + id_user + , id_role + , id_company + , id_permission_required + , priority_access_level_required + , is_super_user + , priority_access_level_user + , has_access + , can_view + , can_edit + , can_admin + , can_admin_dog + ) + WITH Can_Access_User AS ( + SELECT + USER.id_user + , t_COMPANY.id_company + , ROW_NUMBER() OVER (PARTITION BY USER.id_user ORDER BY CASE WHEN t_COMPANY.id_company IS NOT NULL THEN 1 ELSE 0 END DESC) AS index_user_company_link_in_user + FROM demo.DOG_User USER + LEFT JOIN demo.DOG_User_Company_Link USER_COMPANY_LINK + ON USER.id_user = USER_COMPANY_LINK.id_user + AND ( + ( + a_get_inactive_company = 1 + AND a_get_inactive_user = 1 + ) + OR USER_COMPANY_LINK.active = 1 ) - SELECT - t_USER.id_user - , t_USER.id_role - , t_USER.active - , a_id_user AS id_user_created_by - FROM tmp_User_Save_User t_USER - WHERE - t_USER.id_role IS NOT NULL - AND t_USER.id_role_previous IS NULL - ; - END IF; + LEFT JOIN tmp_Company t_COMPANY + ON USER_COMPANY_LINK.id_company = t_COMPANY.id_company + AND ( + a_get_inactive_company = 1 + OR USER_COMPANY_LINK.active = 1 + ) + ) + SELECT + CALC_USER_T.id_user + , CALC_USER_T.id_role + , CAN_ACCESS_USER.id_company + , CALC_USER_T.id_permission_required + , CALC_USER_T.priority_access_level_required + , CALC_USER_T.is_super_user + , CALC_USER_T.priority_access_level_user + , CALC_USER_T.has_access + , CALC_USER_T.can_view + , CALC_USER_T.can_edit + , CALC_USER_T.can_admin + , CALC_USER_T.can_admin AS can_admin_dog + FROM demo.DOG_Calc_User_Access_Temp CALC_USER_T + /* + LEFT JOIN demo.DOG_User_Company_Link USER_COMPANY_LINK ON CALC_USER_T.id_user = USER_COMPANY_LINK.id_user + LEFT JOIN tmp_Company t_COMPANY ON USER_COMPANY_LINK.id_company = t_COMPANY.id_company + */ + INNER JOIN Can_Access_User CAN_ACCESS_USER ON CALC_USER_T.id_user = CAN_ACCESS_USER.id_user + WHERE + CALC_USER_T.guid = v_guid + AND ( + v_is_super_user = 1 + OR ( + v_priority_access_level_user_view_user <= v_priority_access_level_edit + AND CAN_ACCESS_USER.id_company IS NOT NULL + AND CAN_ACCESS_USER.index_user_company_link_in_user = 1 + ) + OR CALC_USER_T.id_user = a_id_user + ) + ; + + IF a_debug = 1 THEN + SELECT 'After get many user'; + SELECT * FROM tmp_User; + END IF; + + CALL demo.p_dog_clear_calc_user_access( v_guid, FALSE ); + END IF; + + -- Can admin user + IF NOT EXISTS (SELECT * FROM tmp_Msg_Error t_ERROR INNER JOIN demo.CORE_Msg_Error_Type ERROR_TYPE ON t_ERROR.id_type = ERROR_TYPE.id_type WHERE ERROR_TYPE.is_breaking_error = 1 LIMIT 1) THEN + IF a_debug = 1 THEN + SELECT + v_guid -- guid + , a_get_all_user -- get_all_user + , a_get_inactive_user -- get_inactive_user + , a_ids_user -- ids_user + , a_auth0_ids_user -- a_auth0_ids_user + , a_names_user -- a_names_user + , a_emails_user -- a_emails_user + , a_require_all_id_search_filters_met -- a_require_all_id_search_filters_met + , a_require_any_id_search_filters_met -- a_require_any_id_search_filters_met + , a_require_all_non_id_search_filters_met -- a_require_all_non_id_search_filters_met + , a_require_any_non_id_search_filters_met -- a_require_any_non_id_search_filters_met + , v_id_permission_user_admin -- ids_permission + , v_id_access_level_admin -- ids_access_level + , 0 -- a_show_errors + , 0 -- a_debug + ; + SELECT * FROM demo.DOG_Calc_User_Access_Temp; + END IF; + + CALL demo.p_dog_calc_user_access( + v_guid -- guid + , a_get_all_user -- get_all_user + , a_get_inactive_user -- get_inactive_user + , a_ids_user -- ids_user + , a_auth0_ids_user -- a_auth0_ids_user + , a_names_user -- a_names_user + , a_emails_user -- a_emails_user + , a_require_all_id_search_filters_met -- a_require_all_id_search_filters_met + , a_require_any_id_search_filters_met -- a_require_any_id_search_filters_met + , a_require_all_non_id_search_filters_met -- a_require_all_non_id_search_filters_met + , a_require_any_non_id_search_filters_met -- a_require_any_non_id_search_filters_met + , v_id_permission_user_admin -- ids_permission + , v_id_access_level_admin -- ids_access_level + , 0 -- a_show_errors + , 0 -- a_debug + ); + + UPDATE tmp_User t_USER + INNER JOIN demo.DOG_Calc_User_Access_Temp CALC_USER_T + ON CALC_USER_T.id_user = t_USER.id_user + AND CALC_USER_T.guid = v_guid + LEFT JOIN tmp_Company t_COMPANY ON t_USER.id_company = t_COMPANY.id_company + SET t_USER.can_admin_user = CALC_USER_T.can_admin + WHERE + v_is_super_user = 1 + OR t_COMPANY.id_company IS NOT NULL + ; + + IF a_debug = 1 THEN + SELECT * FROM tmp_User; + END IF; + + CALL demo.p_dog_clear_calc_user_access( v_guid, FALSE ); + END IF; + + + IF EXISTS(SELECT * FROM tmp_Msg_Error t_ERROR INNER JOIN demo.CORE_Msg_Error_Type ERROR_TYPE ON t_ERROR.id_type = ERROR_TYPE.id_type WHERE ERROR_TYPE.is_breaking_error = 1 LIMIT 1) THEN + IF a_debug = 1 THEN + SELECT * FROM tmp_User; + END IF; - IF EXISTS (SELECT * FROM tmp_User_Save_User t_USER WHERE t_USER.id_role <> t_USER.id_role_previous LIMIT 1) THEN - UPDATE demo.DOG_User_Role_Link USER_ROLE_LINK - INNER JOIN tmp_User_Save_User t_USER ON USER_ROLE_LINK.id_user = t_USER.id_user - SET - USER_ROLE_LINK.id_role = t_USER.id_role - , USER_ROLE_LINK.id_change_set = v_id_change_set - ; - END IF; - - COMMIT; + DELETE FROM tmp_User; END IF; - START TRANSACTION; - - DELETE FROM demo.DOG_User_Temp - WHERE GUID = a_guid; - - COMMIT; - - # Errors - SELECT * - FROM tmp_Msg_Error t_ME - INNER JOIN demo.CORE_Msg_Error_Type MET ON t_ME.id_type = MET.id_type + -- Returns + SELECT + USERS.id_user + , USERS.id_user_auth0 + , USERS.firstname + , USERS.surname + , USERS.email + , USERS.is_email_verified + , t_USER.id_role + , ROLES.name AS name_role + , t_USER.id_company + , t_COMPANY.name AS name_company + , t_COMPANY.website AS website_company + , t_USER.is_super_user + , t_USER.priority_access_level_user AS priority_access_level + , t_USER.can_admin_dog + , t_USER.can_admin_user + FROM tmp_User t_USER + -- INNER JOIN tmp_User_Access t_USER_ACCESS + INNER JOIN demo.DOG_User USERS ON t_USER.id_user = USERS.id_user + LEFT JOIN demo.DOG_Role ROLES ON t_USER.id_role = ROLES.id_role + LEFT JOIN tmp_Company t_COMPANY ON t_USER.id_company = t_COMPANY.id_company ; - IF a_debug = 1 THEN - SELECT * from tmp_User_Save_User; - END IF; - - DROP TABLE IF EXISTS tmp_Msg_Error; - DROP TABLE IF EXISTS tmp_User_Save_User; + # Errors + SELECT + t_ERROR.id_error + , t_ERROR.id_type + , t_ERROR.code + , ERROR_TYPE.name + , ERROR_TYPE.description + , ERROR_TYPE.is_breaking_error + , ERROR_TYPE.background_colour + , ERROR_TYPE.text_colour + , t_ERROR.msg + FROM tmp_Msg_Error t_ERROR + INNER JOIN demo.CORE_Msg_Error_Type ERROR_TYPE ON t_ERROR.id_type = ERROR_TYPE.id_type + ; - IF a_debug = 1 THEN + IF a_debug = 1 THEN + SELECT 'End'; + SELECT * FROM tmp_User; + SELECT * FROM tmp_User_Access; + END IF; + + -- Clean up + DROP TEMPORARY TABLE IF EXISTS tmp_Msg_Error; + DROP TEMPORARY TABLE IF EXISTS tmp_User_Access; + DROP TEMPORARY TABLE IF EXISTS tmp_User; + DROP TEMPORARY TABLE IF EXISTS tmp_Company; + + IF a_debug = 1 THEN CALL demo.p_debug_timing_reporting ( v_time_start ); - END IF; + END IF; END // DELIMITER ; +/* +select * FROM demo.DOG_Calc_User_Access_Temp; +delete FROM demo.DOG_Calc_User_Access_Temp; -CALL demo.p_dog_clear_calc_user_access( - 'greensgreensgreensgreensgreensgreens' -- guid - , 0 -- debug -); - CALL demo.p_dog_calc_user_access( - 'greensgreensgreensgreensgreensgreens' -- a_guid - , 0 -- get_all_user - , 0 -- get_inactive_user - , 1 -- ids_user - , '' -- a_auth0_ids_user - , '' -- a_names_user - , '' -- a_emails_user - , 1 -- a_require_all_id_search_filters_met - , 1 -- a_require_any_id_search_filters_met - , 0 -- a_require_all_non_id_search_filters_met - , 0 -- a_require_any_non_id_search_filters_met - , 15 -- ids_permission - , 2 -- ids_access_level - , 0 -- a_show_errors - , 0 -- a_debug - ); - SELECT * FROM demo.DOG_Calc_User_Access_Temp; -CALL demo.p_dog_clear_calc_user_access( - 'greensgreensgreensgreensgreensgreens' -- guid - , 0 -- debug -); - SELECT * FROM demo.DOG_Calc_User_Access_Temp; +SELECT * +FROM demo.DOG_USER; -CALL demo.p_dog_save_user ( - 'Test' -- comment - , 'greensgreensgreensgreensgreensgreens' -- guid - , 1 -- id_user - , 1 -- debug -); - -CALL demo.p_dog_clear_calc_user_access( - 'greensgreensgreensgreensgreensgreens' -- guid - , 0 -- debug +CALL demo.p_dog_get_many_user( + NULL -- :a_id_user, + , 'auth0|6582b95c895d09a70ba10fef' -- :a_auth0_id_user, + , 1 -- :a_get_all_user, + , 0 -- :a_get_inactive_user, + -- , 0 -- :a_get_first_user_only, + , NULL -- :a_ids_user, + , 'auth0|6582b95c895d09a70ba10fef' -- :a_auth0_ids_user + , '' -- a_names_user + , '' -- a_emails_user + , '' -- a_ids_company + , 0 -- a_get_all_company + , 0 -- a_get_inactive_company + , 1 -- :a_require_all_id_search_filters_met, + , 1 -- :a_require_any_id_search_filters_met, + , 0 -- :a_require_all_non_id_search_filters_met, + , 1 -- :a_require_any_non_id_search_filters_met, + , 0 -- a_debug ); +*/ diff --git a/static/MySQL/70516_p_dog_get_many_user.sql b/static/MySQL/70516_p_dog_get_many_user.sql index 5b39f7d..5e87065 100644 --- a/static/MySQL/70516_p_dog_get_many_user.sql +++ b/static/MySQL/70516_p_dog_get_many_user.sql @@ -39,6 +39,9 @@ BEGIN DECLARE v_ids_user TEXT; DECLARE v_is_new BIT; DECLARE v_is_super_user BIT; + DECLARE v_priority_access_level_edit INT; + DECLARE v_priority_access_level_none INT; + DECLARE v_priority_access_level_user_view_user INT; DECLARE v_rank_max INT; DECLARE v_time_start TIMESTAMP(6); @@ -91,8 +94,10 @@ BEGIN SET v_time_start := CURRENT_TIMESTAMP(6); SET v_guid := UUID(); - SET v_id_access_level_admin := (SELECT id_access_level FROM fetchmetrics.DOG_Access_Level WHERE code = 'ADMIN' LIMIT 1); - SET v_id_access_level_view := (SELECT id_access_level FROM fetchmetrics.DOG_Access_Level WHERE code = 'VIEW' LIMIT 1); + SET v_id_access_level_admin := (SELECT ACCESS_LEVEL.id_access_level FROM fetchmetrics.DOG_Access_Level ACCESS_LEVEL WHERE code = 'ADMIN' LIMIT 1); + SET v_id_access_level_view := (SELECT ACCESS_LEVEL.id_access_level FROM fetchmetrics.DOG_Access_Level ACCESS_LEVEL WHERE code = 'VIEW' LIMIT 1); + SET v_priority_access_level_edit := (SELECT ACCESS_LEVEL.id_access_level FROM fetchmetrics.DOG_Access_Level ACCESS_LEVEL WHERE code = 'EDIT' LIMIT 1); + SET v_priority_access_level_none := (SELECT ACCESS_LEVEL.id_access_level FROM fetchmetrics.DOG_Access_Level ACCESS_LEVEL WHERE code = 'NONE' LIMIT 1); SET v_id_permission_dog_admin := (SELECT id_permission FROM fetchmetrics.DOG_Permission WHERE code = 'DOG_ADMIN' LIMIT 1); SET v_id_permission_user := (SELECT id_permission FROM fetchmetrics.DOG_Permission WHERE code = 'USER_VIEW' LIMIT 1); SET v_id_permission_user_admin := (SELECT id_permission FROM fetchmetrics.DOG_Permission WHERE code = 'USER_ADMIN' LIMIT 1); @@ -183,6 +188,7 @@ BEGIN -- Permissions + -- Can View IF NOT EXISTS (SELECT * FROM tmp_Msg_Error t_ERROR INNER JOIN fetchmetrics.CORE_Msg_Error_Type ERROR_TYPE ON t_ERROR.id_type = ERROR_TYPE.id_type WHERE ERROR_TYPE.is_breaking_error = 1 LIMIT 1) THEN IF a_debug = 1 THEN SELECT @@ -202,7 +208,7 @@ BEGIN , 0 -- a_show_errors , 0 -- a_debug ; - SELECT * FROM fetchmetrics.DOG_Calc_User_Access_Temp; + SELECT * FROM fetchmetrics.DOG_Calc_User_Access_Temp CUA_T WHERE CUA_T.GUID = v_guid; END IF; CALL fetchmetrics.p_dog_calc_user_access( @@ -271,8 +277,26 @@ BEGIN CALL fetchmetrics.p_dog_clear_calc_user_access( v_guid, FALSE ); END IF; + + SELECT + IFNULL(t_USER_ACCESS.is_super_user, 0) AS v_is_super_user + , IFNULL(t_USER_ACCESS.id_user, a_id_user) AS a_id_user + , IFNULL(t_USER_ACCESS.priority_access_level_user, v_priority_access_level_none) AS v_priority_access_level_user_view_user + INTO + v_is_super_user + , a_id_user + , v_priority_access_level_user_view_user + FROM tmp_User_Access t_USER_ACCESS + LIMIT 1 + ; - SET v_is_super_user := (SELECT IFNULL(t_USER_ACCESS.is_super_user, 0) FROM tmp_User_Access t_USER_ACCESS LIMIT 1); + IF a_debug = 1 THEN + SELECT + v_is_super_user AS v_is_super_user + , a_id_user AS a_id_user + , v_priority_access_level_user_view_user AS v_priority_access_level_user_view_user + ; + END IF; -- Companies IF NOT EXISTS(SELECT * FROM tmp_Msg_Error t_ERROR INNER JOIN fetchmetrics.CORE_Msg_Error_Type ERROR_TYPE ON t_ERROR.id_type = ERROR_TYPE.id_type WHERE ERROR_TYPE.is_breaking_error = 1 LIMIT 1) THEN @@ -283,8 +307,8 @@ BEGIN , a_get_all_company -- a_get_all_company , a_get_inactive_company -- a_get_inactive_company , a_ids_company -- a_ids_company - , a_names_company -- a_names_company - , a_websites_company -- a_websites_company + , NULL -- a_names_company + , NULL -- a_websites_company , a_require_all_id_search_filters_met -- a_require_all_id_search_filters_met , 0 -- a_require_any_id_search_filters_met , a_require_all_non_id_search_filters_met -- a_require_all_non_id_search_filters_met @@ -332,6 +356,7 @@ BEGIN ; IF a_debug = 1 THEN + SELECT 'After get permissions user companies'; SELECT * FROM tmp_Company; END IF; END IF; @@ -398,8 +423,21 @@ BEGIN , t_COMPANY.id_company , ROW_NUMBER() OVER (PARTITION BY USER.id_user ORDER BY CASE WHEN t_COMPANY.id_company IS NOT NULL THEN 1 ELSE 0 END DESC) AS index_user_company_link_in_user FROM fetchmetrics.DOG_User USER - LEFT JOIN fetchmetrics.DOG_User_Company_Link USER_COMPANY_LINK ON USER.id_user = USER_COMPANY_LINK.id_user - LEFT JOIN tmp_Company t_COMPANY ON USER_COMPANY_LINK.id_company = t_COMPANY.id_company + LEFT JOIN fetchmetrics.DOG_User_Company_Link USER_COMPANY_LINK + ON USER.id_user = USER_COMPANY_LINK.id_user + AND ( + ( + a_get_inactive_company = 1 + AND a_get_inactive_user = 1 + ) + OR USER_COMPANY_LINK.active = 1 + ) + LEFT JOIN tmp_Company t_COMPANY + ON USER_COMPANY_LINK.id_company = t_COMPANY.id_company + AND ( + a_get_inactive_company = 1 + OR USER_COMPANY_LINK.active = 1 + ) ) SELECT CALC_USER_T.id_user @@ -425,13 +463,16 @@ BEGIN AND ( v_is_super_user = 1 OR ( - CAN_ACCESS_USER.id_company IS NOT NULL + v_priority_access_level_user_view_user <= v_priority_access_level_edit + AND CAN_ACCESS_USER.id_company IS NOT NULL AND CAN_ACCESS_USER.index_user_company_link_in_user = 1 ) + OR CALC_USER_T.id_user = a_id_user ) ; IF a_debug = 1 THEN + SELECT 'After get many user'; SELECT * FROM tmp_User; END IF; @@ -508,12 +549,12 @@ BEGIN -- Returns SELECT - USER.id_user - , USER.id_user_auth0 - , USER.firstname - , USER.surname - , USER.email - , USER.is_email_verified + USERS.id_user + , USERS.id_user_auth0 + , USERS.firstname + , USERS.surname + , USERS.email + , USERS.is_email_verified , t_USER.id_role , ROLES.name AS name_role , t_USER.id_company @@ -525,7 +566,7 @@ BEGIN , t_USER.can_admin_user FROM tmp_User t_USER -- INNER JOIN tmp_User_Access t_USER_ACCESS - INNER JOIN fetchmetrics.DOG_User USER ON t_USER.id_user = USER.id_user + INNER JOIN fetchmetrics.DOG_User USERS ON t_USER.id_user = USERS.id_user LEFT JOIN fetchmetrics.DOG_Role ROLES ON t_USER.id_role = ROLES.id_role LEFT JOIN tmp_Company t_COMPANY ON t_USER.id_company = t_COMPANY.id_company ; diff --git a/static/MySQL/70518_p_dog_save_user.sql b/static/MySQL/70518_p_dog_save_user.sql index 54a645c..6e9c048 100644 --- a/static/MySQL/70518_p_dog_save_user.sql +++ b/static/MySQL/70518_p_dog_save_user.sql @@ -19,6 +19,7 @@ BEGIN DECLARE v_id_access_level_edit INT; DECLARE v_is_super_user BIT; DECLARE v_can_edit_user BIT; + DECLARE v_priority_access_level_admin INT; DECLARE v_priority_access_level_none INT; DECLARE v_priority_access_level_user INT; DECLARE v_time_start TIMESTAMP(6); @@ -61,6 +62,7 @@ BEGIN SET v_id_type_error_bad_data := (SELECT ERROR_TYPE.id_type FROM fetchmetrics.CORE_Msg_Error_Type ERROR_TYPE WHERE ERROR_TYPE.code = v_code_type_error_bad_data LIMIT 1); SET v_id_access_level_edit := (SELECT ACCESS_LEVEL.id_access_level FROM fetchmetrics.DOG_Access_Level ACCESS_LEVEL WHERE ACCESS_LEVEL.code = 'EDIT' LIMIT 1); SET v_id_permission_user_edit := (SELECT GROUP_CONCAT(PERMISSION.id_permission SEPARATOR ',') FROM fetchmetrics.DOG_Permission PERMISSION WHERE PERMISSION.code = 'USER_CREATE' LIMIT 1); + SET v_priority_access_level_admin := (SELECT ACCESS_LEVEL.priority FROM fetchmetrics.DOG_Access_Level ACCESS_LEVEL WHERE ACCESS_LEVEL.code = 'ADMIN' LIMIT 1); SET v_priority_access_level_none := (SELECT ACCESS_LEVEL.priority FROM fetchmetrics.DOG_Access_Level ACCESS_LEVEL WHERE ACCESS_LEVEL.code = 'NONE' LIMIT 1); CALL fetchmetrics.p_core_validate_guid ( a_guid ); @@ -311,7 +313,7 @@ BEGIN IF ( v_is_super_user = 0 - AND v_priority_access_level_user > v_priority_access_level_admin + AND v_priority_access_level_user >= v_priority_access_level_admin AND EXISTS ( SELECT * FROM tmp_User_Save_User t_USER @@ -519,5 +521,40 @@ CALL fetchmetrics.p_dog_clear_calc_user_access( , 0 -- debug ); +select * +from demo.DOG_User_Change_Set +; +select * +from demo.DOG_Role +; +select * +from demo.DOG_Permission +; + + +-- INSERT INTO demo.DOG_User_Change_Set (comment ) VALUES ( 'Client role permissions' ); + +UPDATE demo.DOG_Role_Permission_Link ROLE_PERMISSION_LINK +SET + ROLE_PERMISSION_LINK.id_change_set = (SELECT UCS.id_change_set FROM demo.DOG_User_Change_Set UCS ORDER BY UCS.id_change_set DESC LIMIT 1) + , ROLE_PERMISSION_LINK.id_access_level = 2 +WHERE + ROLE_PERMISSION_LINK.id_permission = 15 + AND ROLE_PERMISSION_LINK.id_role <> 1 +; + + +SELECT + USERS.email + , ROLE.name + , PERMISSION.name + , ACCESS_LEVEL.name +FROM demo.DOG_User USERS +INNER JOIN demo.DOG_User_Role_Link URL ON USERS.id_user = URL.id_user +INNER JOIN demo.DOG_Role ROLE ON URL.id_role = ROLE.id_role +INNER JOIN demo.DOG_Role_Permission_Link RPL ON URL.id_role = RPL.id_role +INNER JOIN demo.DOG_Permission PERMISSION ON RPL.id_permission = PERMISSION.id_permission +INNER JOIN demo.DOG_Access_Level ACCESS_LEVEL ON RPL.id_access_level = ACCESS_LEVEL.id_access_level +; */ diff --git a/static/MySQL/70530_p_dog_calc_user_access.sql b/static/MySQL/70530_p_dog_calc_user_access.sql index e600495..85d1fd0 100644 --- a/static/MySQL/70530_p_dog_calc_user_access.sql +++ b/static/MySQL/70530_p_dog_calc_user_access.sql @@ -741,6 +741,7 @@ BEGIN User_Access_Level AS ( SELECT USER.id_user + , ROLE_PERMISSION_LINK.id_permission , MIN(IFNULL(ACCESS_LEVEL.priority, v_priority_access_level_none)) AS priority_access_level FROM fetchmetrics.DOG_User USER -- tmp_Calc_User_Access_Calc_User_Access t_CALC_USER_ACCESS LEFT JOIN fetchmetrics.DOG_User_Role_Link USER_ROLE_LINK @@ -752,28 +753,37 @@ BEGIN LEFT JOIN fetchmetrics.DOG_Access_Level ACCESS_LEVEL ON ROLE_PERMISSION_LINK.id_access_level = ACCESS_LEVEL.id_access_level AND ACCESS_LEVEL.active = 1 - GROUP BY USER.id_user + GROUP BY + USER.id_user + , ROLE_PERMISSION_LINK.id_permission ) , User_Role_And_Access_Level AS ( SELECT USER_ACCESS_LEVEL.id_user + , USER_ACCESS_LEVEL.id_permission , USER_ACCESS_LEVEL.priority_access_level , ROLE_PERMISSION_LINK.id_role - , ROW_NUMBER() OVER (PARTITION BY USER_ACCESS_LEVEL.id_user, USER_ACCESS_LEVEL.priority_access_level) AS index_link_in_user_and_priority_access_level + , ROW_NUMBER() OVER (PARTITION BY USER_ACCESS_LEVEL.id_user, USER_ACCESS_LEVEL.id_permission ORDER BY USER_ACCESS_LEVEL.priority_access_level) AS index_link_in_user_and_permission FROM User_Access_Level USER_ACCESS_LEVEL LEFT JOIN fetchmetrics.DOG_User_Role_Link USER_ROLE_LINK ON USER_ACCESS_LEVEL.id_user = USER_ROLE_LINK.id_user AND USER_ROLE_LINK.active = 1 + /* LEFT JOIN fetchmetrics.DOG_Access_Level ACCESS_LEVEL ON USER_ACCESS_LEVEL.priority_access_level = ACCESS_LEVEL.priority AND ACCESS_LEVEL.active = 1 + */ LEFT JOIN fetchmetrics.DOG_Role_Permission_Link ROLE_PERMISSION_LINK - ON ACCESS_LEVEL.id_access_level = ROLE_PERMISSION_LINK.id_access_level - AND USER_ROLE_LINK.id_role = ROLE_PERMISSION_LINK.id_role + -- ON ACCESS_LEVEL.id_access_level = ROLE_PERMISSION_LINK.id_access_level + ON USER_ROLE_LINK.id_role = ROLE_PERMISSION_LINK.id_role + AND USER_ACCESS_LEVEL.id_permission = ROLE_PERMISSION_LINK.id_permission AND ROLE_PERMISSION_LINK.active = 1 ) UPDATE tmp_Calc_User_Access_Calc_User_Access t_CALC_USER_ACCESS - INNER JOIN User_Role_And_Access_Level USER_ROLE_AND_ACCESS_LEVEL ON t_CALC_USER_ACCESS.id_user = USER_ROLE_AND_ACCESS_LEVEL.id_user + INNER JOIN User_Role_And_Access_Level USER_ROLE_AND_ACCESS_LEVEL + ON t_CALC_USER_ACCESS.id_user = USER_ROLE_AND_ACCESS_LEVEL.id_user + AND USER_ROLE_AND_ACCESS_LEVEL.id_permission = v_id_permission_required + AND USER_ROLE_AND_ACCESS_LEVEL.index_link_in_user_and_permission = 1 SET t_CALC_USER_ACCESS.id_role = USER_ROLE_AND_ACCESS_LEVEL.id_role , t_CALC_USER_ACCESS.priority_access_level_user = USER_ROLE_AND_ACCESS_LEVEL.priority_access_level diff --git a/static/css/pages/user/user.css b/static/css/pages/user/user.css index ab7d668..a9af115 100644 --- a/static/css/pages/user/user.css +++ b/static/css/pages/user/user.css @@ -6,6 +6,9 @@ .container-input { margin: 0 auto; } +label { + font-weight: bold; +} .container-input input { width: 250px; -} \ No newline at end of file +} diff --git a/static/dist/css/user_account.bundle.css b/static/dist/css/user_account.bundle.css index 4786185..79f6f8a 100644 --- a/static/dist/css/user_account.bundle.css +++ b/static/dist/css/user_account.bundle.css @@ -73,8 +73,12 @@ .container-input { margin: 0 auto; } +label { + font-weight: bold; +} .container-input input { width: 250px; } + /*# sourceMappingURL=user_account.bundle.css.map*/ \ No newline at end of file diff --git a/static/dist/css/user_account.bundle.css.map b/static/dist/css/user_account.bundle.css.map index 73f7093..8b683ee 100644 --- a/static/dist/css/user_account.bundle.css.map +++ b/static/dist/css/user_account.bundle.css.map @@ -1 +1 @@ -{"version":3,"file":"css/user_account.bundle.css","mappings":";;AAEA;IACI,gBAAgB;IAChB,oBAAoB;IACpB,cAAc;AAClB;;;AAGA,iBAAiB;AACjB;IACI,sBAAsB;AAC1B;;AAEA,eAAe;AACf;IACI,gBAAgB;IAChB,cAAc;IACd,SAAS;IACT,SAAS;IACT,qBAAqB;IACrB,2BAA2B;IAC3B,aAAa;IACb,sBAAsB;IACtB,uBAAuB;IACvB,gBAAgB;IAChB,kBAAkB;IAClB,kBAAkB;IAClB,WAAW;IACX,yBAAyB;AAC7B;;;AAGA,WAAW;AACX;IACI,gBAAgB;IAChB,kBAAkB;IAClB,SAAS;IACT,eAAe;IACf,gBAAgB;IAChB,sCAAsC;IACtC,kBAAkB;IAClB,SAAS;IACT,WAAW;AACf;;AAEA;IACI;QACI,eAAe;QACf,mBAAmB;QACnB,eAAe;QACf,WAAW;QACX,eAAe;IACnB;IACA;QACI,eAAe;IACnB;IACA;QACI,cAAc;IAClB;AACJ;;AAEA;IACI,UAAU;IACV,SAAS;AACb,C;;;AChEA;IACI,aAAa;AACjB;;AAEA;IACI,cAAc;AAClB;AACA;IACI,YAAY;AAChB,C","sources":["webpack://app/./static/css/sections/dog.css","webpack://app/./static/css/pages/user/user.css"],"sourcesContent":["\n\n.container-input > input {\n padding: 0vh 1vh;\n border-radius: 0.5vh;\n max-width: 7vh;\n}\n\n\n/* Right column */\n.rightcolumn {\n min-width: fit-content;\n}\n\n/* Main Table */\n#pageBody {\n max-height: 88vh;\n padding: 0 5vw;\n margin: 0;\n border: 0;\n align-content: center;\n justify-content: flex-start;\n display: flex;\n flex-direction: column;\n align-items: flex-start;\n overflow-y: auto;\n overflow-x: hidden;\n position: absolute;\n width: 90vw;\n color: var(--colour-text);\n}\n\n\n/* Footer */\n.footer {\n padding: 1vh 1vw;\n text-align: center;\n margin: 0;\n max-height: 5vh;\n overflow-y: auto;\n background-color: var(--colour-accent);\n position: absolute;\n bottom: 0;\n width: 98vw;\n}\n\n@media screen and (max-width: 400px) {\n .footer {\n max-height: 8vh;\n padding: 0.75vh 2vw;\n font-size: 10px; \n width: 96vw;\n max-width: 96vw;\n }\n .footer > h4 {\n font-size: 10px;\n }\n .footer > h5 {\n font-size: 9px;\n }\n}\n\n.footer > h4, h5 {\n padding: 0;\n margin: 0;\n}","\n#formFilters {\n display: none;\n}\n\n.container-input {\n margin: 0 auto;\n}\n.container-input input {\n width: 250px;\n}"],"names":[],"sourceRoot":""} \ No newline at end of file +{"version":3,"file":"css/user_account.bundle.css","mappings":";;AAEA;IACI,gBAAgB;IAChB,oBAAoB;IACpB,cAAc;AAClB;;;AAGA,iBAAiB;AACjB;IACI,sBAAsB;AAC1B;;AAEA,eAAe;AACf;IACI,gBAAgB;IAChB,cAAc;IACd,SAAS;IACT,SAAS;IACT,qBAAqB;IACrB,2BAA2B;IAC3B,aAAa;IACb,sBAAsB;IACtB,uBAAuB;IACvB,gBAAgB;IAChB,kBAAkB;IAClB,kBAAkB;IAClB,WAAW;IACX,yBAAyB;AAC7B;;;AAGA,WAAW;AACX;IACI,gBAAgB;IAChB,kBAAkB;IAClB,SAAS;IACT,eAAe;IACf,gBAAgB;IAChB,sCAAsC;IACtC,kBAAkB;IAClB,SAAS;IACT,WAAW;AACf;;AAEA;IACI;QACI,eAAe;QACf,mBAAmB;QACnB,eAAe;QACf,WAAW;QACX,eAAe;IACnB;IACA;QACI,eAAe;IACnB;IACA;QACI,cAAc;IAClB;AACJ;;AAEA;IACI,UAAU;IACV,SAAS;AACb,C;;;AChEA;IACI,aAAa;AACjB;;AAEA;IACI,cAAc;AAClB;AACA;IACI,iBAAiB;AACrB;AACA;IACI,YAAY;AAChB","sources":["webpack://app/./static/css/sections/dog.css","webpack://app/./static/css/pages/user/user.css"],"sourcesContent":["\n\n.container-input > input {\n padding: 0vh 1vh;\n border-radius: 0.5vh;\n max-width: 7vh;\n}\n\n\n/* Right column */\n.rightcolumn {\n min-width: fit-content;\n}\n\n/* Main Table */\n#pageBody {\n max-height: 88vh;\n padding: 0 5vw;\n margin: 0;\n border: 0;\n align-content: center;\n justify-content: flex-start;\n display: flex;\n flex-direction: column;\n align-items: flex-start;\n overflow-y: auto;\n overflow-x: hidden;\n position: absolute;\n width: 90vw;\n color: var(--colour-text);\n}\n\n\n/* Footer */\n.footer {\n padding: 1vh 1vw;\n text-align: center;\n margin: 0;\n max-height: 5vh;\n overflow-y: auto;\n background-color: var(--colour-accent);\n position: absolute;\n bottom: 0;\n width: 98vw;\n}\n\n@media screen and (max-width: 400px) {\n .footer {\n max-height: 8vh;\n padding: 0.75vh 2vw;\n font-size: 10px; \n width: 96vw;\n max-width: 96vw;\n }\n .footer > h4 {\n font-size: 10px;\n }\n .footer > h5 {\n font-size: 9px;\n }\n}\n\n.footer > h4, h5 {\n padding: 0;\n margin: 0;\n}","\n#formFilters {\n display: none;\n}\n\n.container-input {\n margin: 0 auto;\n}\nlabel {\n font-weight: bold;\n}\n.container-input input {\n width: 250px;\n}\n"],"names":[],"sourceRoot":""} \ No newline at end of file