added organization functionality, which defines a user attribute whic…

…h will bury all created topics (and thus permissions) in a parent topic, bumped version to 3.1.0, fixed a bug in the forum api regarding parents

frontend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ocwa-frontend",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "main": "src/index.js",
   "license": "MIT",
   "scripts": {

helm/ocwa/values.yaml

@@ -133,6 +133,8 @@ forum-api:
 
   defaultAccessIsGroup: true
   requiredRoleToCreateTopic: "exporter"
+  ignoreGroups: "\"oc\""
+  adminGroup: "admin"
   user:
     idField: Email
     emailField: Email
@@ -368,8 +370,10 @@ request-api:
   ocwaImportUrl: http://ocwadl-ui.ocwa
   emailTemplateEnabled: false
   emailTemplate: |-
+    
   emailSubmitTemplateEnabled: false
   emailSubmitTemplate: |-
+    
   emailEnabled: false
   emailService: smtp.gmail.com
   emailSecure: true
@@ -382,7 +386,14 @@ request-api:
   gitopsUrl: http://gitops.ocwa
   gitopsSecret: s3cr3t
 
-  createDatabase: false
+  defaultExportFormName: "dataexport"
+  defaultImportFormName: "dataimport"
+  defaultExportCodeFormName: "codeexport"
+  defaultImportCodeFormName: "codeimport"
+  formioUrl: "http://ocwa-formio.ocwa"
+  formioUsername: "admin@example.com"
+  formioPassword: "CHANGEME"
+  orgAttribute: "businessCategory"
 
 
   resources: {}

microservices/forumApi/README.md

@@ -25,7 +25,7 @@ hostip=$(ifconfig en0 | awk '$1 == "inet" {print $2}')
 docker run -e EMAIL_FIELD=Email -e GIVENNAME_FIELD=GivenName -e SURNAME_FIELD=Surname -e GROUP_FIELD=Groups -e JWT_SECRET=MySecret\
            -e DEFAULT_ACCESS_IS_GROUP=true -e REQUIRED_CREATE_ROLE=exporter -e LOG_LEVEL=info -e DB_USERNAME=mongoUser \
            -e DB_PASSWORD=mongoPassword -e DB_NAME=mongoDbName -e USER_ID_FIELD=Email  -e DB_HOST=docker \
-           -e IGNORE_GROUPS="\"group1\", \"group2\"" \
+           -e IGNORE_GROUPS="\"group1\", \"group2\"" -e ADMIN_GROUP=\"admin\"" \
            -e EMAIL_SUBJECT=forumApi -e EMAIL_ENABLED=false -e EMAIL_USER=forum@ocwa.com -e EMAIL_PASSWORD=MYPASS -e EMAIL_FROM=forum@ocwa.com \
            -e EMAIL_SERVICE=smtp.gmail.com -e EMAIL_PORT=465 -e EMAIL_SECURE=true \
            --add-host=docker:$hostip -p $apiport:3000 -p $wsport:2999 ocwa_forum_api

microservices/forumApi/config/default.json.example

@@ -17,6 +17,7 @@
   "defaultAccessIsGroup": true,
   "requiredRoleToCreateTopic": "exporter",
   "ignoreGroupsFromConsideration": [],
+  "adminGroup": "admin",
 
   "user":{
     "idField": "Email",

microservices/forumApi/db/model/topic.js

@@ -39,12 +39,20 @@ model.getAll = function(query, limit, page, user, callback){
             checkGroups.splice(index,1);
         }
     }
+
     if (defaultPermIsGroup) {
         defaultPermOverride = {
             author_groups: {$in: checkGroups}
         };
     }
 
+    var adminGroup = config.has('adminGroup') ? config.get('adminGroup') : false;
+
+    //user is in admin group so they can see everything
+    if ( (adminGroup) && (user.groups.indexOf(adminGroup) !== -1) ){
+        defaultPermOverride = {"permissions.0": {$exists: false}};
+    }
+
     var agg = [
         {
             $match: query
@@ -59,8 +67,8 @@ model.getAll = function(query, limit, page, user, callback){
                             $expr: {
                                 $and: [
                                     {$or: [
-                                            {$eq: ["$topic_id", "$$topicId"] },
-                                            {$eq: ["$topic_id", "$$parent"] },
+                                            {$eq: [{$toObjectId: "$topic_id"}, "$$topicId"] },
+                                            {$eq: [{$toObjectId: "$topic_id"}, "$$parent"] },
                                             {$eq: ["$topic_id", "*"] }
                                         ]},
                                     {$eq: ["$allow", true]}
@@ -108,9 +116,9 @@ model.getAll = function(query, limit, page, user, callback){
     //note skip MUST be before limit or this will not work
     //note because this is an aggregate query the skip and limit must be in the aggregate not the inline functions
 
-    //var util = require('util');
+    // var util = require('util');
 
-    //console.log("get topic ", util.inspect(agg, {showHidden: false, depth: null}));
+    // console.log("get topic ", util.inspect(agg, {showHidden: false, depth: null}));
 
     //console.log("l", limit, "s", skip);
     db.Topic.aggregate(agg).exec(callback);

microservices/forumApi/entrypoint.sh

@@ -16,6 +16,7 @@ printf "\"jwtSecret\": \"${JWT_SECRET}\",\n" >> ./config/default.json
 printf "\"defaultAccessIsGroup\": ${DEFAULT_ACCESS_IS_GROUP},\n" >> ./config/default.json
 printf "\"requiredRoleToCreateTopic\": \"${REQUIRED_CREATE_ROLE}\",\n" >> ./config/default.json
 printf "\"ignoreGroupsFromConsideration\": [${IGNORE_GROUPS}],\n" >> ./config/default.json
+printf "\"adminGroup\": [${ADMIN_GROUP}],\n" >> ./config/default.json
 
 printf "\"user\": {\n" >> ./config/default.json
 printf "\"idField\": \"${USER_ID_FIELD}\",\n" >> ./config/default.json

microservices/forumApi/helm/forum-api/templates/deployment.yaml

@@ -94,6 +94,8 @@ spec:
               value: "{{ .Values.emailFrom }}"
             - name: EMAIL_SUBJECT
               value: "{{ .Values.emailSubject }}"
+            - name: ADMIN_GROUP
+              value: "{{ .Values.adminGroup }}"
 
           ports:
             - name: http

microservices/forumApi/helm/forum-api/values.yaml

@@ -47,6 +47,7 @@ database:
 defaultAccessIsGroup: true
 requiredRoleToCreateTopic: "exporter"
 ignoreGroups: "\"/oc\""
+adminGroup: "admin"
 
 user:
   idField: Email

microservices/forumApi/package.json

@@ -1,7 +1,7 @@
 {
   "name": "forumApi",
   "author": "Brandon Sharratt",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "private": true,
   "scripts": {
     "start": "node ./bin/www",

microservices/forumApi/routes/v1/routes/topics.js

@@ -36,6 +36,11 @@ router.get('/', function(req, res, next) {
         q['parent_id'] = pid;
     }
 
+    if (typeof(req.query.name) !== "undefined"){
+        var name = req.query.name;
+        q['name'] = name;
+    }
+
     if (typeof(req.query.id) !== "undefined"){
         q['_id'] = mongoose.Types.ObjectId(req.query.id);
     }
@@ -69,8 +74,11 @@ router.post("/", function(req, res, next){
 
     var groups = req.user.groups.slice();
 
-    var typeParentId = typeof(req.body.parent_id);
-    topic.parent_id = ( (typeParentId === "string") || (typeParentId === "number") ) ? req.body.parent_id : null;
+    if (typeof(req.body.parent_id) !== "undefined"){
+        try{
+            topic.parent_id = mongoose.Types.ObjectId(req.body.parent_id);
+        }catch(ex){}
+    }
 
     if (config.has('requiredRoleToCreateTopic')){
         var reqRole = config.get('requiredRoleToCreateTopic');

microservices/policyApi/setup.py

@@ -29,7 +29,7 @@ def run_tests(self):
     name='policy',
     author='Brandon Sharratt',
     author_email='',
-    version='3.0.0',
+    version='3.1.0',
     description="OCWA Policy API",
     long_description=read('README.md'),
     license='Apache 2.0',

microservices/projectApi/package.json

@@ -1,7 +1,7 @@
 {
   "name": "project-api",
   "author": "Jeremy Ho",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "license": "Apache-2.0",
   "private": true,
   "scripts": {

microservices/requestApi/README.md

@@ -36,6 +36,9 @@ docker run -e CREATE_ROLE="exporter" -e OC_GROUP="oc" -e REPORTS_GROUP="reports"
            -e EMAIL_SERVICE=smtp.gmail.com -e EMAIL_PORT=465 =e EMAIL_SECURE=true \
            -e OCWA_IMPORT_URL=http://localhost:8000 \
            -e STORAGE_IMP_WARN_SIZE=1024 -e STORAGE_IMP_MAX_SIZE=0 \
+           -e DEFAULT_EXPORT_FORM_NAME=export -e DEFAULT_IMPORT_FORM_NAME=import -e DEFAULT_EXPORT_CODE_FORM_NAME=exportcode -e DEFAULT_IMPORT_CODE_FORM_NAME=importcode \
+           -e FORMIO_URL=http://localhost:3006 -e FORMIO_USERNAME=admin@example.com -e FORMIO_PASSWORD=CHANGEME \
+           -e ORG_ATTRIBUTE=businessCategory \
            -e STORAGE_WARN_SIZE=1024 -e STORAGE_MAX_SIZE=0 -e STORAGE_BUCKET=data -e AUTO_APPROVE=false --add-host=docker:$hostip \
            -e EMAIL_ON_SUBMIT="[{\"name\": \"noone\", \"email\": \"noone@nowhere.ca\"}]" -p $apiport:$apiport ocwa_request_api
 ```

microservices/requestApi/auth/auth.js

@@ -19,6 +19,7 @@ var auth = function(db){
             try{
                 var encodedJWT = req.headers['authorization'].substring("Bearer ".length);
                 var userConf = config.get('user');
+                var orgAttribute = config.has('orgAttribute') ? config.get('orgAttribute') : false;
                 var user = {
                     jwt: encodedJWT,
                     email: jwtPayload[userConf.emailField],
@@ -40,6 +41,10 @@ var auth = function(db){
                 user.outputchecker = isOutputChecker(user);
                 user.supervisor = isInReportsGroup(user); // && !isInGroupToCreateRequest(user);
 
+                if (orgAttribute){
+                    user.organization = jwtPayload[orgAttribute] ? jwtPayload[orgAttribute] : false;
+                }
+
                 logger.verbose('user ' + user.id + ' authenticated successfully ', user.groups, user.supervisor, user.outputchecker);
 
                 // var getVersionedDb = require('../db/db');

microservices/requestApi/config/default.json.example

@@ -61,6 +61,8 @@
     "adminGroup": "admin",
     "allowDenyRequest": true,
 
+    "orgAttribute": "businessCategory",
+
     "projectApi": "http://localhost:2005/",
     "projectApiSecret": "apiKeySecret",
 

microservices/requestApi/db/model/request.js

@@ -163,7 +163,7 @@ var getAllTopics = function(user, filter, callback, page){
     var limit = 100;
     var topics = [];
     var projects = new Map();
-    var url = config.get('forumApi') + '/v1?limit='+limit+'&page='+page+'&parent_id=-1';
+    var url = config.get('forumApi') + '/v1?limit='+limit+'&page='+page;
 
     if ('id' in filter) {
         url += "&id=" + filter['id']

microservices/requestApi/entrypoint.sh

@@ -66,6 +66,7 @@ printf "\"projectApiSecret\": \"${PROJECT_API_KEY}\",\n" >> ./config/default.jso
 printf "\"webhookSecret\": \"${WEBHOOK_API_KEY}\",\n" >> ./config/default.json
 
 printf "\"emailOnInitialSubmit\": ${EMAIL_ON_SUBMIT},\n" >> ./config/default.json
+printf "\"orgAttribute\": ${ORG_ATTRIBUTE},\n" >> ./config/default.json
 
 printf "\"user\": {\n" >> ./config/default.json
 printf "\"idField\": \"${USER_ID_FIELD}\",\n" >> ./config/default.json

microservices/requestApi/helm/request-api/templates/deployment.yaml

@@ -178,6 +178,9 @@ spec:
               value: "{{ .Values.formioUsername }}"
             - name: FORMIO_PASSWORD
               value: "{{ .Values.formioPassword }}"
+
+            - name: ORG_ATTRIBUTE
+              value: "{{ .Values.orgAttribute }}"
 
           ports:
             - name: http

microservices/requestApi/helm/request-api/values.yaml

@@ -108,6 +108,7 @@ defaultImportCodeFormName: "codeimport"
 formioUrl: "http://ocwa-formio.ocwa"
 formioUsername: "admin@example.com"
 formioPassword: "CHANGEME"
+orgAttribute: "businessCategory"
 
 resources: {}
   # If you want to specify resources, uncomment the following

microservices/requestApi/package.json

@@ -1,7 +1,7 @@
 {
   "name": "requestApi",
   "author": "Brandon Sharratt",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "private": true,
   "scripts": {
     "start": "node ./bin/www",

microservices/requestApi/routes/v2/db/model/request.js

@@ -196,8 +196,10 @@ model.getAll = function(query, limit, page, user, callback){
                 $limit: limit
             }
         ];
+        // var util = require('util');
 
-        logger.verbose("v2 model agg", agg);
+        // console.log("v2 model agg", util.inspect(agg, {showHidden: false, depth: null}));
+        logger.verbose("v2 model agg", util.inspect(agg, {showHidden: false, depth: null}));
 
         db.Request.aggregate(agg).exec(function(err, results){
             logger.verbose('v2 finished db call', err, results);