diff --git a/client-code-gen/app-access-control-openapi.json b/client-code-gen/app-access-control-openapi.json index bb2319276..30cab1cb1 100644 --- a/client-code-gen/app-access-control-openapi.json +++ b/client-code-gen/app-access-control-openapi.json @@ -1 +1,1591 @@ -{"openapi":"3.0.3","info":{"title":"Forest Access Management - FAM - API","description":"\nForest Access Management API used by the Forest Access Management application\nto Define who has access to what apps, and what roles they will operate under\n once access is granted.\n","contact":{"name":"Team Heartwood","url":"https://apps.nrs.gov.bc.ca/int/confluence/display/FSAST1/Team+Heartwood","email":"SIBIFSAF@victoria1.gov.bc.ca"},"license":{"name":"Apache 2.0","url":"https://www.apache.org/licenses/LICENSE-2.0.html"},"version":"0.0.1"},"paths":{"/fam_applications/{application_id}/user_role_assignment":{"get":{"tags":["FAM Applications"],"summary":"Get Fam Application User Role Assignment","description":"gets the roles assignment associated with an application","operationId":"get_fam_application_user_role_assignment","security":[{"6jfveou69mgford233or30hmta":[]}],"parameters":[{"name":"application_id","in":"path","required":true,"schema":{"type":"integer","title":"Application Id"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/FamApplicationUserRoleAssignmentGet"},"title":"Response Get Fam Application User Role Assignment"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/user_role_assignment":{"post":{"tags":["FAM User Role Assignment"],"summary":"Create User Role Assignment Many","description":"Grant User Access to an application's role.","operationId":"create_user_role_assignment_many","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/FamUserRoleAssignmentCreate"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FamUserRoleAssignmentResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"security":[{"6jfveou69mgford233or30hmta":[]}]}},"/user_role_assignment/{user_role_xref_id}":{"delete":{"tags":["FAM User Role Assignment"],"summary":"Delete User Role Assignment","description":"Remove a specific application's role from user's access.","operationId":"delete_user_role_assignment","security":[{"6jfveou69mgford233or30hmta":[]}],"parameters":[{"name":"user_role_xref_id","in":"path","required":true,"schema":{"type":"integer","title":"User Role Xref Id"}}],"responses":{"204":{"description":"Successful Response"},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/forest_clients/search":{"get":{"tags":["FAM Forest Clients"],"summary":"Search","description":"Forest Client(s) search (by defined query parameter(s)).\nparam: 'client_number=[query_value]'\n Note! Current Forest Client API limits it to exact search for a whole 8-digits number.\nreturn: List of found FamForestClient. However, currently only 1 exact match returns.","operationId":"search","security":[{"6jfveou69mgford233or30hmta":[]}],"parameters":[{"name":"client_number","in":"query","required":true,"schema":{"type":"string","minLength":3,"maxLength":8,"title":"Client Number"}},{"name":"application_id","in":"query","required":true,"schema":{"type":"integer","title":"Application Id"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/FamForestClient"},"title":"Response Search"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/identity_search/idir":{"get":{"tags":["IDIR/BCeID Proxy"],"summary":"Idir Search","operationId":"idir_search","security":[{"6jfveou69mgford233or30hmta":[]}],"parameters":[{"name":"user_id","in":"query","required":true,"schema":{"type":"string","maxLength":20,"title":"User Id"}},{"name":"application_id","in":"query","required":true,"schema":{"type":"integer","title":"Application Id"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/IdimProxyIdirInfo"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/identity_search/bceid":{"get":{"tags":["IDIR/BCeID Proxy"],"summary":"Bceid Search","operationId":"bceid_search","security":[{"6jfveou69mgford233or30hmta":[]}],"parameters":[{"name":"user_id","in":"query","required":true,"schema":{"type":"string","maxLength":20,"title":"User Id"}},{"name":"application_id","in":"query","required":true,"schema":{"type":"integer","title":"Application Id"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/IdimProxyBceidInfo"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/user_terms_conditions/user:validate":{"post":{"tags":["FAM User Terms and Conditions"],"summary":"Validate User Requires Accept Terms And Conditions","operationId":"validate_user_requires_accept_terms_and_conditions","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"boolean","title":"Response Validate User Requires Accept Terms And Conditions"}}}}},"security":[{"6jfveou69mgford233or30hmta":[]}]}},"/user_terms_conditions":{"post":{"tags":["FAM User Terms and Conditions"],"summary":"Create User Terms And Conditions","description":"Create a record for terms and conditions acceptance. \n\nIf no version is provided, we store the 1st version of the terms and conditions.","operationId":"create_user_terms_and_conditions","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}},"security":[{"6jfveou69mgford233or30hmta":[]}]}},"/users/users-information":{"put":{"tags":["FAM User"],"summary":"Update User Information From Idim Source","description":"Call IDIM web service to grab latest user information and update records in FAM database for IDIR and Business BCeID users","operationId":"update_user_information_from_idim_source","security":[{"APIKeyHeader":[]}],"parameters":[{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1,"title":"Page"}},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":100,"title":"Per Page"}},{"name":"use_pagination","in":"query","required":false,"schema":{"type":"boolean","default":false,"title":"Use Pagination"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FamUserUpdateResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/bcsc/token/dev":{"post":{"tags":["BCSC Proxy"],"summary":"Bcsc Token Dev","operationId":"bcsc_token_dev","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/bcsc/token/test":{"post":{"tags":["BCSC Proxy"],"summary":"Bcsc Token Test","operationId":"bcsc_token_test","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/bcsc/token/prod":{"post":{"tags":["BCSC Proxy"],"summary":"Bcsc Token Prod","operationId":"bcsc_token_prod","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/bcsc/userinfo/dev":{"get":{"tags":["BCSC Proxy"],"summary":"Bcsc Userinfo Dev","operationId":"bcsc_userinfo_dev","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/bcsc/userinfo/test":{"get":{"tags":["BCSC Proxy"],"summary":"Bcsc Userinfo Test","operationId":"bcsc_userinfo_test","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/bcsc/userinfo/prod":{"get":{"tags":["BCSC Proxy"],"summary":"Bcsc Userinfo Prod","operationId":"bcsc_userinfo_prod","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/bcsc/jwks.json":{"get":{"tags":["BCSC Proxy"],"summary":"Bcsc Jwks","operationId":"bcsc_jwks","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/smoke_test":{"get":{"tags":["Smoke Test"],"summary":"Smoke Test","description":"List of different applications that are administered by FAM","operationId":"smoke_test","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}}},"components":{"schemas":{"EmailSendingStatus":{"type":"string","enum":["NOT_REQUIRED","SENT_TO_EMAIL_SERVICE_SUCCESS","SENT_TO_EMAIL_SERVICE_FAILURE"],"title":"EmailSendingStatus"},"FamApplication":{"properties":{"application_id":{"type":"integer","title":"Application Id"},"application_name":{"type":"string","maxLength":100,"title":"Application Name"},"application_description":{"type":"string","maxLength":200,"title":"Application Description"}},"type":"object","required":["application_id","application_name","application_description"],"title":"FamApplication"},"FamApplicationUserRoleAssignmentGet":{"properties":{"user_role_xref_id":{"type":"integer","title":"User Role Xref Id"},"user_id":{"type":"integer","title":"User Id"},"role_id":{"type":"integer","title":"Role Id"},"user":{"$ref":"#/components/schemas/FamUserInfo"},"role":{"$ref":"#/components/schemas/FamRoleWithClient"}},"type":"object","required":["user_role_xref_id","user_id","role_id","user","role"],"title":"FamApplicationUserRoleAssignmentGet"},"FamForestClient":{"properties":{"client_name":{"anyOf":[{"type":"string","maxLength":60},{"type":"null"}],"title":"Client Name"},"forest_client_number":{"type":"string","maxLength":8,"title":"Forest Client Number"},"status":{"anyOf":[{"$ref":"#/components/schemas/FamForestClientStatus"},{"type":"null"}]}},"type":"object","required":["forest_client_number"],"title":"FamForestClient"},"FamForestClientStatus":{"properties":{"status_code":{"$ref":"#/components/schemas/FamForestClientStatusType"},"description":{"type":"string","maxLength":10,"title":"Description"}},"type":"object","required":["status_code","description"],"title":"FamForestClientStatus"},"FamForestClientStatusType":{"type":"string","enum":["A","I"],"title":"FamForestClientStatusType"},"FamRoleMin":{"properties":{"role_name":{"type":"string","maxLength":100,"title":"Role Name"},"role_type_code":{"$ref":"#/components/schemas/RoleType"},"application":{"$ref":"#/components/schemas/FamApplication"}},"type":"object","required":["role_name","role_type_code","application"],"title":"FamRoleMin"},"FamRoleWithClient":{"properties":{"role_name":{"type":"string","maxLength":100,"title":"Role Name"},"role_type_code":{"$ref":"#/components/schemas/RoleType"},"application":{"$ref":"#/components/schemas/FamApplication"},"role_id":{"type":"integer","title":"Role Id"},"client_number":{"anyOf":[{"$ref":"#/components/schemas/FamForestClient"},{"type":"null"}]},"parent_role":{"anyOf":[{"$ref":"#/components/schemas/FamRoleMin"},{"type":"null"}]}},"type":"object","required":["role_name","role_type_code","application","role_id"],"title":"FamRoleWithClient"},"FamUserInfo":{"properties":{"user_name":{"type":"string","maxLength":20,"title":"User Name"},"user_type":{"$ref":"#/components/schemas/FamUserType"},"first_name":{"anyOf":[{"type":"string","maxLength":50},{"type":"null"}],"title":"First Name"},"last_name":{"anyOf":[{"type":"string","maxLength":50},{"type":"null"}],"title":"Last Name"},"email":{"anyOf":[{"type":"string","maxLength":250},{"type":"null"}],"title":"Email"}},"type":"object","required":["user_name","user_type"],"title":"FamUserInfo"},"FamUserRoleAssignmentCreate":{"properties":{"user_name":{"type":"string","maxLength":20,"minLength":3,"title":"User Name"},"user_guid":{"type":"string","maxLength":32,"minLength":32,"title":"User Guid"},"user_type_code":{"$ref":"#/components/schemas/UserType"},"role_id":{"type":"integer","title":"Role Id"},"forest_client_numbers":{"anyOf":[{"items":{"type":"string","maxLength":8,"minLength":1},"type":"array"},{"type":"null"}],"title":"Forest Client Numbers"},"requires_send_user_email":{"type":"boolean","title":"Requires Send User Email","default":false}},"type":"object","required":["user_name","user_guid","user_type_code","role_id"],"title":"FamUserRoleAssignmentCreate"},"FamUserRoleAssignmentCreateResponse":{"properties":{"status_code":{"type":"integer","title":"Status Code"},"detail":{"$ref":"#/components/schemas/FamApplicationUserRoleAssignmentGet"},"error_message":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Error Message"}},"type":"object","required":["status_code","detail"],"title":"FamUserRoleAssignmentCreateResponse"},"FamUserRoleAssignmentResponse":{"properties":{"email_sending_status":{"allOf":[{"$ref":"#/components/schemas/EmailSendingStatus"}],"default":"NOT_REQUIRED"},"assignments_detail":{"items":{"$ref":"#/components/schemas/FamUserRoleAssignmentCreateResponse"},"type":"array","title":"Assignments Detail"}},"type":"object","required":["assignments_detail"],"title":"FamUserRoleAssignmentResponse"},"FamUserType":{"properties":{"code":{"$ref":"#/components/schemas/UserType"},"description":{"type":"string","maxLength":35,"title":"Description"}},"type":"object","required":["code","description"],"title":"FamUserType"},"FamUserUpdateResponse":{"properties":{"total_db_users_count":{"type":"integer","title":"Total Db Users Count"},"current_page":{"type":"integer","title":"Current Page"},"users_count_on_page":{"type":"integer","title":"Users Count On Page"},"success_user_id_list":{"items":{"type":"integer"},"type":"array","title":"Success User Id List"},"failed_user_id_list":{"items":{"type":"integer"},"type":"array","title":"Failed User Id List"},"ignored_user_id_list":{"items":{"type":"integer"},"type":"array","title":"Ignored User Id List"},"mismatch_user_list":{"items":{"type":"integer"},"type":"array","title":"Mismatch User List"}},"type":"object","required":["total_db_users_count","current_page","users_count_on_page","success_user_id_list","failed_user_id_list","ignored_user_id_list","mismatch_user_list"],"title":"FamUserUpdateResponse"},"HTTPValidationError":{"properties":{"detail":{"items":{"$ref":"#/components/schemas/ValidationError"},"type":"array","title":"Detail"}},"type":"object","title":"HTTPValidationError"},"IdimProxyBceidInfo":{"properties":{"found":{"type":"boolean","title":"Found"},"userId":{"type":"string","maxLength":20,"title":"Userid"},"guid":{"anyOf":[{"type":"string","maxLength":32},{"type":"null"}],"title":"Guid"},"businessGuid":{"anyOf":[{"type":"string","maxLength":32},{"type":"null"}],"title":"Businessguid"},"businessLegalName":{"anyOf":[{"type":"string","maxLength":60},{"type":"null"}],"title":"Businesslegalname"},"firstName":{"anyOf":[{"type":"string","maxLength":50},{"type":"null"}],"title":"Firstname"},"lastName":{"anyOf":[{"type":"string","maxLength":50},{"type":"null"}],"title":"Lastname"},"email":{"anyOf":[{"type":"string","maxLength":250},{"type":"null"}],"title":"Email"}},"type":"object","required":["found","userId"],"title":"IdimProxyBceidInfo"},"IdimProxyIdirInfo":{"properties":{"found":{"type":"boolean","title":"Found"},"userId":{"type":"string","maxLength":20,"title":"Userid"},"guid":{"anyOf":[{"type":"string","maxLength":32},{"type":"null"}],"title":"Guid"},"firstName":{"anyOf":[{"type":"string","maxLength":50},{"type":"null"}],"title":"Firstname"},"lastName":{"anyOf":[{"type":"string","maxLength":50},{"type":"null"}],"title":"Lastname"},"email":{"anyOf":[{"type":"string","maxLength":250},{"type":"null"}],"title":"Email"}},"type":"object","required":["found","userId"],"title":"IdimProxyIdirInfo"},"RoleType":{"type":"string","enum":["A","C"],"title":"RoleType"},"UserType":{"type":"string","enum":["I","B"],"title":"UserType"},"ValidationError":{"properties":{"loc":{"items":{"anyOf":[{"type":"string"},{"type":"integer"}]},"type":"array","title":"Location"},"msg":{"type":"string","title":"Message"},"type":{"type":"string","title":"Error Type"}},"type":"object","required":["loc","msg","type"],"title":"ValidationError"}},"securitySchemes":{"6jfveou69mgford233or30hmta":{"type":"oauth2","flows":{"authorizationCode":{"scopes":{},"authorizationUrl":"https://dev-fam-user-pool-domain.auth.ca-central-1.amazoncognito.com/authorize","tokenUrl":"https://dev-fam-user-pool-domain.auth.ca-central-1.amazoncognito.com/token"}}},"APIKeyHeader":{"type":"apiKey","in":"header","name":"X-API-Key"}}},"tags":[{"name":"Forest Access Management - FAM","description":"Controls the user access to different Forest basedapplications and what roles different users will have once logged in"}]} \ No newline at end of file +{ + "openapi": "3.0.3", + "info": { + "title": "Forest Access Management - FAM - API", + "description": "\nForest Access Management API used by the Forest Access Management application\nto Define who has access to what apps, and what roles they will operate under\n once access is granted.\n", + "contact": { + "name": "Team Heartwood", + "url": "https://apps.nrs.gov.bc.ca/int/confluence/display/FSAST1/Team+Heartwood", + "email": "SIBIFSAF@victoria1.gov.bc.ca" + }, + "license": { + "name": "Apache 2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0.html" + }, + "version": "0.0.1" + }, + "paths": { + "/fam_applications/{application_id}/user_role_assignment": { + "get": { + "tags": [ + "FAM Applications" + ], + "summary": "Get Fam Application User Role Assignment", + "description": "gets the roles assignment associated with an application", + "operationId": "get_fam_application_user_role_assignment", + "security": [ + { + "6jfveou69mgford233or30hmta": [] + } + ], + "parameters": [ + { + "name": "application_id", + "in": "path", + "required": true, + "schema": { + "type": "integer", + "title": "Application Id" + } + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FamApplicationUserRoleAssignmentGetSchema" + }, + "title": "Response Get Fam Application User Role Assignment" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, + "/user_role_assignment": { + "post": { + "tags": [ + "FAM User Role Assignment" + ], + "summary": "Create User Role Assignment Many", + "description": "Grant User Access to an application's role.", + "operationId": "create_user_role_assignment_many", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/FamUserRoleAssignmentCreateSchema" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/FamUserRoleAssignmentResponseSchema" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + }, + "security": [ + { + "6jfveou69mgford233or30hmta": [] + } + ] + } + }, + "/user_role_assignment/{user_role_xref_id}": { + "delete": { + "tags": [ + "FAM User Role Assignment" + ], + "summary": "Delete User Role Assignment", + "description": "Remove a specific application's role from user's access.", + "operationId": "delete_user_role_assignment", + "security": [ + { + "6jfveou69mgford233or30hmta": [] + } + ], + "parameters": [ + { + "name": "user_role_xref_id", + "in": "path", + "required": true, + "schema": { + "type": "integer", + "title": "User Role Xref Id" + } + } + ], + "responses": { + "204": { + "description": "Successful Response" + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, + "/forest_clients/search": { + "get": { + "tags": [ + "FAM Forest Clients" + ], + "summary": "Search", + "description": "Forest Client(s) search (by defined query parameter(s)).\nparam: 'client_number=[query_value]'\n Note! Current Forest Client API limits it to exact search for a whole 8-digits number.\nreturn: List of found FamForestClient. However, currently only 1 exact match returns.", + "operationId": "search", + "security": [ + { + "6jfveou69mgford233or30hmta": [] + } + ], + "parameters": [ + { + "name": "client_number", + "in": "query", + "required": true, + "schema": { + "type": "string", + "minLength": 3, + "maxLength": 8, + "title": "Client Number" + } + }, + { + "name": "application_id", + "in": "query", + "required": true, + "schema": { + "type": "integer", + "title": "Application Id" + } + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FamForestClientSchema" + }, + "title": "Response Search" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, + "/identity_search/idir": { + "get": { + "tags": [ + "IDIR/BCeID Proxy" + ], + "summary": "Idir Search", + "operationId": "idir_search", + "security": [ + { + "6jfveou69mgford233or30hmta": [] + } + ], + "parameters": [ + { + "name": "user_id", + "in": "query", + "required": true, + "schema": { + "type": "string", + "maxLength": 20, + "title": "User Id" + } + }, + { + "name": "application_id", + "in": "query", + "required": true, + "schema": { + "type": "integer", + "title": "Application Id" + } + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/IdimProxyIdirInfoSchema" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, + "/identity_search/bceid": { + "get": { + "tags": [ + "IDIR/BCeID Proxy" + ], + "summary": "Bceid Search", + "operationId": "bceid_search", + "security": [ + { + "6jfveou69mgford233or30hmta": [] + } + ], + "parameters": [ + { + "name": "user_id", + "in": "query", + "required": true, + "schema": { + "type": "string", + "maxLength": 20, + "title": "User Id" + } + }, + { + "name": "application_id", + "in": "query", + "required": true, + "schema": { + "type": "integer", + "title": "Application Id" + } + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/IdimProxyBceidInfoSchema" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, + "/user_terms_conditions/user:validate": { + "post": { + "tags": [ + "FAM User Terms and Conditions" + ], + "summary": "Validate User Requires Accept Terms And Conditions", + "operationId": "validate_user_requires_accept_terms_and_conditions", + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "type": "boolean", + "title": "Response Validate User Requires Accept Terms And Conditions" + } + } + } + } + }, + "security": [ + { + "6jfveou69mgford233or30hmta": [] + } + ] + } + }, + "/user_terms_conditions": { + "post": { + "tags": [ + "FAM User Terms and Conditions" + ], + "summary": "Create User Terms And Conditions", + "description": "Create a record for terms and conditions acceptance. \n\nIf no version is provided, we store the 1st version of the terms and conditions.", + "operationId": "create_user_terms_and_conditions", + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + + } + } + } + } + }, + "security": [ + { + "6jfveou69mgford233or30hmta": [] + } + ] + } + }, + "/users/users-information": { + "put": { + "tags": [ + "FAM User" + ], + "summary": "Update User Information From Idim Source", + "description": "Call IDIM web service to grab latest user information and update records in FAM database for IDIR and Business BCeID users", + "operationId": "update_user_information_from_idim_source", + "security": [ + { + "APIKeyHeader": [] + } + ], + "parameters": [ + { + "name": "page", + "in": "query", + "required": false, + "schema": { + "type": "integer", + "default": 1, + "title": "Page" + } + }, + { + "name": "per_page", + "in": "query", + "required": false, + "schema": { + "type": "integer", + "default": 100, + "title": "Per Page" + } + }, + { + "name": "use_pagination", + "in": "query", + "required": false, + "schema": { + "type": "boolean", + "default": false, + "title": "Use Pagination" + } + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/FamUserUpdateResponseSchema" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, + "/permission-audit-history": { + "get": { + "tags": [ + "Permission Audit" + ], + "summary": "Get Permission Audit History By User And Application", + "description": "Retrieve the permission audit history for a given user and application.\n\nArgs:\n userId (int): The ID of the user for whom the audit history is being requested.\n applicationId (int): The ID of the application associated with the audit history.\n\nReturns:\n List[PermissionAuditHistoryResDto]: A list of audit history records for the given user and application.", + "operationId": "get_permission_audit_history_by_user_and_application", + "security": [ + { + "6jfveou69mgford233or30hmta": [] + } + ], + "parameters": [ + { + "name": "user_id", + "in": "query", + "required": true, + "schema": { + "type": "integer", + "title": "User Id" + } + }, + { + "name": "application_id", + "in": "query", + "required": true, + "schema": { + "type": "integer", + "title": "Application Id" + } + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/PermissionAuditHistoryResDto" + }, + "title": "Response Get Permission Audit History By User And Application" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, + "/bcsc/token/dev": { + "post": { + "tags": [ + "BCSC Proxy" + ], + "summary": "Bcsc Token Dev", + "operationId": "bcsc_token_dev", + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + + } + } + } + } + } + } + }, + "/bcsc/token/test": { + "post": { + "tags": [ + "BCSC Proxy" + ], + "summary": "Bcsc Token Test", + "operationId": "bcsc_token_test", + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + + } + } + } + } + } + } + }, + "/bcsc/token/prod": { + "post": { + "tags": [ + "BCSC Proxy" + ], + "summary": "Bcsc Token Prod", + "operationId": "bcsc_token_prod", + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + + } + } + } + } + } + } + }, + "/bcsc/userinfo/dev": { + "get": { + "tags": [ + "BCSC Proxy" + ], + "summary": "Bcsc Userinfo Dev", + "operationId": "bcsc_userinfo_dev", + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + + } + } + } + } + } + } + }, + "/bcsc/userinfo/test": { + "get": { + "tags": [ + "BCSC Proxy" + ], + "summary": "Bcsc Userinfo Test", + "operationId": "bcsc_userinfo_test", + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + + } + } + } + } + } + } + }, + "/bcsc/userinfo/prod": { + "get": { + "tags": [ + "BCSC Proxy" + ], + "summary": "Bcsc Userinfo Prod", + "operationId": "bcsc_userinfo_prod", + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + + } + } + } + } + } + } + }, + "/bcsc/jwks.json": { + "get": { + "tags": [ + "BCSC Proxy" + ], + "summary": "Bcsc Jwks", + "operationId": "bcsc_jwks", + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + + } + } + } + } + } + } + }, + "/smoke_test": { + "get": { + "tags": [ + "Smoke Test" + ], + "summary": "Smoke Test", + "description": "List of different applications that are administered by FAM", + "operationId": "smoke_test", + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + + } + } + } + } + } + } + } + }, + "components": { + "schemas": { + "EmailSendingStatus": { + "type": "string", + "enum": [ + "NOT_REQUIRED", + "SENT_TO_EMAIL_SERVICE_SUCCESS", + "SENT_TO_EMAIL_SERVICE_FAILURE" + ], + "title": "EmailSendingStatus" + }, + "FamApplicationSchema": { + "properties": { + "application_id": { + "type": "integer", + "title": "Application Id" + }, + "application_name": { + "type": "string", + "maxLength": 100, + "title": "Application Name" + }, + "application_description": { + "type": "string", + "maxLength": 200, + "title": "Application Description" + } + }, + "type": "object", + "required": [ + "application_id", + "application_name", + "application_description" + ], + "title": "FamApplicationSchema" + }, + "FamApplicationUserRoleAssignmentGetSchema": { + "properties": { + "user_role_xref_id": { + "type": "integer", + "title": "User Role Xref Id" + }, + "user_id": { + "type": "integer", + "title": "User Id" + }, + "role_id": { + "type": "integer", + "title": "Role Id" + }, + "user": { + "$ref": "#/components/schemas/FamUserInfoSchema" + }, + "role": { + "$ref": "#/components/schemas/FamRoleWithClientSchema" + } + }, + "type": "object", + "required": [ + "user_role_xref_id", + "user_id", + "role_id", + "user", + "role" + ], + "title": "FamApplicationUserRoleAssignmentGetSchema" + }, + "FamForestClientSchema": { + "properties": { + "client_name": { + "anyOf": [ + { + "type": "string", + "maxLength": 60 + }, + { + "type": "null" + } + ], + "title": "Client Name" + }, + "forest_client_number": { + "type": "string", + "maxLength": 8, + "title": "Forest Client Number" + }, + "status": { + "anyOf": [ + { + "$ref": "#/components/schemas/FamForestClientStatusSchema" + }, + { + "type": "null" + } + ] + } + }, + "type": "object", + "required": [ + "forest_client_number" + ], + "title": "FamForestClientSchema" + }, + "FamForestClientStatusSchema": { + "properties": { + "status_code": { + "$ref": "#/components/schemas/FamForestClientStatusType" + }, + "description": { + "type": "string", + "maxLength": 10, + "title": "Description" + } + }, + "type": "object", + "required": [ + "status_code", + "description" + ], + "title": "FamForestClientStatusSchema" + }, + "FamForestClientStatusType": { + "type": "string", + "enum": [ + "A", + "I" + ], + "title": "FamForestClientStatusType" + }, + "FamRoleMinSchema": { + "properties": { + "role_name": { + "type": "string", + "maxLength": 100, + "title": "Role Name" + }, + "role_type_code": { + "$ref": "#/components/schemas/RoleType" + }, + "application": { + "$ref": "#/components/schemas/FamApplicationSchema" + } + }, + "type": "object", + "required": [ + "role_name", + "role_type_code", + "application" + ], + "title": "FamRoleMinSchema" + }, + "FamRoleWithClientSchema": { + "properties": { + "role_name": { + "type": "string", + "maxLength": 100, + "title": "Role Name" + }, + "role_type_code": { + "$ref": "#/components/schemas/RoleType" + }, + "application": { + "$ref": "#/components/schemas/FamApplicationSchema" + }, + "role_id": { + "type": "integer", + "title": "Role Id" + }, + "display_name": { + "anyOf": [ + { + "type": "string", + "maxLength": 100 + }, + { + "type": "null" + } + ], + "title": "Display Name" + }, + "description": { + "anyOf": [ + { + "type": "string", + "maxLength": 300 + }, + { + "type": "null" + } + ], + "title": "Description" + }, + "client_number": { + "anyOf": [ + { + "$ref": "#/components/schemas/FamForestClientSchema" + }, + { + "type": "null" + } + ] + }, + "parent_role": { + "anyOf": [ + { + "$ref": "#/components/schemas/FamRoleMinSchema" + }, + { + "type": "null" + } + ] + } + }, + "type": "object", + "required": [ + "role_name", + "role_type_code", + "application", + "role_id", + "description" + ], + "title": "FamRoleWithClientSchema" + }, + "FamUserInfoSchema": { + "properties": { + "user_name": { + "type": "string", + "maxLength": 20, + "title": "User Name" + }, + "user_type": { + "$ref": "#/components/schemas/FamUserTypeSchema" + }, + "first_name": { + "anyOf": [ + { + "type": "string", + "maxLength": 50 + }, + { + "type": "null" + } + ], + "title": "First Name" + }, + "last_name": { + "anyOf": [ + { + "type": "string", + "maxLength": 50 + }, + { + "type": "null" + } + ], + "title": "Last Name" + }, + "email": { + "anyOf": [ + { + "type": "string", + "maxLength": 250 + }, + { + "type": "null" + } + ], + "title": "Email" + } + }, + "type": "object", + "required": [ + "user_name", + "user_type" + ], + "title": "FamUserInfoSchema" + }, + "FamUserRoleAssignmentCreateResponseSchema": { + "properties": { + "status_code": { + "type": "integer", + "title": "Status Code" + }, + "detail": { + "$ref": "#/components/schemas/FamApplicationUserRoleAssignmentGetSchema" + }, + "error_message": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Error Message" + } + }, + "type": "object", + "required": [ + "status_code", + "detail" + ], + "title": "FamUserRoleAssignmentCreateResponseSchema" + }, + "FamUserRoleAssignmentCreateSchema": { + "properties": { + "user_name": { + "type": "string", + "maxLength": 20, + "minLength": 3, + "title": "User Name" + }, + "user_guid": { + "type": "string", + "maxLength": 32, + "minLength": 32, + "title": "User Guid" + }, + "user_type_code": { + "$ref": "#/components/schemas/UserType" + }, + "role_id": { + "type": "integer", + "title": "Role Id" + }, + "forest_client_numbers": { + "anyOf": [ + { + "items": { + "type": "string", + "maxLength": 8, + "minLength": 1 + }, + "type": "array" + }, + { + "type": "null" + } + ], + "title": "Forest Client Numbers" + }, + "requires_send_user_email": { + "type": "boolean", + "title": "Requires Send User Email", + "default": false + } + }, + "type": "object", + "required": [ + "user_name", + "user_guid", + "user_type_code", + "role_id" + ], + "title": "FamUserRoleAssignmentCreateSchema" + }, + "FamUserRoleAssignmentResponseSchema": { + "properties": { + "email_sending_status": { + "allOf": [ + { + "$ref": "#/components/schemas/EmailSendingStatus" + } + ], + "default": "NOT_REQUIRED" + }, + "assignments_detail": { + "items": { + "$ref": "#/components/schemas/FamUserRoleAssignmentCreateResponseSchema" + }, + "type": "array", + "title": "Assignments Detail" + } + }, + "type": "object", + "required": [ + "assignments_detail" + ], + "title": "FamUserRoleAssignmentResponseSchema" + }, + "FamUserTypeSchema": { + "properties": { + "code": { + "$ref": "#/components/schemas/UserType" + }, + "description": { + "type": "string", + "maxLength": 35, + "title": "Description" + } + }, + "type": "object", + "required": [ + "code", + "description" + ], + "title": "FamUserTypeSchema" + }, + "FamUserUpdateResponseSchema": { + "properties": { + "total_db_users_count": { + "type": "integer", + "title": "Total Db Users Count" + }, + "current_page": { + "type": "integer", + "title": "Current Page" + }, + "users_count_on_page": { + "type": "integer", + "title": "Users Count On Page" + }, + "success_user_id_list": { + "items": { + "type": "integer" + }, + "type": "array", + "title": "Success User Id List" + }, + "failed_user_id_list": { + "items": { + "type": "integer" + }, + "type": "array", + "title": "Failed User Id List" + }, + "ignored_user_id_list": { + "items": { + "type": "integer" + }, + "type": "array", + "title": "Ignored User Id List" + }, + "mismatch_user_list": { + "items": { + "type": "integer" + }, + "type": "array", + "title": "Mismatch User List" + } + }, + "type": "object", + "required": [ + "total_db_users_count", + "current_page", + "users_count_on_page", + "success_user_id_list", + "failed_user_id_list", + "ignored_user_id_list", + "mismatch_user_list" + ], + "title": "FamUserUpdateResponseSchema" + }, + "HTTPValidationError": { + "properties": { + "detail": { + "items": { + "$ref": "#/components/schemas/ValidationError" + }, + "type": "array", + "title": "Detail" + } + }, + "type": "object", + "title": "HTTPValidationError" + }, + "IdimProxyBceidInfoSchema": { + "properties": { + "found": { + "type": "boolean", + "title": "Found" + }, + "userId": { + "type": "string", + "maxLength": 20, + "title": "Userid" + }, + "guid": { + "anyOf": [ + { + "type": "string", + "maxLength": 32 + }, + { + "type": "null" + } + ], + "title": "Guid" + }, + "businessGuid": { + "anyOf": [ + { + "type": "string", + "maxLength": 32 + }, + { + "type": "null" + } + ], + "title": "Businessguid" + }, + "businessLegalName": { + "anyOf": [ + { + "type": "string", + "maxLength": 60 + }, + { + "type": "null" + } + ], + "title": "Businesslegalname" + }, + "firstName": { + "anyOf": [ + { + "type": "string", + "maxLength": 50 + }, + { + "type": "null" + } + ], + "title": "Firstname" + }, + "lastName": { + "anyOf": [ + { + "type": "string", + "maxLength": 50 + }, + { + "type": "null" + } + ], + "title": "Lastname" + }, + "email": { + "anyOf": [ + { + "type": "string", + "maxLength": 250 + }, + { + "type": "null" + } + ], + "title": "Email" + } + }, + "type": "object", + "required": [ + "found", + "userId" + ], + "title": "IdimProxyBceidInfoSchema" + }, + "IdimProxyIdirInfoSchema": { + "properties": { + "found": { + "type": "boolean", + "title": "Found" + }, + "userId": { + "type": "string", + "maxLength": 20, + "title": "Userid" + }, + "guid": { + "anyOf": [ + { + "type": "string", + "maxLength": 32 + }, + { + "type": "null" + } + ], + "title": "Guid" + }, + "firstName": { + "anyOf": [ + { + "type": "string", + "maxLength": 50 + }, + { + "type": "null" + } + ], + "title": "Firstname" + }, + "lastName": { + "anyOf": [ + { + "type": "string", + "maxLength": 50 + }, + { + "type": "null" + } + ], + "title": "Lastname" + }, + "email": { + "anyOf": [ + { + "type": "string", + "maxLength": 250 + }, + { + "type": "null" + } + ], + "title": "Email" + } + }, + "type": "object", + "required": [ + "found", + "userId" + ], + "title": "IdimProxyIdirInfoSchema" + }, + "PermissionAuditHistoryResDto": { + "properties": { + "change_date": { + "type": "string", + "format": "date-time", + "title": "Change Date" + }, + "change_performer_user_details": { + "$ref": "#/components/schemas/PrivilegeChangePerformerSchema" + }, + "change_performer_user_id": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], + "title": "Change Performer User Id" + }, + "create_date": { + "type": "string", + "format": "date-time", + "title": "Create Date" + }, + "create_user": { + "type": "string", + "title": "Create User" + }, + "privilege_change_type_code": { + "type": "string", + "title": "Privilege Change Type Code" + }, + "privilege_details": { + "$ref": "#/components/schemas/PrivilegeDetailsSchema" + } + }, + "type": "object", + "required": [ + "change_date", + "change_performer_user_details", + "change_performer_user_id", + "create_date", + "create_user", + "privilege_change_type_code", + "privilege_details" + ], + "title": "PermissionAuditHistoryResDto", + "description": "This class is used to transfer data related to the changes made to a user's permissions,\ntypically in the context of an audit trail. It encapsulates details about the change,\nincluding when it occurred, who performed the change, who the change was applied to,\nand the specific details of the permission changes.\n\nAttributes:\n change_date (datetime): The date and time when the permission change occurred.\n change_performer_user_details (PrivilegeChangePerformerSchema): Details of the user\n or system that performed the permission change, including relevant user information.\n change_performer_user_id (Optional[int]): The ID of the user who performed the change.\n This may be `None` if the change was performed by the system or if the user ID is unavailable.\n create_date (datetime): The date and time when this record was created in the system.\n create_user (str): The username or identifier of the entity that created this change record.\n privilege_change_type_code (str): The code representing the type of permission change,\n such as adding or removing a specific role or scope.\n privilege_details (PrivilegeDetailsSchema): The details of the permission change,\n including information about the roles and scopes that were added, removed, or modified.\n\nThis DTO is designed to be used in API responses where partial data from the\n`FamPrivilegeChangeAudit` model needs to be exposed. It ensures that only the relevant\nfields are included in the response." + }, + "PrivilegeChangePerformerSchema": { + "properties": { + "username": { + "type": "string", + "maxLength": 20, + "title": "Username" + }, + "first_name": { + "anyOf": [ + { + "type": "string", + "maxLength": 50 + }, + { + "type": "null" + } + ], + "title": "First Name" + }, + "last_name": { + "anyOf": [ + { + "type": "string", + "maxLength": 50 + }, + { + "type": "null" + } + ], + "title": "Last Name" + }, + "email": { + "anyOf": [ + { + "type": "string", + "maxLength": 250 + }, + { + "type": "null" + } + ], + "title": "Email" + } + }, + "type": "object", + "required": [ + "username" + ], + "title": "PrivilegeChangePerformerSchema", + "description": "This schema represents the structure of the `change_user_details` JSON field used in fam_privilege_change_audit.\n\nThe `change_user_details` field captures information about the user who performed a change, including\nthe `username`, `first_name`, `last_name`, and `email`. It is used to record the user details at the time\nof the audit event, ensuring that changes to these details later do not affect the integrity of the audit log.\n\nFor regular users, all fields (`username`, `first_name`, `last_name`, and `email`) are included. However,\nwhen the change is performed by a system account, only the `username` field is present, and it is set to\n\"system\". The schema includes validation logic to enforce this rule.\n\nAttributes:\n username (str): The username of the user performing the change. For system accounts, this is \"system\".\n first_name (str, optional): The first name of the user. Not present for system accounts.\n last_name (str, optional): The last name of the user. Not present for system accounts.\n email (str, optional): The email address of the user. Not present for system accounts.\n\nValidation:\n The schema includes a validator to ensure that for system accounts (where `username` is \"system\"),\n no other fields (`first_name`, `last_name`, `email`) are populated." + }, + "PrivilegeDetailsPermissionTypeEnum": { + "type": "string", + "enum": [ + "End User", + "Delegated Admin", + "Application Admin" + ], + "title": "PrivilegeDetailsPermissionTypeEnum" + }, + "PrivilegeDetailsRoleSchema": { + "properties": { + "role": { + "type": "string", + "maxLength": 100, + "title": "Role" + }, + "scopes": { + "items": { + "$ref": "#/components/schemas/PrivilegeDetailsScopeSchema" + }, + "type": "array", + "title": "Scopes" + } + }, + "type": "object", + "required": [ + "role", + "scopes" + ], + "title": "PrivilegeDetailsRoleSchema" + }, + "PrivilegeDetailsSchema": { + "properties": { + "permission_type": { + "$ref": "#/components/schemas/PrivilegeDetailsPermissionTypeEnum" + }, + "roles": { + "anyOf": [ + { + "items": { + "$ref": "#/components/schemas/PrivilegeDetailsRoleSchema" + }, + "type": "array" + }, + { + "type": "null" + } + ], + "title": "Roles" + } + }, + "type": "object", + "required": [ + "permission_type" + ], + "title": "PrivilegeDetailsSchema", + "description": "This schema represents the structure of the `privilege_details` JSON field used in the `fam_privilege_change_audit` table.\n\nThe `privilege_details` field captures the details of the privileges being changed during a privilege audit event.\nIt includes information about the `permission_type` and, types of permissions, the associated roles and scopes.\n\nAttributes:\n permission_type (PrivilegeDetailsPermissionTypeEnum): The type of permission being changed.\n roles (List[PrivilegeDetailsRoleSchema], optional): A list of roles associated with the permission.\n Required for `END_USER` and `DELEGATED_ADMIN` permission types, and should be omitted for `APPLICATION_ADMIN`.\n\nValidation:\n The schema includes a validator to ensure that roles are appropriately present or absent based on the `permission_type`." + }, + "PrivilegeDetailsScopeSchema": { + "properties": { + "scope_type": { + "$ref": "#/components/schemas/PrivilegeDetailsScopeTypeEnum" + }, + "client_id": { + "anyOf": [ + { + "type": "string", + "maxLength": 8 + }, + { + "type": "null" + } + ], + "title": "Client Id" + }, + "client_name": { + "anyOf": [ + { + "type": "string", + "maxLength": 60 + }, + { + "type": "null" + } + ], + "title": "Client Name" + } + }, + "type": "object", + "required": [ + "scope_type" + ], + "title": "PrivilegeDetailsScopeSchema" + }, + "PrivilegeDetailsScopeTypeEnum": { + "type": "string", + "enum": ["Client"], + "title": "PrivilegeDetailsScopeTypeEnum" + }, + "RoleType": { + "type": "string", + "enum": [ + "A", + "C" + ], + "title": "RoleType" + }, + "UserType": { + "type": "string", + "enum": [ + "I", + "B" + ], + "title": "UserType" + }, + "ValidationError": { + "properties": { + "loc": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ] + }, + "type": "array", + "title": "Location" + }, + "msg": { + "type": "string", + "title": "Message" + }, + "type": { + "type": "string", + "title": "Error Type" + } + }, + "type": "object", + "required": [ + "loc", + "msg", + "type" + ], + "title": "ValidationError" + } + }, + "securitySchemes": { + "6jfveou69mgford233or30hmta": { + "type": "oauth2", + "flows": { + "authorizationCode": { + "scopes": { + + }, + "authorizationUrl": "https://dev-fam-user-pool-domain.auth.ca-central-1.amazoncognito.com/authorize", + "tokenUrl": "https://dev-fam-user-pool-domain.auth.ca-central-1.amazoncognito.com/token" + } + } + }, + "APIKeyHeader": { + "type": "apiKey", + "in": "header", + "name": "X-API-Key" + } + } + }, + "tags": [ + { + "name": "Forest Access Management - FAM", + "description": "Controls the user access to different Forest basedapplications and what roles different users will have once logged in" + } + ] + } diff --git a/client-code-gen/gen/app-access-control-api/.openapi-generator/FILES b/client-code-gen/gen/app-access-control-api/.openapi-generator/FILES index a6eae3351..03df18bf1 100755 --- a/client-code-gen/gen/app-access-control-api/.openapi-generator/FILES +++ b/client-code-gen/gen/app-access-control-api/.openapi-generator/FILES @@ -9,6 +9,7 @@ api/famuser-api.ts api/famuser-role-assignment-api.ts api/famuser-terms-and-conditions-api.ts api/idirbce-idproxy-api.ts +api/permission-audit-api.ts api/smoke-test-api.ts base.ts common.ts @@ -16,24 +17,31 @@ configuration.ts git_push.sh index.ts model/email-sending-status.ts -model/fam-application-user-role-assignment-get.ts -model/fam-application.ts +model/fam-application-schema.ts +model/fam-application-user-role-assignment-get-schema.ts +model/fam-forest-client-schema.ts +model/fam-forest-client-status-schema.ts model/fam-forest-client-status-type.ts -model/fam-forest-client-status.ts -model/fam-forest-client.ts -model/fam-role-min.ts -model/fam-role-with-client.ts -model/fam-user-info.ts -model/fam-user-role-assignment-create-response.ts -model/fam-user-role-assignment-create.ts -model/fam-user-role-assignment-response.ts -model/fam-user-type.ts -model/fam-user-update-response.ts +model/fam-role-min-schema.ts +model/fam-role-with-client-schema.ts +model/fam-user-info-schema.ts +model/fam-user-role-assignment-create-response-schema.ts +model/fam-user-role-assignment-create-schema.ts +model/fam-user-role-assignment-response-schema.ts +model/fam-user-type-schema.ts +model/fam-user-update-response-schema.ts model/httpvalidation-error.ts -model/idim-proxy-bceid-info.ts -model/idim-proxy-idir-info.ts +model/idim-proxy-bceid-info-schema.ts +model/idim-proxy-idir-info-schema.ts model/index.ts model/location-inner.ts +model/permission-audit-history-res-dto.ts +model/privilege-change-performer-schema.ts +model/privilege-details-permission-type-enum.ts +model/privilege-details-role-schema.ts +model/privilege-details-schema.ts +model/privilege-details-scope-schema.ts +model/privilege-details-scope-type-enum.ts model/role-type.ts model/user-type.ts model/validation-error.ts diff --git a/client-code-gen/gen/app-access-control-api/api.ts b/client-code-gen/gen/app-access-control-api/api.ts index 4b05b05ca..e343b392b 100755 --- a/client-code-gen/gen/app-access-control-api/api.ts +++ b/client-code-gen/gen/app-access-control-api/api.ts @@ -2,7 +2,7 @@ /* eslint-disable */ /** * Forest Access Management - FAM - API - * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. * * The version of the OpenAPI document: 0.0.1 * Contact: SIBIFSAF@victoria1.gov.bc.ca @@ -21,5 +21,6 @@ export * from './api/famuser-api'; export * from './api/famuser-role-assignment-api'; export * from './api/famuser-terms-and-conditions-api'; export * from './api/idirbce-idproxy-api'; +export * from './api/permission-audit-api'; export * from './api/smoke-test-api'; diff --git a/client-code-gen/gen/app-access-control-api/api/famapplications-api.ts b/client-code-gen/gen/app-access-control-api/api/famapplications-api.ts index 4a4b67e2b..eee4d5809 100644 --- a/client-code-gen/gen/app-access-control-api/api/famapplications-api.ts +++ b/client-code-gen/gen/app-access-control-api/api/famapplications-api.ts @@ -22,7 +22,7 @@ import { DUMMY_BASE_URL, assertParamExists, setApiKeyToObject, setBasicAuthToObj // @ts-ignore import { BASE_PATH, COLLECTION_FORMATS, RequestArgs, BaseAPI, RequiredError, operationServerMap } from '../base'; // @ts-ignore -import { FamApplicationUserRoleAssignmentGet } from '../model'; +import { FamApplicationUserRoleAssignmentGetSchema } from '../model'; // @ts-ignore import { HTTPValidationError } from '../model'; /** @@ -86,7 +86,7 @@ export const FAMApplicationsApiFp = function(configuration?: Configuration) { * @param {*} [options] Override http request option. * @throws {RequiredError} */ - async getFamApplicationUserRoleAssignment(applicationId: number, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise>> { + async getFamApplicationUserRoleAssignment(applicationId: number, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise>> { const localVarAxiosArgs = await localVarAxiosParamCreator.getFamApplicationUserRoleAssignment(applicationId, options); const localVarOperationServerIndex = configuration?.serverIndex ?? 0; const localVarOperationServerBasePath = operationServerMap['FAMApplicationsApi.getFamApplicationUserRoleAssignment']?.[localVarOperationServerIndex]?.url; @@ -109,7 +109,7 @@ export const FAMApplicationsApiFactory = function (configuration?: Configuration * @param {*} [options] Override http request option. * @throws {RequiredError} */ - getFamApplicationUserRoleAssignment(applicationId: number, options?: any): AxiosPromise> { + getFamApplicationUserRoleAssignment(applicationId: number, options?: any): AxiosPromise> { return localVarFp.getFamApplicationUserRoleAssignment(applicationId, options).then((request) => request(axios, basePath)); }, }; @@ -129,7 +129,7 @@ export interface FAMApplicationsApiInterface { * @throws {RequiredError} * @memberof FAMApplicationsApiInterface */ - getFamApplicationUserRoleAssignment(applicationId: number, options?: RawAxiosRequestConfig): AxiosPromise>; + getFamApplicationUserRoleAssignment(applicationId: number, options?: RawAxiosRequestConfig): AxiosPromise>; } diff --git a/client-code-gen/gen/app-access-control-api/api/famforest-clients-api.ts b/client-code-gen/gen/app-access-control-api/api/famforest-clients-api.ts index fdcc3502c..5a0bf8ac8 100644 --- a/client-code-gen/gen/app-access-control-api/api/famforest-clients-api.ts +++ b/client-code-gen/gen/app-access-control-api/api/famforest-clients-api.ts @@ -22,7 +22,7 @@ import { DUMMY_BASE_URL, assertParamExists, setApiKeyToObject, setBasicAuthToObj // @ts-ignore import { BASE_PATH, COLLECTION_FORMATS, RequestArgs, BaseAPI, RequiredError, operationServerMap } from '../base'; // @ts-ignore -import { FamForestClient } from '../model'; +import { FamForestClientSchema } from '../model'; // @ts-ignore import { HTTPValidationError } from '../model'; /** @@ -97,7 +97,7 @@ export const FAMForestClientsApiFp = function(configuration?: Configuration) { * @param {*} [options] Override http request option. * @throws {RequiredError} */ - async search(clientNumber: string, applicationId: number, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise>> { + async search(clientNumber: string, applicationId: number, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise>> { const localVarAxiosArgs = await localVarAxiosParamCreator.search(clientNumber, applicationId, options); const localVarOperationServerIndex = configuration?.serverIndex ?? 0; const localVarOperationServerBasePath = operationServerMap['FAMForestClientsApi.search']?.[localVarOperationServerIndex]?.url; @@ -121,7 +121,7 @@ export const FAMForestClientsApiFactory = function (configuration?: Configuratio * @param {*} [options] Override http request option. * @throws {RequiredError} */ - search(clientNumber: string, applicationId: number, options?: any): AxiosPromise> { + search(clientNumber: string, applicationId: number, options?: any): AxiosPromise> { return localVarFp.search(clientNumber, applicationId, options).then((request) => request(axios, basePath)); }, }; @@ -142,7 +142,7 @@ export interface FAMForestClientsApiInterface { * @throws {RequiredError} * @memberof FAMForestClientsApiInterface */ - search(clientNumber: string, applicationId: number, options?: RawAxiosRequestConfig): AxiosPromise>; + search(clientNumber: string, applicationId: number, options?: RawAxiosRequestConfig): AxiosPromise>; } diff --git a/client-code-gen/gen/app-access-control-api/api/famuser-api.ts b/client-code-gen/gen/app-access-control-api/api/famuser-api.ts index 677c79eb7..372d1473a 100644 --- a/client-code-gen/gen/app-access-control-api/api/famuser-api.ts +++ b/client-code-gen/gen/app-access-control-api/api/famuser-api.ts @@ -22,7 +22,7 @@ import { DUMMY_BASE_URL, assertParamExists, setApiKeyToObject, setBasicAuthToObj // @ts-ignore import { BASE_PATH, COLLECTION_FORMATS, RequestArgs, BaseAPI, RequiredError, operationServerMap } from '../base'; // @ts-ignore -import { FamUserUpdateResponse } from '../model'; +import { FamUserUpdateResponseSchema } from '../model'; // @ts-ignore import { HTTPValidationError } from '../model'; /** @@ -98,7 +98,7 @@ export const FAMUserApiFp = function(configuration?: Configuration) { * @param {*} [options] Override http request option. * @throws {RequiredError} */ - async updateUserInformationFromIdimSource(page?: number, perPage?: number, usePagination?: boolean, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise> { + async updateUserInformationFromIdimSource(page?: number, perPage?: number, usePagination?: boolean, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise> { const localVarAxiosArgs = await localVarAxiosParamCreator.updateUserInformationFromIdimSource(page, perPage, usePagination, options); const localVarOperationServerIndex = configuration?.serverIndex ?? 0; const localVarOperationServerBasePath = operationServerMap['FAMUserApi.updateUserInformationFromIdimSource']?.[localVarOperationServerIndex]?.url; @@ -123,7 +123,7 @@ export const FAMUserApiFactory = function (configuration?: Configuration, basePa * @param {*} [options] Override http request option. * @throws {RequiredError} */ - updateUserInformationFromIdimSource(page?: number, perPage?: number, usePagination?: boolean, options?: any): AxiosPromise { + updateUserInformationFromIdimSource(page?: number, perPage?: number, usePagination?: boolean, options?: any): AxiosPromise { return localVarFp.updateUserInformationFromIdimSource(page, perPage, usePagination, options).then((request) => request(axios, basePath)); }, }; @@ -145,7 +145,7 @@ export interface FAMUserApiInterface { * @throws {RequiredError} * @memberof FAMUserApiInterface */ - updateUserInformationFromIdimSource(page?: number, perPage?: number, usePagination?: boolean, options?: RawAxiosRequestConfig): AxiosPromise; + updateUserInformationFromIdimSource(page?: number, perPage?: number, usePagination?: boolean, options?: RawAxiosRequestConfig): AxiosPromise; } diff --git a/client-code-gen/gen/app-access-control-api/api/famuser-role-assignment-api.ts b/client-code-gen/gen/app-access-control-api/api/famuser-role-assignment-api.ts index b75daf4cc..76dffd8f4 100644 --- a/client-code-gen/gen/app-access-control-api/api/famuser-role-assignment-api.ts +++ b/client-code-gen/gen/app-access-control-api/api/famuser-role-assignment-api.ts @@ -22,9 +22,9 @@ import { DUMMY_BASE_URL, assertParamExists, setApiKeyToObject, setBasicAuthToObj // @ts-ignore import { BASE_PATH, COLLECTION_FORMATS, RequestArgs, BaseAPI, RequiredError, operationServerMap } from '../base'; // @ts-ignore -import { FamUserRoleAssignmentCreate } from '../model'; +import { FamUserRoleAssignmentCreateSchema } from '../model'; // @ts-ignore -import { FamUserRoleAssignmentResponse } from '../model'; +import { FamUserRoleAssignmentResponseSchema } from '../model'; // @ts-ignore import { HTTPValidationError } from '../model'; /** @@ -36,13 +36,13 @@ export const FAMUserRoleAssignmentApiAxiosParamCreator = function (configuration /** * Grant User Access to an application\'s role. * @summary Create User Role Assignment Many - * @param {FamUserRoleAssignmentCreate} famUserRoleAssignmentCreate + * @param {FamUserRoleAssignmentCreateSchema} famUserRoleAssignmentCreateSchema * @param {*} [options] Override http request option. * @throws {RequiredError} */ - createUserRoleAssignmentMany: async (famUserRoleAssignmentCreate: FamUserRoleAssignmentCreate, options: RawAxiosRequestConfig = {}): Promise => { - // verify required parameter 'famUserRoleAssignmentCreate' is not null or undefined - assertParamExists('createUserRoleAssignmentMany', 'famUserRoleAssignmentCreate', famUserRoleAssignmentCreate) + createUserRoleAssignmentMany: async (famUserRoleAssignmentCreateSchema: FamUserRoleAssignmentCreateSchema, options: RawAxiosRequestConfig = {}): Promise => { + // verify required parameter 'famUserRoleAssignmentCreateSchema' is not null or undefined + assertParamExists('createUserRoleAssignmentMany', 'famUserRoleAssignmentCreateSchema', famUserRoleAssignmentCreateSchema) const localVarPath = `/user_role_assignment`; // use dummy base URL string because the URL constructor only accepts absolute URLs. const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL); @@ -66,7 +66,7 @@ export const FAMUserRoleAssignmentApiAxiosParamCreator = function (configuration setSearchParams(localVarUrlObj, localVarQueryParameter); let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {}; localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers}; - localVarRequestOptions.data = serializeDataIfNeeded(famUserRoleAssignmentCreate, localVarRequestOptions, configuration) + localVarRequestOptions.data = serializeDataIfNeeded(famUserRoleAssignmentCreateSchema, localVarRequestOptions, configuration) return { url: toPathString(localVarUrlObj), @@ -124,12 +124,12 @@ export const FAMUserRoleAssignmentApiFp = function(configuration?: Configuration /** * Grant User Access to an application\'s role. * @summary Create User Role Assignment Many - * @param {FamUserRoleAssignmentCreate} famUserRoleAssignmentCreate + * @param {FamUserRoleAssignmentCreateSchema} famUserRoleAssignmentCreateSchema * @param {*} [options] Override http request option. * @throws {RequiredError} */ - async createUserRoleAssignmentMany(famUserRoleAssignmentCreate: FamUserRoleAssignmentCreate, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise> { - const localVarAxiosArgs = await localVarAxiosParamCreator.createUserRoleAssignmentMany(famUserRoleAssignmentCreate, options); + async createUserRoleAssignmentMany(famUserRoleAssignmentCreateSchema: FamUserRoleAssignmentCreateSchema, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise> { + const localVarAxiosArgs = await localVarAxiosParamCreator.createUserRoleAssignmentMany(famUserRoleAssignmentCreateSchema, options); const localVarOperationServerIndex = configuration?.serverIndex ?? 0; const localVarOperationServerBasePath = operationServerMap['FAMUserRoleAssignmentApi.createUserRoleAssignmentMany']?.[localVarOperationServerIndex]?.url; return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath); @@ -160,12 +160,12 @@ export const FAMUserRoleAssignmentApiFactory = function (configuration?: Configu /** * Grant User Access to an application\'s role. * @summary Create User Role Assignment Many - * @param {FamUserRoleAssignmentCreate} famUserRoleAssignmentCreate + * @param {FamUserRoleAssignmentCreateSchema} famUserRoleAssignmentCreateSchema * @param {*} [options] Override http request option. * @throws {RequiredError} */ - createUserRoleAssignmentMany(famUserRoleAssignmentCreate: FamUserRoleAssignmentCreate, options?: any): AxiosPromise { - return localVarFp.createUserRoleAssignmentMany(famUserRoleAssignmentCreate, options).then((request) => request(axios, basePath)); + createUserRoleAssignmentMany(famUserRoleAssignmentCreateSchema: FamUserRoleAssignmentCreateSchema, options?: any): AxiosPromise { + return localVarFp.createUserRoleAssignmentMany(famUserRoleAssignmentCreateSchema, options).then((request) => request(axios, basePath)); }, /** * Remove a specific application\'s role from user\'s access. @@ -189,12 +189,12 @@ export interface FAMUserRoleAssignmentApiInterface { /** * Grant User Access to an application\'s role. * @summary Create User Role Assignment Many - * @param {FamUserRoleAssignmentCreate} famUserRoleAssignmentCreate + * @param {FamUserRoleAssignmentCreateSchema} famUserRoleAssignmentCreateSchema * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof FAMUserRoleAssignmentApiInterface */ - createUserRoleAssignmentMany(famUserRoleAssignmentCreate: FamUserRoleAssignmentCreate, options?: RawAxiosRequestConfig): AxiosPromise; + createUserRoleAssignmentMany(famUserRoleAssignmentCreateSchema: FamUserRoleAssignmentCreateSchema, options?: RawAxiosRequestConfig): AxiosPromise; /** * Remove a specific application\'s role from user\'s access. @@ -218,13 +218,13 @@ export class FAMUserRoleAssignmentApi extends BaseAPI implements FAMUserRoleAssi /** * Grant User Access to an application\'s role. * @summary Create User Role Assignment Many - * @param {FamUserRoleAssignmentCreate} famUserRoleAssignmentCreate + * @param {FamUserRoleAssignmentCreateSchema} famUserRoleAssignmentCreateSchema * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof FAMUserRoleAssignmentApi */ - public createUserRoleAssignmentMany(famUserRoleAssignmentCreate: FamUserRoleAssignmentCreate, options?: RawAxiosRequestConfig) { - return FAMUserRoleAssignmentApiFp(this.configuration).createUserRoleAssignmentMany(famUserRoleAssignmentCreate, options).then((request) => request(this.axios, this.basePath)); + public createUserRoleAssignmentMany(famUserRoleAssignmentCreateSchema: FamUserRoleAssignmentCreateSchema, options?: RawAxiosRequestConfig) { + return FAMUserRoleAssignmentApiFp(this.configuration).createUserRoleAssignmentMany(famUserRoleAssignmentCreateSchema, options).then((request) => request(this.axios, this.basePath)); } /** diff --git a/client-code-gen/gen/app-access-control-api/api/idirbce-idproxy-api.ts b/client-code-gen/gen/app-access-control-api/api/idirbce-idproxy-api.ts index 9f3135f62..bb1ced537 100644 --- a/client-code-gen/gen/app-access-control-api/api/idirbce-idproxy-api.ts +++ b/client-code-gen/gen/app-access-control-api/api/idirbce-idproxy-api.ts @@ -24,9 +24,9 @@ import { BASE_PATH, COLLECTION_FORMATS, RequestArgs, BaseAPI, RequiredError, ope // @ts-ignore import { HTTPValidationError } from '../model'; // @ts-ignore -import { IdimProxyBceidInfo } from '../model'; +import { IdimProxyBceidInfoSchema } from '../model'; // @ts-ignore -import { IdimProxyIdirInfo } from '../model'; +import { IdimProxyIdirInfoSchema } from '../model'; /** * IDIRBCeIDProxyApi - axios parameter creator * @export @@ -147,7 +147,7 @@ export const IDIRBCeIDProxyApiFp = function(configuration?: Configuration) { * @param {*} [options] Override http request option. * @throws {RequiredError} */ - async bceidSearch(userId: string, applicationId: number, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise> { + async bceidSearch(userId: string, applicationId: number, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise> { const localVarAxiosArgs = await localVarAxiosParamCreator.bceidSearch(userId, applicationId, options); const localVarOperationServerIndex = configuration?.serverIndex ?? 0; const localVarOperationServerBasePath = operationServerMap['IDIRBCeIDProxyApi.bceidSearch']?.[localVarOperationServerIndex]?.url; @@ -161,7 +161,7 @@ export const IDIRBCeIDProxyApiFp = function(configuration?: Configuration) { * @param {*} [options] Override http request option. * @throws {RequiredError} */ - async idirSearch(userId: string, applicationId: number, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise> { + async idirSearch(userId: string, applicationId: number, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise> { const localVarAxiosArgs = await localVarAxiosParamCreator.idirSearch(userId, applicationId, options); const localVarOperationServerIndex = configuration?.serverIndex ?? 0; const localVarOperationServerBasePath = operationServerMap['IDIRBCeIDProxyApi.idirSearch']?.[localVarOperationServerIndex]?.url; @@ -185,7 +185,7 @@ export const IDIRBCeIDProxyApiFactory = function (configuration?: Configuration, * @param {*} [options] Override http request option. * @throws {RequiredError} */ - bceidSearch(userId: string, applicationId: number, options?: any): AxiosPromise { + bceidSearch(userId: string, applicationId: number, options?: any): AxiosPromise { return localVarFp.bceidSearch(userId, applicationId, options).then((request) => request(axios, basePath)); }, /** @@ -196,7 +196,7 @@ export const IDIRBCeIDProxyApiFactory = function (configuration?: Configuration, * @param {*} [options] Override http request option. * @throws {RequiredError} */ - idirSearch(userId: string, applicationId: number, options?: any): AxiosPromise { + idirSearch(userId: string, applicationId: number, options?: any): AxiosPromise { return localVarFp.idirSearch(userId, applicationId, options).then((request) => request(axios, basePath)); }, }; @@ -217,7 +217,7 @@ export interface IDIRBCeIDProxyApiInterface { * @throws {RequiredError} * @memberof IDIRBCeIDProxyApiInterface */ - bceidSearch(userId: string, applicationId: number, options?: RawAxiosRequestConfig): AxiosPromise; + bceidSearch(userId: string, applicationId: number, options?: RawAxiosRequestConfig): AxiosPromise; /** * @@ -228,7 +228,7 @@ export interface IDIRBCeIDProxyApiInterface { * @throws {RequiredError} * @memberof IDIRBCeIDProxyApiInterface */ - idirSearch(userId: string, applicationId: number, options?: RawAxiosRequestConfig): AxiosPromise; + idirSearch(userId: string, applicationId: number, options?: RawAxiosRequestConfig): AxiosPromise; } diff --git a/client-code-gen/gen/app-access-control-api/api/permission-audit-api.ts b/client-code-gen/gen/app-access-control-api/api/permission-audit-api.ts new file mode 100644 index 000000000..f167af0f5 --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/api/permission-audit-api.ts @@ -0,0 +1,169 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +import type { Configuration } from '../configuration'; +import type { AxiosPromise, AxiosInstance, RawAxiosRequestConfig } from 'axios'; +import globalAxios from 'axios'; +// Some imports not used depending on template conditions +// @ts-ignore +import { DUMMY_BASE_URL, assertParamExists, setApiKeyToObject, setBasicAuthToObject, setBearerAuthToObject, setOAuthToObject, setSearchParams, serializeDataIfNeeded, toPathString, createRequestFunction } from '../common'; +// @ts-ignore +import { BASE_PATH, COLLECTION_FORMATS, RequestArgs, BaseAPI, RequiredError, operationServerMap } from '../base'; +// @ts-ignore +import { HTTPValidationError } from '../model'; +// @ts-ignore +import { PermissionAuditHistoryResDto } from '../model'; +/** + * PermissionAuditApi - axios parameter creator + * @export + */ +export const PermissionAuditApiAxiosParamCreator = function (configuration?: Configuration) { + return { + /** + * Retrieve the permission audit history for a given user and application. Args: userId (int): The ID of the user for whom the audit history is being requested. applicationId (int): The ID of the application associated with the audit history. Returns: List[PermissionAuditHistoryResDto]: A list of audit history records for the given user and application. + * @summary Get Permission Audit History By User And Application + * @param {number} userId + * @param {number} applicationId + * @param {*} [options] Override http request option. + * @throws {RequiredError} + */ + getPermissionAuditHistoryByUserAndApplication: async (userId: number, applicationId: number, options: RawAxiosRequestConfig = {}): Promise => { + // verify required parameter 'userId' is not null or undefined + assertParamExists('getPermissionAuditHistoryByUserAndApplication', 'userId', userId) + // verify required parameter 'applicationId' is not null or undefined + assertParamExists('getPermissionAuditHistoryByUserAndApplication', 'applicationId', applicationId) + const localVarPath = `/permission-audit-history`; + // use dummy base URL string because the URL constructor only accepts absolute URLs. + const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL); + let baseOptions; + if (configuration) { + baseOptions = configuration.baseOptions; + } + + const localVarRequestOptions = { method: 'GET', ...baseOptions, ...options}; + const localVarHeaderParameter = {} as any; + const localVarQueryParameter = {} as any; + + // authentication 6jfveou69mgford233or30hmta required + // oauth required + await setOAuthToObject(localVarHeaderParameter, "6jfveou69mgford233or30hmta", [], configuration) + + if (userId !== undefined) { + localVarQueryParameter['user_id'] = userId; + } + + if (applicationId !== undefined) { + localVarQueryParameter['application_id'] = applicationId; + } + + + + setSearchParams(localVarUrlObj, localVarQueryParameter); + let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {}; + localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers}; + + return { + url: toPathString(localVarUrlObj), + options: localVarRequestOptions, + }; + }, + } +}; + +/** + * PermissionAuditApi - functional programming interface + * @export + */ +export const PermissionAuditApiFp = function(configuration?: Configuration) { + const localVarAxiosParamCreator = PermissionAuditApiAxiosParamCreator(configuration) + return { + /** + * Retrieve the permission audit history for a given user and application. Args: userId (int): The ID of the user for whom the audit history is being requested. applicationId (int): The ID of the application associated with the audit history. Returns: List[PermissionAuditHistoryResDto]: A list of audit history records for the given user and application. + * @summary Get Permission Audit History By User And Application + * @param {number} userId + * @param {number} applicationId + * @param {*} [options] Override http request option. + * @throws {RequiredError} + */ + async getPermissionAuditHistoryByUserAndApplication(userId: number, applicationId: number, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise>> { + const localVarAxiosArgs = await localVarAxiosParamCreator.getPermissionAuditHistoryByUserAndApplication(userId, applicationId, options); + const localVarOperationServerIndex = configuration?.serverIndex ?? 0; + const localVarOperationServerBasePath = operationServerMap['PermissionAuditApi.getPermissionAuditHistoryByUserAndApplication']?.[localVarOperationServerIndex]?.url; + return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath); + }, + } +}; + +/** + * PermissionAuditApi - factory interface + * @export + */ +export const PermissionAuditApiFactory = function (configuration?: Configuration, basePath?: string, axios?: AxiosInstance) { + const localVarFp = PermissionAuditApiFp(configuration) + return { + /** + * Retrieve the permission audit history for a given user and application. Args: userId (int): The ID of the user for whom the audit history is being requested. applicationId (int): The ID of the application associated with the audit history. Returns: List[PermissionAuditHistoryResDto]: A list of audit history records for the given user and application. + * @summary Get Permission Audit History By User And Application + * @param {number} userId + * @param {number} applicationId + * @param {*} [options] Override http request option. + * @throws {RequiredError} + */ + getPermissionAuditHistoryByUserAndApplication(userId: number, applicationId: number, options?: any): AxiosPromise> { + return localVarFp.getPermissionAuditHistoryByUserAndApplication(userId, applicationId, options).then((request) => request(axios, basePath)); + }, + }; +}; + +/** + * PermissionAuditApi - interface + * @export + * @interface PermissionAuditApi + */ +export interface PermissionAuditApiInterface { + /** + * Retrieve the permission audit history for a given user and application. Args: userId (int): The ID of the user for whom the audit history is being requested. applicationId (int): The ID of the application associated with the audit history. Returns: List[PermissionAuditHistoryResDto]: A list of audit history records for the given user and application. + * @summary Get Permission Audit History By User And Application + * @param {number} userId + * @param {number} applicationId + * @param {*} [options] Override http request option. + * @throws {RequiredError} + * @memberof PermissionAuditApiInterface + */ + getPermissionAuditHistoryByUserAndApplication(userId: number, applicationId: number, options?: RawAxiosRequestConfig): AxiosPromise>; + +} + +/** + * PermissionAuditApi - object-oriented interface + * @export + * @class PermissionAuditApi + * @extends {BaseAPI} + */ +export class PermissionAuditApi extends BaseAPI implements PermissionAuditApiInterface { + /** + * Retrieve the permission audit history for a given user and application. Args: userId (int): The ID of the user for whom the audit history is being requested. applicationId (int): The ID of the application associated with the audit history. Returns: List[PermissionAuditHistoryResDto]: A list of audit history records for the given user and application. + * @summary Get Permission Audit History By User And Application + * @param {number} userId + * @param {number} applicationId + * @param {*} [options] Override http request option. + * @throws {RequiredError} + * @memberof PermissionAuditApi + */ + public getPermissionAuditHistoryByUserAndApplication(userId: number, applicationId: number, options?: RawAxiosRequestConfig) { + return PermissionAuditApiFp(this.configuration).getPermissionAuditHistoryByUserAndApplication(userId, applicationId, options).then((request) => request(this.axios, this.basePath)); + } +} + diff --git a/client-code-gen/gen/app-access-control-api/model/fam-application-schema.ts b/client-code-gen/gen/app-access-control-api/model/fam-application-schema.ts new file mode 100644 index 000000000..abd3c3ee9 --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/fam-application-schema.ts @@ -0,0 +1,42 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + + +/** + * + * @export + * @interface FamApplicationSchema + */ +export interface FamApplicationSchema { + /** + * + * @type {number} + * @memberof FamApplicationSchema + */ + 'application_id': number; + /** + * + * @type {string} + * @memberof FamApplicationSchema + */ + 'application_name': string; + /** + * + * @type {string} + * @memberof FamApplicationSchema + */ + 'application_description': string; +} + diff --git a/client-code-gen/gen/app-access-control-api/model/fam-application-user-role-assignment-get-schema.ts b/client-code-gen/gen/app-access-control-api/model/fam-application-user-role-assignment-get-schema.ts new file mode 100644 index 000000000..ddcd1573e --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/fam-application-user-role-assignment-get-schema.ts @@ -0,0 +1,60 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +// May contain unused imports in some cases +// @ts-ignore +import { FamRoleWithClientSchema } from './fam-role-with-client-schema'; +// May contain unused imports in some cases +// @ts-ignore +import { FamUserInfoSchema } from './fam-user-info-schema'; + +/** + * + * @export + * @interface FamApplicationUserRoleAssignmentGetSchema + */ +export interface FamApplicationUserRoleAssignmentGetSchema { + /** + * + * @type {number} + * @memberof FamApplicationUserRoleAssignmentGetSchema + */ + 'user_role_xref_id': number; + /** + * + * @type {number} + * @memberof FamApplicationUserRoleAssignmentGetSchema + */ + 'user_id': number; + /** + * + * @type {number} + * @memberof FamApplicationUserRoleAssignmentGetSchema + */ + 'role_id': number; + /** + * + * @type {FamUserInfoSchema} + * @memberof FamApplicationUserRoleAssignmentGetSchema + */ + 'user': FamUserInfoSchema; + /** + * + * @type {FamRoleWithClientSchema} + * @memberof FamApplicationUserRoleAssignmentGetSchema + */ + 'role': FamRoleWithClientSchema; +} + diff --git a/client-code-gen/gen/app-access-control-api/model/fam-forest-client-schema.ts b/client-code-gen/gen/app-access-control-api/model/fam-forest-client-schema.ts new file mode 100644 index 000000000..4a745ebda --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/fam-forest-client-schema.ts @@ -0,0 +1,45 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +// May contain unused imports in some cases +// @ts-ignore +import { FamForestClientStatusSchema } from './fam-forest-client-status-schema'; + +/** + * + * @export + * @interface FamForestClientSchema + */ +export interface FamForestClientSchema { + /** + * + * @type {string} + * @memberof FamForestClientSchema + */ + 'client_name'?: string | null; + /** + * + * @type {string} + * @memberof FamForestClientSchema + */ + 'forest_client_number': string; + /** + * + * @type {FamForestClientStatusSchema} + * @memberof FamForestClientSchema + */ + 'status'?: FamForestClientStatusSchema | null; +} + diff --git a/client-code-gen/gen/app-access-control-api/model/fam-forest-client-status-schema.ts b/client-code-gen/gen/app-access-control-api/model/fam-forest-client-status-schema.ts new file mode 100644 index 000000000..3485357a2 --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/fam-forest-client-status-schema.ts @@ -0,0 +1,41 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +// May contain unused imports in some cases +// @ts-ignore +import { FamForestClientStatusType } from './fam-forest-client-status-type'; + +/** + * + * @export + * @interface FamForestClientStatusSchema + */ +export interface FamForestClientStatusSchema { + /** + * + * @type {FamForestClientStatusType} + * @memberof FamForestClientStatusSchema + */ + 'status_code': FamForestClientStatusType; + /** + * + * @type {string} + * @memberof FamForestClientStatusSchema + */ + 'description': string; +} + + + diff --git a/client-code-gen/gen/app-access-control-api/model/fam-role-min-schema.ts b/client-code-gen/gen/app-access-control-api/model/fam-role-min-schema.ts new file mode 100644 index 000000000..483e814e8 --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/fam-role-min-schema.ts @@ -0,0 +1,50 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +// May contain unused imports in some cases +// @ts-ignore +import { FamApplicationSchema } from './fam-application-schema'; +// May contain unused imports in some cases +// @ts-ignore +import { RoleType } from './role-type'; + +/** + * + * @export + * @interface FamRoleMinSchema + */ +export interface FamRoleMinSchema { + /** + * + * @type {string} + * @memberof FamRoleMinSchema + */ + 'role_name': string; + /** + * + * @type {RoleType} + * @memberof FamRoleMinSchema + */ + 'role_type_code': RoleType; + /** + * + * @type {FamApplicationSchema} + * @memberof FamRoleMinSchema + */ + 'application': FamApplicationSchema; +} + + + diff --git a/client-code-gen/gen/app-access-control-api/model/fam-role-with-client-schema.ts b/client-code-gen/gen/app-access-control-api/model/fam-role-with-client-schema.ts new file mode 100644 index 000000000..f4dd0d91d --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/fam-role-with-client-schema.ts @@ -0,0 +1,86 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +// May contain unused imports in some cases +// @ts-ignore +import { FamApplicationSchema } from './fam-application-schema'; +// May contain unused imports in some cases +// @ts-ignore +import { FamForestClientSchema } from './fam-forest-client-schema'; +// May contain unused imports in some cases +// @ts-ignore +import { FamRoleMinSchema } from './fam-role-min-schema'; +// May contain unused imports in some cases +// @ts-ignore +import { RoleType } from './role-type'; + +/** + * + * @export + * @interface FamRoleWithClientSchema + */ +export interface FamRoleWithClientSchema { + /** + * + * @type {string} + * @memberof FamRoleWithClientSchema + */ + 'role_name': string; + /** + * + * @type {RoleType} + * @memberof FamRoleWithClientSchema + */ + 'role_type_code': RoleType; + /** + * + * @type {FamApplicationSchema} + * @memberof FamRoleWithClientSchema + */ + 'application': FamApplicationSchema; + /** + * + * @type {number} + * @memberof FamRoleWithClientSchema + */ + 'role_id': number; + /** + * + * @type {string} + * @memberof FamRoleWithClientSchema + */ + 'display_name'?: string | null; + /** + * + * @type {string} + * @memberof FamRoleWithClientSchema + */ + 'description': string | null; + /** + * + * @type {FamForestClientSchema} + * @memberof FamRoleWithClientSchema + */ + 'client_number'?: FamForestClientSchema | null; + /** + * + * @type {FamRoleMinSchema} + * @memberof FamRoleWithClientSchema + */ + 'parent_role'?: FamRoleMinSchema | null; +} + + + diff --git a/client-code-gen/gen/app-access-control-api/model/fam-user-info-schema.ts b/client-code-gen/gen/app-access-control-api/model/fam-user-info-schema.ts new file mode 100644 index 000000000..03b590cba --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/fam-user-info-schema.ts @@ -0,0 +1,57 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +// May contain unused imports in some cases +// @ts-ignore +import { FamUserTypeSchema } from './fam-user-type-schema'; + +/** + * + * @export + * @interface FamUserInfoSchema + */ +export interface FamUserInfoSchema { + /** + * + * @type {string} + * @memberof FamUserInfoSchema + */ + 'user_name': string; + /** + * + * @type {FamUserTypeSchema} + * @memberof FamUserInfoSchema + */ + 'user_type': FamUserTypeSchema; + /** + * + * @type {string} + * @memberof FamUserInfoSchema + */ + 'first_name'?: string | null; + /** + * + * @type {string} + * @memberof FamUserInfoSchema + */ + 'last_name'?: string | null; + /** + * + * @type {string} + * @memberof FamUserInfoSchema + */ + 'email'?: string | null; +} + diff --git a/client-code-gen/gen/app-access-control-api/model/fam-user-role-assignment-create-response-schema.ts b/client-code-gen/gen/app-access-control-api/model/fam-user-role-assignment-create-response-schema.ts new file mode 100644 index 000000000..acd3b70a1 --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/fam-user-role-assignment-create-response-schema.ts @@ -0,0 +1,45 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +// May contain unused imports in some cases +// @ts-ignore +import { FamApplicationUserRoleAssignmentGetSchema } from './fam-application-user-role-assignment-get-schema'; + +/** + * + * @export + * @interface FamUserRoleAssignmentCreateResponseSchema + */ +export interface FamUserRoleAssignmentCreateResponseSchema { + /** + * + * @type {number} + * @memberof FamUserRoleAssignmentCreateResponseSchema + */ + 'status_code': number; + /** + * + * @type {FamApplicationUserRoleAssignmentGetSchema} + * @memberof FamUserRoleAssignmentCreateResponseSchema + */ + 'detail': FamApplicationUserRoleAssignmentGetSchema; + /** + * + * @type {string} + * @memberof FamUserRoleAssignmentCreateResponseSchema + */ + 'error_message'?: string | null; +} + diff --git a/client-code-gen/gen/app-access-control-api/model/fam-user-role-assignment-create-schema.ts b/client-code-gen/gen/app-access-control-api/model/fam-user-role-assignment-create-schema.ts new file mode 100644 index 000000000..270e85147 --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/fam-user-role-assignment-create-schema.ts @@ -0,0 +1,65 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +// May contain unused imports in some cases +// @ts-ignore +import { UserType } from './user-type'; + +/** + * + * @export + * @interface FamUserRoleAssignmentCreateSchema + */ +export interface FamUserRoleAssignmentCreateSchema { + /** + * + * @type {string} + * @memberof FamUserRoleAssignmentCreateSchema + */ + 'user_name': string; + /** + * + * @type {string} + * @memberof FamUserRoleAssignmentCreateSchema + */ + 'user_guid': string; + /** + * + * @type {UserType} + * @memberof FamUserRoleAssignmentCreateSchema + */ + 'user_type_code': UserType; + /** + * + * @type {number} + * @memberof FamUserRoleAssignmentCreateSchema + */ + 'role_id': number; + /** + * + * @type {Array} + * @memberof FamUserRoleAssignmentCreateSchema + */ + 'forest_client_numbers'?: Array | null; + /** + * + * @type {boolean} + * @memberof FamUserRoleAssignmentCreateSchema + */ + 'requires_send_user_email'?: boolean; +} + + + diff --git a/client-code-gen/gen/app-access-control-api/model/fam-user-role-assignment-response-schema.ts b/client-code-gen/gen/app-access-control-api/model/fam-user-role-assignment-response-schema.ts new file mode 100644 index 000000000..8e3a32f1f --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/fam-user-role-assignment-response-schema.ts @@ -0,0 +1,44 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +// May contain unused imports in some cases +// @ts-ignore +import { EmailSendingStatus } from './email-sending-status'; +// May contain unused imports in some cases +// @ts-ignore +import { FamUserRoleAssignmentCreateResponseSchema } from './fam-user-role-assignment-create-response-schema'; + +/** + * + * @export + * @interface FamUserRoleAssignmentResponseSchema + */ +export interface FamUserRoleAssignmentResponseSchema { + /** + * + * @type {EmailSendingStatus} + * @memberof FamUserRoleAssignmentResponseSchema + */ + 'email_sending_status'?: EmailSendingStatus; + /** + * + * @type {Array} + * @memberof FamUserRoleAssignmentResponseSchema + */ + 'assignments_detail': Array; +} + + + diff --git a/client-code-gen/gen/app-access-control-api/model/fam-user-type-schema.ts b/client-code-gen/gen/app-access-control-api/model/fam-user-type-schema.ts new file mode 100644 index 000000000..e2614e510 --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/fam-user-type-schema.ts @@ -0,0 +1,41 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +// May contain unused imports in some cases +// @ts-ignore +import { UserType } from './user-type'; + +/** + * + * @export + * @interface FamUserTypeSchema + */ +export interface FamUserTypeSchema { + /** + * + * @type {UserType} + * @memberof FamUserTypeSchema + */ + 'code': UserType; + /** + * + * @type {string} + * @memberof FamUserTypeSchema + */ + 'description': string; +} + + + diff --git a/client-code-gen/gen/app-access-control-api/model/fam-user-update-response-schema.ts b/client-code-gen/gen/app-access-control-api/model/fam-user-update-response-schema.ts new file mode 100644 index 000000000..720719d49 --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/fam-user-update-response-schema.ts @@ -0,0 +1,66 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + + +/** + * + * @export + * @interface FamUserUpdateResponseSchema + */ +export interface FamUserUpdateResponseSchema { + /** + * + * @type {number} + * @memberof FamUserUpdateResponseSchema + */ + 'total_db_users_count': number; + /** + * + * @type {number} + * @memberof FamUserUpdateResponseSchema + */ + 'current_page': number; + /** + * + * @type {number} + * @memberof FamUserUpdateResponseSchema + */ + 'users_count_on_page': number; + /** + * + * @type {Array} + * @memberof FamUserUpdateResponseSchema + */ + 'success_user_id_list': Array; + /** + * + * @type {Array} + * @memberof FamUserUpdateResponseSchema + */ + 'failed_user_id_list': Array; + /** + * + * @type {Array} + * @memberof FamUserUpdateResponseSchema + */ + 'ignored_user_id_list': Array; + /** + * + * @type {Array} + * @memberof FamUserUpdateResponseSchema + */ + 'mismatch_user_list': Array; +} + diff --git a/client-code-gen/gen/app-access-control-api/model/idim-proxy-bceid-info-schema.ts b/client-code-gen/gen/app-access-control-api/model/idim-proxy-bceid-info-schema.ts new file mode 100644 index 000000000..1ea16f84f --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/idim-proxy-bceid-info-schema.ts @@ -0,0 +1,72 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + + +/** + * + * @export + * @interface IdimProxyBceidInfoSchema + */ +export interface IdimProxyBceidInfoSchema { + /** + * + * @type {boolean} + * @memberof IdimProxyBceidInfoSchema + */ + 'found': boolean; + /** + * + * @type {string} + * @memberof IdimProxyBceidInfoSchema + */ + 'userId': string; + /** + * + * @type {string} + * @memberof IdimProxyBceidInfoSchema + */ + 'guid'?: string | null; + /** + * + * @type {string} + * @memberof IdimProxyBceidInfoSchema + */ + 'businessGuid'?: string | null; + /** + * + * @type {string} + * @memberof IdimProxyBceidInfoSchema + */ + 'businessLegalName'?: string | null; + /** + * + * @type {string} + * @memberof IdimProxyBceidInfoSchema + */ + 'firstName'?: string | null; + /** + * + * @type {string} + * @memberof IdimProxyBceidInfoSchema + */ + 'lastName'?: string | null; + /** + * + * @type {string} + * @memberof IdimProxyBceidInfoSchema + */ + 'email'?: string | null; +} + diff --git a/client-code-gen/gen/app-access-control-api/model/idim-proxy-idir-info-schema.ts b/client-code-gen/gen/app-access-control-api/model/idim-proxy-idir-info-schema.ts new file mode 100644 index 000000000..1ae5f682e --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/idim-proxy-idir-info-schema.ts @@ -0,0 +1,60 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + + +/** + * + * @export + * @interface IdimProxyIdirInfoSchema + */ +export interface IdimProxyIdirInfoSchema { + /** + * + * @type {boolean} + * @memberof IdimProxyIdirInfoSchema + */ + 'found': boolean; + /** + * + * @type {string} + * @memberof IdimProxyIdirInfoSchema + */ + 'userId': string; + /** + * + * @type {string} + * @memberof IdimProxyIdirInfoSchema + */ + 'guid'?: string | null; + /** + * + * @type {string} + * @memberof IdimProxyIdirInfoSchema + */ + 'firstName'?: string | null; + /** + * + * @type {string} + * @memberof IdimProxyIdirInfoSchema + */ + 'lastName'?: string | null; + /** + * + * @type {string} + * @memberof IdimProxyIdirInfoSchema + */ + 'email'?: string | null; +} + diff --git a/client-code-gen/gen/app-access-control-api/model/index.ts b/client-code-gen/gen/app-access-control-api/model/index.ts index 2b6b594fd..e8e51e4fe 100644 --- a/client-code-gen/gen/app-access-control-api/model/index.ts +++ b/client-code-gen/gen/app-access-control-api/model/index.ts @@ -1,21 +1,28 @@ export * from './email-sending-status'; -export * from './fam-application'; -export * from './fam-application-user-role-assignment-get'; -export * from './fam-forest-client'; -export * from './fam-forest-client-status'; +export * from './fam-application-schema'; +export * from './fam-application-user-role-assignment-get-schema'; +export * from './fam-forest-client-schema'; +export * from './fam-forest-client-status-schema'; export * from './fam-forest-client-status-type'; -export * from './fam-role-min'; -export * from './fam-role-with-client'; -export * from './fam-user-info'; -export * from './fam-user-role-assignment-create'; -export * from './fam-user-role-assignment-create-response'; -export * from './fam-user-role-assignment-response'; -export * from './fam-user-type'; -export * from './fam-user-update-response'; +export * from './fam-role-min-schema'; +export * from './fam-role-with-client-schema'; +export * from './fam-user-info-schema'; +export * from './fam-user-role-assignment-create-response-schema'; +export * from './fam-user-role-assignment-create-schema'; +export * from './fam-user-role-assignment-response-schema'; +export * from './fam-user-type-schema'; +export * from './fam-user-update-response-schema'; export * from './httpvalidation-error'; -export * from './idim-proxy-bceid-info'; -export * from './idim-proxy-idir-info'; +export * from './idim-proxy-bceid-info-schema'; +export * from './idim-proxy-idir-info-schema'; export * from './location-inner'; +export * from './permission-audit-history-res-dto'; +export * from './privilege-change-performer-schema'; +export * from './privilege-details-permission-type-enum'; +export * from './privilege-details-role-schema'; +export * from './privilege-details-schema'; +export * from './privilege-details-scope-schema'; +export * from './privilege-details-scope-type-enum'; export * from './role-type'; export * from './user-type'; export * from './validation-error'; diff --git a/client-code-gen/gen/app-access-control-api/model/permission-audit-history-res-dto.ts b/client-code-gen/gen/app-access-control-api/model/permission-audit-history-res-dto.ts new file mode 100644 index 000000000..1ae20aa47 --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/permission-audit-history-res-dto.ts @@ -0,0 +1,72 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +// May contain unused imports in some cases +// @ts-ignore +import { PrivilegeChangePerformerSchema } from './privilege-change-performer-schema'; +// May contain unused imports in some cases +// @ts-ignore +import { PrivilegeDetailsSchema } from './privilege-details-schema'; + +/** + * This class is used to transfer data related to the changes made to a user\'s permissions, typically in the context of an audit trail. It encapsulates details about the change, including when it occurred, who performed the change, who the change was applied to, and the specific details of the permission changes. Attributes: change_date (datetime): The date and time when the permission change occurred. change_performer_user_details (PrivilegeChangePerformerSchema): Details of the user or system that performed the permission change, including relevant user information. change_performer_user_id (Optional[int]): The ID of the user who performed the change. This may be `None` if the change was performed by the system or if the user ID is unavailable. create_date (datetime): The date and time when this record was created in the system. create_user (str): The username or identifier of the entity that created this change record. privilege_change_type_code (str): The code representing the type of permission change, such as adding or removing a specific role or scope. privilege_details (PrivilegeDetailsSchema): The details of the permission change, including information about the roles and scopes that were added, removed, or modified. This DTO is designed to be used in API responses where partial data from the `FamPrivilegeChangeAudit` model needs to be exposed. It ensures that only the relevant fields are included in the response. + * @export + * @interface PermissionAuditHistoryResDto + */ +export interface PermissionAuditHistoryResDto { + /** + * + * @type {string} + * @memberof PermissionAuditHistoryResDto + */ + 'change_date': string; + /** + * + * @type {PrivilegeChangePerformerSchema} + * @memberof PermissionAuditHistoryResDto + */ + 'change_performer_user_details': PrivilegeChangePerformerSchema; + /** + * + * @type {number} + * @memberof PermissionAuditHistoryResDto + */ + 'change_performer_user_id': number | null; + /** + * + * @type {string} + * @memberof PermissionAuditHistoryResDto + */ + 'create_date': string; + /** + * + * @type {string} + * @memberof PermissionAuditHistoryResDto + */ + 'create_user': string; + /** + * + * @type {string} + * @memberof PermissionAuditHistoryResDto + */ + 'privilege_change_type_code': string; + /** + * + * @type {PrivilegeDetailsSchema} + * @memberof PermissionAuditHistoryResDto + */ + 'privilege_details': PrivilegeDetailsSchema; +} + diff --git a/client-code-gen/gen/app-access-control-api/model/privilege-change-performer-schema.ts b/client-code-gen/gen/app-access-control-api/model/privilege-change-performer-schema.ts new file mode 100644 index 000000000..dee9bf2d8 --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/privilege-change-performer-schema.ts @@ -0,0 +1,48 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + + +/** + * This schema represents the structure of the `change_user_details` JSON field used in fam_privilege_change_audit. The `change_user_details` field captures information about the user who performed a change, including the `username`, `first_name`, `last_name`, and `email`. It is used to record the user details at the time of the audit event, ensuring that changes to these details later do not affect the integrity of the audit log. For regular users, all fields (`username`, `first_name`, `last_name`, and `email`) are included. However, when the change is performed by a system account, only the `username` field is present, and it is set to \"system\". The schema includes validation logic to enforce this rule. Attributes: username (str): The username of the user performing the change. For system accounts, this is \"system\". first_name (str, optional): The first name of the user. Not present for system accounts. last_name (str, optional): The last name of the user. Not present for system accounts. email (str, optional): The email address of the user. Not present for system accounts. Validation: The schema includes a validator to ensure that for system accounts (where `username` is \"system\"), no other fields (`first_name`, `last_name`, `email`) are populated. + * @export + * @interface PrivilegeChangePerformerSchema + */ +export interface PrivilegeChangePerformerSchema { + /** + * + * @type {string} + * @memberof PrivilegeChangePerformerSchema + */ + 'username': string; + /** + * + * @type {string} + * @memberof PrivilegeChangePerformerSchema + */ + 'first_name'?: string | null; + /** + * + * @type {string} + * @memberof PrivilegeChangePerformerSchema + */ + 'last_name'?: string | null; + /** + * + * @type {string} + * @memberof PrivilegeChangePerformerSchema + */ + 'email'?: string | null; +} + diff --git a/client-code-gen/gen/app-access-control-api/model/privilege-details-permission-type-enum.ts b/client-code-gen/gen/app-access-control-api/model/privilege-details-permission-type-enum.ts new file mode 100644 index 000000000..bffc147aa --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/privilege-details-permission-type-enum.ts @@ -0,0 +1,32 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + + +/** + * + * @export + * @enum {string} + */ + +export const PrivilegeDetailsPermissionTypeEnum = { + EndUser: 'End User', + DelegatedAdmin: 'Delegated Admin', + ApplicationAdmin: 'Application Admin' +} as const; + +export type PrivilegeDetailsPermissionTypeEnum = typeof PrivilegeDetailsPermissionTypeEnum[keyof typeof PrivilegeDetailsPermissionTypeEnum]; + + + diff --git a/client-code-gen/gen/app-access-control-api/model/privilege-details-role-schema.ts b/client-code-gen/gen/app-access-control-api/model/privilege-details-role-schema.ts new file mode 100644 index 000000000..c8a996a91 --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/privilege-details-role-schema.ts @@ -0,0 +1,39 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +// May contain unused imports in some cases +// @ts-ignore +import { PrivilegeDetailsScopeSchema } from './privilege-details-scope-schema'; + +/** + * + * @export + * @interface PrivilegeDetailsRoleSchema + */ +export interface PrivilegeDetailsRoleSchema { + /** + * + * @type {string} + * @memberof PrivilegeDetailsRoleSchema + */ + 'role': string; + /** + * + * @type {Array} + * @memberof PrivilegeDetailsRoleSchema + */ + 'scopes': Array; +} + diff --git a/client-code-gen/gen/app-access-control-api/model/privilege-details-schema.ts b/client-code-gen/gen/app-access-control-api/model/privilege-details-schema.ts new file mode 100644 index 000000000..17dc0c4c7 --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/privilege-details-schema.ts @@ -0,0 +1,44 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +// May contain unused imports in some cases +// @ts-ignore +import { PrivilegeDetailsPermissionTypeEnum } from './privilege-details-permission-type-enum'; +// May contain unused imports in some cases +// @ts-ignore +import { PrivilegeDetailsRoleSchema } from './privilege-details-role-schema'; + +/** + * This schema represents the structure of the `privilege_details` JSON field used in the `fam_privilege_change_audit` table. The `privilege_details` field captures the details of the privileges being changed during a privilege audit event. It includes information about the `permission_type` and, types of permissions, the associated roles and scopes. Attributes: permission_type (PrivilegeDetailsPermissionTypeEnum): The type of permission being changed. roles (List[PrivilegeDetailsRoleSchema], optional): A list of roles associated with the permission. Required for `END_USER` and `DELEGATED_ADMIN` permission types, and should be omitted for `APPLICATION_ADMIN`. Validation: The schema includes a validator to ensure that roles are appropriately present or absent based on the `permission_type`. + * @export + * @interface PrivilegeDetailsSchema + */ +export interface PrivilegeDetailsSchema { + /** + * + * @type {PrivilegeDetailsPermissionTypeEnum} + * @memberof PrivilegeDetailsSchema + */ + 'permission_type': PrivilegeDetailsPermissionTypeEnum; + /** + * + * @type {Array} + * @memberof PrivilegeDetailsSchema + */ + 'roles'?: Array | null; +} + + + diff --git a/client-code-gen/gen/app-access-control-api/model/privilege-details-scope-schema.ts b/client-code-gen/gen/app-access-control-api/model/privilege-details-scope-schema.ts new file mode 100644 index 000000000..c83089dc2 --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/privilege-details-scope-schema.ts @@ -0,0 +1,47 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +// May contain unused imports in some cases +// @ts-ignore +import { PrivilegeDetailsScopeTypeEnum } from './privilege-details-scope-type-enum'; + +/** + * + * @export + * @interface PrivilegeDetailsScopeSchema + */ +export interface PrivilegeDetailsScopeSchema { + /** + * + * @type {PrivilegeDetailsScopeTypeEnum} + * @memberof PrivilegeDetailsScopeSchema + */ + 'scope_type': PrivilegeDetailsScopeTypeEnum; + /** + * + * @type {string} + * @memberof PrivilegeDetailsScopeSchema + */ + 'client_id'?: string | null; + /** + * + * @type {string} + * @memberof PrivilegeDetailsScopeSchema + */ + 'client_name'?: string | null; +} + + + diff --git a/client-code-gen/gen/app-access-control-api/model/privilege-details-scope-type-enum.ts b/client-code-gen/gen/app-access-control-api/model/privilege-details-scope-type-enum.ts new file mode 100644 index 000000000..29c9d2d71 --- /dev/null +++ b/client-code-gen/gen/app-access-control-api/model/privilege-details-scope-type-enum.ts @@ -0,0 +1,30 @@ +/* tslint:disable */ +/* eslint-disable */ +/** + * Forest Access Management - FAM - API + * Forest Access Management API used by the Forest Access Management application to Define who has access to what apps, and what roles they will operate under once access is granted. + * + * The version of the OpenAPI document: 0.0.1 + * Contact: SIBIFSAF@victoria1.gov.bc.ca + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + + +/** + * + * @export + * @enum {string} + */ + +export const PrivilegeDetailsScopeTypeEnum = { + Client: 'Client' +} as const; + +export type PrivilegeDetailsScopeTypeEnum = typeof PrivilegeDetailsScopeTypeEnum[keyof typeof PrivilegeDetailsScopeTypeEnum]; + + + diff --git a/client-code-gen/gen/app-access-control-api/package-lock.json b/client-code-gen/gen/app-access-control-api/package-lock.json index 695e3339c..441807a44 100644 --- a/client-code-gen/gen/app-access-control-api/package-lock.json +++ b/client-code-gen/gen/app-access-control-api/package-lock.json @@ -12,9 +12,16 @@ "axios": "1.7.4" }, "devDependencies": { + "@types/node": "^12.11.5", "typescript": "^4.0" } }, + "node_modules/@types/node": { + "version": "12.20.55", + "resolved": "https://registry.npmjs.org/@types/node/-/node-12.20.55.tgz", + "integrity": "sha512-J8xLz7q2OFulZ2cyGTLE1TbbZcjpno7FaN6zdJNrgAdrJ+DZzh/uFR6YrTb4C+nXakvud8Q4+rbhoIWlYQbUFQ==", + "dev": true + }, "node_modules/asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", diff --git a/client-code-gen/gen/app-access-control-api/package.json b/client-code-gen/gen/app-access-control-api/package.json index 30e6e19a9..39eaf7a04 100755 --- a/client-code-gen/gen/app-access-control-api/package.json +++ b/client-code-gen/gen/app-access-control-api/package.json @@ -27,6 +27,7 @@ "axios": "1.7.4" }, "devDependencies": { + "@types/node": "^12.11.5", "typescript": "^4.0" } } diff --git a/frontend/package-lock.json b/frontend/package-lock.json index 734efca90..961169997 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -57,6 +57,7 @@ "axios": "1.7.4" }, "devDependencies": { + "@types/node": "^12.11.5", "typescript": "^4.0" } }, diff --git a/frontend/src/components/grantaccess/ForestClientCard.vue b/frontend/src/components/grantaccess/ForestClientCard.vue index fbc60b223..cc30ecebf 100644 --- a/frontend/src/components/grantaccess/ForestClientCard.vue +++ b/frontend/src/components/grantaccess/ForestClientCard.vue @@ -3,11 +3,11 @@ import type { PropType } from 'vue'; import Card from 'primevue/card'; import Tag from 'primevue/tag'; import { IconSize } from '@/enum/IconEnum'; -import type { FamForestClient } from 'fam-app-acsctl-api'; +import type { FamForestClientSchema } from 'fam-app-acsctl-api'; const props = defineProps({ forestClientData: { - type: Object as PropType, + type: Object as PropType, }, }); diff --git a/frontend/src/components/grantaccess/GrantAccess.vue b/frontend/src/components/grantaccess/GrantAccess.vue index 80b3c0683..02b989a45 100644 --- a/frontend/src/components/grantaccess/GrantAccess.vue +++ b/frontend/src/components/grantaccess/GrantAccess.vue @@ -23,7 +23,7 @@ import FamLoginUserState from '@/store/FamLoginUserState'; import { isLoading } from '@/store/LoadingState'; import { composeAndPushGrantPermissionNotification, setNotificationMsg } from '@/store/NotificationState'; import type { FamRoleDto } from 'fam-admin-mgmt-api/model'; -import { EmailSendingStatus, type FamUserRoleAssignmentCreate } from 'fam-app-acsctl-api'; +import { EmailSendingStatus, type FamUserRoleAssignmentCreateSchema } from 'fam-app-acsctl-api'; import { UserType } from 'fam-app-acsctl-api/model'; const defaultDomain = @@ -210,7 +210,7 @@ function toRequestPayload(formData: any) { forest_client_numbers: formData.verifiedForestClients, } : {}), - } as FamUserRoleAssignmentCreate; + } as FamUserRoleAssignmentCreateSchema; return request; } diff --git a/frontend/src/components/grantaccess/UserIdentityCard.vue b/frontend/src/components/grantaccess/UserIdentityCard.vue index 1c28ad2de..5af462f98 100644 --- a/frontend/src/components/grantaccess/UserIdentityCard.vue +++ b/frontend/src/components/grantaccess/UserIdentityCard.vue @@ -2,10 +2,10 @@ import Card from 'primevue/card'; import Icon from '@/components/common/Icon.vue'; import { IconSize } from '@/enum/IconEnum'; -import type { IdimProxyBceidInfo } from 'fam-app-acsctl-api'; +import type { IdimProxyBceidInfoSchema } from 'fam-app-acsctl-api'; const props = defineProps<{ - userIdentity: IdimProxyBceidInfo; + userIdentity: IdimProxyBceidInfoSchema; errorMsg: string; }>(); // Vue3 alternative way for Type the defineProps(). diff --git a/frontend/src/components/grantaccess/form/ForestClientInput.vue b/frontend/src/components/grantaccess/form/ForestClientInput.vue index c02c2db48..2fae55fe7 100644 --- a/frontend/src/components/grantaccess/form/ForestClientInput.vue +++ b/frontend/src/components/grantaccess/form/ForestClientInput.vue @@ -7,7 +7,7 @@ import { FOREST_CLIENT_INPUT_MAX_LENGTH } from '@/store/Constants'; import { isLoading } from '@/store/LoadingState'; import { FamForestClientStatusType, - type FamForestClient, + type FamForestClientSchema, } from 'fam-app-acsctl-api'; import InputText from 'primevue/inputtext'; import { ErrorMessage, Field } from 'vee-validate'; @@ -26,7 +26,7 @@ const emit = defineEmits([ ]); const forestClientNumbersInput = ref(''); -const forestClientData = ref([]); +const forestClientData = ref([]); const forestClientNumberVerifyErrors = ref([] as Array); const verifyForestClientNumber = async (forestClientNumbers: string) => { diff --git a/frontend/src/components/grantaccess/form/UserNameInput.vue b/frontend/src/components/grantaccess/form/UserNameInput.vue index 3ffdf027d..9f15cd595 100644 --- a/frontend/src/components/grantaccess/form/UserNameInput.vue +++ b/frontend/src/components/grantaccess/form/UserNameInput.vue @@ -6,7 +6,7 @@ import { AppActlApiService } from '@/services/ApiServiceFactory'; import { selectedApplicationId } from '@/store/ApplicationState'; import FamLoginUserState from '@/store/FamLoginUserState'; import { isLoading } from '@/store/LoadingState'; -import type { IdimProxyBceidInfo, IdimProxyIdirInfo } from 'fam-app-acsctl-api'; +import type { IdimProxyBceidInfoSchema, IdimProxyIdirInfoSchema } from 'fam-app-acsctl-api'; import { UserType } from 'fam-app-acsctl-api'; import InputText from 'primevue/inputtext'; import { ErrorMessage, Field } from 'vee-validate'; @@ -34,7 +34,7 @@ const computedUserId = computed({ }); const errorMsg = ref(''); -const verifiedUserIdentity = ref( +const verifiedUserIdentity = ref( null ); const verifyUserId = async () => { diff --git a/frontend/src/components/managePermissions/ManagePermissions.vue b/frontend/src/components/managePermissions/ManagePermissions.vue index 8ee74c8ef..09a891759 100644 --- a/frontend/src/components/managePermissions/ManagePermissions.vue +++ b/frontend/src/components/managePermissions/ManagePermissions.vue @@ -37,7 +37,7 @@ import type { FamAccessControlPrivilegeGetResponse, FamAppAdminGetResponse, } from 'fam-admin-mgmt-api/model'; -import type { FamApplicationUserRoleAssignmentGet } from 'fam-app-acsctl-api'; +import type { FamApplicationUserRoleAssignmentGetSchema } from 'fam-app-acsctl-api'; import Dropdown, { type DropdownChangeEvent } from 'primevue/dropdown'; import TabPanel from 'primevue/tabpanel'; import TabView, { type TabViewChangeEvent } from 'primevue/tabview'; @@ -48,7 +48,7 @@ const isDevEnvironment = environmentSettings.isDevEnvironment(); const props = defineProps({ userRoleAssignments: { - type: Array as PropType, + type: Array as PropType, default: [], }, applicationAdmins: { @@ -74,7 +74,7 @@ const props = defineProps({ }, }); -const userRoleAssignments = shallowRef( +const userRoleAssignments = shallowRef( props.userRoleAssignments ); @@ -127,7 +127,7 @@ const onApplicationSelected = async (e: DropdownChangeEvent) => { }; const deleteUserRoleAssignment = async ( - assignment: FamApplicationUserRoleAssignmentGet + assignment: FamApplicationUserRoleAssignmentGetSchema ) => { resetNotificationAndNewRowTag(); diff --git a/frontend/src/components/managePermissions/table/UserDataTable.vue b/frontend/src/components/managePermissions/table/UserDataTable.vue index 2ebaa8dc2..74a1783aa 100644 --- a/frontend/src/components/managePermissions/table/UserDataTable.vue +++ b/frontend/src/components/managePermissions/table/UserDataTable.vue @@ -22,14 +22,14 @@ import { TABLE_PAGINATOR_TEMPLATE, TABLE_ROWS_PER_PAGE, } from '@/store/Constants'; -import type { FamApplicationUserRoleAssignmentGet } from 'fam-app-acsctl-api'; +import type { FamApplicationUserRoleAssignmentGetSchema } from 'fam-app-acsctl-api'; const environmentSettings = new EnvironmentSettings(); const isDevEnvironment = environmentSettings.isDevEnvironment(); type emit = ( e: 'deleteUserRoleAssignment', - item: FamApplicationUserRoleAssignmentGet + item: FamApplicationUserRoleAssignmentGetSchema ) => void; const confirm = useConfirm(); @@ -42,7 +42,7 @@ const props = defineProps({ }, userRoleAssignments: { type: [Array] as PropType< - FamApplicationUserRoleAssignmentGet[] | undefined + FamApplicationUserRoleAssignmentGetSchema[] | undefined >, required: true, }, @@ -69,7 +69,7 @@ const confirmDeleteData = reactive({ role: '', }); -function deleteAssignment(assignment: FamApplicationUserRoleAssignmentGet) { +function deleteAssignment(assignment: FamApplicationUserRoleAssignmentGetSchema) { confirmDeleteData.role = assignment.role.role_name; confirmDeleteData.userName = assignment.user.user_name; confirm.require({ diff --git a/frontend/src/services/fetchData.ts b/frontend/src/services/fetchData.ts index 3d6743582..82baea6ea 100644 --- a/frontend/src/services/fetchData.ts +++ b/frontend/src/services/fetchData.ts @@ -2,7 +2,7 @@ import type { FamAppAdminGetResponse, FamAccessControlPrivilegeGetResponse, } from 'fam-admin-mgmt-api/model'; -import type { FamApplicationUserRoleAssignmentGet } from 'fam-app-acsctl-api'; +import type { FamApplicationUserRoleAssignmentGetSchema } from 'fam-app-acsctl-api'; import { AppActlApiService, AdminMgmtApiService, @@ -16,7 +16,7 @@ import { isNewAccess } from './utils'; export const fetchUserRoleAssignments = async ( applicationId: number | undefined, newUserAccessIds: string = '' -): Promise => { +): Promise => { if (!applicationId) return []; const newUsersAccessIdsList = newUserAccessIds.split(','); @@ -55,7 +55,7 @@ export const fetchUserRoleAssignments = async ( export const deleteAndRefreshUserRoleAssignments = async ( userRoleXrefId: number, applicationId: number -): Promise => { +): Promise => { await AppActlApiService.userRoleAssignmentApi.deleteUserRoleAssignment( userRoleXrefId ); diff --git a/frontend/src/tests/ForestClientCard.spec.ts b/frontend/src/tests/ForestClientCard.spec.ts index 81ef2eaf6..6a29b0e0e 100644 --- a/frontend/src/tests/ForestClientCard.spec.ts +++ b/frontend/src/tests/ForestClientCard.spec.ts @@ -15,12 +15,12 @@ import { TEST_SUCCESS_FOREST_CLIENT_NUMBER_2, TEST_SUCCESS_FOREST_CLIENT_NUMBER_3, } from './common/ForestClientData'; -import type { FamForestClient } from 'fam-app-acsctl-api'; +import type { FamForestClientSchema } from 'fam-app-acsctl-api'; import { fixJsdomCssErr } from '@/tests/common/fixJsdomCssErr'; fixJsdomCssErr() -const testActiveClient: FamForestClient[] = [ +const testActiveClient: FamForestClientSchema[] = [ { client_name: `${TEST_FOREST_CLIENT_NAME}_${TEST_SUCCESS_FOREST_CLIENT_NUMBER}`, forest_client_number: TEST_SUCCESS_FOREST_CLIENT_NUMBER, @@ -31,7 +31,7 @@ const testActiveClient: FamForestClient[] = [ } ]; -const testMultipleActiveClient: FamForestClient[] = [ +const testMultipleActiveClient: FamForestClientSchema[] = [ { client_name: `${TEST_FOREST_CLIENT_NAME}_${TEST_SUCCESS_FOREST_CLIENT_NUMBER}`, forest_client_number: TEST_SUCCESS_FOREST_CLIENT_NUMBER, @@ -58,7 +58,7 @@ const testMultipleActiveClient: FamForestClient[] = [ } ]; -const testInactiveClient: FamForestClient[] = [ +const testInactiveClient: FamForestClientSchema[] = [ { client_name: `${TEST_FOREST_CLIENT_NAME}_${TEST_INACTIVE_FOREST_CLIENT_NUMBER}`, forest_client_number: TEST_INACTIVE_FOREST_CLIENT_NUMBER, @@ -69,7 +69,7 @@ const testInactiveClient: FamForestClient[] = [ } ]; -const testMultipleInactiveClient: FamForestClient[] = [ +const testMultipleInactiveClient: FamForestClientSchema[] = [ { client_name: `${TEST_FOREST_CLIENT_NAME}_${TEST_INACTIVE_FOREST_CLIENT_NUMBER}`, forest_client_number: TEST_SUCCESS_FOREST_CLIENT_NUMBER, @@ -139,4 +139,4 @@ describe('ForestClientCard', () => { expect(clientList[index].element.textContent).toBe(STATUS_DESCRIPTION_INACTIVE); } }); -}); \ No newline at end of file +}); diff --git a/server/admin_management/api/app/database.py b/server/admin_management/api/app/database.py index ce1c4e716..f1cad1c95 100644 --- a/server/admin_management/api/app/database.py +++ b/server/admin_management/api/app/database.py @@ -34,11 +34,13 @@ def get_db(): db = _session_local() yield db + db.commit() - except Exception: + except Exception as e: + LOGGER.warning(f"DB session exception: {e}") db.rollback() + raise e finally: - db.commit() LOGGER.debug("closing db session") db.close() diff --git a/server/backend/api/app/constants.py b/server/backend/api/app/constants.py index 31be6c0eb..336081688 100644 --- a/server/backend/api/app/constants.py +++ b/server/backend/api/app/constants.py @@ -70,7 +70,9 @@ class IdimSearchUserParamType(str, Enum): class EmailSendingStatus(str, Enum): NOT_REQUIRED = "NOT_REQUIRED" # does not require sending email. - SENT_TO_EMAIL_SERVICE_SUCCESS = "SENT_TO_EMAIL_SERVICE_SUCCESS" # send to external service successful. + SENT_TO_EMAIL_SERVICE_SUCCESS = ( + "SENT_TO_EMAIL_SERVICE_SUCCESS" # send to external service successful. + ) SENT_TO_EMAIL_SERVICE_FAILURE = "SENT_TO_EMAIL_SERVICE_FAILURE" # technical/validation failure during sending to external service. @@ -87,3 +89,22 @@ class EmailSendingStatus(str, Enum): ERROR_CODE_MISSING_KEY_ATTRIBUTE = "missing_key_attribute" ERROR_CODE_INVALID_REQUEST_PARAMETER = "invalid_request_parameter" ERROR_CODE_TERMS_CONDITIONS_REQUIRED = "terms_condition_required" + + +# ------------------------------- Schema Constants ------------------------------- # +USER_NAME_MAX_LEN = 20 +FIRST_NAME_MAX_LEN = 50 +LAST_NAME_MAX_LEN = 50 +EMAIL_MAX_LEN = 250 +CLIENT_NUMBER_MAX_LEN = 8 +CLIENT_NAME_MAX_LEN = 60 +ROLE_NAME_MAX_LEN = 100 + +# --------------------------------- Schema Enums --------------------------------- # +class PrivilegeDetailsScopeTypeEnum(str, Enum): + CLIENT = "Client" + +class PrivilegeDetailsPermissionTypeEnum(str, Enum): + END_USER = "End User" + DELEGATED_ADMIN = "Delegated Admin" + APPLICATION_ADMIN = "Application Admin" diff --git a/server/backend/api/app/crud/crud_permission_audit.py b/server/backend/api/app/crud/crud_permission_audit.py new file mode 100644 index 000000000..ff0b04d5e --- /dev/null +++ b/server/backend/api/app/crud/crud_permission_audit.py @@ -0,0 +1,41 @@ +from sqlalchemy.orm import Session +from sqlalchemy import and_ +from typing import List +from api.app.models.model import FamPrivilegeChangeAudit +from api.app.schemas import PermissionAduitHistoryRes + + +def read_permission_audit_history_by_user_and_application( + user_id: int, application_id: int, db: Session +) -> List[PermissionAduitHistoryRes]: + """ + Retrieve the permission audit history for a given user and application, + ordered by the date of the change. + + :param user_id: The ID of the user whose permission changes are being queried. + :param application_id: The ID of the application associated with the permission changes. + :param db: The database session used for querying. + :return: A list of PermissionAduitHistoryRes instances representing the audit history records. + """ + + # Query the FamPrivilegeChangeAudit table for records matching the user_id and application_id, + # and order the results by change_date (most recent first). + audit_history_records = ( + db.query(FamPrivilegeChangeAudit) + .filter( + and_( + FamPrivilegeChangeAudit.change_target_user_id == user_id, + FamPrivilegeChangeAudit.application_id == application_id, + ) + ) + .order_by(FamPrivilegeChangeAudit.change_date.desc()) + .all() + ) # Order by change_date, descending + + # Convert the ORM model instances to Pydantic DTO instances + audit_history_dto = [ + PermissionAduitHistoryRes.model_validate(record) + for record in audit_history_records + ] + + return audit_history_dto diff --git a/server/backend/api/app/database.py b/server/backend/api/app/database.py index 46bc5e793..b2919e092 100644 --- a/server/backend/api/app/database.py +++ b/server/backend/api/app/database.py @@ -35,12 +35,13 @@ def get_db(): db = _session_local() yield db + db.commit() except Exception as e: - LOGGER.debug(f"db session excpetion: {e}") + LOGGER.warning(f"DB session exception: {e}") db.rollback() + raise e finally: - db.commit() LOGGER.debug("closing db session") db.close() diff --git a/server/backend/api/app/main.py b/server/backend/api/app/main.py index 1a4d3647b..a458c342c 100644 --- a/server/backend/api/app/main.py +++ b/server/backend/api/app/main.py @@ -26,7 +26,8 @@ router_user_role_assignment, router_user_terms_conditions, router_guards, - router_user + router_user, + router_permission_audit ) logConfigFile = os.path.join( @@ -136,6 +137,12 @@ def main(): dependencies=[Depends(router_guards.verify_api_key_for_update_user_info)], tags=["FAM User"], ) +app.include_router( + router_permission_audit.router, + prefix=apiPrefix + "/permission-audit-history", + dependencies=[Depends(router_guards.authorize)], + tags=["Permission Audit"], +) diff --git a/server/backend/api/app/models/model.py b/server/backend/api/app/models/model.py index f2e538c2b..042dc9247 100644 --- a/server/backend/api/app/models/model.py +++ b/server/backend/api/app/models/model.py @@ -1,11 +1,22 @@ import datetime -from typing import List - -from sqlalchemy import (BigInteger, Column, ForeignKeyConstraint, Identity, - Index, Integer, PrimaryKeyConstraint, String, - UniqueConstraint, func, text) -from sqlalchemy.dialects.postgresql import TIMESTAMP -from sqlalchemy.orm import Mapped, declarative_base, relationship +from typing import List, Optional + +from sqlalchemy import ( + BigInteger, + Column, + ForeignKey, + ForeignKeyConstraint, + Identity, + Index, + Integer, + PrimaryKeyConstraint, + String, + UniqueConstraint, + func, + text, +) +from sqlalchemy.dialects.postgresql import TIMESTAMP, JSONB +from sqlalchemy.orm import Mapped, declarative_base, relationship, mapped_column Base = declarative_base() metadata = Base.metadata @@ -42,7 +53,7 @@ class FamApplication(Base): create_date = Column( TIMESTAMP(timezone=True, precision=6), nullable=False, - default=datetime.datetime.utcnow, + default=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created.", ) update_user = Column( @@ -52,7 +63,7 @@ class FamApplication(Base): ) update_date = Column( TIMESTAMP(timezone=True, precision=6), - onupdate=datetime.datetime.utcnow, + onupdate=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created or last updated.", ) @@ -60,6 +71,9 @@ class FamApplication(Base): "FamApplicationClient", back_populates="application" ) fam_role = relationship("FamRole", back_populates="application") + privilege_change_audits: Mapped["FamPrivilegeChangeAudit"] = relationship( + "FamPrivilegeChangeAudit", back_populates="application" + ) __table_args__ = ( PrimaryKeyConstraint("application_id", name="fam_app_pk"), @@ -124,7 +138,7 @@ class FamForestClient(Base): create_date = Column( TIMESTAMP(timezone=True, precision=6), nullable=False, - default=datetime.datetime.utcnow, + default=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created.", ) update_user = Column( @@ -133,7 +147,7 @@ class FamForestClient(Base): ) update_date = Column( TIMESTAMP(timezone=True, precision=6), - onupdate=datetime.datetime.utcnow, + onupdate=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created or last updated.", ) @@ -157,7 +171,7 @@ class FamUserType(Base): effective_date = Column( TIMESTAMP(timezone=True, precision=6), nullable=False, - default=datetime.datetime.utcnow, + default=datetime.datetime.now(datetime.UTC), comment="The date and time the code was effective.", ) @@ -170,7 +184,7 @@ class FamUserType(Base): update_date = Column( TIMESTAMP(timezone=True, precision=6), - onupdate=datetime.datetime.utcnow, + onupdate=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created or last updated.", ) @@ -237,7 +251,7 @@ class FamAccessControlPrivilege(Base): create_date = Column( TIMESTAMP(timezone=True, precision=6), nullable=False, - default=datetime.datetime.utcnow, + default=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created.", ) update_user = Column( @@ -246,7 +260,7 @@ class FamAccessControlPrivilege(Base): ) update_date = Column( TIMESTAMP(timezone=True, precision=6), - onupdate=datetime.datetime.utcnow, + onupdate=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created or last updated.", ) role = relationship( @@ -312,7 +326,7 @@ class FamUserTermsConditions(Base): create_date = Column( TIMESTAMP(timezone=True, precision=6), nullable=False, - default=datetime.datetime.utcnow, + default=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created.", ) update_user = Column( @@ -321,7 +335,7 @@ class FamUserTermsConditions(Base): ) update_date = Column( TIMESTAMP(timezone=True, precision=6), - default=datetime.datetime.utcnow, + default=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created or last updated.", ) @@ -359,22 +373,24 @@ class FamUser(Base): create_date = Column( TIMESTAMP(timezone=True, precision=6), nullable=False, - default=datetime.datetime.utcnow, + default=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created.", ) user_guid = Column(String(32)) - business_guid = Column(String(32), comment='The business guid of the user if is a business bceid user.') + business_guid = Column( + String(32), comment="The business guid of the user if is a business bceid user." + ) cognito_user_id = Column(String(100)) - first_name = Column(String(50), comment='The first name of the user') - last_name = Column(String(50), comment='The last name of the user.') - email = Column(String(250), comment='The email of the user.') + first_name = Column(String(50), comment="The first name of the user") + last_name = Column(String(50), comment="The last name of the user.") + email = Column(String(250), comment="The email of the user.") update_user = Column( String(100), comment="The user or proxy account that created or last updated the " "record.", ) update_date = Column( TIMESTAMP(timezone=True, precision=6), - onupdate=datetime.datetime.utcnow, + onupdate=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created or last updated.", ) @@ -382,12 +398,22 @@ class FamUser(Base): user_type_relation = relationship( "FamUserType", backref="user_relation", lazy="joined" ) - fam_access_control_privileges: Mapped[List[FamAccessControlPrivilege]] = relationship( - "FamAccessControlPrivilege", back_populates="user" + fam_access_control_privileges: Mapped[List[FamAccessControlPrivilege]] = ( + relationship("FamAccessControlPrivilege", back_populates="user") ) fam_user_terms_conditions: Mapped[FamUserTermsConditions] = relationship( "FamUserTermsConditions", back_populates="user" ) + performed_privilege_changes: Mapped["FamPrivilegeChangeAudit"] = relationship( + "FamPrivilegeChangeAudit", + foreign_keys="[FamPrivilegeChangeAudit.change_performer_user_id]", + back_populates="change_performer_user", + ) + received_privilege_changes: Mapped["FamPrivilegeChangeAudit"] = relationship( + "FamPrivilegeChangeAudit", + foreign_keys="[FamPrivilegeChangeAudit.change_target_user_id]", + back_populates="change_target_user", + ) __table_args__ = ( PrimaryKeyConstraint("user_id", name="fam_usr_pk"), @@ -494,7 +520,7 @@ class FamRoleType(Base): effective_date = Column( TIMESTAMP(timezone=True, precision=6), nullable=False, - default=datetime.datetime.utcnow, + default=datetime.datetime.now(datetime.UTC), comment="The date and time the code was effective.", ) @@ -507,7 +533,7 @@ class FamRoleType(Base): update_date = Column( TIMESTAMP(timezone=True, precision=6), - onupdate=datetime.datetime.utcnow, + onupdate=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created or last updated.", ) @@ -562,7 +588,7 @@ class FamRole(Base): create_date = Column( TIMESTAMP(timezone=True, precision=6), nullable=False, - default=datetime.datetime.utcnow, + default=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created.", ) parent_role_id = Column( @@ -578,7 +604,7 @@ class FamRole(Base): ) update_date = Column( TIMESTAMP(timezone=True, precision=6), - onupdate=datetime.datetime.utcnow, + onupdate=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created or last updated.", ) role_type_code = Column( @@ -589,7 +615,9 @@ class FamRole(Base): + "role_type=concrete", ) - application: Mapped[FamApplication] = relationship("FamApplication", back_populates="fam_role") + application: Mapped[FamApplication] = relationship( + "FamApplication", back_populates="fam_role" + ) client_number = relationship( "FamForestClient", back_populates="fam_role", lazy="joined" ) @@ -688,7 +716,7 @@ class FamUserRoleXref(Base): create_date = Column( TIMESTAMP(timezone=True, precision=6), nullable=False, - default=datetime.datetime.utcnow, + default=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created.", ) update_user = Column( @@ -698,7 +726,7 @@ class FamUserRoleXref(Base): ) update_date = Column( TIMESTAMP(timezone=True, precision=6), - onupdate=datetime.datetime.utcnow, + onupdate=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created or last updated.", ) @@ -722,7 +750,7 @@ class FamAppEnvironment(Base): effective_date = Column( TIMESTAMP(timezone=True, precision=6), nullable=False, - default=datetime.datetime.utcnow, + default=datetime.datetime.now(datetime.UTC), server_default=func.now(), comment="The date and time the code was effective.", ) @@ -736,7 +764,7 @@ class FamAppEnvironment(Base): update_date = Column( TIMESTAMP(timezone=True, precision=6), - onupdate=datetime.datetime.utcnow, + onupdate=datetime.datetime.now(datetime.UTC), comment="The date and time the record was created or last updated.", ) @@ -748,3 +776,81 @@ class FamAppEnvironment(Base): }, ) + +class FamPrivilegeChangeType(Base): + __tablename__ = "fam_privilege_change_type" + __table_args__ = {"schema": "app_fam"} + + privilege_change_type_code: Mapped[str] = mapped_column( + String(10), primary_key=True + ) + description: Mapped[str] = mapped_column(String(100), nullable=False) + effective_date: Mapped[datetime.datetime] = mapped_column( + TIMESTAMP, server_default=func.now(), nullable=False + ) + expiry_date: Mapped[Optional[datetime.datetime]] = mapped_column(TIMESTAMP) + update_date: Mapped[Optional[datetime.datetime]] = mapped_column(TIMESTAMP) + + privilege_change_audits: Mapped[list["FamPrivilegeChangeAudit"]] = relationship( + "FamPrivilegeChangeAudit", back_populates="privilege_change_type" + ) + + def __repr__(self): + return f"" + + +class FamPrivilegeChangeAudit(Base): + __tablename__ = "fam_privilege_change_audit" + __table_args__ = ( + Index("idx_fam_privilege_change_audit_application_id", "application_id"), + Index( + "idx_fam_privilege_change_audit_change_target_user_id", + "change_target_user_id", + ), + {"schema": "app_fam"}, + ) + + privilege_change_audit_id: Mapped[int] = mapped_column( + BigInteger, Identity(start=1, increment=1), primary_key=True + ) + application_id: Mapped[int] = mapped_column( + BigInteger, ForeignKey("app_fam.fam_application.application_id"), nullable=False + ) + change_date: Mapped[datetime.datetime] = mapped_column(TIMESTAMP, nullable=False) + change_performer_user_details: Mapped[dict] = mapped_column(JSONB, nullable=False) + change_performer_user_id: Mapped[Optional[int]] = mapped_column( + BigInteger, ForeignKey("app_fam.fam_user.user_id") + ) + change_target_user_id: Mapped[int] = mapped_column( + BigInteger, ForeignKey("app_fam.fam_user.user_id"), nullable=False + ) + create_date: Mapped[datetime.datetime] = mapped_column( + TIMESTAMP, server_default=func.now(), nullable=False + ) + create_user: Mapped[str] = mapped_column(String, nullable=False) + privilege_change_type_code: Mapped[str] = mapped_column( + String(10), + ForeignKey("app_fam.fam_privilege_change_type.privilege_change_type_code"), + nullable=False, + ) + privilege_details: Mapped[dict] = mapped_column(JSONB, nullable=False) + + application: Mapped[FamApplication] = relationship( + "FamApplication", back_populates="privilege_change_audits" + ) + change_performer_user: Mapped[Optional[FamUser]] = relationship( + "FamUser", + foreign_keys=[change_performer_user_id], + back_populates="performed_privilege_changes", + ) + change_target_user: Mapped[FamUser] = relationship( + "FamUser", + foreign_keys=[change_target_user_id], + back_populates="received_privilege_changes", + ) + privilege_change_type: Mapped[FamPrivilegeChangeType] = relationship( + "FamPrivilegeChangeType", back_populates="privilege_change_audits" + ) + + def __repr__(self): + return f"" diff --git a/server/backend/api/app/routers/router_guards.py b/server/backend/api/app/routers/router_guards.py index fdc642b48..8e5470911 100644 --- a/server/backend/api/app/routers/router_guards.py +++ b/server/backend/api/app/routers/router_guards.py @@ -140,6 +140,7 @@ def authorize_by_app_id( """ This authorize_by_app_id method is used for the authorization check of a specific application, we require user to be the app admin or delegated admin of the application + """ requester_is_app_admin = crud_utils.is_app_admin( db=db, application_id=application_id, access_roles=access_roles diff --git a/server/backend/api/app/routers/router_permission_audit.py b/server/backend/api/app/routers/router_permission_audit.py new file mode 100644 index 000000000..be13c0cdb --- /dev/null +++ b/server/backend/api/app/routers/router_permission_audit.py @@ -0,0 +1,40 @@ +import logging +from typing import List +from sqlalchemy.orm import Session +from fastapi import APIRouter, Depends + +from api.app import database +from api.app.routers.router_guards import authorize_by_app_id +from api.app.schemas import PermissionAduitHistoryRes +from api.app.crud.crud_permission_audit import ( + read_permission_audit_history_by_user_and_application, +) + +LOGGER = logging.getLogger(__name__) +router = APIRouter() + + +@router.get( + "", + response_model=List[PermissionAduitHistoryRes], + status_code=200, + dependencies=[Depends(authorize_by_app_id)], +) +async def get_permission_audit_history_by_user_and_application( + user_id: int, + application_id: int, + db: Session = Depends(database.get_db), +): + """ + Retrieve the permission audit history for a given user and application. + + Args: + userId (int): The ID of the user for whom the audit history is being requested. + applicationId (int): The ID of the application associated with the audit history. + + Returns: + List[PermissionAduitHistoryRes]: A list of audit history records for the given user and application. + """ + return read_permission_audit_history_by_user_and_application( + user_id=user_id, application_id=application_id, db=db + ) diff --git a/server/backend/api/app/schemas/__init__.py b/server/backend/api/app/schemas/__init__.py index c4a4d164d..fb60e2651 100644 --- a/server/backend/api/app/schemas/__init__.py +++ b/server/backend/api/app/schemas/__init__.py @@ -56,3 +56,8 @@ """ from .requester import RequesterSchema from .target_user import TargetUserSchema + +# ---------- Permission Audit History Schemas ---------- # +from .privilege_details import PrivilegeDetailsSchema +from .privilege_change_performer import PrivilegeChangePerformerSchema +from .permission_audit_history import PermissionAduitHistoryRes diff --git a/server/backend/api/app/schemas/fam_forest_client.py b/server/backend/api/app/schemas/fam_forest_client.py index 750a4c36a..ea2f5eb19 100644 --- a/server/backend/api/app/schemas/fam_forest_client.py +++ b/server/backend/api/app/schemas/fam_forest_client.py @@ -2,7 +2,11 @@ from typing import Optional from pydantic import BaseModel, ConfigDict, StringConstraints from typing_extensions import Annotated -from api.app.constants import FOREST_CLIENT_STATUS +from api.app.constants import ( + FOREST_CLIENT_STATUS, + CLIENT_NUMBER_MAX_LEN, + CLIENT_NAME_MAX_LEN, +) from .fam_forest_client_status import FamForestClientStatusSchema @@ -11,8 +15,12 @@ class FamForestClientSchema(BaseModel): - client_name: Optional[Annotated[str, StringConstraints(max_length=60)]] = None - forest_client_number: Annotated[str, StringConstraints(max_length=8)] + client_name: Optional[ + Annotated[str, StringConstraints(max_length=CLIENT_NAME_MAX_LEN)] + ] = None + forest_client_number: Annotated[ + str, StringConstraints(max_length=CLIENT_NUMBER_MAX_LEN) + ] status: Optional[FamForestClientStatusSchema] = None model_config = ConfigDict(from_attributes=True) diff --git a/server/backend/api/app/schemas/fam_forest_client_create.py b/server/backend/api/app/schemas/fam_forest_client_create.py index afe0057ad..7986dfe36 100644 --- a/server/backend/api/app/schemas/fam_forest_client_create.py +++ b/server/backend/api/app/schemas/fam_forest_client_create.py @@ -1,11 +1,15 @@ from pydantic import BaseModel, ConfigDict, StringConstraints from typing_extensions import Annotated +from api.app.constants import CLIENT_NUMBER_MAX_LEN + # --------------------------------- FAM Forest Client--------------------------------- # class FamForestClientCreateSchema(BaseModel): # Note, the request may contain string(with leading '0') - forest_client_number: Annotated[str, StringConstraints(max_length=8)] + forest_client_number: Annotated[ + str, StringConstraints(max_length=CLIENT_NUMBER_MAX_LEN) + ] # client_name: str create_user: Annotated[str, StringConstraints(max_length=100)] diff --git a/server/backend/api/app/schemas/fam_role_create.py b/server/backend/api/app/schemas/fam_role_create.py index 9919388e6..17f93600d 100644 --- a/server/backend/api/app/schemas/fam_role_create.py +++ b/server/backend/api/app/schemas/fam_role_create.py @@ -1,12 +1,14 @@ from typing import Optional, Union from pydantic import BaseModel, ConfigDict, Field, StringConstraints from typing_extensions import Annotated -from api.app.constants import RoleType + +from api.app.constants import RoleType, ROLE_NAME_MAX_LEN + from .fam_forest_client_create import FamForestClientCreateSchema class FamRoleCreateSchema(BaseModel): - role_name: Annotated[str, StringConstraints(max_length=100)] + role_name: Annotated[str, StringConstraints(max_length=ROLE_NAME_MAX_LEN)] role_purpose: Union[Annotated[str, StringConstraints(max_length=300)], None] = None display_name: Optional[Annotated[str, StringConstraints(max_length=100)]] = None parent_role_id: Union[int, None] = Field( diff --git a/server/backend/api/app/schemas/fam_role_min.py b/server/backend/api/app/schemas/fam_role_min.py index d9bd5f8f7..51cd6c373 100644 --- a/server/backend/api/app/schemas/fam_role_min.py +++ b/server/backend/api/app/schemas/fam_role_min.py @@ -1,11 +1,11 @@ from pydantic import BaseModel, ConfigDict, StringConstraints from typing_extensions import Annotated -from api.app.constants import RoleType +from api.app.constants import RoleType, ROLE_NAME_MAX_LEN from .fam_application import FamApplicationSchema class FamRoleMinSchema(BaseModel): - role_name: Annotated[str, StringConstraints(max_length=100)] + role_name: Annotated[str, StringConstraints(max_length=ROLE_NAME_MAX_LEN)] role_type_code: RoleType application: FamApplicationSchema diff --git a/server/backend/api/app/schemas/fam_user_info.py b/server/backend/api/app/schemas/fam_user_info.py index b483a0f46..1f25d34fb 100644 --- a/server/backend/api/app/schemas/fam_user_info.py +++ b/server/backend/api/app/schemas/fam_user_info.py @@ -1,16 +1,28 @@ from typing import Optional from pydantic import BaseModel, ConfigDict, Field, StringConstraints from typing_extensions import Annotated + +from api.app.constants import ( + USER_NAME_MAX_LEN, + FIRST_NAME_MAX_LEN, + LAST_NAME_MAX_LEN, + EMAIL_MAX_LEN, +) + from .fam_user_type import FamUserTypeSchema class FamUserInfoSchema(BaseModel): - user_name: Annotated[str, StringConstraints(max_length=20)] + user_name: Annotated[str, StringConstraints(max_length=USER_NAME_MAX_LEN)] user_type_relation: FamUserTypeSchema = Field(alias="user_type") - first_name: Optional[Annotated[str, StringConstraints(max_length=50)]] = None - last_name: Optional[Annotated[str, StringConstraints(max_length=50)]] = None - email: Optional[Annotated[str, StringConstraints(max_length=250)]] = None + first_name: Optional[ + Annotated[str, StringConstraints(max_length=FIRST_NAME_MAX_LEN)] + ] = None + last_name: Optional[ + Annotated[str, StringConstraints(max_length=LAST_NAME_MAX_LEN)] + ] = None + email: Optional[Annotated[str, StringConstraints(max_length=EMAIL_MAX_LEN)]] = None # Check https://docs.pydantic.dev/dev-v2/migration/#changes-to-config for more information. model_config = ConfigDict( diff --git a/server/backend/api/app/schemas/gc_notify_grant_access_email_param.py b/server/backend/api/app/schemas/gc_notify_grant_access_email_param.py index efa715056..003c4adf6 100644 --- a/server/backend/api/app/schemas/gc_notify_grant_access_email_param.py +++ b/server/backend/api/app/schemas/gc_notify_grant_access_email_param.py @@ -2,10 +2,16 @@ from pydantic import BaseModel, EmailStr, StringConstraints from typing_extensions import Annotated +from api.app.constants import FIRST_NAME_MAX_LEN, LAST_NAME_MAX_LEN + class GCNotifyGrantAccessEmailParamSchema(BaseModel): - first_name: Optional[Annotated[str, StringConstraints(max_length=50)]] = None - last_name: Optional[Annotated[str, StringConstraints(max_length=50)]] = None + first_name: Optional[ + Annotated[str, StringConstraints(max_length=FIRST_NAME_MAX_LEN)] + ] = None + last_name: Optional[ + Annotated[str, StringConstraints(max_length=LAST_NAME_MAX_LEN)] + ] = None application_name: Annotated[str, StringConstraints(max_length=35)] role_list_string: Annotated[str, StringConstraints(max_length=500)] application_team_contact_email: Optional[EmailStr] = None diff --git a/server/backend/api/app/schemas/idim_proxy_bceid_info.py b/server/backend/api/app/schemas/idim_proxy_bceid_info.py index 24ad66726..d36b6ebe6 100644 --- a/server/backend/api/app/schemas/idim_proxy_bceid_info.py +++ b/server/backend/api/app/schemas/idim_proxy_bceid_info.py @@ -2,13 +2,24 @@ from pydantic import BaseModel, StringConstraints from typing_extensions import Annotated +from api.app.constants import ( + USER_NAME_MAX_LEN, + FIRST_NAME_MAX_LEN, + LAST_NAME_MAX_LEN, + EMAIL_MAX_LEN, +) + class IdimProxyBceidInfoSchema(BaseModel): found: bool - userId: Annotated[str, StringConstraints(max_length=20)] + userId: Annotated[str, StringConstraints(max_length=USER_NAME_MAX_LEN)] guid: Optional[Annotated[str, StringConstraints(max_length=32)]] = None businessGuid: Optional[Annotated[str, StringConstraints(max_length=32)]] = None businessLegalName: Optional[Annotated[str, StringConstraints(max_length=60)]] = None - firstName: Optional[Annotated[str, StringConstraints(max_length=50)]] = None - lastName: Optional[Annotated[str, StringConstraints(max_length=50)]] = None - email: Optional[Annotated[str, StringConstraints(max_length=250)]] = None + firstName: Optional[ + Annotated[str, StringConstraints(max_length=FIRST_NAME_MAX_LEN)] + ] = None + lastName: Optional[ + Annotated[str, StringConstraints(max_length=LAST_NAME_MAX_LEN)] + ] = None + email: Optional[Annotated[str, StringConstraints(max_length=EMAIL_MAX_LEN)]] = None diff --git a/server/backend/api/app/schemas/idim_proxy_idir_info.py b/server/backend/api/app/schemas/idim_proxy_idir_info.py index 42e3e1cf3..844aad6ad 100644 --- a/server/backend/api/app/schemas/idim_proxy_idir_info.py +++ b/server/backend/api/app/schemas/idim_proxy_idir_info.py @@ -2,12 +2,23 @@ from pydantic import BaseModel, StringConstraints from typing_extensions import Annotated +from api.app.constants import ( + USER_NAME_MAX_LEN, + FIRST_NAME_MAX_LEN, + LAST_NAME_MAX_LEN, + EMAIL_MAX_LEN, +) + class IdimProxyIdirInfoSchema(BaseModel): # property returned from Idim-Proxy search of this form (not snake case) found: bool - userId: Annotated[str, StringConstraints(max_length=20)] + userId: Annotated[str, StringConstraints(max_length=USER_NAME_MAX_LEN)] guid: Optional[Annotated[str, StringConstraints(max_length=32)]] = None - firstName: Optional[Annotated[str, StringConstraints(max_length=50)]] = None - lastName: Optional[Annotated[str, StringConstraints(max_length=50)]] = None - email: Optional[Annotated[str, StringConstraints(max_length=250)]] = None + firstName: Optional[ + Annotated[str, StringConstraints(max_length=FIRST_NAME_MAX_LEN)] + ] = None + lastName: Optional[ + Annotated[str, StringConstraints(max_length=LAST_NAME_MAX_LEN)] + ] = None + email: Optional[Annotated[str, StringConstraints(max_length=EMAIL_MAX_LEN)]] = None diff --git a/server/backend/api/app/schemas/idim_proxy_search_param.py b/server/backend/api/app/schemas/idim_proxy_search_param.py index 365448f74..c09ce92dd 100644 --- a/server/backend/api/app/schemas/idim_proxy_search_param.py +++ b/server/backend/api/app/schemas/idim_proxy_search_param.py @@ -1,8 +1,10 @@ from pydantic import BaseModel, StringConstraints from typing_extensions import Annotated +from api.app.constants import USER_NAME_MAX_LEN + class IdimProxySearchParamSchema(BaseModel): userId: Annotated[ - str, StringConstraints(max_length=20) + str, StringConstraints(max_length=USER_NAME_MAX_LEN) ] # param for Idim-Proxy search of this form (not snake case) diff --git a/server/backend/api/app/schemas/permission_audit_history.py b/server/backend/api/app/schemas/permission_audit_history.py new file mode 100644 index 000000000..ecbd2109d --- /dev/null +++ b/server/backend/api/app/schemas/permission_audit_history.py @@ -0,0 +1,24 @@ +from pydantic import BaseModel, ConfigDict +from datetime import datetime +from typing import Optional +from .privilege_details import PrivilegeDetailsSchema +from .privilege_change_performer import PrivilegeChangePerformerSchema + + +class PermissionAduitHistoryRes(BaseModel): + """ + This class is used to transfer data related to the changes made to a user's permissions, + typically in the context of an audit trail. It encapsulates details about the change, + including when it occurred, who performed the change, who the change was applied to, + and the specific details of the permission changes. + """ + privilege_change_audit_id: int + change_date: datetime + change_performer_user_details: PrivilegeChangePerformerSchema + change_performer_user_id: Optional[int] + create_date: datetime + create_user: str + privilege_change_type_code: str + privilege_details: PrivilegeDetailsSchema + + model_config = ConfigDict(from_attributes=True) diff --git a/server/backend/api/app/schemas/privilege_change_performer.py b/server/backend/api/app/schemas/privilege_change_performer.py new file mode 100644 index 000000000..80d6a9184 --- /dev/null +++ b/server/backend/api/app/schemas/privilege_change_performer.py @@ -0,0 +1,61 @@ +from typing import Optional +from pydantic import BaseModel, ConfigDict, StringConstraints, model_validator +from typing_extensions import Annotated + +from api.app.constants import ( + USER_NAME_MAX_LEN, + FIRST_NAME_MAX_LEN, + LAST_NAME_MAX_LEN, + EMAIL_MAX_LEN, +) + + +class PrivilegeChangePerformerSchema(BaseModel): + """ + This schema represents the structure of the `change_user_details` JSON field used in fam_privilege_change_audit. + + The `change_user_details` field captures information about the user who performed a change, including + the `username`, `first_name`, `last_name`, and `email`. It is used to record the user details at the time + of the audit event, ensuring that changes to these details later do not affect the integrity of the audit log. + + For regular users, all fields (`username`, `first_name`, `last_name`, and `email`) are included. However, + when the change is performed by a system account, only the `username` field is present, and it is set to + "system". The schema includes validation logic to enforce this rule. + + Attributes: + username (str): The username of the user performing the change. For system accounts, this is "system". + first_name (str, optional): The first name of the user. Not present for system accounts. + last_name (str, optional): The last name of the user. Not present for system accounts. + email (str, optional): The email address of the user. Not present for system accounts. + + Validation: + The schema includes a validator to ensure that for system accounts (where `username` is "system"), + no other fields (`first_name`, `last_name`, `email`) are populated. + """ + + username: Annotated[str, StringConstraints(max_length=USER_NAME_MAX_LEN)] + first_name: Optional[ + Annotated[str, StringConstraints(max_length=FIRST_NAME_MAX_LEN)] + ] = None + last_name: Optional[ + Annotated[str, StringConstraints(max_length=LAST_NAME_MAX_LEN)] + ] = None + email: Optional[Annotated[str, StringConstraints(max_length=EMAIL_MAX_LEN)]] = None + + model_config = ConfigDict(from_attributes=True) + + @model_validator(mode="before") + @classmethod + def validate_user_details(cls, values): + username = values.get("username") + first_name = values.get("first_name") + last_name = values.get("last_name") + email = values.get("email") + + if username == "system": + # For system accounts, only username should be present + if first_name or last_name or email: + raise ValueError("System account should only have a username.") + # For regular users, no additional checks are needed; username is the only required field. + + return values diff --git a/server/backend/api/app/schemas/privilege_details.py b/server/backend/api/app/schemas/privilege_details.py new file mode 100644 index 000000000..40144a030 --- /dev/null +++ b/server/backend/api/app/schemas/privilege_details.py @@ -0,0 +1,75 @@ +from typing import List, Optional +from pydantic import BaseModel, ConfigDict, StringConstraints, model_validator +from typing_extensions import Annotated + +from api.app.constants import ( + CLIENT_NUMBER_MAX_LEN, + CLIENT_NAME_MAX_LEN, + ROLE_NAME_MAX_LEN, + PrivilegeDetailsScopeTypeEnum, + PrivilegeDetailsPermissionTypeEnum, +) + + +class PrivilegeDetailsScopeSchema(BaseModel): + scope_type: PrivilegeDetailsScopeTypeEnum + client_id: Optional[ + Annotated[str, StringConstraints(max_length=CLIENT_NUMBER_MAX_LEN)] + ] = None + client_name: Optional[ + Annotated[str, StringConstraints(max_length=CLIENT_NAME_MAX_LEN)] + ] = None + + +class PrivilegeDetailsRoleSchema(BaseModel): + role: Annotated[str, StringConstraints(max_length=ROLE_NAME_MAX_LEN)] + scopes: List[PrivilegeDetailsScopeSchema] + + +class PrivilegeDetailsSchema(BaseModel): + """ + This schema represents the structure of the `privilege_details` JSON field used in the `fam_privilege_change_audit` table. + + The `privilege_details` field captures the details of the privileges being changed during a privilege audit event. + It includes information about the `permission_type` and, types of permissions, the associated roles and scopes. + + Attributes: + permission_type (PrivilegeDetailsPermissionTypeEnum): The type of permission being changed. + roles (List[PrivilegeDetailsRoleSchema], optional): A list of roles associated with the permission. + Required for `END_USER` and `DELEGATED_ADMIN` permission types, and should be omitted for `APPLICATION_ADMIN`. + + Validation: + The schema includes a validator to ensure that roles are appropriately present or absent based on the `permission_type`. + """ + + permission_type: PrivilegeDetailsPermissionTypeEnum + roles: Optional[List[PrivilegeDetailsRoleSchema]] = None + + model_config = ConfigDict(from_attributes=True) + + @model_validator(mode="before") + @classmethod + def check_roles_based_on_permission_type(cls, values): + permission_type = values.get("permission_type") + roles = values.get("roles") + + if ( + permission_type == PrivilegeDetailsPermissionTypeEnum.APPLICATION_ADMIN + and roles is not None + ): + raise ValueError( + "roles should not be present when permission_type is Application Admin" + ) + elif ( + permission_type + in { + PrivilegeDetailsPermissionTypeEnum.END_USER, + PrivilegeDetailsPermissionTypeEnum.DELEGATED_ADMIN, + } + and roles is None + ): + raise ValueError( + "roles are required when permission_type is End User or Delegated Admin" + ) + + return values diff --git a/server/backend/api/app/schemas/requester.py b/server/backend/api/app/schemas/requester.py index 25f7d1ec2..0b8df97a1 100644 --- a/server/backend/api/app/schemas/requester.py +++ b/server/backend/api/app/schemas/requester.py @@ -2,7 +2,7 @@ from pydantic import BaseModel, ConfigDict, StringConstraints from typing_extensions import Annotated -from api.app.constants import UserType +from api.app.constants import UserType, USER_NAME_MAX_LEN class RequesterSchema(BaseModel): @@ -16,7 +16,7 @@ class RequesterSchema(BaseModel): # cognito_user_id => Cognito OIDC access token maps this to: username (ID token => "custom:idp_name" ) cognito_user_id: Union[str, None] = None - user_name: Annotated[str, StringConstraints(max_length=20)] + user_name: Annotated[str, StringConstraints(max_length=USER_NAME_MAX_LEN)] # "B"(BCeID) or "I"(IDIR). It is the IDP provider. user_type_code: Union[UserType, None] = None user_guid: Annotated[str, StringConstraints(min_length=32, max_length=32)] diff --git a/server/backend/api/app/schemas/target_user.py b/server/backend/api/app/schemas/target_user.py index 6051f1fc6..8692d4938 100644 --- a/server/backend/api/app/schemas/target_user.py +++ b/server/backend/api/app/schemas/target_user.py @@ -2,6 +2,8 @@ from pydantic import StringConstraints from typing_extensions import Annotated +from api.app.constants import FIRST_NAME_MAX_LEN, LAST_NAME_MAX_LEN, EMAIL_MAX_LEN + from .requester import RequesterSchema @@ -12,6 +14,10 @@ class TargetUserSchema(RequesterSchema): """ user_id: Optional[int] = None - first_name: Optional[Annotated[str, StringConstraints(max_length=50)]] = None - last_name: Optional[Annotated[str, StringConstraints(max_length=50)]] = None - email: Optional[Annotated[str, StringConstraints(max_length=250)]] = None + first_name: Optional[ + Annotated[str, StringConstraints(max_length=FIRST_NAME_MAX_LEN)] + ] = None + last_name: Optional[ + Annotated[str, StringConstraints(max_length=LAST_NAME_MAX_LEN)] + ] = None + email: Optional[Annotated[str, StringConstraints(max_length=EMAIL_MAX_LEN)]] = None diff --git a/server/backend/readme.md b/server/backend/readme.md index b1cabfed7..4d677d91b 100644 --- a/server/backend/readme.md +++ b/server/backend/readme.md @@ -159,7 +159,7 @@ cd server/backend . ./venv/bin/activate ``` -- run postgres tests +- run backend tests ``` pytest diff --git a/server/backend/testspg/conftest.py b/server/backend/testspg/conftest.py index 9c5e5dec3..c9ee11f79 100644 --- a/server/backend/testspg/conftest.py +++ b/server/backend/testspg/conftest.py @@ -258,3 +258,11 @@ def _override_enforce_bceid_terms_conditions_guard(mocked_tc_accepted=True): ) return _override_enforce_bceid_terms_conditions_guard + + +# Mock the headers obj that can be used right away. +@pytest.fixture(scope="function") +def auth_headers(test_rsa_key): + token = jwt_utils.create_jwt_token(test_rsa_key) + headers = jwt_utils.headers(token) + return headers diff --git a/server/backend/testspg/constants.py b/server/backend/testspg/constants.py index 56485db4b..f317c3125 100644 --- a/server/backend/testspg/constants.py +++ b/server/backend/testspg/constants.py @@ -1,4 +1,7 @@ +import datetime from api.app import constants as fam_constants +from api.app.models.model import FamPrivilegeChangeAudit +from api.app.schemas.permission_audit_history import PermissionAduitHistoryRes # --------------------- Testing application ---------------------------- # @@ -31,7 +34,9 @@ USER_NAME_BCEID_LOAD_2_TEST = "LOAD-2-TEST" USER_GUID_BCEID_LOAD_2_TEST = "81069F39B35B4861BCD010582B63B112" -BUSINESS_GUID_BCEID_LOAD_2_TEST = "MOCKEDBUSINESSGUID5D4ACA9FA901EE" # this is a faked business guid +BUSINESS_GUID_BCEID_LOAD_2_TEST = ( + "MOCKEDBUSINESSGUID5D4ACA9FA901EE" # this is a faked business guid +) USER_NAME_BCEID_LOAD_3_TEST = "LOAD-3-TEST" USER_GUID_BCEID_LOAD_3_TEST = "532905DE0AA24923AE535428F171BF13" BUSINESS_GUID_BCEID_LOAD_3_TEST = "E7C0431DA55D4ACA9FA901EE2C91CB3B" diff --git a/server/backend/testspg/crud/test_crud_permission_audit.py b/server/backend/testspg/crud/test_crud_permission_audit.py new file mode 100644 index 000000000..ec4a93a4d --- /dev/null +++ b/server/backend/testspg/crud/test_crud_permission_audit.py @@ -0,0 +1,106 @@ +import pytest +from sqlalchemy.orm import Session +from sqlalchemy.exc import DataError +from api.app.crud.crud_permission_audit import ( + read_permission_audit_history_by_user_and_application, +) +from testspg.fixture.permission_audit_fixture import ( + APPLICATION_ID_1, + APPLICATION_ID_2, + AUDIT_RECORD_U1_A1_D1, + AUDIT_RECORD_U1_A1_D2, + AUDIT_RECORD_U1_A2, + AUDIT_RECORD_U2_A2, + USER_ID_1, + PERFORMER_DETAILS_1, +) + + +# No Records +def test_read_permission_audit_history_no_records(db_pg_session: Session): + user_id = 999 + application_id = 999 + + result = read_permission_audit_history_by_user_and_application( + user_id, application_id, db_pg_session + ) + + assert len(result) == 0 + + +# No Matching Records +def test_read_permission_audit_history_no_matching_records(db_pg_session: Session): + user_id = 999 + application_id = 999 + + result = read_permission_audit_history_by_user_and_application( + user_id, application_id, db_pg_session + ) + + assert result == [] + + +# Invalid Data Types +def test_read_permission_audit_history_invalid_data_types(db_pg_session: Session): + with pytest.raises(DataError): + read_permission_audit_history_by_user_and_application( + "invalid_user_id", APPLICATION_ID_1, db_pg_session + ) + + +# Multiple Users, Same Application +def test_read_permission_audit_history_multiple_users_same_application( + db_pg_session: Session, +): + db_pg_session.add(AUDIT_RECORD_U1_A2) + db_pg_session.add(AUDIT_RECORD_U2_A2) + + result = read_permission_audit_history_by_user_and_application( + USER_ID_1, APPLICATION_ID_2, db_pg_session + ) + + assert len(result) == 1 + assert ( + result[0].change_performer_user_id + == AUDIT_RECORD_U1_A2.change_performer_user_id + ) + assert ( + result[0].change_performer_user_details.username + == PERFORMER_DETAILS_1["username"] + ) + + +# Multiple Applications, Same User +def test_read_permission_audit_history_multiple_applications_same_user( + db_pg_session: Session, +): + db_pg_session.add(AUDIT_RECORD_U1_A2) + db_pg_session.add(AUDIT_RECORD_U1_A1_D1) + + result = read_permission_audit_history_by_user_and_application( + USER_ID_1, APPLICATION_ID_1, db_pg_session + ) + + assert len(result) == 1 + assert ( + result[0].change_performer_user_id + == AUDIT_RECORD_U1_A1_D1.change_performer_user_id + ) + assert ( + result[0].change_performer_user_details.username + == PERFORMER_DETAILS_1["username"] + ) + + +# Valid Case +def test_read_permission_audit_history_by_user_and_application(db_pg_session: Session): + db_pg_session.add(AUDIT_RECORD_U1_A1_D1) + db_pg_session.add(AUDIT_RECORD_U1_A1_D2) + + result = read_permission_audit_history_by_user_and_application( + USER_ID_1, APPLICATION_ID_1, db_pg_session + ) + + assert len(result) == 2 + assert result[0].change_date == AUDIT_RECORD_U1_A1_D2.change_date # Newest first + assert result[1].change_date == AUDIT_RECORD_U1_A1_D1.change_date # Oldest last diff --git a/server/backend/testspg/fixture/permission_audit_fixture.py b/server/backend/testspg/fixture/permission_audit_fixture.py new file mode 100644 index 000000000..f32ff8ddd --- /dev/null +++ b/server/backend/testspg/fixture/permission_audit_fixture.py @@ -0,0 +1,117 @@ +import datetime +from api.app.constants import ( + PrivilegeDetailsPermissionTypeEnum, + PrivilegeDetailsScopeTypeEnum, +) +from api.app.models.model import FamPrivilegeChangeAudit +from api.app.schemas import ( + PermissionAduitHistoryRes, + PrivilegeChangePerformerSchema, + PrivilegeDetailsSchema, +) +from testspg.constants import TEST_USER_ID, FAM_APPLICATION_ID, FOM_DEV_APPLICATION_ID + +USER_ID_1 = TEST_USER_ID +USER_ID_2 = 2 +APPLICATION_ID_1 = FAM_APPLICATION_ID +APPLICATION_ID_2 = FOM_DEV_APPLICATION_ID +CHANGE_DATE_1 = datetime.datetime(2024, 9, 10, 0, 0) +CHANGE_DATE_2 = datetime.datetime(2024, 9, 11, 0, 0) +ENDPOINT_ROOT = "/permission-audit-history" + +PERFORMER_DETAILS_1 = PrivilegeChangePerformerSchema( + username="bigfoot_hunter", + first_name="Sasquatch", + last_name="Seeker", + email="sasquatch.seeker@cryptid.com", +).model_dump() + +PERFORMER_DETAILS_2 = PrivilegeChangePerformerSchema( + username="big_monke", + first_name="Rainbow", + last_name="Winton", + email="rainbow.winton@zooworld.com", +).model_dump() + +PRIVILEGE_DETAILS = PrivilegeDetailsSchema( + permission_type=PrivilegeDetailsPermissionTypeEnum.END_USER, + roles=[ + { + "role": "submitter", + "scopes": [ + { + "scope_type": PrivilegeDetailsScopeTypeEnum.CLIENT, + "client_id": "00001024", + "client_name": "Chop Trees Inc", + } + ], + } + ], +).model_dump() + +AUDIT_RECORD_U1_A1_D1 = FamPrivilegeChangeAudit( + privilege_change_audit_id=1, + change_date=CHANGE_DATE_1, + change_performer_user_details=PERFORMER_DETAILS_1, + change_performer_user_id=USER_ID_1, + change_target_user_id=USER_ID_1, + create_date=CHANGE_DATE_1, + create_user="admin", + privilege_change_type_code="GRANT", + privilege_details=PRIVILEGE_DETAILS, + application_id=APPLICATION_ID_1, +) + +# Same as AUDIT_RECORD_U1_A1_D1 but with different dates +AUDIT_RECORD_U1_A1_D2 = FamPrivilegeChangeAudit( + privilege_change_audit_id=2, + change_date=CHANGE_DATE_2, + change_performer_user_details=PERFORMER_DETAILS_1, + change_performer_user_id=USER_ID_1, + change_target_user_id=USER_ID_1, + create_date=CHANGE_DATE_2, + create_user="admin", + privilege_change_type_code="REVOKE", + privilege_details=PRIVILEGE_DETAILS, + application_id=APPLICATION_ID_1, +) + +AUDIT_RECORD_U1_A2 = FamPrivilegeChangeAudit( + privilege_change_audit_id=3, + change_date=CHANGE_DATE_2, + change_performer_user_details=PERFORMER_DETAILS_1, + change_performer_user_id=USER_ID_1, + change_target_user_id=USER_ID_1, + create_date=CHANGE_DATE_2, + create_user="admin", + privilege_change_type_code="REVOKE", + privilege_details=PRIVILEGE_DETAILS, + application_id=APPLICATION_ID_2, +) + +AUDIT_RECORD_U2_A2 = FamPrivilegeChangeAudit( + privilege_change_audit_id=4, + change_date=CHANGE_DATE_2, + change_performer_user_details=PERFORMER_DETAILS_2, + change_performer_user_id=USER_ID_2, + change_target_user_id=USER_ID_2, + create_date=CHANGE_DATE_2, + create_user="admin", + privilege_change_type_code="REVOKE", + privilege_details=PRIVILEGE_DETAILS, + application_id=APPLICATION_ID_2, +) + +MOCKED_PERMISSION_HISTORY_RESPONSE = [ + PermissionAduitHistoryRes( + privilege_change_audit_id=1, + change_date=CHANGE_DATE_1, + change_performer_user_details=PERFORMER_DETAILS_1, + change_performer_user_id=1, + change_target_user_id=1, + create_date=CHANGE_DATE_1, + create_user="admin", + privilege_change_type_code="GRANT", + privilege_details=PRIVILEGE_DETAILS, + ) +] diff --git a/server/backend/testspg/router/test_router_permission_audit.py b/server/backend/testspg/router/test_router_permission_audit.py new file mode 100644 index 000000000..887aab727 --- /dev/null +++ b/server/backend/testspg/router/test_router_permission_audit.py @@ -0,0 +1,78 @@ +import pytest +from fastapi.testclient import TestClient +from api.app.main import app, apiPrefix +from testspg.fixture.permission_audit_fixture import ( + APPLICATION_ID_1, + USER_ID_1, + MOCKED_PERMISSION_HISTORY_RESPONSE, +) + +client = TestClient(app) +ENDPOINT_ROOT = "permission-audit-history" + + +@pytest.fixture(scope="function", autouse=True) +def mock_get_db(mocker, db_pg_session): + # This will mock the get_db dependency for all tests in this module + mocker.patch( + "api.app.routers.router_permission_audit.database.get_db", + return_value=db_pg_session, + ) + + +# Test successful retrieval +def test_get_permission_audit_history_success(mocker, auth_headers): + mocker.patch( + "api.app.routers.router_permission_audit.read_permission_audit_history_by_user_and_application", + return_value=MOCKED_PERMISSION_HISTORY_RESPONSE, + ) + + response = client.get( + f"{apiPrefix}/{ENDPOINT_ROOT}?user_id={USER_ID_1}&application_id={APPLICATION_ID_1}", + headers=auth_headers, + ) + + assert response.status_code == 200 + assert len(response.json()) == 1 + assert response.json()[0]["change_date"] == MOCKED_PERMISSION_HISTORY_RESPONSE[ + 0 + ].change_date.isoformat().replace("+00:00", "Z") + + +# Test retrieval with no records +def test_get_permission_audit_history_bad_request(mocker, auth_headers): + mocker.patch( + "api.app.routers.router_permission_audit.read_permission_audit_history_by_user_and_application", + return_value=[], + ) + + response = client.get( + f"{apiPrefix}/{ENDPOINT_ROOT}?user_id=999&application_id=999", + headers=auth_headers, + ) + + assert response.status_code == 400 + + +# Test handling of invalid user_id +def test_get_permission_audit_history_invalid_user_id_type(auth_headers): + response = client.get( + f"{apiPrefix}/{ENDPOINT_ROOT}?user_id=invalid_user_id&application_id={APPLICATION_ID_1}", + headers=auth_headers, + ) + + assert response.status_code == 422 + + +# Test unauthorized access +def test_get_permission_audit_history_unauthorized(mocker): + mocker.patch( + "api.app.routers.router_permission_audit.read_permission_audit_history_by_user_and_application", + side_effect=Exception("Unauthorized"), + ) + + response = client.get( + f"{apiPrefix}/{ENDPOINT_ROOT}?user_id={USER_ID_1}&application_id={APPLICATION_ID_1}" + ) + + assert response.status_code == 401