feat(agent): give ability to update an existing agent

btry · btry · commit 037f589cb473 · 2018-10-05T18:12:11.000+02:00
Signed-off-by: Thierry Bugier &lt;tbugier@teclib.com&gt;
diff --git a/inc/agent.class.php b/inc/agent.class.php
@@ -386,6 +386,27 @@ public function canViewItem() {
       return $_SESSION['glpiID'] == $computer->getField('users_id');
    }
 
+   public function canUpdateItem() {
+      // Check the active profile
+      $config = Config::getConfigurationValues('flyvemdm', ['guest_profiles_id']);
+      if ($_SESSION['glpiactiveprofile']['id'] != $config['guest_profiles_id']) {
+         return parent::canUpdateItem();
+      }
+
+      if (!$this->checkEntity(true)) {
+         return false;
+      }
+
+      // the active profile is guest user, then check the user is
+      // owner of the item's computer
+      $computer = $this->getComputer();
+      if ($computer === null) {
+         return false;
+      }
+
+      return $_SESSION['glpiID'] == $computer->getField('users_id');
+   }
+
    /**
     * Sends a wipe command to the agent
     */
@@ -469,6 +490,11 @@ public function prepareInputForAdd($input) {
    }
 
    public function prepareInputForUpdate($input) {
+      $config = Config::getConfigurationValues('flyvemdm', ['guest_profiles_id']);
+      if ($_SESSION['glpiactiveprofile']['id'] == $config['guest_profiles_id']) {
+         return $this->prepareInputForUpdateFromDevice($input);
+      }
+
       if (isset($input['plugin_flyvemdm_fleets_id'])) {
          // Update MQTT ACL for the fleet
          $oldFleet = new PluginFlyvemdmFleet();
@@ -547,6 +573,31 @@ public function prepareInputForUpdate($input) {
       return $input;
    }
 
+   /**
+    * Prepare input for update from the agent itseld
+    *
+    * @param array $input
+    * @return array
+    */
+   private function prepareInputForUpdateFromDevice($input) {
+      //Sanitize input
+      unset($input[Computer::getForeignKeyField()]);
+      unset($input[User::getForeignKeyField()]);
+      unset($input[Entity::getForeignKeyField()]);
+      unset($input[PluginFlyvemdmFleet::getForeignKeyField()]);
+      unset($input['name']);
+      unset($input['wipe']);
+      unset($input['lock']);
+      unset($input['enroll_status']);
+      unset($input['last_report']);
+      unset($input['last_contact']);
+      unset($input['is_online']);
+      unset($input['certificate']);
+      unset($input['mdm_type']);
+
+      return $input;
+   }
+
    public function post_addItem() {
       // Notify the agent about its fleets
       $this->updateSubscription();
@@ -1294,6 +1345,15 @@ protected function enrollByInvitationToken($input) {
       }
       $computerId = $pfAgent->getField(Computer::getForeignKeyField());
 
+      // Check no Flyvemdm agent is linked to this computer
+      $agent = new self();
+      if ($agent->getFromDBByCrit(['computers_id' => $computerId])) {
+         // Save the agent ID in session to allow the device to find it
+         // and update it. Give up creation
+         $_SESSION['plugin_flyvemdm_agents_id'] = $agent->getID();
+         return false;
+      }
+
       if ($computerId === 0) {
          $event = __("Cannot create the device", 'flyvemdm');
          $this->filterMessages($event);
@@ -1355,7 +1415,7 @@ protected function enrollByInvitationToken($input) {
       // Create the agent
       $defaultFleet = PluginFlyvemdmFleet::getDefaultFleet();
       if ($defaultFleet === null) {
-         $event = __("No default fleet available for the device", 'flyvemdm');
+         $event = __('No default fleet available for the device', 'flyvemdm');
          $this->filterMessages($event);
          $this->logInvitationEvent($invitation, $event);
          return false;
diff --git a/inc/invitation.class.php b/inc/invitation.class.php
@@ -95,18 +95,18 @@ public function getRights($interface = 'central') {
    public function prepareInputForAdd($input) {
       // integrity checks
       if (!isset($input['_useremails'])) {
-         Session::addMessageAfterRedirect(__("Email address is invalid", 'flyvemdm'));
+         Session::addMessageAfterRedirect(__('Email address is not set', 'flyvemdm'));
          return false;
       }
 
       $input['_useremails'] = filter_var($input['_useremails'], FILTER_VALIDATE_EMAIL);
       if (!$input['_useremails']) {
-         Session::addMessageAfterRedirect(__("Email address is invalid", 'flyvemdm'));
+         Session::addMessageAfterRedirect(__('Email address is invalid', 'flyvemdm'));
          return false;
       }
 
       // Find guest profile's id
-      $config = Config::getConfigurationValues("flyvemdm", ['guest_profiles_id']);
+      $config = Config::getConfigurationValues('flyvemdm', ['guest_profiles_id']);
       $guestProfileId = $config['guest_profiles_id'];
 
       $entityId = $input['entities_id'];
@@ -134,15 +134,15 @@ public function prepareInputForAdd($input) {
          ]);
 
          if ($user->isNewItem()) {
-            Session::addMessageAfterRedirect(__("Cannot create the user", 'flyvemdm'), false, INFO,
+            Session::addMessageAfterRedirect(__('Cannot create the user', 'flyvemdm'), false, INFO,
                true);
             return false;
          }
 
       } else {
          // Do not handle deleted users
          if ($user->isDeleted()) {
-            Session::addMessageAfterRedirect(__("The user already exists and has been deleted. You must restore or purge him first.",
+            Session::addMessageAfterRedirect(__('The user already exists and has been deleted. You must restore or purge him first.',
                'flyvemdm'), false, INFO, true);
             return false;
          }
diff --git a/install/upgrade_to_dev.php b/install/upgrade_to_dev.php
@@ -42,14 +42,21 @@ function upgrade(Migration $migration) {
 
       $migration->setVersion(PLUGIN_FLYVEMDM_VERSION);
 
-      $profileRight = new ProfileRight();
-
       $config = Config::getConfigurationValues('flyvemdm');
       if (!isset($config['mqtt_broker_port_backend'])) {
          // Split port setting for client in one hand and backend in the other hand
          $config['mqtt_broker_tls_port_backend'] = $config['mqtt_broker_tls_port'];
          $config['mqtt_broker_port_backend'] = $config['mqtt_broker_port'];
          Config::setConfigurationValues('flyvemdm', $config);
       }
+
+      // Merge new rights into guest profile
+      $profileId = $config['guest_profiles_id'];
+      $currentRights = ProfileRight::getProfileRights($profileId);
+      $newRights = array_merge($currentRights, [
+         PluginFlyvemdmAgent::$rightname      => CREATE| READ | UPDATE ,
+      ]);
+      $profileRight = new ProfileRight();
+      $profileRight->updateProfileRights($profileId, $newRights);
    }
 }
diff --git a/tests/suite-integration/ProfileRight.php b/tests/suite-integration/ProfileRight.php
@@ -133,7 +133,7 @@ public function testGuestProfileRights() {
       $profileId = $config['guest_profiles_id'];
       // Expected rights
       $rightsSet = [
-         \PluginFlyvemdmAgent::$rightname   => READ | CREATE,
+         \PluginFlyvemdmAgent::$rightname   => READ | CREATE | UPDATE,
          \PluginFlyvemdmPackage::$rightname => READ,
          \PluginFlyvemdmFile::$rightname    => READ,
       ];
diff --git a/tests/suite-unit/PluginFlyvemdmAgent.php b/tests/suite-unit/PluginFlyvemdmAgent.php
@@ -348,4 +348,105 @@ public function testGetSpecificValueToDisplay() {
       $this->string($instance->getSpecificValueToDisplay('mdm_type',
          'android'))->contains('Android');
    }
+
+
+   public function providerCanUpdateItem() {
+      $this->login('glpi', 'glpi');
+      $agent = $this->createAgent();
+      $dataset = [
+         [
+
+         ]
+      ];
+
+      return $dataset;
+   }
+
+   public function testCanUpdateItem() {
+      // Check a super admin can update the agent
+      $this->login('glpi', 'glpi');
+      $agent = $this->createAgent();
+      $output = $agent->canUpdateItem();
+      $this->boolean($output)->isTrue();
+
+      // Check the acount of the agent can update it
+      $user = new \User();
+      $user->getFromDB($agent->fields[\User::getForeignKeyField()]);
+      $this->loginWithUserToken($user->fields['api_token']);
+      $output = $agent->canUpdateItem();
+      $this->boolean($output)->isTrue();
+
+      $this->login('post-only', 'postonly');
+      $output = $agent->canUpdateItem();
+      $this->boolean($output)->isTrue(); // note that canUpdate() shall return false
+   }
+
+   /**
+    * @tags testPrepareInputForUpdate
+    */
+   public function testPrepareInputForUpdate() {
+      $this->login('glpi', 'glpi');
+      $agent = $this->createAgent();
+      list($user, $serial, $guestEmail, $invitation) = $this->createUserInvitation(\User::getForeignKeyField());
+      $this->loginWithUserToken($user->fields['api_token']);
+      $output = $agent->prepareInputForUpdate([
+         \Computer::getForeignKeyField() => '0',
+         \User::getForeignKeyField() => '0',
+         \Entity::getForeignKeyField() => '0',
+         \PluginFlyvemdmFleet::getForeignKeyField() => '0',
+         'name'  => '',
+         'wipe' => '0',
+         'lock' => '0',
+         'enroll_status' => '',
+         'last_report' => '',
+         'last_contact' => '',
+         'is_online' => '', 
+         'certificate' => '',
+         'mdm_type' => '',
+      ]);
+
+      $this->array($output)->notHasKeys([
+         \Computer::getForeignKeyField(),
+         \User::getForeignKeyField(),
+         \Entity::getForeignKeyField(),
+         \PluginFlyvemdmFleet::getForeignKeyField(),
+         'name',
+         'wipe',
+         'lock',
+         'enroll_status',
+         'last_report',
+         'last_contact',
+         'is_online', 
+         'certificate',
+         'mdm_type',
+      ]);
+   }
+
+   /**
+    * @tags testPrepareInputForAdd
+    */
+   public function testPrepareInputForAdd() {
+      list($user, $serial, $guestEmail, $invitation) = $this->createUserInvitation(\User::getForeignKeyField());
+      list($user2, $serial2, $guestEmail2, $invitation2) = $this->createUserInvitation(\User::getForeignKeyField());
+      $invitationToken = $invitation->fields['invitation_token'];
+      $invitationToken2 = $invitation2->fields['invitation_token'];
+      $inventory = self::AgentXmlInventory($serial);
+      $agent = $this->agentFromInvitation($user, $guestEmail, $serial, $invitationToken, 'android',
+         '', $inventory, [], true);
+      $this->array($_SESSION)->notHasKey('plugin_flyvemdm_agents_id');
+
+      // Inconsistency : creating an invitation for tests should not generate a serial
+      // the serial should be crated in the caller instead
+      list($user, $serial, $guestEmail, $invitation) = $this->createUserInvitation(\User::getForeignKeyField());
+      $newAgent = $this->agentFromInvitation($user2, $guestEmail2, $serial, $invitationToken2, 'android',
+         '', $inventory, [], false);
+      // Check the agent is not created
+      $this->boolean($newAgent->isNewItem())->isTrue();
+      // Do not test the message in session: it may be filtered when 
+      // debug mode for enrollment is disabled
+      // Instead, let's check if the session contains the ID of the agent to update
+      $this->array($_SESSION)->hasKey('plugin_flyvemdm_agents_id');
+      $this->integer((int) $_SESSION['plugin_flyvemdm_agents_id'])
+         ->isEqualTo($agent->getID());
+   }
 }
