fix(avs): fix #164 by removing companyPersonalNumber and companyDepartment upon ldap sync expiry

SYNCHRONISE_LDAP_EXPIRE may be null (do nothing) or some seconds (15897600 = half a year). If no successful LDAP synch happened for the specified time, a successful AVS (sic!) update will delete the companyPersonalNumber and companyDepartment
2024-06-11 15:42:10 +02:00 · 2024-06-11 15:42:10 +02:00 · da74b95729
commit da74b95729
parent f5754cd6b1
4 changed files with 18 additions and 6 deletions
--- a/config/settings.yml
+++ b/config/settings.yml
@ -83,6 +83,7 @@ health-check-matching-cluster-config-timeout: "_env:HEALTHCHECK_MATCHING_CLUSTER

 synchronise-ldap-users-within: "_env:SYNCHRONISE_LDAP_WITHIN:1209600"   # 14 Tage in Sekunden
 synchronise-ldap-users-interval: "_env:SYNCHRONISE_LDAP_INTERVAL:3600"  # jede Stunde
+synchronise-ldap-users-expire: "_env:SYNCHRONISE_LDAP_EXPIRE:15897600"  # halbes Jahr in Sekunden

 synchronise-avs-users-within: "_env:SYNCHRONISE_AVS_WITHIN:5702400"     # alle 66 Tage
 synchronise-avs-users-interval: "_env:SYNCHRONISE_AVS_INTERVAL:21600"   # alle 6 Stunden
--- a/src/Handler/Utils/Avs.hs
+++ b/src/Handler/Utils/Avs.hs
@ -331,6 +331,7 @@ updateAvsUserByADC (AvsDataContact apid newAvsPersonInfo newAvsFirmInfo) = runMa
      lift $ do -- maybeT no longer needed from here onwards
        newAvsCardNo <- queryAvsFullCardNo apid               -- Nothing os ok here, does not throw
        now <- liftIO getCurrentTime
+        mbLdapExpire <- getsYesod $ views appSettings appSynchroniseLdapUsersExpire
        let oldAvsPersonInfo = userAvsLastPersonInfo usravs   -- Nothing is ok here
            oldAvsFirmInfo   = userAvsLastFirmInfo   usravs   -- Nothing is ok here
            oldAvsCardNo     = userAvsLastCardNo     usravs & fmap Just
@ -360,14 +361,21 @@ updateAvsUserByADC (AvsDataContact apid newAvsPersonInfo newAvsFirmInfo) = runMa
                        CheckUpdate UserPostAddress _avsFirmPostAddress                                                                   -- since company address should now be referenced with UserCompany instead
            pin_up  = mkUpdate' usr newAvsCardNo     oldAvsCardNo      $                                                                  -- Maybe update PDF pin to latest card
                        CheckUpdate UserPinPassword $ to $ fmap avsFullCardNo2pin -- _Just . to avsFullCardNo2pin . re _Just
-            usr_up1 = eml_up `mcons` (frm_up `mcons` (pin_up `mcons` per_ups))
+            ldap_ups = case (userLastLdapSynchronisation usr, mbLdapExpire) of
+                        (Just lastLdapSync, Just ldapExpire) | now > addUTCTime ldapExpire lastLdapSync 
+                                    ->  [ UserCompanyDepartment      =. Nothing 
+                                        , UserCompanyPersonalNumber  =. Nothing
+                                        ]
+                        _otherwise  -> []
+            usr_up1 = eml_up `mcons` (frm_up `mcons` (pin_up `mcons` (ldap_ups <> per_ups)))
            avs_ups = ((UserAvsNoPerson =.) <$> readMay (avsInfoPersonNo newAvsPersonInfo)) `mcons`
                      [ UserAvsLastSynch      =. now
                      , UserAvsLastSynchError =. Nothing
                      , UserAvsLastPersonInfo =. Just newAvsPersonInfo
                      , UserAvsLastFirmInfo   =. Just newAvsFirmInfo
                      , UserAvsLastCardNo     =. newAvsCardNo
-                      ]                                               
+                      ]
+            
        -- update company association & supervision
        Entity{entityKey=newCompanyId} <- upsertAvsCompany newAvsFirmInfo oldAvsFirmInfo
        oldCompanyEnt <- getAvsCompany `traverseJoin` oldAvsFirmInfo
--- a/src/Settings.hs
+++ b/src/Settings.hs
@ -164,6 +164,7 @@ data AppSettings = AppSettings

    , appSynchroniseLdapUsersWithin :: Maybe NominalDiffTime
    , appSynchroniseLdapUsersInterval :: NominalDiffTime
+    , appSynchroniseLdapUsersExpire :: Maybe NominalDiffTime

    , appSynchroniseAvsUsersWithin :: Maybe NominalDiffTime
    , appSynchroniseAvsUsersInterval :: NominalDiffTime
@ -703,6 +704,7 @@ instance FromJSON AppSettings where

        appSynchroniseLdapUsersWithin   <- o .:? "synchronise-ldap-users-within"
        appSynchroniseLdapUsersInterval <- o .:  "synchronise-ldap-users-interval"
+        appSynchroniseLdapUsersExpire   <- o .:? "synrchonise-ldap-users-expire"   -- time after last synch to delete LDAP sepcific data

        appSynchroniseAvsUsersWithin    <- o .:? "synchronise-avs-users-within"
        appSynchroniseAvsUsersInterval  <- o .:  "synchronise-avs-users-interval"
--- a/templates/adminUser.hamlet
+++ b/templates/adminUser.hamlet
@ -20,7 +20,8 @@ $# SPDX-License-Identifier: AGPL-3.0-or-later
    _{MsgAdminUserAssimilate}
  ^{assimilateForm}
 $# <section>
-$#  <p>
-$#    _{MsgUserAccountDeleteWarning}
-$#  <p>
-$#    ^{modal "Benutzer löschen" (Right deleteWidget)}
+$#   <h3 .show-hide__toggle uw-show-hide data-show-hide-collapsed>
+$#     _{MsgUserAccountDeleteWarning}
+$#   <div>
+$#     <p>
+$#       ^{modal _{MsgBreadcrumbUserDelete} (Right deleteWidget)}