Merge pull request #1452 from mosen/feature/business_units_v2_draft

Feature/business units v2 draft

.gitignore

@@ -34,3 +34,8 @@ node_modules
 storage/oauth-private.key
 storage/oauth-public.key
 storage/*.index
+
+# Lighthouse-PHP Generated Helper Definitions
+programmatic-types.graphql
+schema-directives.graphql
+_lighthouse_ide_helper.php

app/BusinessUnit.php

@@ -24,13 +24,24 @@ class BusinessUnit extends Model
     /**
      * Retrieve a list of members of this business unit (managers and users).
      */
-    public function members(): BelongsToMany {
+    public function users(): BelongsToMany {
         return $this->belongsToMany('App\User',
-            'business_unit_users',
+            'business_unit_user',
             'business_unit_id',
             'user_id');
     }
 
+    /**
+     * Retrieve a list of machine groups associated with this business unit
+     */
+    public function machineGroups(): BelongsToMany {
+        return $this->belongsToMany('App\MachineGroup',
+            'business_unit_machine_group',
+            'business_unit_id',
+            'machine_group_id'
+        );
+    }
+
     /**
      * Retrieve users who are managers of this business unit.
      */
@@ -48,7 +59,7 @@ public function archivers(): BelongsToMany {
     /**
      * Retrieve users who are basic users in this business unit.
      */
-    public function users(): BelongsToMany {
+    public function basicUsers(): BelongsToMany {
         return $this->members()->wherePivot('role', 'user');
     }
 }

app/Comment.php

@@ -4,7 +4,7 @@
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 
-class Comment extends Model
+class Comment extends SerialNumberModel
 {
     use HasFactory;
 

app/Http/Controllers/AppController.php

@@ -0,0 +1,10 @@
+<?php
+
+namespace App\Http\Controllers;
+
+class AppController extends Controller
+{
+    public function index() {
+        return view('app');
+    }
+}

app/Machine.php

@@ -96,6 +96,14 @@ public function events(): HasMany {
         return $this->hasMany('App\Event', 'serial_number', 'serial_number');
     }
 
+    /**
+     * Get a list of comments associated with this machine.
+     * @return HasMany
+     */
+    public function comments(): HasMany {
+        return $this->hasMany('App\Comment', 'serial_number', 'serial_number');
+    }
+
     //// SCOPES
     // Cannot use this while timestamps are disabled.
     // use CreatedSinceScope;

app/SerialNumberModel.php

@@ -2,6 +2,8 @@
 namespace App;
 
 use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
+use Illuminate\Database\Eloquent\Relations\HasMany;
 
 /**
  * The SerialNumberModel class is a base class for all models
@@ -17,27 +19,27 @@ class SerialNumberModel extends Model
     /**
      * Fetch the ReportData model associated with this model.
      *
-     * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
+     * @return BelongsTo
      */
-    public function reportData() {
+    public function reportData(): BelongsTo {
         return $this->belongsTo('App\ReportData', 'serial_number', 'serial_number');
     }
 
     /**
      * Fetch the Machine model associated with this model.
      *
-     * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
+     * @return BelongsTo
      */
-    public function machine() {
+    public function machine(): BelongsTo {
         return $this->belongsTo('App\Machine', 'serial_number', 'serial_number');
     }
 
     /**
      * Fetch events associated with this model.
      *
-     * @return mixed
+     * @return HasMany
      */
-    public function events() {
+    public function events(): HasMany {
         return $this->hasMany('App\Event', 'serial_number', 'serial_number');
     }
 }

app/Tag.php

@@ -3,7 +3,7 @@
 
 use Illuminate\Database\Eloquent\Model;
 
-class Tag extends Model
+class Tag extends SerialNumberModel
 {
     protected $table = 'tag';
 

config/business-units.php

@@ -0,0 +1,24 @@
+<?php
+
+return [
+    /*
+    |--------------------------------------------------------------------------
+    | Single Sign-On Business Unit Claims Mapping
+    |--------------------------------------------------------------------------
+    |
+    | This option allows you to map groups from your identity provider (IdP), such as
+    | Azure AD or Google Workspace, to business units.
+    |
+    | Nominate the name of an Attribute (SAML) or token claim (oauth2) in the response which carries a list of
+    | groups that the user is part of. Each business unit can then have an external identifier associated with it, that
+    | corresponds to a group that the user is part of.
+    */
+    'claims_mapping' => [
+        'saml' => [
+            // AttributeName
+        ],
+        'oauth2' => [
+            // token claim
+        ],
+    ]
+];

config/cors.php

@@ -15,7 +15,7 @@
     |
     */
 
-    'paths' => ['api/*', 'graphql'],
+    'paths' => ['api/*', 'graphql', 'sanctum/csrf-cookie'],
 
     'allowed_methods' => ['*'],
 

database/migrations/2020_08_14_101102_create_machine_groups.php

@@ -15,15 +15,9 @@ public function up()
     {
         Schema::create('machine_groups', function (Blueprint $table) {
             $table->id();
-            $table->unsignedBigInteger('business_unit_id')->nullable();
             $table->string('name')->unique();
             $table->uuid('key')->unique();
             $table->timestamps();
-
-            $table->foreign('business_unit_id')
-                ->references('id')
-                ->on('business_units')
-                ->onDelete('set null');
         });
     }
 

database/migrations/2020_08_14_101634_create_business_unit_users.php

@@ -13,7 +13,7 @@ class CreateBusinessUnitUsers extends Migration
      */
     public function up()
     {
-        Schema::create('business_unit_users', function (Blueprint $table) {
+        Schema::create('business_unit_user', function (Blueprint $table) {
             $table->id();
 
             $table->unsignedBigInteger('business_unit_id');
@@ -40,6 +40,6 @@ public function up()
      */
     public function down()
     {
-        Schema::dropIfExists('business_unit_users');
+        Schema::dropIfExists('business_unit_user');
     }
 }

database/migrations/2022_01_27_005007_create_business_unit_machine_group.php

@@ -0,0 +1,45 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class CreateBusinessUnitMachineGroup extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('business_unit_machine_group', function (Blueprint $table) {
+            $table->id();
+            $table->timestamps();
+
+            $table->unsignedBigInteger('business_unit_id');
+            $table->unsignedBigInteger('machine_group_id');
+
+            $table->foreign('business_unit_id')
+                ->references('id')
+                ->on('business_units')
+                ->onDelete('cascade');
+
+            $table->foreign('machine_group_id')
+                ->references('id')
+                ->on('machine_groups')
+                ->onDelete('cascade');
+
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::dropIfExists('business_unit_machine_group');
+    }
+}

docs/illuminate/business-units-v2.md

@@ -24,3 +24,19 @@
 - Consider splitting key from group.
 - Consider ADLDAP or SAML claim -> BU membership automatically.
 
+## Planned Features ##
+
+- A user can be part of multiple business units.
+- A root-level business unit will be established to provide non-admin RBAC over all of the business units, like Global Viewers.
+- Machine authentication (via Passphrase) will be disconnected from the machine group.
+  - How are we gonna select a machine group given no information?
+- A SAML attribute claim or OIDC token claim mapping can be provided to assign users to BU's at login time.
+- The UI should provide an easy way to switch into a BU or machine group and back again to see dashboards that focus
+  on only a portion of machines.
+- The selected filter will persist through localStorage so that sign-in/out will preserve filter criteria.
+- Machine groups may have external mapping criteria so that their membership can be managed eg. via Jamf or Intune
+
+## Not Planned ##
+
+- Machine group / BU in listings: not in this scope, in the enhanced query feature.
+

graphql/businessunit.graphql

@@ -10,9 +10,35 @@ type BusinessUnit {
     created_at: DateTime!
     updated_at: DateTime!
 
-    members: [User!]!
-    managers: [User!]!
-    archivers: [User!]!
-    users: [User!]!
+    users: [User!] @belongsToMany
+    machineGroups: [MachineGroup!] @belongsToMany
 }
 
+
+input UpdateBusinessUnitRelationshipsInput {
+    id: ID!
+    users: UpdateBusinessUnitUsers
+}
+
+input UpdateBusinessUnitUsers {
+    connect: [BusinessUnitUsersPivot!]
+    disconnect: [ID!]
+}
+
+input BusinessUnitUsersPivot {
+    id: ID!
+    "The role that the user will have for machines located in this business unit."
+    role: String!
+}
+
+extend type Query @guard {
+    businessUnits: [BusinessUnit!]! @paginate(defaultCount: 50)
+    businessUnit(id: ID @eq): BusinessUnit @find
+}
+
+extend type Mutation @guard {
+    createBusinessUnit(name: String!, address: String, link: String): BusinessUnit! @create
+    updateBusinessUnit(id: ID!, name: String, address: String, link: String): BusinessUnit @update
+    updateBusinessUnitRelationships(input: UpdateBusinessUnitRelationshipsInput! @spread): BusinessUnit @update
+    destroyBusinessUnit(id: ID!): BusinessUnit @delete
+}

graphql/machinegroup.graphql

@@ -9,7 +9,12 @@ type MachineGroup {
     created_at: DateTime!
     updated_at: DateTime!
 
-    reportData: [ReportData!]
+    reportData: [ReportData!] @hasMany
     machines: [Machine!]
-    businessUnit: BusinessUnit
+    businessUnit: BusinessUnit @belongsToMany
+}
+
+extend type Query @guard {
+    machineGroups: [MachineGroup!]! @paginate(defaultCount: 50)
+    machineGroupsSearch(name: String! @where(operator: "like")): [MachineGroup!]! @all
 }

graphql/schema.graphql

@@ -7,19 +7,15 @@ scalar DateTime @scalar(class: "Nuwave\\Lighthouse\\Schema\\Types\\Scalars\\Date
 "A datetime and timezone string in ISO 8601 format `Y-m-dTH:i:sO`, e.g. `2020-04-20T13:53:12+02:00`."
 scalar DateTimeTz @scalar(class: "Nuwave\\Lighthouse\\Schema\\Types\\Scalars\\DateTimeTz")
 
-type Query {
-    me: User @auth
-}
-
 extend type Query @guard {
-    users: [User!]! @paginate(defaultCount: 10)
-    user(id: ID @eq): User @find
+    me: User @auth
+    usersSearch(name: String! @where(operator: "like")): [User!]! @all
     machines: [Machine!]! @paginate(defaultCount: 50)
     machine(id: ID @eq): Machine @find
     reportData: [ReportData!]! @paginate(defaultCount: 50)
     reportDatum(id: ID @eq): ReportData @find
-    businessUnits: [BusinessUnit!]! @paginate(defaultCount: 50)
-    machineGroups: [MachineGroup!]! @paginate(defaultCount: 50)
+
+
     comments: [Comment]! @paginate(defaultCount: 50)
     events: [Event]! @paginate(defaultCount: 50)
     tags: [Tag]! @paginate(defaultCount: 50)
@@ -33,3 +29,4 @@ extend type Query @guard {
 #import comment.graphql
 #import event.graphql
 #import tag.graphql
+

graphql/user.graphql

@@ -11,5 +11,12 @@ type User {
     source: String
     display_name: String
     locale: String
+
+    businessUnits: [BusinessUnit!] @belongsToMany
+    pivot: UserBusinessUnitPivot
 }
 
+type UserBusinessUnitPivot {
+    "The role that the user will have for machines located in this business unit."
+    role: String
+}