HPCC-22827 Add employeeNumber to wsAccess

Add an employeeNumber field to wsAccess, ISECUser and ldapconnection.

Signed-off-by: Russ Whitehead <william.whitehead@lexisnexisrisk.com>

esp/scm/ws_access.ecm

@@ -21,6 +21,7 @@ ESPenum UserSortBy : string
     FullName("fullname"),
     PasswordExpiration("passwordexpiration"),
     EmployeeID("employeeID"),
+    EmployeeNumber("employeeNumber"),
 };
 
 ESPenum GroupSortBy : string
@@ -53,6 +54,7 @@ ESPstruct UserInfo
     string fullname;
     [min_ver("1.07")] string passwordexpiration;
     [min_ver("1.10")] string employeeID;
+    [min_ver("1.16")] string employeeNumber;
 };
 
 ESPstruct GroupInfo
@@ -236,6 +238,7 @@ ESPresponse UserInfoEditInputResponse
     string lastname;
     [min_ver("1.10")] string employeeID;
     [min_ver("1.12")] string PasswordExpiration;
+    [min_ver("1.16")] string employeeNumber;
 };
 
 ESPrequest UserInfoEditRequest
@@ -244,6 +247,7 @@ ESPrequest UserInfoEditRequest
     string firstname;
     string lastname;
     [min_ver("1.10")] string employeeID;
+    [min_ver("1.16")] string employeeNumber;
 };
 
 ESPresponse UserInfoEditResponse
@@ -261,6 +265,7 @@ ESPrequest AddUserRequest
     [label("Password"), password, cols(20)] password1;
     [label("Retype password"), password, cols(20)] password2;
     [min_ver("1.10"), label("Employee ID"), cols(20)] string employeeID;
+    [min_ver("1.16"), label("Employee Number"), cols(20)] string employeeNumber;
 };
 
 ESPresponse AddUserResponse
@@ -986,7 +991,7 @@ ESPresponse [nil_remove] UserAccountExportResponse
     [http_content("application/octet-stream")] binary Result;
 };
 
-ESPservice [version("1.15"), auth_feature("NONE"), exceptions_inline("./smc_xslt/exceptions.xslt")] ws_access
+ESPservice [version("1.16"), auth_feature("NONE"), exceptions_inline("./smc_xslt/exceptions.xslt")] ws_access
 {
     ESPmethod [client_xslt("/esp/xslt/access_users.xslt")] Users(UserRequest, UserResponse);
     ESPmethod [client_xslt("/esp/xslt/access_useredit.xslt")] UserEdit(UserEditRequest, UserEditResponse);

esp/services/ws_access/ws_accessService.cpp

@@ -497,6 +497,11 @@ bool Cws_accessEx::onUsers(IEspContext &context, IEspUserRequest &req, IEspUserR
                     StringBuffer sb;
                     oneusr->setPasswordexpiration(getPasswordExpiration(usr, sb));
                 }
+
+                if (version >= 1.16)
+                {
+                    oneusr->setEmployeeNumber(usr->getEmployeeNumber());
+                }
                 espusers.append(*oneusr.getLink());
             }
         }
@@ -563,6 +568,9 @@ bool Cws_accessEx::onUserQuery(IEspContext &context, IEspUserQueryRequest &req,
         case CUserSortBy_EmployeeID:
             sortOrder[0] = UFEmployeeID;
             break;
+        case CUserSortBy_EmployeeNumber:
+            sortOrder[0] = UFEmployeeNumber;
+            break;
         default:
             break;
         }
@@ -595,6 +603,10 @@ bool Cws_accessEx::onUserQuery(IEspContext &context, IEspUserQueryRequest &req,
             if (employeeID && *employeeID)
                 userInfo->setEmployeeID(employeeID);
 
+            const char* employeeNumber = usr.queryProp(getUserFieldNames(UFEmployeeNumber));
+            if (employeeNumber && *employeeNumber)
+                userInfo->setEmployeeNumber(employeeNumber);
+
             espUsers.append(*userInfo.getClear());
         }
 
@@ -941,6 +953,11 @@ bool Cws_accessEx::onAddUser(IEspContext &context, IEspAddUserRequest &req, IEsp
             employeeID = req.getEmployeeID();
         }
 
+        const char * employeeNumber = nullptr;
+        if (context.getClientVersion() >= 1.15)
+        {
+            employeeNumber = req.getEmployeeNumber();
+        }
         Owned<ISecUser> user = secmgr->createUser(username);
         ISecCredentials& cred = user->credentials();
         const char* firstname = req.getFirstname();
@@ -951,6 +968,8 @@ bool Cws_accessEx::onAddUser(IEspContext &context, IEspAddUserRequest &req, IEsp
             user->setLastName(lastname);
         if(employeeID != NULL)
             user->setEmployeeID(employeeID);
+        if(employeeNumber != nullptr)
+            user->setEmployeeNumber(employeeNumber);
         if(pass1 != NULL)
             cred.setPassword(pass1);
         try
@@ -1406,6 +1425,9 @@ bool Cws_accessEx::onGroupMemberQuery(IEspContext &context, IEspGroupMemberQuery
         case CUserSortBy_EmployeeID:
             sortOrder[0] = UFEmployeeID;
             break;
+        case CUserSortBy_EmployeeNumber:
+            sortOrder[0] = UFEmployeeNumber;
+            break;
         default:
             break;
         }
@@ -1438,6 +1460,10 @@ bool Cws_accessEx::onGroupMemberQuery(IEspContext &context, IEspGroupMemberQuery
             if (employeeID && *employeeID)
                 userInfo->setEmployeeID(employeeID);
 
+            const char* employeeNumber = usr.queryProp(getUserFieldNames(UFEmployeeNumber));
+            if (employeeNumber && *employeeNumber)
+                userInfo->setEmployeeNumber(employeeNumber);
+
             users.append(*userInfo.getLink());
         }
 
@@ -3709,6 +3735,11 @@ bool Cws_accessEx::onUserInfoEdit(IEspContext &context, IEspUserInfoEditRequest
             user->setEmployeeID(req.getEmployeeID());
         }
 
+        if (context.getClientVersion() >= 1.16)
+        {
+            user->setEmployeeNumber(req.getEmployeeNumber());
+        }
+
         try
         {
             secmgr->updateUser("names", *user.get());
@@ -3766,7 +3797,12 @@ bool Cws_accessEx::onUserInfoEditInput(IEspContext &context, IEspUserInfoEditInp
                 StringBuffer sb;
                 resp.setPasswordExpiration(getPasswordExpiration(user, sb));
             }
+            if (version >= 1.16)
+            {
+                resp.setEmployeeNumber(user->getEmployeeNumber());
+            }
         }
+
     }
     catch(IException* e)
     {

system/security/LdapSecurity/ldapconnection.cpp

@@ -57,7 +57,7 @@
 
 #define UNK_PERM_VALUE (SecAccessFlags)-2	//used to initialize "default" permission, which we later try to deduce
 
-const char* UserFieldNames[] = { "@id", "@name", "@fullname", "@passwordexpiration", "@employeeid" };
+const char* UserFieldNames[] = { "@id", "@name", "@fullname", "@passwordexpiration", "@employeeid", "@employeenumber" };
 
 const char* getUserFieldNames(UserField field)
 {
@@ -1582,7 +1582,7 @@ public:
                 filter.append("uid=");
             filter.append(username);
 
-            char* attrs[] = {"cn", "userAccountControl", "pwdLastSet", "givenName", "sn", "employeeId", "distinguishedName",NULL};
+            char* attrs[] = {"cn", "userAccountControl", "pwdLastSet", "givenName", "sn", "employeeId", "distinguishedName", "employeeNumber", NULL};
 
             Owned<ILdapConnection> lconn = m_connections->getConnection();
             LDAP* sys_ld = lconn.get()->getLd();
@@ -1698,6 +1698,12 @@ public:
                     if (vals.hasValues())
                         user.setEmployeeID(vals.queryCharValue(0));
                 }
+                else if(stricmp(attribute, "employeeNumber") == 0)
+                {
+                    CLDAPGetValuesLenWrapper vals(sys_ld, entry, attribute);
+                    if (vals.hasValues())
+                        user.setEmployeeNumber(vals.queryCharValue(0));
+                }
                 else if(stricmp(attribute, "distinguishedName") == 0)
                 {
                     CLDAPGetValuesLenWrapper vals(sys_ld, entry, attribute);
@@ -2097,7 +2103,7 @@ public:
             Owned<ILdapConnection> lconn = m_connections->getConnection();
             LDAP* ld = lconn.get()->getLd();
 
-            char        *attrs[] = {"cn", "givenName", "sn", "gidnumber", "uidnumber", "homedirectory", "loginshell", "objectClass", "employeeId", "distinguishedName", "userAccountControl", "pwdLastSet", NULL};
+            char        *attrs[] = {"cn", "givenName", "sn", "gidnumber", "uidnumber", "homedirectory", "loginshell", "objectClass", "employeeId", "employeeNumber", "distinguishedName", "userAccountControl", "pwdLastSet", NULL};
             CLDAPMessage searchResult;
             int rc = ldap_search_ext_s(ld, (char*)basedn, LDAP_SCOPE_SUBTREE, (char*)filter.str(), attrs, 0, NULL, NULL, &timeOut, LDAP_NO_LIMIT,   &searchResult.msg );
 
@@ -2170,6 +2176,8 @@ public:
                         }
                         else if(stricmp(attribute, "employeeId") == 0)
                             user.setEmployeeID(vals.queryCharValue(0));
+                        else if(stricmp(attribute, "employeeNumber") == 0)
+                            user.setEmployeeNumber(vals.queryCharValue(0));
                     }
                 }
             }
@@ -2557,7 +2565,7 @@ public:
             filter.appendf(")(|(%s=*%s*)(%s=*%s*)(%s=*%s*)))", act_fieldname, searchstr, "givenName", searchstr, "sn", searchstr);
         }
 
-        char *attrs[] = {act_fieldname, sid_fieldname, "cn", "userAccountControl", "pwdLastSet", "employeeId", NULL};
+        char *attrs[] = {act_fieldname, sid_fieldname, "cn", "userAccountControl", "pwdLastSet", "employeeId", "employeeNumber", NULL};
 
         CPagedLDAPSearch pagedSrch(ld, m_ldapconfig->getLdapTimeout(), (char*)m_ldapconfig->getUserBasedn(), LDAP_SCOPE_SUBTREE, (char*)filter.str(), attrs);
         for (message = pagedSrch.getFirstEntry(); message; message = pagedSrch.getNextEntry())
@@ -2642,6 +2650,12 @@ public:
                     if (vals.hasValues())
                         user->setEmployeeID(vals.queryCharValue(0));
                 }
+                else if(stricmp(attribute, "employeeNumber") == 0)
+                {
+                    CLDAPGetValuesLenWrapper vals(ld, message, attribute);
+                    if (vals.hasValues())
+                        user->setEmployeeNumber(vals.queryCharValue(0));
+                }
             }
             if (user->getName() && *user->getName())
                 users.append(*LINK(user.get()));
@@ -2694,6 +2708,7 @@ public:
         userTree->addPropInt(getUserFieldNames(UFUserID), usr.getUserID());
         userTree->addProp(getUserFieldNames(UFPasswordExpiration), sb.str());
         userTree->addProp(getUserFieldNames(UFEmployeeID), usr.getEmployeeID());
+        userTree->addProp(getUserFieldNames(UFEmployeeNumber), usr.getEmployeeNumber());
         users->addPropTree("User", userTree.getClear());
     }
 
@@ -2832,7 +2847,16 @@ public:
                 employeeID_values
             };
 
-            LDAPMod *attrs[5];
+            const char * emplNumber = user.getEmployeeNumber();
+            char *employeeNumber_values[] = {(emplNumber && *emplNumber) ? (char*)emplNumber : nullptr, nullptr };
+            LDAPMod employeeNumber_attr =
+            {
+                LDAP_MOD_REPLACE,
+                "employeeNumber",
+                employeeNumber_values
+            };
+
+            LDAPMod *attrs[6];
             int ind = 0;
         
             attrs[ind++] = &gn_attr;
@@ -2848,6 +2872,7 @@ public:
             }
 
             attrs[ind++] = &employeeID_attr;
+            attrs[ind++] = &employeeNumber_attr;
             
             attrs[ind] = NULL;
             
@@ -5946,6 +5971,7 @@ private:
         }
 
         const char* employeeID = user.getEmployeeID();
+        const char* employeeNumber = user.getEmployeeNumber();
 
         StringBuffer dn;
         if(m_ldapconfig->getServerType() == ACTIVE_DIRECTORY)
@@ -6044,7 +6070,15 @@ private:
             employeeID_values
         };
 
-        LDAPMod *attrs[9];
+        char* employeeNumber_values[] = {(char*)employeeNumber, NULL};
+        LDAPMod employeeNumber_attr =
+        {
+            LDAP_MOD_ADD,
+            "employeeNumber",
+            employeeNumber_values
+        };
+
+        LDAPMod *attrs[10];
         int ind = 0;
         
         attrs[ind++] = &cn_attr;
@@ -6061,6 +6095,8 @@ private:
             attrs[ind++] = &dispname_attr;
             if (employeeID && *employeeID)
                 attrs[ind++] = &employeeID_attr;
+            if (employeeNumber && *employeeNumber)
+                attrs[ind++] = &employeeNumber_attr;
         }
         else
         {

system/security/LdapSecurity/ldapconnection.hpp

@@ -117,7 +117,8 @@ enum UserField
     UFFullName = 2,
     UFPasswordExpiration = 3,
     UFEmployeeID = 4,
-    UFterm = 5,
+    UFEmployeeNumber = 5,
+    UFterm = 6,
     UFreverse = 256,
     UFnocase = 512,
     UFnumeric = 1024

system/security/LdapSecurity/ldapsecurity.cpp

@@ -142,6 +142,17 @@ bool CLdapSecUser::setEmployeeID(const char * emplID)
     return true;
 }
 
+const char * CLdapSecUser::getEmployeeNumber()
+{
+    return m_employeeNumber.get();
+}
+
+bool CLdapSecUser::setEmployeeNumber(const char * emplNumber)
+{
+    m_employeeNumber.set(emplNumber);
+    return true;
+}
+
 const char * CLdapSecUser::getDistinguishedName()
 {
     return m_distinguishedName.get();
@@ -250,6 +261,7 @@ void CLdapSecUser::copyTo(ISecUser& destination)
     dest->setFirstName(getFirstName());
     dest->setLastName(getLastName());
     dest->setEmployeeID(getEmployeeID());
+    dest->setEmployeeNumber(getEmployeeNumber());
     dest->setRealm(getRealm());
     dest->credentials().setPassword(credentials().getPassword());
     dest->setUserSid(m_usersid.length(), m_usersid.toByteArray());

system/security/LdapSecurity/ldapsecurity.ipp

@@ -47,6 +47,7 @@ private:
     StringAttr   m_lastname;
     StringAttr   m_pw;
     StringAttr   m_employeeID;
+    StringAttr   m_employeeNumber;
     StringAttr   m_distinguishedName;
     StringAttr   m_Fqdn;
     StringAttr   m_Peer;
@@ -92,7 +93,9 @@ public:
     virtual const char * getLastName();
     virtual bool setLastName(const char * lname);
     virtual const char * getEmployeeID();
+    virtual const char * getEmployeeNumber();
     virtual bool setEmployeeID(const char * emplID);
+    virtual bool setEmployeeNumber(const char * emplNumber);
     virtual const char * getDistinguishedName();
     virtual bool setDistinguishedName(const char * dn);
     const char * getRealm();

system/security/shared/SecureUser.hpp

@@ -34,6 +34,7 @@ private:
     StringBuffer    m_firstname;
     StringBuffer    m_lastname;
     StringBuffer    m_employeeID;
+    StringBuffer    m_employeeNumber;
     StringBuffer    m_distinguishedName;
     unsigned        m_userID;
     StringBuffer    m_Fqdn;
@@ -117,6 +118,17 @@ public:
         return true;
     }
 
+    const char * getEmployeeNumber()
+    {
+        return m_employeeNumber.str();
+    }
+
+    bool setEmployeeNumber(const char * emplNumber)
+    {
+        m_employeeNumber.set(emplNumber);
+        return true;
+    }
+
     const char * getDistinguishedName()
     {
         return m_distinguishedName.str();
@@ -250,6 +262,7 @@ public:
         destination.setFirstName(getFirstName());
         destination.setLastName(getLastName());
         destination.setEmployeeID(getEmployeeID());
+        destination.setEmployeeNumber(getEmployeeNumber());
         destination.setRealm(getRealm());
         destination.setFqdn(getFqdn());
         destination.setPeer(getPeer());

system/security/shared/seclib.hpp

@@ -176,6 +176,8 @@ interface ISecUser : extends IInterface
     virtual bool setLastName(const char * lname) = 0;
     virtual const char * getEmployeeID() = 0;
     virtual bool setEmployeeID(const char * emplID) = 0;
+    virtual const char * getEmployeeNumber() = 0;
+    virtual bool setEmployeeNumber(const char * emplNumber) = 0;
     virtual const char * getDistinguishedName() = 0;
     virtual bool setDistinguishedName(const char * dn) = 0;
     virtual const char * getRealm() = 0;