Disable dismissed sync task

CHANGELOG.md

@@ -3,9 +3,10 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 - Синхронизация с 1С ЗУП.
+- Вынос сетевой загрузки данных из cron процесса.
 
-## [1.16] - Unreleased
-- Проверка на включенные учетные записи в DISMISSED, формирование изменений на их отключение.
+## [1.16] - 2021-05-14
+- Проверка на включенные архивные учетные записи в DISMISSED, формирование изменений на их отключение.
 - Обновление сокращений подразделений.
 - Рефакторинг Changelog.
 

MANIFEST

@@ -49,6 +49,7 @@ lib/Adup/Ural/ChangeOUDelete.pm
 lib/Adup/Ural/ChangeOUModify.pm
 lib/Adup/Ural/ChangeUserCreate.pm
 lib/Adup/Ural/ChangeUserDelete.pm
+lib/Adup/Ural/ChangeUserDisableDismissed.pm
 lib/Adup/Ural/ChangeUserFlatGroup.pm
 lib/Adup/Ural/ChangeUserMove.pm
 lib/Adup/Ural/Dblog.pm
@@ -63,6 +64,7 @@ lib/Adup/Ural/SyncCreateOUs.pm
 lib/Adup/Ural/SyncDeleteFlatGroups.pm
 lib/Adup/Ural/SyncDeleteOUs.pm
 lib/Adup/Ural/SyncDeleteUsers.pm
+lib/Adup/Ural/SyncDisableDismissed.pm
 lib/Adup/Ural/UsersCatalog.pm
 Makefile.PL
 MANIFEST			This list of files

lib/Adup/Task/Merge.pm

@@ -13,6 +13,7 @@ use Adup::Ural::Change;
 use Adup::Ural::ChangeUserCreate;
 use Adup::Ural::ChangeUserDelete;
 use Adup::Ural::ChangeUserFlatGroup;
+use Adup::Ural::ChangeUserDisableDismissed;
 use Adup::Ural::ChangeAttr;
 use Adup::Ural::ChangeOUCreate;
 use Adup::Ural::ChangeOUDelete;
@@ -73,6 +74,7 @@ sub _merge {
     { type => 8, desc => 'блокирование пользователей', rep_no => 1},
     { type => 11, desc => 'удаление групп почтового справочника', rep_no => 1},
     { type => 21, desc => 'удаление подразделений', rep_no => 1},
+    { type => 14, desc => 'отключение архивных пользователей', rep_no => 1},
   );
 
   my $log_buf;
@@ -142,7 +144,7 @@ sub _merge {
   #
   # end of merge sequence main loop
   #
-  
+
   $log->l(info => 'Отчёт о применении изменений. '.$log_buf) if $log_buf;
 
   $job->app->reset_task_state($db_adup, $TASK_ID);

lib/Adup/Task/Sync.pm

@@ -15,6 +15,7 @@ use Adup::Ural::SyncAttributesCreateMoveUsers;
 use Adup::Ural::SyncDeleteUsers;
 use Adup::Ural::SyncDeleteFlatGroups;
 use Adup::Ural::SyncDeleteOUs;
+use Adup::Ural::SyncDisableDismissed;
 
 my $TASK_ID = 'sync_id';
 # $TASK_LOG_STATE_SUCCESS = 10;
@@ -64,9 +65,9 @@ sub _sync {
   my $c1 = 0;
   my $c2 = 0;
   unless (defined ($c1 = Adup::Ural::SyncCreateOUs::do_sync(
-    db => $db_adup, 
-    ldap => $ldap, 
-    log => $log, 
+    db => $db_adup,
+    ldap => $ldap,
+    log => $log,
     job => $job,
     user => $remote_user
   ))) {
@@ -78,9 +79,9 @@ sub _sync {
   # SyncCreateFlatGroups subtask
   #
   unless (defined ($c2 = Adup::Ural::SyncCreateFlatGroups::do_sync(
-    db => $db_adup, 
-    ldap => $ldap, 
-    log => $log, 
+    db => $db_adup,
+    ldap => $ldap,
+    log => $log,
     job => $job,
     user => $remote_user,
   ))) {
@@ -100,9 +101,9 @@ sub _sync {
   # SyncAttributesCreateMoveUsers subtask
   #
   unless (defined Adup::Ural::SyncAttributesCreateMoveUsers::do_sync(
-    db => $db_adup, 
-    ldap => $ldap, 
-    log => $log, 
+    db => $db_adup,
+    ldap => $ldap,
+    log => $log,
     job => $job,
     user => $remote_user,
   )) {
@@ -114,9 +115,9 @@ sub _sync {
   # SyncDeleteFlatGroups subtask
   #
   unless (defined Adup::Ural::SyncDeleteFlatGroups::do_sync(
-    db => $db_adup, 
-    ldap => $ldap, 
-    log => $log, 
+    db => $db_adup,
+    ldap => $ldap,
+    log => $log,
     job => $job,
     user => $remote_user,
   )) {
@@ -128,9 +129,9 @@ sub _sync {
   # SyncDeleteUsers subtask
   #
   unless (defined Adup::Ural::SyncDeleteUsers::do_sync(
-    db => $db_adup, 
-    ldap => $ldap, 
-    log => $log, 
+    db => $db_adup,
+    ldap => $ldap,
+    log => $log,
     job => $job,
     user => $remote_user,
   )) {
@@ -142,16 +143,30 @@ sub _sync {
   # SyncDeleteOUs subtask
   #
   unless (defined Adup::Ural::SyncDeleteOUs::do_sync(
-    db => $db_adup, 
-    ldap => $ldap, 
-    log => $log, 
+    db => $db_adup,
+    ldap => $ldap,
+    log => $log,
     job => $job,
     user => $remote_user,
   )) {
     $job->app->reset_task_state($db_adup, $TASK_ID);
     return $job->fail('SyncDeleteOUs fatal error');
   }
 
+  #
+  # SyncDisableDismissed subtask
+  #
+  unless (defined Adup::Ural::SyncDisableDismissed::do_sync(
+    db => $db_adup,
+    ldap => $ldap,
+    log => $log,
+    job => $job,
+    user => $remote_user,
+  )) {
+    $job->app->reset_task_state($db_adup, $TASK_ID);
+    return $job->fail('SyncDisableDismissed fatal error');
+  }
+
   $job->app->reset_task_state($db_adup, $TASK_ID);
   $ldap->unbind;
 

lib/Adup/Ural/ChangeUserDisableDismissed.pm

@@ -0,0 +1,131 @@
+package Adup::Ural::ChangeUserDisableDismissed;
+use Mojo::Base 'Adup::Ural::Change';
+
+use Mojo::Util qw(xml_escape);
+use Carp;
+use Net::LDAP qw(LDAP_SUCCESS LDAP_INSUFFICIENT_ACCESS LDAP_ALREADY_EXISTS);
+use Net::LDAP::Util qw(ldap_explode_dn unescape_dn_value escape_dn_value);
+use Adup::Ural::Dblog;
+
+#use Data::Dumper;
+
+# my $obj = Adup::Ural::ChangeUserDisableDismissed->new($name, $dn, 'author');
+sub new {
+  my ($class, $name, $dn, $author) = @_;
+  my $self = $class->SUPER::new($name, $dn, $author);
+
+  $self->{cn} = undef;
+  $self->{login} = undef;
+  $self->{email} = undef;
+
+  return $self;
+}
+
+#
+# getters
+#
+sub type_human {
+  return 'Блокирование архивной учётной записи';
+}
+
+sub type_robotic {
+  return 14;
+}
+
+sub info_human {
+  my $self = shift;
+
+  my $r = '<span class="info-error">ОБНАРУЖЕНА АКТИВНАЯ АРХИВНАЯ УЧЁТНАЯ ЗАПИСЬ УВОЛЕННОГО СОТРУДНИКА!</span><br>';
+  $r .= '<b>DN:</b> '.xml_escape(unescape_dn_value($self->{dn})).'<br>';
+  $r .= '<b>Отключение включенной архивной учётной записи пользователя в &laquo;УВОЛЕННЫХ&raquo;</b><br>';
+  $r .= '<span class="info-attr">ФИО:</span> &laquo;'.xml_escape($self->{cn}).'&raquo;<br>';
+  $r .= '<span class="info-attr">Логин:</span> '.xml_escape($self->{login}).'<br>' if $self->{login};
+  if ($self->{email}) {
+    $r .= '<span class="info-attr">Указан Email:</span> '.xml_escape($self->{email}).'<br>' ;
+    $r .= '<div class="info-note">Вручную проверьте, возможно всё ещё открыт почтовый ящик и интернет доступ пользователя.</div>';
+  }
+  $r .= '<div class="info-warn"><b>Внимание!</b> Применение изменения вызовет прекращение доступа пользователя.</div>' unless $self->{disabled};
+
+  return $r;
+}
+
+
+# $cn = $obj->cn;
+# $obj->cn($new_cn);
+sub cn {
+  my ($self, $new_cn) = @_;
+  return $self->{cn} unless $new_cn;
+  $self->{cn} = $new_cn;
+}
+
+# $login = $obj->login;
+# $obj->login($new_login);
+sub login {
+  my ($self, $new_login) = @_;
+  return $self->{login} unless $new_login;
+  $self->{login} = $new_login;
+}
+
+# $email = $obj->email;
+# $obj->email($new_email);
+sub email {
+  my ($self, $new_email) = @_;
+  return $self->{email} unless $new_email;
+  $self->{email} = $new_email;
+}
+
+
+# 1 or undef = $obj->merge(
+#     author => 'author',
+#     db => $mysql->db,
+#     ldap => $ldap,
+#     config => $config,
+#     log => $log
+#   );
+sub merge {
+  my ($self, %args) = @_;
+  for (qw/db ldap config log/) { croak 'Required parameters missing' unless defined $args{$_}};
+  croak 'dismissed_ou_dn config required' unless defined $args{config}{dismissed_ou_dn};
+  $args{author} ||= 'н/д';
+  $self->_set_merged($args{author});
+
+  #say "DN: $self->{dn}";
+  # get user entry first
+  my $mesg = $args{ldap}->search(base => $self->{dn}, scope => 'base',
+    filter => '(&(objectCategory=person)(objectClass=user))',
+    attrs => ['userAccountControl'],
+  );
+  if ($mesg->code) {
+    # LDAP_NO_SUCH_OBJECT error too
+    carp 'Merge - disable dismissed user error (bad serach): '.$mesg->error." for DN: $self->{dn}";
+    return undef;
+  }
+
+  if ($mesg->count > 0) {
+    my $entry = $mesg->entry(0);
+    my $uac = $entry->get_value('userAccountControl') || 0x200; # NORMAL_ACCOUNT
+
+    # disable user account
+    if (($uac & 2) != 2) {
+      $entry->replace('userAccountControl' => ($uac | 2)); # set ACCOUNTDISABLE bit
+      $mesg = $entry->update($args{ldap});
+      if ($mesg->code) {
+	carp 'Merge - disable dismissed user error (cant disable account): '.$mesg->error." for DN: $self->{dn}";
+	if ($mesg->code == LDAP_INSUFFICIENT_ACCESS) {
+	  $args{log}->l(state=>91, info=>'Ошибка применения изменения-блокирование архивной учетной записи (отключение учетной записи): Недостаточно прав для выполнения операции.');
+	}
+	return undef;
+      }
+      $args{ldap}->sync($mesg);
+    }
+
+    my $r = $self->deletedb(db => $args{db});
+    # save to archive
+    $self->toarchive(db => $args{db}) if $r;
+    return $r;
+  }
+
+  return undef;
+}
+
+1;

lib/Adup/Ural/SyncDeleteFlatGroups.pm

@@ -163,7 +163,7 @@ sub do_sync {
 	}
 
 	# update progress
-	$entry_count ++;
+	$entry_count++;
 	if ($entry_count % $mod == 0) {
 	  my $percent = ceil($entry_count / $entries_total * 100);
 	  $args{job}->note(

lib/Adup/Ural/SyncDeleteOUs.pm

@@ -174,7 +174,7 @@ ENTRYLOOP:
     }
 
     # update progress
-    $entry_count ++;
+    $entry_count++;
     if ($entry_count % $mod == 0) {
       my $percent = ceil($entry_count / $entries_total * 100);
       $args{job}->note(

lib/Adup/Ural/SyncDeleteUsers.pm

@@ -76,7 +76,7 @@ sub do_sync {
   my $pagedctl = Net::LDAP::Control::Paged->new(size => 100);
 
   my @searchargs = ( base => $ldapbase, scope => 'sub',
-    filter => '(&(objectCategory=person)(objectClass=user))', 
+    filter => '(&(objectCategory=person)(objectClass=user))',
     attrs => ['cn', 'sAMAccountName', 'mail', 'userAccountControl'],
     control => [ $pagedctl ]
   );
@@ -123,7 +123,7 @@ sub do_sync {
 	}
 
         # update progress
-	$entry_count ++;
+	$entry_count++;
         if ($entry_count % $mod == 0) {
           my $percent = ceil($entry_count / $entries_total * 100);
           $args{job}->note(