From 5ff79dc55081f7599c79f7832a8f34dd20ba2ee9 Mon Sep 17 00:00:00 2001
From: daniel <daniel.barbero@artica.es>
Date: Thu, 8 Feb 2024 12:23:56 +0100
Subject: [PATCH] new api 2.0

---
 pandora_console/api/v1/config/container.php   |   5 +
 pandora_console/api/v1/public/swagger.json    |  11 +-
 .../godmode/users/configure_token.php         |  28 +--
 pandora_console/godmode/users/token_list.php  |  25 ++-
 pandora_console/images/setup-password.svg     |   7 +
 pandora_console/include/functions_token.php   |  10 +-
 pandora_console/include/functions_users.php   |  32 +--
 .../Actions/CreateTokenAction.php             |   5 +-
 .../Actions/DeleteTokenAction.php             |   5 +-
 .../Actions/UpdateTokenAction.php             |   5 +-
 .../Controllers/CreateTokenController.php     |   6 +-
 .../Controllers/DeleteTokenController.php     |   4 -
 .../Controllers/GetTokenController.php        |   6 +-
 .../Controllers/ListTokenController.php       |   6 +-
 .../Controllers/UpdateTokenController.php     |   4 -
 .../Modules/Authentication/Entities/Token.php |   4 +-
 .../Repositories/TokenRepository.php          |  58 +-----
 .../Repositories/TokenRepositoryMySQL.php     | 182 ++++++++++++++++++
 .../ValidateServerIdentifierTokenService.php  |   2 +-
 .../Validations/TokenValidation.php           |  17 +-
 .../Validations/EventCommentValidation.php    |   2 +-
 .../Repositories/EventRepositoryMySQL.php     |   2 +-
 ...KeepInProcessStatusExtraIdEventService.php |   2 +-
 .../Events/Validations/EventValidation.php    |   2 +-
 .../Repositories/GroupRepositoryMySQL.php     |   2 +-
 .../Shared/Core/DataMapperAbstract.php        |   1 +
 .../Shared/Middlewares/AclListMiddleware.php  |   2 +-
 .../Middlewares/UserTokenMiddleware.php       |   2 +-
 .../Shared/Services/ValidateAclSystem.php     |  35 +++-
 .../Repositories/UserRepositoryMySQL.php      |   4 +-
 30 files changed, 344 insertions(+), 132 deletions(-)
 create mode 100644 pandora_console/images/setup-password.svg
 create mode 100644 pandora_console/include/lib/Modules/Authentication/Repositories/TokenRepositoryMySQL.php

diff --git a/pandora_console/api/v1/config/container.php b/pandora_console/api/v1/config/container.php
index 9d878e4337..4a267619fc 100644
--- a/pandora_console/api/v1/config/container.php
+++ b/pandora_console/api/v1/config/container.php
@@ -1,5 +1,7 @@
 <?php
 
+use PandoraFMS\Modules\Authentication\Repositories\TokenRepository;
+use PandoraFMS\Modules\Authentication\Repositories\TokenRepositoryMySQL;
 use PandoraFMS\Modules\Events\Repositories\EventRepository;
 use PandoraFMS\Modules\Events\Repositories\EventRepositoryMySQL;
 use PandoraFMS\Modules\Groups\Repositories\GroupRepository;
@@ -40,6 +42,9 @@ return [
     Repository::class      => function (ContainerInterface $container) {
         return $container->get(RepositoryMySQL::class);
     },
+    TokenRepository::class => function (ContainerInterface $container) {
+        return $container->get(TokenRepositoryMySQL::class);
+    },
     UserRepository::class  => function (ContainerInterface $container) {
         return $container->get(UserRepositoryMySQL::class);
     },
diff --git a/pandora_console/api/v1/public/swagger.json b/pandora_console/api/v1/public/swagger.json
index c16a2cd147..50fd6c05f2 100644
--- a/pandora_console/api/v1/public/swagger.json
+++ b/pandora_console/api/v1/public/swagger.json
@@ -1981,7 +1981,6 @@
             "description": "id_user of the token",
             "type": "string",
             "default": null,
-            "readOnly": true,
             "nullable": true
           },
           "validity": {
@@ -2013,6 +2012,12 @@
               "idToken": {
                 "default": null,
                 "readOnly": false
+              },
+              "freeSearch": {
+                "description": "Find word in name field.",
+                "type": "string",
+                "default": null,
+                "nullable": true
               }
             },
             "type": "object"
@@ -3002,7 +3007,7 @@
       "User": {
         "properties": {
           "idUser": {
-            "description": "Id user, not ",
+            "description": "Id user",
             "type": "string",
             "nullable": false
           },
@@ -3777,7 +3782,7 @@
         "schema": {
           "type": "string",
           "default": "",
-          "enum": ["ascending", "descending"]
+          "enum": ["ASC", "DESC"]
         }
       },
       "parameterIdTag": {
diff --git a/pandora_console/godmode/users/configure_token.php b/pandora_console/godmode/users/configure_token.php
index 4972b93660..6b2f796edf 100644
--- a/pandora_console/godmode/users/configure_token.php
+++ b/pandora_console/godmode/users/configure_token.php
@@ -71,18 +71,6 @@ $table->data = [];
 $table->rowspan = [];
 $table->colspan = [];
 
-if (is_metaconsole() === true) {
-    $table->class = 'databox data';
-    if (empty($id_token) === true) {
-        $table->head[0] = __('Update Profile');
-    } else {
-        $table->head[0] = __('Create Profile');
-    }
-
-    $table->head_colspan[0] = 4;
-    $table->headstyle[0] = 'text-align: center';
-}
-
 $table->data[0][0] = __('Token label');
 $table->data[0][1] = html_print_input_text(
     'label',
@@ -95,7 +83,21 @@ $table->data[0][1] = html_print_input_text(
 
 if ((bool) users_is_admin() === true) {
     $table->data[0][2] = __('User');
-    $table->data[0][3] = 'aaaa';
+    $user_users = users_get_user_users(
+        $config['id_user'],
+        'AR',
+        true
+    );
+
+    $table->data[0][3] = html_print_select(
+        $user_users,
+        'idUser',
+        $config['id_user'],
+        '',
+        '',
+        0,
+        true
+    );
 }
 
 $expiration_date = null;
diff --git a/pandora_console/godmode/users/token_list.php b/pandora_console/godmode/users/token_list.php
index 5a4a116a55..f8c198e3b1 100644
--- a/pandora_console/godmode/users/token_list.php
+++ b/pandora_console/godmode/users/token_list.php
@@ -72,6 +72,7 @@ if ($delete_token === true) {
 $tokenMsg = '';
 if ($create_token === true || $update_token === true) {
     $label = get_parameter('label', null);
+    $idUser = get_parameter('idUser', $config['id_user']);
 
     $expirationDate = get_parameter('date-expiration', null);
     $expirationTime = get_parameter('time-expiration', null);
@@ -84,6 +85,7 @@ if ($create_token === true || $update_token === true) {
     }
 
     $values = [
+        'idUser'   => $idUser,
         'label'    => $label,
         'validity' => $validity,
     ];
@@ -124,6 +126,7 @@ if ($create_token === true || $update_token === true) {
 try {
     $columns = [
         'label',
+        'idUser',
         'validity',
         'lastUsage',
         'options',
@@ -131,6 +134,7 @@ try {
 
     $column_names = [
         __('Label'),
+        __('For user'),
         __('Expiration'),
         __('Last usage'),
         [
@@ -139,6 +143,16 @@ try {
         ],
     ];
 
+    $user_users = [$config['id_user'] => get_user_fullname($config['id_user'])];
+    if ((bool) users_is_admin() === true) {
+        $user_users = users_get_user_users(
+            $config['id_user'],
+            'AR',
+            true
+        );
+        $user_users[0] = __('Any');
+    }
+
     $tableId = 'token_table';
     // Load datatables user interface.
     ui_print_datatable(
@@ -162,14 +176,21 @@ try {
                     [
                         'label' => __('Free search'),
                         'type'  => 'text',
-                        'class' => 'w25p',
                         'id'    => 'freeSearch',
                         'name'  => 'freeSearch',
                     ],
+                    [
+                        'label'    => __('User'),
+                        'type'     => 'select',
+                        'fields'   => $user_users,
+                        'selected' => $config['id_user'],
+                        'id'       => 'idUser',
+                        'name'     => 'idUser',
+                    ],
                 ],
             ],
             'filter_main_class'   => 'box-flat white_table_graph fixed_filter_bar',
-            'dom_elements'        => 'lftpB',
+            'dom_elements'        => 'lftp',
         ]
     );
 } catch (Exception $e) {
diff --git a/pandora_console/images/setup-password.svg b/pandora_console/images/setup-password.svg
new file mode 100644
index 0000000000..ed9ebdf950
--- /dev/null
+++ b/pandora_console/images/setup-password.svg
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="20px" height="20px" viewBox="0 0 20 20" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+    <title>Icons / 20 / setup-password</title>
+    <g id="Icons-/-20-/-setup-password" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+        <path d="M13.208468,9.26583823 L19.39347,13.7454161 C20.5245355,14.5646067 19.9687223,16.4156239 18.5916747,16.4156239 L15.9658602,16.4155425 L14.7930093,19.1348551 C14.2313611,20.436557 12.4230217,20.2083185 12.1400384,18.8589672 L12.1195829,18.7405724 L11.0151183,10.6773323 C10.8414908,9.40975022 12.2000464,8.53547418 13.208468,9.26583823 Z M17,0 C18.6568542,0 20,1.34314575 20,3 L20,9 C20,9.81609934 19.6741328,10.5560883 19.1454186,11.0969469 L17.4692534,9.88328821 C17.7850281,9.71518084 18,9.3826951 18,9 L18,3 C18,2.44771525 17.5522847,2 17,2 L3,2 C2.44771525,2 2,2.44771525 2,3 L2,9 C2,9.55228475 2.44771525,10 3,10 L9.02768756,10.0002458 C8.98874158,10.3032607 8.98869844,10.6207909 9.03362053,10.9487486 L9.177,12 L3,12 C1.34314575,12 0,10.6568542 0,9 L0,3 C0,1.34314575 1.34314575,0 3,0 L17,0 Z M6.52839506,4 L6.52839506,5.31948052 L7.67407407,4.91428571 L8,5.93246753 L6.8345679,6.32727273 L7.5654321,7.36623377 L6.74567901,8 L5.99506173,6.95064935 L5.26419753,8 L4.44444444,7.35584416 L5.1654321,6.32727273 L4,5.93246753 L4.31604938,4.91428571 L5.47160494,5.31948052 L5.47160494,4 L6.52839506,4 Z M11.5283951,4 L11.5283951,5.31948052 L12.6740741,4.91428571 L13,5.93246753 L11.8345679,6.32727273 L12.5654321,7.36623377 L11.745679,8 L10.9950617,6.95064935 L10.2641975,8 L9.44444444,7.35584416 L10.1654321,6.32727273 L9,5.93246753 L9.31604938,4.91428571 L10.4716049,5.31948052 L10.4716049,4 L11.5283951,4 Z" id="Path-91" fill="#3F3F3F"></path>
+    </g>
+</svg>
\ No newline at end of file
diff --git a/pandora_console/include/functions_token.php b/pandora_console/include/functions_token.php
index aabdd925bc..41d1107943 100644
--- a/pandora_console/include/functions_token.php
+++ b/pandora_console/include/functions_token.php
@@ -82,9 +82,7 @@ function list_user_tokens(
     /** @var Token $entityFilter */
     $entityFilter = $tokenFilter->getEntityFilter();
 
-    if (empty($filters['idUser']) === true) {
-        $entityFilter->setIdUser($config['id_user']);
-    } else {
+    if (empty($filters['idUser']) === false) {
         $entityFilter->setIdUser($filters['idUser']);
     }
 
@@ -103,11 +101,10 @@ function list_user_tokens(
  */
 function create_user_token(array $params): array
 {
-    global $config;
     global $container;
 
     $token = new Token;
-    $token->setIdUser($config['id_user']);
+    $token->setIdUser($params['idUser']);
     $token->setLabel(io_safe_output($params['label']));
     $token->setValidity((empty($params['validity']) === false) ? io_safe_output($params['validity']) : null);
     $result = $container->get(CreateTokenAction::class)->__invoke($token)->toArray();
@@ -126,13 +123,12 @@ function create_user_token(array $params): array
  */
 function update_user_token(int $idToken, array $params): array
 {
-    global $config;
     global $container;
 
     $token = $container->get(GetTokenAction::class)->__invoke($idToken);
     $oldToken = clone $token;
 
-    $token->setIdUser($config['id_user']);
+    $token->setIdUser($params['idUser']);
     $token->setLabel(io_safe_output($params['label']));
     $token->setValidity((empty($params['validity']) === false) ? io_safe_output($params['validity']) : null);
 
diff --git a/pandora_console/include/functions_users.php b/pandora_console/include/functions_users.php
index afaddbd638..3a4725ff49 100755
--- a/pandora_console/include/functions_users.php
+++ b/pandora_console/include/functions_users.php
@@ -1040,19 +1040,19 @@ function user_print_header(int $pure=0, string $tab='user', ?string $title=null)
     $url_list_token = 'index.php?sec=gusuarios&sec2=godmode/users/token_list';
     $url_list_token .= '&tab=token&pure='.$pure;
 
-    $buttons['user'] = [
-        'active' => false,
-        'text'   => '<a href="'.$url_list_user.'">'.html_print_image(
-            'images/user.svg',
-            true,
-            [
-                'title' => __('User management'),
-                'class' => 'invert_filter main_menu_icon',
-            ]
-        ).'</a>',
-    ];
-
     if ((bool) check_acl($config['id_user'], 0, 'PM') === true) {
+        $buttons['user'] = [
+            'active' => false,
+            'text'   => '<a href="'.$url_list_user.'">'.html_print_image(
+                'images/user.svg',
+                true,
+                [
+                    'title' => __('User management'),
+                    'class' => 'invert_filter main_menu_icon',
+                ]
+            ).'</a>',
+        ];
+
         $buttons['profile'] = [
             'active' => false,
             'text'   => '<a href="'.$url_list_profile.'">'.html_print_image(
@@ -1069,7 +1069,7 @@ function user_print_header(int $pure=0, string $tab='user', ?string $title=null)
     $buttons['token'] = [
         'active' => false,
         'text'   => '<a href="'.$url_list_token.'">'.html_print_image(
-            'images/incremental-data@svg.svg',
+            'images/setup-password.svg',
             true,
             [
                 'title' => __('Token management'),
@@ -1078,12 +1078,14 @@ function user_print_header(int $pure=0, string $tab='user', ?string $title=null)
         ).'</a>',
     ];
 
-    $buttons[$tab]['active'] = true;
+    if (isset($buttons[$tab]) === true) {
+        $buttons[$tab]['active'] = true;
+    }
 
     switch ($tab) {
         case 'token':
             $title = (empty($title) === false) ? $title : __('Token management');
-            $img = 'images/incremental-data@svg.svg';
+            $img = 'images/setup-password.svg';
             $tab_name = 'token_tab';
             $short_title = __('Token');
         break;
diff --git a/pandora_console/include/lib/Modules/Authentication/Actions/CreateTokenAction.php b/pandora_console/include/lib/Modules/Authentication/Actions/CreateTokenAction.php
index 0089b0aea1..b8122ade9b 100644
--- a/pandora_console/include/lib/Modules/Authentication/Actions/CreateTokenAction.php
+++ b/pandora_console/include/lib/Modules/Authentication/Actions/CreateTokenAction.php
@@ -4,16 +4,19 @@ namespace PandoraFMS\Modules\Authentication\Actions;
 
 use PandoraFMS\Modules\Authentication\Entities\Token;
 use PandoraFMS\Modules\Authentication\Services\CreateTokenService;
+use PandoraFMS\Modules\Shared\Services\ValidateAclSystem;
 
 final class CreateTokenAction
 {
     public function __construct(
-        private CreateTokenService $createTokenService
+        private CreateTokenService $createTokenService,
+        private ValidateAclSystem $acl,
     ) {
     }
 
     public function __invoke(Token $token): Token
     {
+        $this->acl->validateAclToken($token);
         return $this->createTokenService->__invoke($token);
     }
 }
diff --git a/pandora_console/include/lib/Modules/Authentication/Actions/DeleteTokenAction.php b/pandora_console/include/lib/Modules/Authentication/Actions/DeleteTokenAction.php
index 83ef939314..aafd458474 100644
--- a/pandora_console/include/lib/Modules/Authentication/Actions/DeleteTokenAction.php
+++ b/pandora_console/include/lib/Modules/Authentication/Actions/DeleteTokenAction.php
@@ -4,16 +4,19 @@ namespace PandoraFMS\Modules\Authentication\Actions;
 
 use PandoraFMS\Modules\Authentication\Entities\Token;
 use PandoraFMS\Modules\Authentication\Services\DeleteTokenService;
+use PandoraFMS\Modules\Shared\Services\ValidateAclSystem;
 
 final class DeleteTokenAction
 {
     public function __construct(
-        private DeleteTokenService $deleteTokenService
+        private DeleteTokenService $deleteTokenService,
+        private ValidateAclSystem $acl,
     ) {
     }
 
     public function __invoke(Token $token): void
     {
+        $this->acl->validateAclToken($token);
         $this->deleteTokenService->__invoke($token);
     }
 }
diff --git a/pandora_console/include/lib/Modules/Authentication/Actions/UpdateTokenAction.php b/pandora_console/include/lib/Modules/Authentication/Actions/UpdateTokenAction.php
index 8bce6d6684..ecd081548b 100644
--- a/pandora_console/include/lib/Modules/Authentication/Actions/UpdateTokenAction.php
+++ b/pandora_console/include/lib/Modules/Authentication/Actions/UpdateTokenAction.php
@@ -4,16 +4,19 @@ namespace PandoraFMS\Modules\Authentication\Actions;
 
 use PandoraFMS\Modules\Authentication\Entities\Token;
 use PandoraFMS\Modules\Authentication\Services\UpdateTokenService;
+use PandoraFMS\Modules\Shared\Services\ValidateAclSystem;
 
 final class UpdateTokenAction
 {
     public function __construct(
-        private UpdateTokenService $updateTokenService
+        private UpdateTokenService $updateTokenService,
+        private ValidateAclSystem $acl,
     ) {
     }
 
     public function __invoke(Token $token, Token $oldToken): Token
     {
+        $this->acl->validateAclToken($token);
         return $this->updateTokenService->__invoke($token, $oldToken);
     }
 }
diff --git a/pandora_console/include/lib/Modules/Authentication/Controllers/CreateTokenController.php b/pandora_console/include/lib/Modules/Authentication/Controllers/CreateTokenController.php
index 152ca45744..30609763b8 100644
--- a/pandora_console/include/lib/Modules/Authentication/Controllers/CreateTokenController.php
+++ b/pandora_console/include/lib/Modules/Authentication/Controllers/CreateTokenController.php
@@ -5,7 +5,6 @@ namespace PandoraFMS\Modules\Authentication\Controllers;
 use PandoraFMS\Modules\Authentication\Actions\CreateTokenAction;
 use PandoraFMS\Modules\Authentication\Entities\Token;
 use PandoraFMS\Modules\Shared\Controllers\Controller;
-use PandoraFMS\Modules\Shared\Services\ValidateAclSystem;
 
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
@@ -13,8 +12,7 @@ use Psr\Http\Message\ServerRequestInterface as Request;
 final class CreateTokenController extends Controller
 {
     public function __construct(
-        private CreateTokenAction $createTokenAction,
-        private ValidateAclSystem $acl,
+        private CreateTokenAction $createTokenAction
     ) {
     }
 
@@ -38,8 +36,6 @@ final class CreateTokenController extends Controller
         // @var Token $token.
         $token = $this->fromRequest($request, Token::class);
 
-        $this->acl->validate(0, 'UM', ' tried to manage tokens');
-
         $result = $this->createTokenAction->__invoke($token);
 
         return $this->getResponse($response, $result);
diff --git a/pandora_console/include/lib/Modules/Authentication/Controllers/DeleteTokenController.php b/pandora_console/include/lib/Modules/Authentication/Controllers/DeleteTokenController.php
index fc94d09ba0..4598d52ea6 100644
--- a/pandora_console/include/lib/Modules/Authentication/Controllers/DeleteTokenController.php
+++ b/pandora_console/include/lib/Modules/Authentication/Controllers/DeleteTokenController.php
@@ -5,7 +5,6 @@ namespace PandoraFMS\Modules\Authentication\Controllers;
 use PandoraFMS\Modules\Authentication\Actions\DeleteTokenAction;
 use PandoraFMS\Modules\Authentication\Actions\GetTokenAction;
 use PandoraFMS\Modules\Shared\Controllers\Controller;
-use PandoraFMS\Modules\Shared\Services\ValidateAclSystem;
 
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
@@ -14,7 +13,6 @@ final class DeleteTokenController extends Controller
 {
     public function __construct(
         private DeleteTokenAction $deleteTokenAction,
-        private ValidateAclSystem $acl,
         private GetTokenAction $getTokenAction
     ) {
     }
@@ -39,8 +37,6 @@ final class DeleteTokenController extends Controller
         $idToken = $this->getParam($request, 'id');
         $token = $this->getTokenAction->__invoke($idToken);
 
-        $this->acl->validate(0, 'UM', ' tried to manage token');
-
         $result = $this->deleteTokenAction->__invoke($token);
         return $this->getResponse($response, $result);
     }
diff --git a/pandora_console/include/lib/Modules/Authentication/Controllers/GetTokenController.php b/pandora_console/include/lib/Modules/Authentication/Controllers/GetTokenController.php
index 7a41834ce9..7a324b0600 100644
--- a/pandora_console/include/lib/Modules/Authentication/Controllers/GetTokenController.php
+++ b/pandora_console/include/lib/Modules/Authentication/Controllers/GetTokenController.php
@@ -4,7 +4,6 @@ namespace PandoraFMS\Modules\Authentication\Controllers;
 
 use PandoraFMS\Modules\Authentication\Actions\GetTokenAction;
 use PandoraFMS\Modules\Shared\Controllers\Controller;
-use PandoraFMS\Modules\Shared\Services\ValidateAclSystem;
 
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
@@ -12,8 +11,7 @@ use Psr\Http\Message\ServerRequestInterface as Request;
 final class GetTokenController extends Controller
 {
     public function __construct(
-        private GetTokenAction $getTokenAction,
-        private ValidateAclSystem $acl
+        private GetTokenAction $getTokenAction
     ) {
     }
 
@@ -36,8 +34,6 @@ final class GetTokenController extends Controller
     {
         $idToken = $this->getParam($request, 'id');
 
-        $this->acl->validate(0, 'UM', ' tried to manage token');
-
         $result = $this->getTokenAction->__invoke($idToken);
         return $this->getResponse($response, $result);
     }
diff --git a/pandora_console/include/lib/Modules/Authentication/Controllers/ListTokenController.php b/pandora_console/include/lib/Modules/Authentication/Controllers/ListTokenController.php
index 3dd9e0409b..c6868c4c95 100644
--- a/pandora_console/include/lib/Modules/Authentication/Controllers/ListTokenController.php
+++ b/pandora_console/include/lib/Modules/Authentication/Controllers/ListTokenController.php
@@ -5,15 +5,13 @@ namespace PandoraFMS\Modules\Authentication\Controllers;
 use PandoraFMS\Modules\Authentication\Actions\ListTokenAction;
 use PandoraFMS\Modules\Authentication\Entities\TokenFilter;
 use PandoraFMS\Modules\Shared\Controllers\Controller;
-use PandoraFMS\Modules\Shared\Services\ValidateAclSystem;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 
 final class ListTokenController extends Controller
 {
     public function __construct(
-        private ListTokenAction $listTokenAction,
-        private ValidateAclSystem $acl,
+        private ListTokenAction $listTokenAction
     ) {
     }
 
@@ -65,8 +63,6 @@ final class ListTokenController extends Controller
         // @var TokenFilter $tokenFilter.
         $tokenFilter = $this->fromRequest($request, TokenFilter::class);
 
-        $this->acl->validate(0, 'UM', ' tried to manage token');
-
         $result = $this->listTokenAction->__invoke($tokenFilter);
         return $this->getResponse($response, $result);
     }
diff --git a/pandora_console/include/lib/Modules/Authentication/Controllers/UpdateTokenController.php b/pandora_console/include/lib/Modules/Authentication/Controllers/UpdateTokenController.php
index 69bd0783de..f97e84ee78 100644
--- a/pandora_console/include/lib/Modules/Authentication/Controllers/UpdateTokenController.php
+++ b/pandora_console/include/lib/Modules/Authentication/Controllers/UpdateTokenController.php
@@ -6,7 +6,6 @@ use PandoraFMS\Modules\Authentication\Actions\GetTokenAction;
 use PandoraFMS\Modules\Authentication\Actions\UpdateTokenAction;
 use PandoraFMS\Modules\Shared\Controllers\Controller;
 
-use PandoraFMS\Modules\Shared\Services\ValidateAclSystem;
 
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
@@ -31,7 +30,6 @@ final class UpdateTokenController extends Controller
 {
     public function __construct(
         private UpdateTokenAction $updateTokenAction,
-        private ValidateAclSystem $acl,
         private GetTokenAction $getTokenAction
     ) {
     }
@@ -45,8 +43,6 @@ final class UpdateTokenController extends Controller
         $params = $this->extractParams($request);
         $token->fromArray($params);
 
-        $this->acl->validate(0, 'UM', ' tried to manage token');
-
         $result = $this->updateTokenAction->__invoke($token, $oldToken);
         return $this->getResponse($response, $result);
     }
diff --git a/pandora_console/include/lib/Modules/Authentication/Entities/Token.php b/pandora_console/include/lib/Modules/Authentication/Entities/Token.php
index 7cfca39697..4c9baf730c 100644
--- a/pandora_console/include/lib/Modules/Authentication/Entities/Token.php
+++ b/pandora_console/include/lib/Modules/Authentication/Entities/Token.php
@@ -36,8 +36,7 @@ use PandoraFMS\Modules\Shared\Validators\Validator;
  *     type="string",
  *     nullable=true,
  *     default=null,
- *     description="id_user of the token",
- *     readOnly=true
+ *     description="id_user of the token"
  *   ),
  *   @OA\Property(
  *     property="validity",
@@ -116,7 +115,6 @@ final class Token extends Entity
             'idToken'   => 1,
             'uuid'      => 1,
             'challenge' => 1,
-            'idUser'    => 1,
             'token'     => 1,
             'lastUsage' => 1,
         ];
diff --git a/pandora_console/include/lib/Modules/Authentication/Repositories/TokenRepository.php b/pandora_console/include/lib/Modules/Authentication/Repositories/TokenRepository.php
index dfdd7c621a..501977927d 100644
--- a/pandora_console/include/lib/Modules/Authentication/Repositories/TokenRepository.php
+++ b/pandora_console/include/lib/Modules/Authentication/Repositories/TokenRepository.php
@@ -3,62 +3,24 @@
 namespace PandoraFMS\Modules\Authentication\Repositories;
 
 use PandoraFMS\Modules\Authentication\Entities\Token;
-use PandoraFMS\Modules\Authentication\Entities\TokenDataMapper;
 use PandoraFMS\Modules\Authentication\Entities\TokenFilter;
-use PandoraFMS\Modules\Shared\Repositories\Repository;
 
-class TokenRepository
+interface TokenRepository
 {
-    public function __construct(
-        private Repository $repository,
-        private TokenDataMapper $tokenDataMapper
-    ) {
-    }
-
     /**
      * @return Token[],
-    */
-    public function list(TokenFilter $tokenFilter): array
-    {
-        return $this->repository->__list(
-            $tokenFilter,
-            $this->tokenDataMapper
-        );
-    }
+     */
+    public function list(TokenFilter $tokenFilter): array;
 
-    public function count(TokenFilter $tokenFilter): int
-    {
-        return $this->repository->__count(
-            $tokenFilter,
-            $this->tokenDataMapper
-        );
-    }
+    public function count(TokenFilter $tokenFilter): int;
 
-    public function getOne(TokenFilter $tokenFilter): Token
-    {
-        return $this->repository->__getOne(
-            $tokenFilter,
-            $this->tokenDataMapper
-        );
-    }
+    public function getOne(TokenFilter $tokenFilter): Token;
 
-    public function create(Token $token): Token
-    {
-        $id = $this->repository->__create($token, $this->tokenDataMapper);
-        return $token->setIdToken($id);
-    }
+    public function create(Token $token): Token;
 
-    public function update(Token $token): Token
-    {
-        return $this->repository->__update(
-            $token,
-            $this->tokenDataMapper,
-            $token->getIdToken()
-        );
-    }
+    public function update(Token $token): Token;
 
-    public function delete(int $id): void
-    {
-        $this->repository->__delete($id, $this->tokenDataMapper);
-    }
+    public function delete(int $id): void;
+
+    public function getExistToken(string $label): Token;
 }
diff --git a/pandora_console/include/lib/Modules/Authentication/Repositories/TokenRepositoryMySQL.php b/pandora_console/include/lib/Modules/Authentication/Repositories/TokenRepositoryMySQL.php
new file mode 100644
index 0000000000..d5de91d1e9
--- /dev/null
+++ b/pandora_console/include/lib/Modules/Authentication/Repositories/TokenRepositoryMySQL.php
@@ -0,0 +1,182 @@
+<?php
+
+namespace PandoraFMS\Modules\Authentication\Repositories;
+
+use InvalidArgumentException;
+use PandoraFMS\Modules\Shared\Core\DataMapperAbstract;
+use PandoraFMS\Modules\Shared\Core\FilterAbstract;
+use PandoraFMS\Modules\Shared\Enums\HttpCodesEnum;
+use PandoraFMS\Modules\Shared\Exceptions\NotFoundException;
+use PandoraFMS\Modules\Shared\Repositories\RepositoryMySQL;
+use PandoraFMS\Modules\Authentication\Entities\Token;
+use PandoraFMS\Modules\Authentication\Entities\TokenDataMapper;
+use PandoraFMS\Modules\Authentication\Entities\TokenFilter;
+use PandoraFMS\Modules\Shared\Services\Config;
+
+final class TokenRepositoryMySQL extends RepositoryMySQL implements TokenRepository
+{
+    public function __construct(
+        private TokenDataMapper $tokenDataMapper,
+        private Config $config
+    ) {
+    }
+
+    /**
+     * @return Token[],
+     */
+    public function list(TokenFilter $tokenFilter): array
+    {
+        try {
+            $sql = $this->getAuthenticationQuery($tokenFilter, $this->tokenDataMapper);
+            $list = $this->dbGetAllRowsSql($sql);
+        } catch (\Throwable $th) {
+            // Capture errors mysql.
+            throw new InvalidArgumentException(
+                strip_tags($th->getMessage()),
+                HttpCodesEnum::INTERNAL_SERVER_ERROR
+            );
+        }
+
+        if (is_array($list) === false) {
+            throw new NotFoundException(__('%s not found', $this->tokenDataMapper->getStringNameClass()));
+        }
+
+        $result = [];
+        foreach ($list as $fields) {
+            $result[] = $this->tokenDataMapper->fromDatabase($fields);
+        }
+
+        return $result;
+    }
+
+    public function count(TokenFilter $tokenFilter): int
+    {
+        $sql = $this->getAuthenticationQuery($tokenFilter, $this->tokenDataMapper, true);
+        try {
+            $count = $this->dbGetValueSql($sql);
+        } catch (\Throwable $th) {
+            // Capture errors mysql.
+            throw new InvalidArgumentException(
+                strip_tags($th->getMessage()),
+                HttpCodesEnum::INTERNAL_SERVER_ERROR
+            );
+        }
+
+        return (int) $count;
+    }
+
+    public function getOne(TokenFilter $tokenFilter): Token
+    {
+        try {
+            $sql = $this->getAuthenticationQuery($tokenFilter, $this->tokenDataMapper);
+            $result = $this->dbGetRowSql($sql);
+        } catch (\Throwable $th) {
+            // Capture errors mysql.
+            throw new InvalidArgumentException(
+                strip_tags($th->getMessage()),
+                HttpCodesEnum::INTERNAL_SERVER_ERROR
+            );
+        }
+
+        if (empty($result) === true) {
+            throw new NotFoundException(__('%s not found', $this->tokenDataMapper->getStringNameClass()));
+        }
+
+        return $this->tokenDataMapper->fromDatabase($result);
+    }
+
+    public function getExistToken(string $label): Token
+    {
+        try {
+            $sql = sprintf('SELECT * FROM `ttoken` WHERE `label` = "%s"', $label);
+            $result = $this->dbGetRowSql($sql);
+        } catch (\Throwable $th) {
+            // Capture errors mysql.
+            throw new InvalidArgumentException(
+                strip_tags($th->getMessage()),
+                HttpCodesEnum::INTERNAL_SERVER_ERROR
+            );
+        }
+
+        if (empty($result) === true) {
+            throw new NotFoundException(__('%s not found', $this->tokenDataMapper->getStringNameClass()));
+        }
+
+        return $this->tokenDataMapper->fromDatabase($result);
+    }
+
+    public function create(Token $token): Token
+    {
+        $idToken = $this->__create($token, $this->tokenDataMapper);
+        return $token->setIdToken($idToken);
+    }
+
+    public function update(Token $token): Token
+    {
+        return $this->__update(
+            $token,
+            $this->tokenDataMapper,
+            $token->getIdToken()
+        );
+    }
+
+    public function delete(int $id): void
+    {
+        $this->__delete($id, $this->tokenDataMapper);
+    }
+
+    private function getAuthenticationQuery(
+        FilterAbstract $filter,
+        DataMapperAbstract $mapper,
+        bool $count = false
+    ): string {
+        $pagination = '';
+        $orderBy = '';
+        $fields = 'COUNT(DISTINCT ttoken.id) as count';
+        $filters = $this->buildQueryFilters($filter, $mapper);
+
+        // Check ACL for user list.
+        if (\users_is_admin() === false) {
+            // No admin.
+            $filters .= sprintf(
+                ' AND ttoken.id_user = "%s"',
+                $this->config->get('id_user')
+            );
+        }
+
+        if ($count === false) {
+            $pagination = $this->buildQueryPagination($filter);
+            $orderBy = $this->buildQueryOrderBy($filter);
+            if (empty($filter->getFields()) === true) {
+                $fields = 'DISTINCT ttoken.*';
+            } else {
+                $buildFields = '';
+                foreach ($filter->getFields() as $field) {
+                    if (empty($buildFields) === false) {
+                        $buildFields .= ' , ';
+                    }
+
+                    $buildFields .= $field;
+                }
+
+                $fields = $buildFields;
+            }
+        }
+
+        $sql = sprintf(
+            'SELECT %s
+            FROM ttoken
+            INNER JOIN tusuario
+                ON tusuario.id_user = ttoken.id_user
+            WHERE %s
+            %s
+            %s',
+            $fields,
+            $filters,
+            $orderBy,
+            $pagination
+        );
+
+        return $sql;
+    }
+}
diff --git a/pandora_console/include/lib/Modules/Authentication/Services/ValidateServerIdentifierTokenService.php b/pandora_console/include/lib/Modules/Authentication/Services/ValidateServerIdentifierTokenService.php
index f7e827bfbd..2177d45be3 100644
--- a/pandora_console/include/lib/Modules/Authentication/Services/ValidateServerIdentifierTokenService.php
+++ b/pandora_console/include/lib/Modules/Authentication/Services/ValidateServerIdentifierTokenService.php
@@ -2,7 +2,7 @@
 
 namespace PandoraFMS\Modules\Authentication\Services;
 
-use PandoraFMS\Core\Config;
+use PandoraFMS\Modules\Shared\Services\Config;
 
 final class ValidateServerIdentifierTokenService
 {
diff --git a/pandora_console/include/lib/Modules/Authentication/Validations/TokenValidation.php b/pandora_console/include/lib/Modules/Authentication/Validations/TokenValidation.php
index efbb5202bd..b741d9db77 100644
--- a/pandora_console/include/lib/Modules/Authentication/Validations/TokenValidation.php
+++ b/pandora_console/include/lib/Modules/Authentication/Validations/TokenValidation.php
@@ -7,12 +7,14 @@ use PandoraFMS\Modules\Authentication\Services\ExistLabelTokenService;
 use PandoraFMS\Modules\Shared\Exceptions\BadRequestException;
 use PandoraFMS\Modules\Shared\Services\Config;
 use PandoraFMS\Modules\Shared\Services\Timestamp;
+use PandoraFMS\Modules\Users\Services\GetUserService;
 
 final class TokenValidation
 {
     public function __construct(
         private Config $config,
         private Timestamp $timestamp,
+        private GetUserService $getUserService,
         private ExistLabelTokenService $existLabelTokenService
     ) {
     }
@@ -23,16 +25,20 @@ final class TokenValidation
             throw new BadRequestException(__('Label is missing'));
         }
 
-        if($oldToken === null || $oldToken->getLabel() !== $token->getLabel()) {
-            if($this->existLabelTokenService->__invoke($token->getLabel()) === true) {
+        if ($oldToken === null || $oldToken->getLabel() !== $token->getLabel()) {
+            if ($this->existLabelTokenService->__invoke($token->getLabel()) === true) {
                 throw new BadRequestException(
                     __('Label %s is already exists', $token->getLabel())
                 );
             }
         }
 
-        if($oldToken === null) {
+        if (is_user_admin($this->config->get('id_user')) === false
+           || empty($token->getIdUser()) === true
+        ) {
             $token->setIdUser($this->config->get('id_user'));
+        } else {
+            $this->validateUser($token->getIdUser());
         }
     }
 
@@ -40,4 +46,9 @@ final class TokenValidation
     {
         return $this->timestamp->getMysqlCurrentTimestamp(0);
     }
+
+    private function validateUser(string $idUser): void
+    {
+        $this->getUserService->__invoke($idUser);
+    }
 }
diff --git a/pandora_console/include/lib/Modules/Events/Comments/Validations/EventCommentValidation.php b/pandora_console/include/lib/Modules/Events/Comments/Validations/EventCommentValidation.php
index b031564223..18e5f1091b 100644
--- a/pandora_console/include/lib/Modules/Events/Comments/Validations/EventCommentValidation.php
+++ b/pandora_console/include/lib/Modules/Events/Comments/Validations/EventCommentValidation.php
@@ -2,7 +2,7 @@
 
 namespace PandoraFMS\Modules\Events\Comments\Validations;
 
-use PandoraFMS\Core\Config;
+use PandoraFMS\Modules\Shared\Services\Config;
 use PandoraFMS\Modules\Events\Comments\Entities\EventComment;
 use PandoraFMS\Modules\Events\Comments\Services\GetEventCommentService;
 use PandoraFMS\Modules\Shared\Exceptions\BadRequestException;
diff --git a/pandora_console/include/lib/Modules/Events/Repositories/EventRepositoryMySQL.php b/pandora_console/include/lib/Modules/Events/Repositories/EventRepositoryMySQL.php
index 090f921ea7..9bf0916860 100644
--- a/pandora_console/include/lib/Modules/Events/Repositories/EventRepositoryMySQL.php
+++ b/pandora_console/include/lib/Modules/Events/Repositories/EventRepositoryMySQL.php
@@ -3,7 +3,7 @@
 namespace PandoraFMS\Modules\Events\Repositories;
 
 use InvalidArgumentException;
-use PandoraFMS\Core\Config;
+use PandoraFMS\Modules\Shared\Services\Config;
 use PandoraFMS\Modules\Events\Entities\Event;
 use PandoraFMS\Modules\Events\Entities\EventDataMapper;
 use PandoraFMS\Modules\Events\Filters\Entities\EventFilter;
diff --git a/pandora_console/include/lib/Modules/Events/Services/KeepInProcessStatusExtraIdEventService.php b/pandora_console/include/lib/Modules/Events/Services/KeepInProcessStatusExtraIdEventService.php
index f850491e25..b7b9beef4a 100644
--- a/pandora_console/include/lib/Modules/Events/Services/KeepInProcessStatusExtraIdEventService.php
+++ b/pandora_console/include/lib/Modules/Events/Services/KeepInProcessStatusExtraIdEventService.php
@@ -2,7 +2,7 @@
 
 namespace PandoraFMS\Modules\Events\Services;
 
-use PandoraFMS\Core\Config;
+use PandoraFMS\Modules\Shared\Services\Config;
 use PandoraFMS\Modules\Events\Entities\Event;
 use PandoraFMS\Modules\Events\Entities\EventFilter;
 use PandoraFMS\Modules\Events\Enums\EventStatusEnum;
diff --git a/pandora_console/include/lib/Modules/Events/Validations/EventValidation.php b/pandora_console/include/lib/Modules/Events/Validations/EventValidation.php
index d5c62964b6..a1873381f0 100644
--- a/pandora_console/include/lib/Modules/Events/Validations/EventValidation.php
+++ b/pandora_console/include/lib/Modules/Events/Validations/EventValidation.php
@@ -2,7 +2,7 @@
 
 namespace PandoraFMS\Modules\Events\Validations;
 
-use PandoraFMS\Core\Config;
+use PandoraFMS\Modules\Shared\Services\Config;
 use PandoraFMS\Modules\Events\Entities\Event;
 use PandoraFMS\Modules\Events\Enums\EventSeverityEnum;
 use PandoraFMS\Modules\Events\Enums\EventStatusEnum;
diff --git a/pandora_console/include/lib/Modules/Groups/Repositories/GroupRepositoryMySQL.php b/pandora_console/include/lib/Modules/Groups/Repositories/GroupRepositoryMySQL.php
index 6915ac6de6..e93b1f4b68 100644
--- a/pandora_console/include/lib/Modules/Groups/Repositories/GroupRepositoryMySQL.php
+++ b/pandora_console/include/lib/Modules/Groups/Repositories/GroupRepositoryMySQL.php
@@ -3,7 +3,7 @@
 namespace PandoraFMS\Modules\Groups\Repositories;
 
 use InvalidArgumentException;
-use PandoraFMS\Core\Config;
+use PandoraFMS\Modules\Shared\Services\Config;
 use PandoraFMS\Modules\Groups\Entities\Group;
 use PandoraFMS\Modules\Groups\Entities\GroupDataMapper;
 use PandoraFMS\Modules\Groups\Entities\GroupFilter;
diff --git a/pandora_console/include/lib/Modules/Shared/Core/DataMapperAbstract.php b/pandora_console/include/lib/Modules/Shared/Core/DataMapperAbstract.php
index 3880bc31a9..8920fc80ef 100644
--- a/pandora_console/include/lib/Modules/Shared/Core/DataMapperAbstract.php
+++ b/pandora_console/include/lib/Modules/Shared/Core/DataMapperAbstract.php
@@ -89,6 +89,7 @@ abstract class DataMapperAbstract
             'PandoraFMS\\Modules\\Events\\Filters\\Entities\\EventFilter'     => 'EventFilter',
             'PandoraFMS\\Modules\\Groups\\Entities\\Group'                    => 'Group',
             'PandoraFMS\\Modules\\Tags\\Entities\\Tag'                        => 'Tag',
+            'PandoraFMS\\Modules\\Authentication\\Entities\\Token'            => 'Token',
         ];
 
         $result = ($strname[$this->getClassName()] ?? '');
diff --git a/pandora_console/include/lib/Modules/Shared/Middlewares/AclListMiddleware.php b/pandora_console/include/lib/Modules/Shared/Middlewares/AclListMiddleware.php
index 3e110ae89f..eb46df29cb 100644
--- a/pandora_console/include/lib/Modules/Shared/Middlewares/AclListMiddleware.php
+++ b/pandora_console/include/lib/Modules/Shared/Middlewares/AclListMiddleware.php
@@ -2,7 +2,7 @@
 
 namespace PandoraFMS\Modules\Shared\Middlewares;
 
-use PandoraFMS\Core\Config;
+use PandoraFMS\Modules\Shared\Services\Config;
 use PandoraFMS\Modules\Shared\Exceptions\NotFoundException;
 
 final class AclListMiddleware
diff --git a/pandora_console/include/lib/Modules/Shared/Middlewares/UserTokenMiddleware.php b/pandora_console/include/lib/Modules/Shared/Middlewares/UserTokenMiddleware.php
index 383bfdcbdb..fa0f833150 100644
--- a/pandora_console/include/lib/Modules/Shared/Middlewares/UserTokenMiddleware.php
+++ b/pandora_console/include/lib/Modules/Shared/Middlewares/UserTokenMiddleware.php
@@ -2,7 +2,7 @@
 
 namespace PandoraFMS\Modules\Shared\Middlewares;
 
-use PandoraFMS\Core\Config;
+use PandoraFMS\Modules\Shared\Services\Config;
 use PandoraFMS\Modules\Authentication\Services\GetUserTokenService;
 use PandoraFMS\Modules\Authentication\Services\UpdateTokenService;
 use PandoraFMS\Modules\Authentication\Services\ValidateServerIdentifierTokenService;
diff --git a/pandora_console/include/lib/Modules/Shared/Services/ValidateAclSystem.php b/pandora_console/include/lib/Modules/Shared/Services/ValidateAclSystem.php
index 89247c2f95..c798afa0c1 100644
--- a/pandora_console/include/lib/Modules/Shared/Services/ValidateAclSystem.php
+++ b/pandora_console/include/lib/Modules/Shared/Services/ValidateAclSystem.php
@@ -2,6 +2,7 @@
 
 namespace PandoraFMS\Modules\Shared\Services;
 
+use PandoraFMS\Modules\Authentication\Entities\Token;
 use PandoraFMS\Modules\Shared\Exceptions\ForbiddenACLException;
 use PandoraFMS\Modules\Users\UserProfiles\Actions\GetUserProfileAction;
 
@@ -36,7 +37,11 @@ class ValidateAclSystem
         }
 
         if ($acl === false) {
-            $this->audit->write('ACL forbidden user does not have permission ', $message);
+            $this->audit->write(
+                AUDIT_LOG_ACL_VIOLATION,
+                'ACL forbidden user does not have permission ',
+                $message
+            );
             throw new ForbiddenACLException('ACL forbidden user does not have permission '.$message);
         }
     }
@@ -64,7 +69,14 @@ class ValidateAclSystem
         }
 
         if ($exist === false) {
-            $this->audit->write('ACL Forbidden idGroup is not valid for this user', $message);
+            $this->audit->write(
+                AUDIT_LOG_ACL_VIOLATION,
+                __(
+                    'ACL Forbidden idGroup is not valid for this user %d',
+                    $this->config->get('id_user')
+                ),
+                $message
+            );
             throw new ForbiddenACLException('ACL Forbidden idGroup is not valid for this user');
         }
     }
@@ -82,4 +94,23 @@ class ValidateAclSystem
         $idUser ??= $this->config->get('id_user');
         $this->getUserProfileAction->__invoke($idUser, $idProfile);
     }
+
+    public function validateAclToken(
+        Token $token
+    ) {
+        if (is_user_admin($this->config->get('id_user')) === false
+            && $token->getIdUser() !== null
+            && $token->getIdUser() !== $this->config->get('id_user')
+        ) {
+            $this->audit->write(
+                AUDIT_LOG_ACL_VIOLATION,
+                __(
+                    'ACL Forbidden only user administrator edit token other users, not this user %s',
+                    $this->config->get('id_user')
+                )
+            );
+
+            throw new ForbiddenACLException(__('ACL Forbidden only user administrator edit token other users'));
+        }
+    }
 }
diff --git a/pandora_console/include/lib/Modules/Users/Repositories/UserRepositoryMySQL.php b/pandora_console/include/lib/Modules/Users/Repositories/UserRepositoryMySQL.php
index 6253a6221a..796344c4f7 100644
--- a/pandora_console/include/lib/Modules/Users/Repositories/UserRepositoryMySQL.php
+++ b/pandora_console/include/lib/Modules/Users/Repositories/UserRepositoryMySQL.php
@@ -3,7 +3,7 @@
 namespace PandoraFMS\Modules\Users\Repositories;
 
 use InvalidArgumentException;
-use PandoraFMS\Core\Config;
+use PandoraFMS\Modules\Shared\Services\Config;
 use PandoraFMS\Modules\Shared\Core\DataMapperAbstract;
 use PandoraFMS\Modules\Shared\Core\FilterAbstract;
 use PandoraFMS\Modules\Shared\Enums\HttpCodesEnum;
@@ -13,7 +13,7 @@ use PandoraFMS\Modules\Users\Entities\User;
 use PandoraFMS\Modules\Users\Entities\UserDataMapper;
 use PandoraFMS\Modules\Users\Entities\UserFilter;
 
-class UserRepositoryMySQL extends RepositoryMySQL implements UserRepository
+final class UserRepositoryMySQL extends RepositoryMySQL implements UserRepository
 {
     public function __construct(
         private UserDataMapper $userDataMapper,