biovision-base 0.5.170614 → 0.7.170709

data/app/mailers/user_mailer.rb

@@ -0,0 +1,8 @@
+class UserMailer < ApplicationMailer
+  # @param [Integer] user_id
+  def login_attempt(user_id)
+    @user = User.find_by(id: user_id)
+
+    mail to: @user.email unless @user&.email.blank?
+  end
+end

data/app/models/central_region.rb

@@ -0,0 +1,49 @@
+class CentralRegion
+  def id
+    nil
+  end
+
+  def name
+    I18n.t('activerecord.attributes.central_region.name')
+  end
+
+  def short_name
+    I18n.t('activerecord.attributes.central_region.short_name')
+  end
+
+  def locative
+    I18n.t('activerecord.attributes.central_region.locative')
+  end
+
+  def slug
+    ''
+  end
+
+  def long_slug
+    ''
+  end
+
+  def image
+    nil
+  end
+
+  def header_image
+    nil
+  end
+
+  def parents
+    []
+  end
+
+  def parent
+    nil
+  end
+
+  def parent_id
+    nil
+  end
+
+  def child_regions
+    []
+  end
+end

data/app/models/concerns/required_unique_name.rb

@@ -8,6 +8,6 @@ module RequiredUniqueName
 
     scope :ordered_by_name, -> { order('name asc') }
     scope :with_name_like, ->(name) { where('name ilike ?', "%#{name}%") unless name.blank? }
-    scope :with_name, ->(name) { where('name ilike ?', name) unless name.blank? }
+    scope :with_name, ->(name) { where('lower(name) = lower(?)', name) unless name.blank? }
   end
 end

data/app/models/concerns/required_unique_slug.rb

@@ -7,6 +7,6 @@ module RequiredUniqueSlug
 
     scope :ordered_by_slug, -> { order('slug asc') }
     scope :with_slug_like, ->(slug) { where('slug ilike ?', "%#{slug}%") unless slug.blank? }
-    scope :with_slug, ->(slug) { where('slug ilike ?', slug) unless slug.blank? }
+    scope :with_slug, ->(slug) { where('lower(slug) = lower(?)', slug) unless slug.blank? }
   end
 end

data/app/models/login_attempt.rb

@@ -0,0 +1,24 @@
+class LoginAttempt < ApplicationRecord
+  include HasOwner
+
+  PER_PAGE = 20
+
+  belongs_to :user
+  belongs_to :agent, optional: true
+
+  before_validation { self.password = password.to_s[0..254] }
+
+  scope :recent, -> { order('id desc') }
+  scope :since, ->(time) { where('created_at > ?', time)}
+
+  # @param [Integer] page
+  def self.page_for_administration(page = 1)
+    recent.page(page).per(PER_PAGE)
+  end
+
+  # @param [User] user
+  # @param [Integer] page
+  def self.page_for_owner(user, page = 1)
+    owned_by(user).recent.page(page).per(PER_PAGE)
+  end
+end

data/app/models/privilege.rb

@@ -1,3 +1,178 @@
 class Privilege < ApplicationRecord
-  include Biovision::PrivilegeBase
+  include Toggleable
+
+  DESCRIPTION_LIMIT = 350
+  NAME_LIMIT        = 250
+  SLUG_LIMIT        = 250
+  PRIORITY_RANGE    = (1..32767)
+
+  toggleable :regional
+
+  belongs_to :parent, class_name: Privilege.to_s, optional: true
+  has_many :children, class_name: Privilege.to_s, foreign_key: :parent_id
+  has_many :user_privileges, dependent: :destroy
+  has_many :users, through: :user_privileges
+  has_many :privilege_group_privileges, dependent: :destroy
+  has_many :privilege_groups, through: :privilege_group_privileges
+
+  after_initialize :set_next_priority
+
+  before_validation { self.name = name.strip unless name.nil? }
+  before_validation { self.slug = Canonizer.transliterate(name.to_s) if slug.blank? }
+  before_validation { self.regional = true if parent&.regional? }
+  before_validation :normalize_priority
+
+  before_save :compact_children_cache
+
+  validates_presence_of :name, :slug, :priority
+  validates :name, uniqueness: { case_sensitive: false, scope: [:parent_id] }
+  validates :slug, uniqueness: { case_sensitive: false }
+  validates_length_of :name, maximum: NAME_LIMIT
+  validates_length_of :slug, maximum: SLUG_LIMIT
+  validates_length_of :description, maximum: DESCRIPTION_LIMIT
+
+  scope :ordered_by_priority, -> { order('priority asc, name asc') }
+  scope :ordered_by_name, -> { order('name asc, slug asc') }
+  scope :visible, -> { where(visible: true, deleted: false) }
+  scope :for_tree, ->(parent_id = nil) { where(parent_id: parent_id).ordered_by_priority }
+  scope :siblings, ->(item) { where(parent_id: item.parent_id) }
+
+  def self.page_for_administration
+    ordered_by_name
+  end
+
+  def self.entity_parameters
+    %i(name slug priority description regional)
+  end
+
+  def self.creation_parameters
+    entity_parameters + %i(parent_id)
+  end
+
+  # @return [String]
+  def full_title
+    (parents.map(&:name) + [name]).join ' / '
+  end
+
+  # @return [Array<Integer>]
+  def ids
+    [id] + children_cache
+  end
+
+  # @return [Array<Integer>]
+  def branch_ids
+    parents_cache.split(',').map(&:to_i).reject { |i| i < 1 }.uniq + [id]
+  end
+
+  def parents
+    if parents_cache.blank?
+      []
+    else
+      Privilege.where(id: parents_cache.split(',').compact).order('id asc')
+    end
+  end
+
+  def cache_parents!
+    return if parent.nil?
+    self.parents_cache = "#{parent.parents_cache},#{parent_id}".gsub(/\A,/, '')
+    save!
+  end
+
+  def cache_children!
+    children.order('id asc').map do |child|
+      self.children_cache += [child.id] + child.children_cache
+    end
+    save!
+    parent&.cache_children!
+  end
+
+  def can_be_deleted?
+    children.count < 1
+  end
+
+  # @param [User] user
+  # @param [Region] region
+  def has_user?(user, region = nil)
+    return false if user.nil?
+    return true if user.super_user?
+    result = user_in_non_regional_branch?(user)
+
+    if regional? && !region.nil? && !result
+      result = user_in_regional_branch?(user, region)
+    end
+    result
+  end
+
+  # @param [User] user
+  # @param [Region] region
+  def grant(user, region = nil)
+    return if user.nil?
+    criteria          = { privilege: self, user: user }
+    criteria[:region] = region if regional?
+    UserPrivilege.create(criteria) unless UserPrivilege.exists?(criteria)
+  end
+
+  # @param [User] user
+  # @param [Region] region
+  def revoke(user, region = nil)
+    return if user.nil?
+    criteria          = { privilege: self, user: user }
+    criteria[:region] = region if regional?
+    UserPrivilege.where(criteria).delete_all
+  end
+
+  # @param [Integer] delta
+  def change_priority(delta)
+    new_priority = priority + delta
+    adjacent     = self.class.siblings(self).find_by(priority: new_priority)
+    if adjacent.is_a?(self.class) && (adjacent.id != id)
+      adjacent.update!(priority: priority)
+    end
+    update(priority: new_priority)
+
+    self.class.for_tree(parent_id).map { |e| [e.id, e.priority] }.to_h
+  end
+
+  private
+
+  def set_next_priority
+    if id.nil? && priority == 1
+      self.priority = self.class.siblings(self).maximum(:priority).to_i + 1
+    end
+  end
+
+  def normalize_priority
+    self.priority = PRIORITY_RANGE.first if priority < PRIORITY_RANGE.first
+    self.priority = PRIORITY_RANGE.last if priority > PRIORITY_RANGE.last
+  end
+
+  def compact_children_cache
+    self.children_cache.uniq!
+  end
+
+  # @param [User] user
+  def user_in_non_regional_branch?(user)
+    selected_ids = Privilege.where(regional: false, id: branch_ids).pluck(:id)
+    if selected_ids.any?
+      UserPrivilege.exists?(privilege_id: selected_ids, user: user)
+    else
+      false
+    end
+  end
+
+  # @param [User] user
+  # @param [Region] region
+  def user_in_regional_branch?(user, region)
+    selected_ids = Privilege.where(regional: true, id: branch_ids).pluck(:id)
+    if selected_ids.any?
+      criteria = {
+        privilege_id: selected_ids,
+        region_id: region.branch_ids,
+        user: user
+      }
+      UserPrivilege.exists?(criteria)
+    else
+      false
+    end
+  end
 end

data/app/models/region.rb

@@ -0,0 +1,100 @@
+class Region < ApplicationRecord
+  include Toggleable
+
+  SLUG_PATTERN = /\A[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?\z/
+  PER_PAGE     = 20
+  NAME_LIMIT   = 70
+  SLUG_LIMIT   = 63
+
+  toggleable :visible
+
+  belongs_to :parent, class_name: Region.to_s, optional: true, touch: true
+  has_many :child_regions, class_name: Region.to_s, foreign_key: :parent_id
+  has_many :users, dependent: :nullify
+
+  mount_uploader :image, RegionImageUploader
+  mount_uploader :header_image, HeaderImageUploader
+
+  before_validation { self.slug = slug.to_s.downcase.strip }
+  before_save { self.children_cache.uniq! }
+  before_save :generate_long_slug
+
+  validates_presence_of :name, :slug
+  validates_uniqueness_of :name, :slug, scope: [:parent_id]
+  validates_length_of :name, maximum: NAME_LIMIT
+  validates_length_of :slug, maximum: SLUG_LIMIT
+  validates_format_of :slug, with: SLUG_PATTERN
+
+  scope :ordered_by_slug, -> { order('slug asc') }
+  scope :ordered_by_name, -> { order('name asc') }
+  scope :visible, -> { where(visible: true) }
+  scope :for_tree, -> (parent_id = nil) { where(parent_id: parent_id).ordered_by_name }
+
+  # @param [Integer] page
+  def self.page_for_administration(page = 1)
+    ordered_by_name.page(page).per(PER_PAGE)
+  end
+
+  def self.entity_parameters
+    %i(name short_name locative slug visible image header_image latitude longitude)
+  end
+
+  def self.creation_parameters
+    entity_parameters + %i(parent_id)
+  end
+
+  # @param [User] user
+  def editable_by?(user)
+    administrator = UserPrivilege.user_has_privilege?(user, :administrator)
+    manager       = UserPrivilege.user_has_privilege?(user, :region_manager, self)
+    (administrator || manager) && !locked?
+  end
+
+  def parents
+    return [] if parents_cache.blank?
+    Region.where(id: parent_ids).order('id asc')
+  end
+
+  def parent_ids
+    parents_cache.split(',').compact
+  end
+
+  # @return [Array<Integer>]
+  def branch_ids
+    parents_cache.split(',').map(&:to_i).reject { |i| i < 1 }.uniq + [id]
+  end
+
+  def depth
+    parent_ids.count
+  end
+
+  def long_name
+    return name if parents.blank?
+    "#{parents.map(&:name).join('/')}/#{name}"
+  end
+
+  def cache_parents!
+    return if parent.nil?
+    self.parents_cache = "#{parent.parents_cache},#{parent_id}".gsub(/\A,/, '')
+    save!
+  end
+
+  def cache_children!
+    child_regions.order('id asc').each do |child|
+      self.children_cache += [child.id] + child.children_cache
+    end
+    save!
+    parent.cache_children! unless parent.nil?
+  end
+
+  private
+
+  def generate_long_slug
+    if parents_cache.blank?
+      self.long_slug = slug
+    else
+      slugs          = Region.where(id: parent_ids).order('id asc').pluck(:slug) + [slug]
+      self.long_slug = slugs.join('-')
+    end
+  end
+end

data/app/models/user.rb

@@ -1,3 +1,120 @@
 class User < ApplicationRecord
-  include Biovision::UserBase
+  include Toggleable
+
+  METRIC_REGISTRATION            = 'users.registration.hit'
+  METRIC_AUTHENTICATION_SUCCESS  = 'users.authentication.success.hit'
+  METRIC_AUTHENTICATION_FAILURE  = 'users.authentication.failure.hit'
+  METRIC_AUTHENTICATION_EXTERNAL = 'users.authentication.external.hit'
+
+  PER_PAGE = 20
+
+  SLUG_LIMIT   = 250
+  EMAIL_LIMIT  = 250
+  NAME_LIMIT   = 100
+  NOTICE_LIMIT = 255
+  PHONE_LIMIT  = 50
+
+  toggleable %i(allow_login bot email_confirmed phone_confirmed allow_mail)
+
+  belongs_to :agent, optional: true
+
+  has_secure_password
+
+  mount_uploader :image, AvatarUploader
+
+  enum gender: [:female, :male]
+
+  belongs_to :agent, optional: true
+  belongs_to :inviter, class_name: User.to_s, optional: true
+  belongs_to :region, optional: true, counter_cache: true
+  has_many :invitees, class_name: User.to_s, foreign_key: :inviter_id, dependent: :nullify
+  has_many :tokens, dependent: :delete_all
+  has_many :codes, dependent: :delete_all
+  has_many :user_privileges, dependent: :destroy
+  has_many :privileges, through: :user_privileges
+  has_many :foreign_users, dependent: :delete_all
+  has_many :login_attempts, dependent: :delete_all
+
+  before_save :normalize_slug
+
+  validates_presence_of :screen_name, :email
+  validates_format_of :screen_name, with: /\A[a-z0-9_]{1,30}\z/i, if: :native_slug?
+  validates_format_of :email, with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z0-9][-a-z0-9]+)\z/i
+  validates :screen_name, uniqueness: { case_sensitive: false }
+  validates :email, uniqueness: { case_sensitive: false }
+  validates_length_of :slug, maximum: SLUG_LIMIT
+  validates_length_of :screen_name, maximum: SLUG_LIMIT
+  validates_length_of :name, maximum: NAME_LIMIT
+  validates_length_of :patronymic, maximum: NAME_LIMIT
+  validates_length_of :surname, maximum: NAME_LIMIT
+  validates_length_of :email, maximum: EMAIL_LIMIT
+  validates_length_of :phone, maximum: PHONE_LIMIT
+  validates_length_of :notice, maximum: NOTICE_LIMIT
+
+  scope :with_privilege, ->(privilege) { joins(:user_privileges).where(user_privileges: { privilege_id: privilege.branch_ids }) }
+  scope :bots, ->(flag) { where(bot: flag.to_i > 0) unless flag.blank? }
+  scope :name_like, ->(val) { where('name ilike ?', "%#{val}%") unless val.blank? }
+  scope :email_like, ->(val) { where('email ilike ?', "%#{val}%") unless val.blank? }
+  scope :with_email, ->(email) { where('lower(email) = lower(?)', email) }
+  scope :screen_name_like, ->(val) { where('screen_name ilike ?', "%#{val}%") unless val.blank? }
+  scope :search, ->(q) { where("lower(concat_ws(' ', slug, email, surname, name)) like ?", "%#{q.downcase}%") unless q.blank? }
+  scope :filtered, ->(f) { name_like(f[:name]).email_like(f[:email]).screen_name_like(f[:screen_name]) }
+
+  # @param [Integer] page
+  # @param [Hash] filter
+  def self.page_for_administration(page, filter = {})
+    bots(filter[:bots]).filtered(filter).order('id desc').page(page).per(PER_PAGE)
+  end
+
+  def self.profile_parameters
+    %i(image name patronymic surname birthday gender allow_mail)
+  end
+
+  def self.sensitive_parameters
+    %i(email phone password password_confirmation)
+  end
+
+  # Параметры при регистрации
+  def self.new_profile_parameters
+    profile_parameters + sensitive_parameters + %i(screen_name)
+  end
+
+  # Параметры для администрирования
+  def self.entity_parameters
+    flags = %i(bot allow_login email_confirmed phone_confirmed foreign_slug)
+
+    new_profile_parameters + flags + %i(screen_name notice)
+  end
+
+  def self.ids_range
+    min = User.minimum(:id).to_i
+    max = User.maximum(:id).to_i
+    (min..max)
+  end
+
+  def profile_name
+    screen_name
+  end
+
+  def name_for_letter
+    name.blank? ? profile_name : name
+  end
+
+  def can_receive_letters?
+    allow_mail? && !email.blank?
+  end
+
+  def native_slug?
+    !foreign_slug?
+  end
+
+  private
+
+  def normalize_slug
+    if native_slug?
+      self.slug = screen_name.downcase
+    else
+      self.slug = slug.downcase
+    end
+  end
 end

data/app/models/user_privilege.rb

@@ -1,3 +1,54 @@
 class UserPrivilege < ApplicationRecord
-  include Biovision::UserPrivilegeBase
+  include HasOwner
+
+  belongs_to :user
+  belongs_to :privilege, counter_cache: :users_count
+  belongs_to :region, optional: true
+
+  validates_uniqueness_of :privilege_id, scope: [:user_id, :region_id]
+
+  # @param [User] user
+  # @return [Array<Integer>]
+  def self.ids(user)
+    privileges = user&.privileges
+    return [] if privileges.blank?
+    privileges.map(&:ids).flatten.uniq
+  end
+
+  # @param [User] user
+  # @param [String|Symbol] privilege_name
+  # @param [Region] region
+  def self.user_has_privilege?(user, privilege_name, region = nil)
+    return false if user.nil?
+    return true if user.super_user?
+    privilege = Privilege.find_by(slug: privilege_name)
+    privilege&.has_user?(user, region)
+  end
+
+  # @param [User] user
+  def self.user_has_any_privilege?(user)
+    return false if user.nil?
+    return true if user.super_user?
+    exists?(user: user)
+  end
+
+  # @param [User] user
+  # @param [Symbol] group_name
+  def self.user_in_group?(user, group_name)
+    return false if user.nil?
+    return true if user.super_user?
+    privilege_ids = PrivilegeGroup.ids(group_name)
+    return false if privilege_ids.blank?
+    exists?(user: user, privilege_id: privilege_ids)
+  end
+
+  private
+
+  def regional_ids(region)
+
+  end
+
+  def simple_ids
+
+  end
 end

data/app/services/code_manager/confirmation.rb

@@ -15,7 +15,7 @@ class CodeManager::Confirmation < CodeManager
 
   def code_is_valid?
     return false if @code.nil?
-    @code.owned_by?(@user) && @code.active? && @code.code_type == self.code_type
+    @code.active? && @code.code_type == self.class.code_type
   end
 
   def activate

data/app/services/user_bouncer.rb

@@ -0,0 +1,37 @@
+class UserBouncer
+  # @param [User] user
+  # @param [Hash] tracking
+  def initialize(user, tracking)
+    @user     = user
+    @tracking = tracking
+  end
+
+  # @param [String] password
+  def let_user_in?(password)
+    return false unless @user&.allow_login?
+    @password = password
+    too_many_attempts? ? (log_attempt && false) : try_password
+  end
+
+  private
+
+  def too_many_attempts?
+    LoginAttempt.owned_by(@user).since(15.minutes.ago).count > 4
+  end
+
+  def log_attempt
+    data = { user: @user, password: @password }
+    LoginAttempt.create(data.merge(@tracking))
+  end
+
+  def try_password
+    @user.authenticate(@password) || (count_attempt && false)
+  end
+
+  def count_attempt
+    log_attempt
+    if too_many_attempts?
+      UserMailer.login_attempt(@user.id).deliver_later
+    end
+  end
+end

data/app/uploaders/header_image_uploader.rb

@@ -0,0 +1,50 @@
+class HeaderImageUploader < CarrierWave::Uploader::Base
+  include CarrierWave::MiniMagick
+  include CarrierWave::BombShelter
+
+  storage :file
+
+  def max_pixel_dimensions
+    [4000, 4000]
+  end
+
+  # Override the directory where uploaded files will be stored.
+  # This is a sensible default for uploaders that are meant to be mounted:
+  def store_dir
+    "uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
+  end
+
+  # Provide a default URL as a default if there hasn't been a file uploaded:
+  # def default_url
+  #   # For Rails 3.1+ asset pipeline compatibility:
+  #   # ActionController::Base.helpers.asset_path("fallback/" + [version_name, "default.png"].compact.join('_'))
+  #
+  #   "/images/fallback/" + [version_name, "default.png"].compact.join('_')
+  # end
+
+  resize_to_limit 1000, 1000
+
+  version :medium do
+    resize_to_fit 500, 500
+  end
+
+  version :preview_2x, from_version: :medium do
+    resize_to_fit 160, 160
+  end
+
+  version :preview, from_version: :preview_2x do
+    resize_to_fit 80, 80
+  end
+
+  # Add a white list of extensions which are allowed to be uploaded.
+  # For images you might use something like this:
+  def extension_whitelist
+    %w(jpg jpeg png)
+  end
+
+  # Override the filename of the uploaded files:
+  # Avoid using model.id or version_name here, see uploader/store.rb for details.
+  # def filename
+  #   "something.jpg" if original_filename
+  # end
+end