biovision 0.0.200518.1 → 0.12.211124.0

data/app/controllers/admin/navigation_groups_controller.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+# Administrative part for handling navigation_groups
+class Admin::NavigationGroupsController < AdminController
+  include CrudEntities
+
+  before_action :set_entity, except: %i[check create index new]
+
+  # put /admin/navigation_groups/:id/dynamic_pages/:page_id
+  def add_page
+    @entity.add_dynamic_page(DynamicPage.find_by(id: params[:page_id]))
+
+    head :no_content
+  end
+
+  # delete /admin/navigation_groups/:id/dynamic_pages/:page_id
+  def remove_page
+    @entity.remove_dynamic_page(DynamicPage.find_by(id: params[:page_id]))
+
+    head :no_content
+  end
+
+  # post /admin/navigation_groups/:id/dynamic_pages/:page_id/priority
+  def page_priority
+    link = @entity.navigation_group_pages.find_by(id: params[:page_id])
+
+    if link.nil?
+      handle_http_404
+    else
+      render json: { data: link.change_priority(params[:delta].to_s.to_i) }
+    end
+  end
+
+  private
+
+  def component_class
+    Biovision::Components::ContentComponent
+  end
+
+  def action_to_role_map
+    super.merge(
+      %w[add_page page_priority remove_page] => 'navigation_groups.edit',
+    )
+  end
+end

data/app/controllers/admin/tokens_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+# Handling user tokens
+class Admin::TokensController < AdminController
+  include CrudEntities
+  include ToggleableEntity
+
+  before_action :set_entity, except: %i[check create index new search]
+
+  private
+
+  def component_class
+    Biovision::Components::UsersComponent
+  end
+end

data/app/controllers/admin/users_controller.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+# Administrative part for handling users
+class Admin::UsersController < AdminController
+  include Authentication
+  include CrudEntities
+  include ProcessedForms
+  include ToggleableEntity
+
+  before_action :set_entity, except: %i[check create index new search]
+
+  # post /admin/users
+  def create
+    @entity = component_handler.create_user(entity_parameters, profile_parameters)
+    if @entity.persisted?
+      form_processed_ok(path_after_save)
+    else
+      form_processed_with_error(view_for_new)
+    end
+  end
+
+  # patch /admin/users/:id
+  def update
+    if component_handler.update_user(@entity, entity_parameters, profile_parameters)
+      form_processed_ok(path_after_save)
+    else
+      form_processed_with_error(view_for_edit)
+    end
+  end
+
+  # post /admin/users/:id/authenticate
+  def authenticate
+    if component_handler.permit?('log_in', @entity) && !@entity.super_user?
+      cookies['pt'] = {
+        value: cookies['token'],
+        expires: 1.year.from_now,
+        domain: :all,
+        httponly: true
+      }
+      create_token_for_user(@entity)
+    end
+
+    redirect_to my_path
+  end
+
+  # get /admin/users/:id/roles
+  def roles
+    if current_user&.super_user?
+      @components = BiovisionComponent.list_for_administration
+    else
+      handle_http_401
+    end
+  end
+
+  # put /admin/users/:id/roles/:role_id
+  def add_role
+    if current_user&.super_user?
+      role = Role.find_by(id: params[:role_id])
+      @entity.add_role(role)
+    end
+
+    head :no_content
+  end
+
+  # delete /admin/users/:id/roles/:role_id
+  def remove_role
+    if current_user&.super_user?
+      role = Role.find_by(id: params[:role_id])
+      @entity.remove_role(role)
+    end
+
+    head :no_content
+  end
+
+  private
+
+  def component_class
+    Biovision::Components::UsersComponent
+  end
+
+  def entity_parameters
+    excluded = @entity&.super_user? ? User.sensitive_parameters : []
+    permitted = User.entity_parameters - excluded
+    params.require(:user).permit(permitted)
+  end
+
+  def creation_parameters
+    permitted = User.entity_parameters
+    parameters = params.require(:user).permit(permitted)
+    parameters.merge(tracking_for_entity)
+  end
+
+  def profile_parameters
+    if params.key?(:profile)
+      list = Biovision::Components::Users::ProfileHandler.permitted_for_request
+      params.require(:profile).permit(list)
+    else
+      {}
+    end
+  end
+end

data/app/controllers/admin_controller.rb

@@ -2,13 +2,7 @@
 
 # Common administrative controller
 class AdminController < ApplicationController
-  before_action :restrict_access
-
-  protected
+  include RestrictedAccess
 
-  def restrict_access
-    error = t('admin.errors.unauthorized.message')
-
-    handle_http_401(error) unless component_handler.allow?
-  end
+  before_action :restrict_access
 end

data/app/controllers/authentication_controller.rb

@@ -5,7 +5,6 @@ class AuthenticationController < ApplicationController
   include Authentication
 
   before_action :redirect_authenticated_user, except: %i[new destroy]
-  before_action :set_foreign_site, only: :auth_callback
 
   # get /login
   def new
@@ -13,7 +12,9 @@ class AuthenticationController < ApplicationController
 
   # post /login
   def create
-    handler = Biovision::Components::UsersComponent[find_user]
+    user = User[param_from_request(:login).downcase]
+
+    handler = Biovision::Components::UsersComponent[user]
     if handler.authenticate(params[:password], tracking_for_entity)
       auth_success(handler.user)
     else
@@ -28,52 +29,23 @@ class AuthenticationController < ApplicationController
     redirect_to root_path
   end
 
-  # get /auth/:provider/callback
-  def auth_callback
-    data = request.env['omniauth.auth']
-    user = @foreign_site.authenticate(data, tracking_for_entity)
-    create_token_for_user(user) unless user.banned?
-
-    redirect_to my_path
-  end
-
   private
 
   def component_class
     Biovision::Components::UsersComponent
   end
 
-  def set_foreign_site
-    @foreign_site = ForeignSite[params[:provider]]
-
-    handle_http_503('Cannot set foreign site') if @foreign_site.nil?
-  end
-
-  def find_user
-    login = param_from_request(:login).downcase
-    user  = User.find_by(slug: login)
-
-    # Try to authenticate by email, if login does not match anything
-    if user.nil? && login.index('@').to_i.positive?
-      user = User.with_email(login).first
-    end
-
-    user
-  end
-
   # @param [User] user
   def auth_success(user)
     create_token_for_user(user)
 
     from = param_from_request(:from)
     next_page = from =~ %r{\A/[^/]} ? from : my_path
-    render js: "document.location.href = '#{next_page}'"
+    render json: { links: { next: next_page } }
   end
 
   def auth_failed
-    @form_id = param_from_request(:form_id)
-    @error = t('authentication.create.failed')
-
-    render 'failed', formats: :js
+    response = { errors: [{ title: t('authentication.create.failed') }] }
+    render json: response, status: :unauthorized
   end
 end

data/app/controllers/concerns/authentication.rb

@@ -15,12 +15,7 @@ module Authentication
 
     token = user.tokens.create!(tracking_for_entity)
 
-    cookies['token'] = {
-      value: token.cookie_pair,
-      expires: 1.year.from_now,
-      domain: :all,
-      httponly: true
-    }
+    cookies['token'] = cookie_data(token.cookie_pair)
   end
 
   def deactivate_token
@@ -31,15 +26,20 @@ module Authentication
 
   def pop_token
     if cookies['pt']
-      cookies['token'] = {
-        value: cookies['pt'],
-        expires: 1.year.from_now,
-        domain: :all,
-        httponly: true
-      }
+      cookies['token'] = cookie_data(cookies['pt'])
       cookies.delete 'pt', domain: :all
     else
       cookies.delete 'token', domain: :all
     end
   end
+
+  # @param [String] value
+  def cookie_data(value)
+    {
+      value: value,
+      expires: 1.year.from_now,
+      domain: :all,
+      httponly: true
+    }
+  end
 end

data/app/controllers/concerns/component_stories.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+# Adds method for working with component stories
+module ComponentStories
+  extend ActiveSupport::Concern
+
+  # Perform story
+  #
+  # Parameters:
+  #   slug: story slug app/lib/biovision/components/.../stories/<slug>_story.rb
+  #   entity_id: optional parameter for setting entity context
+  #
+  # post [...]/stories/:slug
+  def story
+    story_parameters = params[:parameters]&.permit!.to_h
+    entity_id = param_from_request(:entity_id)
+    story_handler = component_handler.story(params[:slug], entity_id)
+    result = story_handler.perform(story_parameters)
+
+    render json: { meta: { result: result } }
+  end
+end

data/app/controllers/concerns/crud_entities.rb

@@ -0,0 +1,140 @@
+# frozen_string_literal: true
+
+# Adds method for CRUD
+module CrudEntities
+  extend ActiveSupport::Concern
+  include ProcessedForms
+
+  # get [scope]/[table_name]/search?q=
+  def search
+    q = param_from_request(:q)
+    @collection = model_class.search(q).list_for_administration.page(current_page)
+  end
+
+  # get [scope]/[table_name]
+  def index
+    @filter = params[:filter]&.permit!.to_h
+    data_helper = Biovision::Helpers::DataHelper.new(model_class, @filter)
+    @collection = data_helper.administrative_collection(current_page)
+  end
+
+  # get [scope]/[table_name]/:id
+  def show
+  end
+
+  # post [scope]/[table_name]/check
+  def check
+    @entity = model_class.instance_for_check(params[:entity_id], entity_parameters)
+
+    render 'shared/forms/check'
+  end
+
+  # get [scope]/[table_name]/new
+  def new
+    @entity = model_class.new
+    render view_for_new
+  end
+
+  # post [scope]/[table_name]
+  def create
+    @entity = component_handler.new_entity(model_class, creation_parameters)
+    apply_meta if @entity.respond_to?(:meta=)
+    if @entity.save
+      form_processed_ok(path_after_save)
+    else
+      form_processed_with_error(view_for_new)
+    end
+  end
+
+  # get [scope]/[table_name]/:id/edit
+  def edit
+    render view_for_edit
+  end
+
+  # patch [scope]/[table_name]/:id
+  def update
+    apply_meta if @entity.respond_to?(:meta=)
+
+    if component_handler.update_entity(@entity, entity_parameters)
+      form_processed_ok(path_after_save)
+    else
+      form_processed_with_error(view_for_edit)
+    end
+  end
+
+  # delete [scope]/[table_name]/:id
+  def destroy
+    flash[:notice] = t('.success') if @entity.destroy
+    redirect_to path_after_destroy
+  end
+
+  private
+
+  def view_for_new
+    default_view = "#{controller_path}/new"
+    lookup_context.exists?(default_view) ? default_view : 'shared/entity/new'
+  end
+
+  def view_for_edit
+    default_view = "#{controller_path}/edit"
+    lookup_context.exists?(default_view) ? default_view : 'shared/entity/edit'
+  end
+
+  def model_class
+    @model_class ||= controller_name.classify.constantize
+  end
+
+  def model_key
+    model_class.model_name.to_s.underscore
+  end
+
+  def path_after_save
+    scope = self.class.module_parent.to_s.downcase
+    prefix = scope.blank? ? '' : "/#{scope}"
+    "#{prefix}/#{model_class.table_name}/#{@entity.id}"
+  end
+
+  def path_after_destroy
+    scope = self.class.module_parent.to_s.downcase
+    prefix = scope.blank? ? '' : "/#{scope}"
+    "#{prefix}/#{model_class.table_name}"
+  end
+
+  def set_entity
+    @entity = model_class.find_by(id: params[:id])
+    handle_http_404("Cannot find #{model_class.model_name}") if @entity.nil?
+  end
+
+  def creation_parameters
+    if model_class.respond_to?(:creation_parameters)
+      explicit_creation_parameters
+    else
+      implicit_creation_parameters
+    end
+  end
+
+  def explicit_creation_parameters
+    permitted = model_class.creation_parameters
+    parameters = params.require(model_key).permit(permitted)
+    parameters.merge!(tracking_for_entity) if model_class.include?(HasTrack)
+    parameters.merge!(owner_for_entity) if model_class.include?(HasOwner)
+    parameters
+  end
+
+  def implicit_creation_parameters
+    parameters = entity_parameters
+    parameters.merge!(tracking_for_entity) if model_class.include?(HasTrack)
+    parameters.merge!(owner_for_entity) if model_class.include?(HasOwner)
+    parameters
+  end
+
+  def entity_parameters
+    permitted = model_class.entity_parameters
+    params.require(model_key).permit(permitted)
+  end
+
+  def apply_meta
+    new_data = params[:meta]&.permit!.to_h
+    @entity.meta = new_data
+  end
+end

data/app/controllers/concerns/entity_priority.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# Adds method for changing entity priority
+module EntityPriority
+  extend ActiveSupport::Concern
+
+  def priority
+    render json: { data: @entity.change_priority(params[:delta].to_s.to_i) }
+  end
+end

data/app/controllers/concerns/my_crud_entities.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+
+# Adds methods for CRUD in My namespace
+module MyCrudEntities
+  extend ActiveSupport::Concern
+  included ProcessedForms
+
+  # get [scope]/[table_name]/search?q=
+  def search
+    q = param_from_request(:q)
+    @collection = model_class.search(q).list_for_owner(current_user).page(current_page)
+  end
+
+  # get [scope]/[table_name]
+  def index
+    @filter = params[:filter]&.permit!.to_h
+    data_helper = Biovision::Helpers::DataHelper.new(model_class, @filter)
+    @collection = data_helper.personal_collection(current_user, current_page)
+  end
+
+  # get [scope]/[table_name]/:id
+  def show
+  end
+
+  # post [scope]/[table_name]/check
+  def check
+    @entity = model_class.instance_for_check(params[:entity_id], entity_parameters)
+
+    render 'shared/forms/check'
+  end
+
+  # get [scope]/[table_name]/new
+  def new
+    @entity = model_class.new
+    render view_for_new
+  end
+
+  # post [scope]/[table_name]
+  def create
+    @entity = component_handler.new_entity(model_class, creation_parameters)
+    apply_meta if @entity.respond_to?(:meta=)
+    if @entity.save
+      form_processed_ok(path_after_save)
+    else
+      form_processed_with_error(view_for_new)
+    end
+  end
+
+  # get [scope]/[table_name]/:id/edit
+  def edit
+    render view_for_edit
+  end
+
+  # patch [scope]/[table_name]/:id
+  def update
+    apply_meta if @entity.respond_to?(:meta=)
+
+    if component_handler.update_entity(@entity, entity_parameters)
+      form_processed_ok(path_after_save)
+    else
+      form_processed_with_error(view_for_edit)
+    end
+  end
+
+  # delete [scope]/[table_name]/:id
+  def destroy
+    flash[:notice] = t('.success') if @entity.destroy
+    redirect_to path_after_destroy
+  end
+
+  private
+
+  def view_for_new
+    default_view = "#{controller_path}/new"
+    lookup_context.exists?(default_view) ? default_view : 'shared/my/entity/new'
+  end
+
+  def view_for_edit
+    default_view = "#{controller_path}/edit"
+    lookup_context.exists?(default_view) ? default_view : 'shared/my/entity/edit'
+  end
+
+  def model_class
+    @model_class ||= controller_name.classify.constantize
+  end
+
+  def model_key
+    model_class.model_name.to_s.underscore
+  end
+
+  def path_after_save
+    if @entity.respond_to?(:my_url)
+      @entity.my_url
+    else
+      scope = self.class.module_parent.to_s.downcase
+      prefix = scope.blank? ? '' : "/#{scope}"
+      key = model_class.column_names.include?('uuid') ? @entity.uuid : @entity.id
+      "#{prefix}/#{model_class.table_name}/#{key}"
+    end
+  end
+
+  def path_after_destroy
+    scope = self.class.module_parent.to_s.downcase
+    prefix = scope.blank? ? '' : "/#{scope}"
+    "#{prefix}/#{model_class.table_name}"
+  end
+
+  def set_entity
+    id = params[:id].to_s
+    has_uuid = model_class.column_names.include?('uuid')
+    key = id.include?('-') && has_uuid ? :uuid : :id
+    @entity = model_class.owned_by(current_user).find_by(key => params[:id])
+    handle_http_404("Cannot find #{model_class.model_name}") if @entity.nil?
+  end
+
+  def creation_parameters
+    if model_class.respond_to?(:creation_parameters)
+      explicit_creation_parameters
+    else
+      implicit_creation_parameters
+    end
+  end
+
+  def explicit_creation_parameters
+    permitted = model_class.creation_parameters
+    parameters = params.require(model_key).permit(permitted)
+    parameters.merge!(tracking_for_entity) if model_class.include?(HasTrack)
+    parameters.merge(owner_for_entity)
+  end
+
+  def implicit_creation_parameters
+    parameters = entity_parameters
+    parameters.merge!(tracking_for_entity) if model_class.include?(HasTrack)
+    parameters.merge(owner_for_entity)
+  end
+
+  def entity_parameters
+    permitted = model_class.entity_parameters
+    params.require(model_key).permit(permitted)
+  end
+
+  def apply_meta
+    new_data = params[:meta].permit!
+    @entity.meta = new_data
+  end
+end

data/app/controllers/concerns/processed_forms.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+# Adds method for redirects after processed forms
+module ProcessedForms
+  extend ActiveSupport::Concern
+
+  private
+
+  # @param [String] next_page
+  def form_processed_ok(next_page)
+    respond_to do |format|
+      format.js { render(js: "document.location.href = '#{next_page}'") }
+      format.json { render(json: { links: { next: next_page } }) }
+      format.html { redirect_to(next_page) }
+    end
+  end
+
+  # @param [Symbol|String] view_to_render
+  # @param [Array] errors
+  def form_processed_with_error(view_to_render, errors = [])
+    @errors = errors
+    respond_to do |format|
+      format.js { render('shared/forms/errors', status: :bad_request) }
+      format.json { render('shared/forms/errors', status: :bad_request) }
+      format.html { render(view_to_render, status: :bad_request) }
+    end
+  end
+end

data/app/controllers/concerns/restricted_access.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+# Adds method for restricting access
+module RestrictedAccess
+  extend ActiveSupport::Concern
+
+  private
+
+  # Restrict access for anonymous users
+  def restrict_anonymous_access
+    return unless current_user.nil?
+
+    handle_http_401(t('application.errors.restricted_access'))
+  end
+
+  def restrict_access
+    user_action = role_end_from_action
+    role_name = "#{component_handler.slug}.#{user_action}"
+    error = t('admin.errors.unauthorized.missing_role', role: role_name)
+
+    handle_http_401(error) unless component_handler.permit?(user_action)
+  end
+
+  def role_end_from_action
+    role = action_to_role_map.select { |k| k.include?(action_name) }.values.last
+    role || 'default'
+  end
+
+  def action_to_role_map
+    view = %w[index show search]
+    edit = %w[create destroy edit new priority toggle update]
+    {
+      view => "#{controller_name}.view",
+      edit => "#{controller_name}.edit"
+    }
+  end
+end