bullet_train-api 1.2.4 → 1.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8a6ade62a135239a02645844a31778eb34be494d8d131510318af2d9fa9c2b8b
-  data.tar.gz: 915b02cc7c7fac7f0cc3ef27440be6a8799d22da2fe08ae55175b3d3747b0191
+  metadata.gz: eea6e15f732345ad8b79974221655546fb043fe728714cb36fd1be94de87ca65
+  data.tar.gz: 765e5cd3fb11a1383627ee7a78d3420fa474148c4c9cdbd38a2dcc1b8c9d269c
 SHA512:
-  metadata.gz: e5642cd39f8e915e71d178ee09395025b70c80483a2807de87b88bbc542e39bb58ad6e3b33f0ad739f3d1f1d00802a660b78dd6c367384da9a74c9e4966e56db
-  data.tar.gz: 37d861c517b06e93cf67249ac91047b30eaa9c5e19a509a7a211abe4cf89a1ed31170f3c800dad20402c840ccfa80727bdf83cf2eb72e4b9b4b8c48cba9739ef
+  metadata.gz: e2fffd4bb4375861f09ede137834e8ac90e38b252f2dac98f75db098dbb5a6ae73d24a5cd4f6b36e70bccf994c60f348681bb25a41d775a0767e60cb45bc9106
+  data.tar.gz: 833751b5331a288a1b63b12c47bdd447b800b0eea1c29341ad59e9507c91682f1c8f309de584a5d6c42cb1df81cdd757f1c5b2f8da98ec43c5d525a2f78537d4

data/app/controllers/concerns/api/v1/users/controller_base.rb

@@ -30,6 +30,8 @@ module Api::V1::Users::ControllerBase
       member_actions: (defined?(MEMBER_ACTIONS) ? MEMBER_ACTIONS : []),
       collection_actions: (defined?(COLLECTION_ACTIONS) ? COLLECTION_ACTIONS : [])
 
+    prepend_before_action :resolve_me
+
     private
 
     include StrongParameters
@@ -39,6 +41,12 @@ module Api::V1::Users::ControllerBase
   def index
   end
 
+  def resolve_me
+    if current_user && params[:id]&.downcase == "me"
+      params[:id] = current_user.id
+    end
+  end
+
   # GET /api/v1/users/:id
   def show
   end

data/app/models/platform/access_token.rb

@@ -28,5 +28,18 @@ class Platform::AccessToken < ApplicationRecord
   def label_string
     description
   end
+
+  def system_level?
+    return false unless application
+    !application.team_id
+  end
+
+  def description
+    if system_level?
+      application.name
+    else
+      super
+    end
+  end
   # 🚅 add methods above.
 end

data/app/models/platform/application.rb

@@ -4,7 +4,7 @@ class Platform::Application < ApplicationRecord
   include Doorkeeper::Orm::ActiveRecord::Mixins::Application
   # 🚅 add concerns above.
 
-  belongs_to :team
+  belongs_to :team, optional: true
   # 🚅 add belongs_to associations above.
 
   # 🚅 add has_many associations above.

data/app/views/account/platform/applications/index.html.erb

@@ -2,5 +2,6 @@
   <% p.content_for :title, t('.section') %>
   <% p.content_for :body do %>
     <%= render 'index', applications: @applications %>
+    <%= render 'account/platform/access_tokens/index', access_tokens: @team.platform_agent_access_tokens, context: @team %>
   <% end %>
 <% end %>

data/app/views/account/platform/connections/new.html.erb

@@ -0,0 +1,42 @@
+<%= render 'account/shared/workflow/box' do |p| %>
+  <% p.content_for :title, t('.header', application_name: @application.name) %>
+  <% p.content_for :body do %>
+    <ul class="space-y" data-turbo="false">
+      <% @teams.each do |team| %>
+        <li class="bg-white border overflow-hidden sm:rounded-md dark:bg-sealBlue-400">
+          <% body = capture do %>
+            <div class="px-4 py-4 flex items-center sm:pl-8 sm:pr-6">
+              <div class="min-w-0 flex-1 sm:flex sm:items-center sm:justify-between">
+                <div class="flex text-xl font-semibold text-blue uppercase group-hover:text-blue-dark tracking-widest dark:text-white">
+                  <%= team.name %>
+                </div>
+                <% unless can? :connect, team %>
+                  <div class="ml-5 flex-shrink-0 text-gray-400">
+                    <%= t(".not_allowed") %>
+                  </div>
+                <% end %>
+              </div>
+              <% if can? :connect, team %>
+                <div class="ml-5 flex-shrink-0">
+                  <svg class="h-5 w-5 text-gray-400" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" aria-hidden="true">
+                    <path fill-rule="evenodd" d="M7.293 14.707a1 1 0 010-1.414L10.586 10 7.293 6.707a1 1 0 011.414-1.414l4 4a1 1 0 010 1.414l-4 4a1 1 0 01-1.414 0z" clip-rule="evenodd" />
+                  </svg>
+                </div>
+              <% end %>
+            </div>
+          <% end %>
+
+          <% if can? :connect, team %>
+            <%= link_to request.url + "&team_id=#{team.id}", class: "group block hover:bg-gray-50 dark:hover:bg-sealBlue-400 dark:text-sealBlue-800" do %>
+              <%= body %>
+            <% end %>
+          <% else %>
+            <div class="block dark:text-sealBlue-800">
+              <%= body %>
+            </div>
+          <% end %>
+        </li>
+      <% end %>
+    </ul>
+  <% end %>
+<% end %>

data/config/locales/en/platform/access_tokens.en.yml

@@ -67,6 +67,9 @@ en:
         platform/application:
           header: API Access Tokens
           description: You can use Access Tokens to allow %{application_name} to make requests to the API.
+        team:
+          header: Platform Connections
+          description: The following Platform Applications are connected to your account. The Access Tokens issued to these Platform Applications are available below in case you need to debug these integrations.
       fields: *fields
       buttons: *buttons
     show:

data/config/locales/en/platform/connections.en.yml

@@ -0,0 +1,7 @@
+en:
+  account:
+    platform:
+      connections:
+        new:
+          header: "Connect %{application_name} to Team"
+          not_allowed: Not Allowed

data/docs/api.md

@@ -1,5 +1,5 @@
 # REST API
-We believe every SaaS application should have an API and [webhooks](https://github.com/bullet-train-co/bullet_train-base/blob/main/docs/webhooks/outgoing.md) available to users, so Bullet Train aims to help automate the creation of a production-grade REST API using Rails-native tooling and provides a forward-thinking strategy for its long-term maintenance.
+We believe every SaaS application should have an API and [webhooks](/docs/webhooks/outgoing.md) available to users, so Bullet Train aims to help automate the creation of a production-grade REST API using Rails-native tooling and provides a forward-thinking strategy for its long-term maintenance.
 
 ## Background
 Vanilla Rails scaffolding actually provides simple API functionality out-of-the-box: You can append `.json` to the URL of any scaffold and it will render a JSON representation instead of an HTML view. This functionality continues to work in Bullet Train, but our API implementation also builds on this simple baseline using the same tools with additional organization and some new patterns. 

data/docs/zapier.md

@@ -0,0 +1,46 @@
+# Integrating with Zapier
+Bullet Train provides out-of-the-box support for Zapier. New Bullet Train projects include a preconfigured Zapier CLI project that is ready to `zapier deploy`.
+
+## Background
+Zapier was designed to take advantage of an application's existing [REST API](/docs/api.md), [outgoing webhook capabilities](/docs/webhooks/outgoing.md), and OAuth2 authorization workflows. Thankfully for us, Bullet Train provides the first two and pre-configures Doorkeeper to provide the latter. We also have an smooth OAuth2 connection workflow that accounts for the mismatch between the user-based OAuth2 standard and team-based multitenancy.
+
+## Prerequitesites
+ - You must be developing in an environment with [tunneling enabled](/docs/tunneling.md).
+
+## Getting Started in Development
+First, install the Zapier CLI tooling and deploy:
+
+```
+cd zapier
+yarn install
+zapier login
+zapier register
+zapier push
+```
+
+Once the application is registered in your account, you can re-run seeds in your development environment and it will create a `Platform::Application` record for Zapier:
+
+```
+cd ..
+rake db:seed
+```
+
+When you do this for the first time, it will output some credentials for you to go back and configure for the Zapier application, like so:
+
+```
+cd zapier
+zapier env:set 1.0.0 \
+  BASE_URL=https://andrewculver.ngrok.io \
+  CLIENT_ID=... \
+  CLIENT_SECRET=...
+cd ..
+```
+
+You're done and can now test creating Zaps that react to example objects being created or create example objects based on other triggers.
+
+## Deploying in Production
+We haven't figured out a good suggested process for breaking out development and production versions of the Zapier application yet, but we'll update this section when we have.
+
+## Future Plans
+ - Extend Super Scaffolding to automatically add new resources to the Zapier CLI project. For now you have to extend the Zapier CLI definitions manually.
+

data/lib/bullet_train/api/version.rb

@@ -1,5 +1,5 @@
 module BulletTrain
   module Api
-    VERSION = "1.2.4"
+    VERSION = "1.2.5"
   end
 end

data/lib/bullet_train/api.rb

@@ -1,6 +1,7 @@
 require "bullet_train/api/version"
 require "bullet_train/api/engine"
 require "bullet_train/api/strong_parameters_reporter"
+require "bullet_train/platform/connection_workflow"
 
 # require "wine_bouncer"
 require "pagy"

data/lib/bullet_train/platform/connection_workflow.rb

@@ -0,0 +1,64 @@
+require "bullet_train/platform"
+
+class BulletTrain::Platform::ConnectionWorkflow
+  def to_proc
+    proc do
+      # Load the platform application in question.
+      # TODO Do we need to check the client secret or does Doorkeeper do that for us?
+      @application = Platform::Application.find_by(uid: params[:client_id])
+
+      # If the user is current signed in.
+      if current_user
+        # If the client application is opting into a team-level connection instead of a user-level connection, they have
+        # to select a team.
+        if params[:new_installation]
+          # If they selected a team on the team selection page.
+          if params[:team_id]
+            # Load the selected team.
+            team = Team.find(params[:team_id])
+
+            # Throw an error if they aren't allowed to create connections on this team.
+            authorize! :connect, team
+
+            # Create a faux membership and user that represent this connection.
+            # We have to do this because all our permissions are based on users, so team-level connections need a user.
+            faux_password = SecureRandom.hex
+            faux_user = User.create(
+              email: "noreply+#{SecureRandom.hex}@bullettrain.co",
+              password: faux_password,
+              password_confirmation: faux_password,
+              platform_agent_of: @application,
+              first_name: @application.name
+            )
+
+            # TODO I think we can get rid of `platform_agent` because we have `platform_agent_of_id`.
+            faux_membership = team.memberships.create(
+              user: faux_user,
+              platform_agent: true,
+              platform_agent_of: @application,
+              added_by: team.memberships.find_by(user: current_user)
+            )
+
+            faux_membership.roles << Role.admin
+
+            # We're done! Return the user, it'll be associated with the access grant and subsequent access token.
+            faux_user
+          else
+            # Show them a list of all their teams.
+            # We'll disable the teams they can't create connections for in the view.
+            @teams = current_user.teams
+
+            render "account/platform/connections/new"
+          end
+        else
+          # If the client application isn't specifically opting into a team-level installation, just connect on behalf of the user.
+          current_user
+        end
+      else
+        # If they're not signed in, redirect them to the sign in page and set a return URL via params.
+        # This is a crazy workaround for the fact that Safari doesn't let us create a session at the same time we redirect.
+        redirect_to new_user_session_path(return_url: request.url)
+      end
+    end
+  end
+end

data/lib/bullet_train/platform.rb

@@ -0,0 +1,2 @@
+module BulletTrain::Platform
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bullet_train-api
 version: !ruby/object:Gem::Version
-  version: 1.2.4
+  version: 1.2.5
 platform: ruby
 authors:
 - Andrew Culver
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-12-17 00:00:00.000000000 Z
+date: 2022-12-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: standard
@@ -162,6 +162,7 @@ files:
 - app/views/account/platform/applications/new.html.erb
 - app/views/account/platform/applications/show.html.erb
 - app/views/account/platform/applications/show.json.jbuilder
+- app/views/account/platform/connections/new.html.erb
 - app/views/api/v1/open_api/shared/_paths.yaml.erb
 - app/views/api/v1/open_api/teams/_paths.yaml.erb
 - app/views/api/v1/open_api/users/_paths.yaml.erb
@@ -186,13 +187,17 @@ files:
 - config/locales/en/me.en.yml
 - config/locales/en/platform/access_tokens.en.yml
 - config/locales/en/platform/applications.en.yml
+- config/locales/en/platform/connections.en.yml
 - config/routes.rb
 - docs/api.md
 - docs/api/versioning.md
+- docs/zapier.md
 - lib/bullet_train/api.rb
 - lib/bullet_train/api/engine.rb
 - lib/bullet_train/api/strong_parameters_reporter.rb
 - lib/bullet_train/api/version.rb
+- lib/bullet_train/platform.rb
+- lib/bullet_train/platform/connection_workflow.rb
 - lib/tasks/bullet_train/api_tasks.rake
 homepage: https://github.com/bullet-train-co/bullet_train-api
 licenses: