bullet_train 1.0.0

data/app/controllers/account/users_controller.rb

@@ -0,0 +1,59 @@
+class Account::UsersController < Account::ApplicationController
+  load_and_authorize_resource
+
+  before_action do
+    # for magic locales.
+    @child_object = @user
+  end
+
+  # GET /account/users/1/edit
+  def edit
+  end
+
+  # GET /account/users/1
+  def show
+  end
+
+  def updating_password?
+    params[:user].key?(:password)
+  end
+
+  # PATCH/PUT /account/users/1
+  # PATCH/PUT /account/users/1.json
+  def update
+    respond_to do |format|
+      if updating_password? ? @user.update_with_password(user_params) : @user.update_without_password(user_params)
+        # if you update your own user account, devise will normally kick you out, so we do this instead.
+        bypass_sign_in current_user.reload
+        format.html { redirect_to [:edit, :account, @user], notice: t("users.notifications.updated") }
+        format.json { render :show, status: :ok, location: [:account, @user] }
+      else
+        format.html { render :edit, status: :unprocessable_entity }
+        format.json { render json: @user.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  private
+
+  # Never trust parameters from the scary internet, only allow the white list through.
+  def user_params
+    # TODO enforce permissions on updating the user's team name.
+    params.require(:user).permit(
+      :email,
+      :first_name,
+      :last_name,
+      :time_zone,
+      :current_password,
+      :password,
+      :password_confirmation,
+      :profile_photo_id,
+      :locale,
+      # 🚅 super scaffolding will insert new fields above this line.
+      current_team_attributes: [:name],
+      # 🚅 super scaffolding will insert new arrays above this line.
+    )
+
+    # 🚅 super scaffolding will insert processing for new fields above this line.
+  end
+end

data/app/helpers/account/invitations_helper.rb

@@ -0,0 +1,2 @@
+module Account::InvitationsHelper
+end

data/app/helpers/account/memberships_helper.rb

@@ -0,0 +1,9 @@
+module Account::MembershipsHelper
+  def membership_destroy_locale_key(membership)
+    if membership.user == current_user
+      ".destroy_own"
+    else
+      ".destroy"
+    end
+  end
+end

data/app/helpers/account/teams_helper.rb

@@ -0,0 +1,80 @@
+module Account::TeamsHelper
+  def current_team
+    current_user&.current_team
+  end
+
+  def other_teams
+    return [] unless current_user
+    current_user.teams.reject { |team| team == current_user.current_team }
+  end
+
+  def users_as_select_options(users, values = [])
+    values = Array(values)
+    users.map { |user|
+      "<option value=\"#{user.id}\" data-image=\"#{user_profile_photo_url(user)}\" #{"selected=\"selected\"" if values.include?(user.id)}>#{user.name}</option>"
+    }.join.html_safe
+  end
+
+  def memberships_as_select_options(memberships, values = [])
+    values = Array(values)
+    memberships.map { |membership|
+      "<option value=\"#{membership.id}\" data-image=\"#{membership_profile_photo_url(membership)}\" #{"selected=\"selected\"" if values.include?(membership.id)}>#{membership.name}</option>"
+    }.join.html_safe
+  end
+
+  def photo_for(object)
+    background_color = Colorizer.colorize_similarly((object.name.to_s + object.created_at.to_s).to_s, 0.5, 0.6).delete("#")
+    "https://ui-avatars.com/api/?" + {
+      color: "ffffff",
+      background: background_color,
+      bold: true,
+      name: "#{object.name.first}#{object.name.split.one? ? "" : object.name.split.first(2).last.first}",
+      size: 200,
+    }.to_param
+  end
+
+  # TODO this should only be used for certain locales/languages.
+  def describe_users_for_user_on_team(users, for_user, team)
+    # if this list of users represents everyone on the team, return the team name.
+    if (team.users & users) == team.users
+      team.name.strip
+    else
+      ((users - [for_user]) + [for_user]).map do |user|
+        if user == for_user
+          "You"
+        elsif team.users.where("users.first_name ILIKE ?", user.first_name).one?
+          user.first_name
+        elsif team.users.where("users.first_name ILIKE ? AND LEFT(users.last_name, 1) ILIKE ?", user.first_name, user.last_name.first).one?
+          "#{user.first_name} #{user.last_name.first}."
+        else
+          user.name
+        end
+      end.to_sentence.strip
+    end
+  end
+
+  # TODO this should only be used for certain locales/languages.
+  def describe_memberships_for_membership_on_team(memberships, for_membership, team)
+    # if this list of users represents everyone on the team, return the team name.
+    if (team.memberships & memberships) == team.memberships
+      team.name.strip
+    else
+      # place the membership that would be "you" at the end of the array.
+      ((memberships - [for_membership]) + [for_membership]).map do |membership|
+        if membership == for_membership
+          "You"
+        elsif membership.first_name.present? && team.memberships.map(&:first_name).select(&:present?).select { |first_name| first_name.downcase == membership.first_name.downcase }.one?
+          membership.first_name
+        elsif membership.first_name_last_initial.present? && team.memberships.map(&:first_name_last_initial).select { |first_name_last_initial| first_name_last_initial.downcase == membership.first_name_last_initial.downcase }.one?
+          membership.user.first_name_last_initial
+        else
+          membership.full_name
+        end
+      end.to_sentence.strip
+    end
+  end
+
+  def can_invite?
+    can?(:create, Invitation.new(team: current_team))
+  end
+end

data/app/helpers/account/users_helper.rb

@@ -0,0 +1,81 @@
+module Account::UsersHelper
+  def profile_photo_for(url: nil, email: nil, first_name: nil, last_name: nil)
+    if cloudinary_enabled? && !url.blank?
+      cl_image_path(url, width: 100, height: 100, crop: :fill)
+    else
+      background_color = Colorizer.colorize_similarly(email.to_s, 0.5, 0.6).delete("#")
+      "https://ui-avatars.com/api/?" + {
+        color: "ffffff",
+        background: background_color,
+        bold: true,
+        # email.to_s should not be necessary once we fix the edge case of cancelling an unclaimed membership
+        name: [first_name, last_name].join(" ").strip.presence || email,
+        size: 200,
+      }.to_param
+    end
+  end
+
+  def user_profile_photo_url(user)
+    profile_photo_for(
+      url: user.profile_photo_id,
+      email: user.email,
+      first_name: user.first_name,
+      last_name: user.last_name
+    )
+  end
+
+  def membership_profile_photo_url(membership)
+    if membership.user
+      user_profile_photo_url(membership.user)
+    else
+      profile_photo_for(
+        url: membership.user_profile_photo_id,
+        email: membership.invitation&.email || membership.user_email,
+        first_name: membership.user_first_name,
+        last_name: membership.user_last_name
+      )
+    end
+  end
+
+  def profile_header_photo_for(url: nil, email: nil, first_name: nil, last_name: nil)
+    if cloudinary_enabled? && !url.blank?
+      cl_image_path(url, width: 700, height: 200, crop: :fill)
+    else
+      background_color = Colorizer.colorize_similarly(email.to_s, 0.5, 0.6).delete("#")
+      "https://ui-avatars.com/api/?" + {
+        color: "ffffff",
+        background: background_color,
+        bold: true,
+        # email.to_s should not be necessary once we fix the edge case of cancelling an unclaimed membership
+        name: "#{first_name&.first || email.to_s[0]} #{last_name&.first || email.to_s[1]}",
+        size: 200,
+      }.to_param
+    end
+  end
+
+  def user_profile_header_photo_url(user)
+    profile_header_photo_for(
+      url: user.profile_photo_id,
+      email: user.email,
+      first_name: user.first_name,
+      last_name: user.last_name
+    )
+  end
+
+  def membership_profile_header_photo_url(membership)
+    if membership.user
+      user_profile_header_photo_url(membership.user)
+    else
+      profile_header_photo_for(
+        url: membership.user_profile_photo_id,
+        email: membership.invitation&.email || membership.user_email,
+        first_name: membership.user_first_name,
+        last_name: membership.user&.last_name || membership.user_last_name
+      )
+    end
+  end
+
+  def current_membership
+    current_user.memberships.where(team: current_team).first
+  end
+end

data/app/helpers/invitation_only_helper.rb

@@ -0,0 +1,10 @@
+module InvitationOnlyHelper
+  def invited?
+    session[:invitation_key].present? && invitation_keys.include?(session[:invitation_key])
+  end
+
+  def show_sign_up_options?
+    return true unless invitation_only?
+    invited?
+  end
+end

data/app/helpers/invitations_helper.rb

@@ -0,0 +1,17 @@
+module InvitationsHelper
+  def handle_outstanding_invitation
+    # was this user registering to claim an invitation?
+    if session[:invitation_uuid].present?
+
+      # try to find the invitation, if it still exists.
+      invitation = Invitation.find_by_uuid(session[:invitation_uuid])
+
+      # if the invitation was found, claim it for this user.
+      invitation&.accept_for(current_user)
+
+      # remove the uuid from the session.
+      session.delete(:invitation_uuid)
+
+    end
+  end
+end

data/app/models/invitation.rb

@@ -0,0 +1,73 @@
+class Invitation < ApplicationRecord
+  # 🚫 DEFAULT BULLET TRAIN INVITATION FUNCTIONALITY
+  # Typically you should avoid adding your own functionality in this section to avoid merge conflicts in the future.
+  # (If you specifically want to change Bullet Train's default behavior, that's OK and you can do that here.)
+
+  belongs_to :team
+  belongs_to :from_membership, class_name: "Membership"
+  has_one :membership, dependent: :nullify
+  has_many :roles, through: :membership
+
+  accepts_nested_attributes_for :membership
+
+  validates :email, presence: true
+
+  before_create :generate_uuid
+  after_create :set_added_by_membership
+  after_create :send_invitation_email
+
+  # ✅ YOUR APPLICATION'S INVITATION FUNCTIONALITY
+  # This is the place where you should implement your own features on top of Bullet Train's functionality. There
+  # are a bunch of Super Scaffolding hooks here by default to try and help keep generated code logically organized.
+
+  # 🚅 add concerns above.
+
+  # 🚅 add belongs_to associations above.
+
+  # 🚅 add has_many associations above.
+
+  # 🚅 add oauth providers above.
+
+  # 🚅 add has_one associations above.
+
+  # 🚅 add scopes above.
+
+  # 🚅 add validations above.
+
+  # 🚅 add callbacks above.
+
+  # 🚅 add delegations above.
+
+  # 🚅 add methods above.
+
+  # 🚫 DEFAULT BULLET TRAIN INVITATION FUNCTIONALITY
+  # We put these at the bottom of this file to keep them out of the way. You should define your own methods above here.
+
+  def set_added_by_membership
+    membership.update(added_by: from_membership)
+  end
+
+  def send_invitation_email
+    UserMailer.invited(uuid).deliver_later
+  end
+
+  def generate_uuid
+    self.uuid = SecureRandom.hex
+  end
+
+  def accept_for(user)
+    User.transaction do
+      user.memberships << membership
+      user.update(current_team: team, former_user: false)
+      destroy
+    end
+  end
+
+  def name
+    I18n.t("invitations.values.name", team_name: team.name)
+  end
+
+  def is_for?(user)
+    user.email.downcase.strip == email.downcase.strip
+  end
+end

data/app/models/membership.rb

@@ -0,0 +1,164 @@
+class Membership < ApplicationRecord
+  # 🚫 DEFAULT BULLET TRAIN MEMBERSHIP FUNCTIONALITY
+  # Typically you should avoid adding your own functionality in this section to avoid merge conflicts in the future.
+  # (If you specifically want to change Bullet Train's default behavior, that's OK and you can do that here.)
+
+  # See `docs/permissions.md` for details.
+  include Roles::Support
+
+  belongs_to :user, optional: true
+  belongs_to :team
+  belongs_to :invitation, optional: true, dependent: :destroy
+  belongs_to :added_by, class_name: "Membership", optional: true
+  belongs_to :platform_agent_of, class_name: "Platform::Application", optional: true
+
+  has_many :scaffolding_completely_concrete_tangible_things_assignments, class_name: "Scaffolding::CompletelyConcrete::TangibleThings::Assignment", dependent: :destroy
+  has_many :scaffolding_completely_concrete_tangible_things, through: :scaffolding_completely_concrete_tangible_things_assignments, source: :tangible_thing
+  has_many :reassignments_scaffolding_completely_concrete_tangible_things_reassignments, class_name: "Memberships::Reassignments::ScaffoldingCompletelyConcreteTangibleThingsReassignment", dependent: :destroy, foreign_key: :membership_id
+
+  has_many :scaffolding_absolutely_abstract_creative_concepts_collaborators, class_name: "Scaffolding::AbsolutelyAbstract::CreativeConcepts::Collaborator", dependent: :destroy
+
+  after_destroy do
+    # if we're destroying a user's membership to the team they have set as
+    # current, then we need to remove that so they don't get an error.
+    if user&.current_team == team
+      user.current_team = nil
+      user.save
+    end
+  end
+
+  scope :current_and_invited, -> { includes(:invitation).where("user_id IS NOT NULL OR invitations.id IS NOT NULL").references(:invitation) }
+  scope :current, -> { where("user_id IS NOT NULL") }
+  scope :tombstones, -> { includes(:invitation).where("user_id IS NULL AND invitations.id IS NULL").references(:invitation) }
+
+  # ✅ YOUR APPLICATION'S MEMBERSHIP FUNCTIONALITY
+  # This is the place where you should implement your own features on top of Bullet Train's functionality. There
+  # are a bunch of Super Scaffolding hooks here by default to try and help keep generated code logically organized.
+
+  # 🚅 add concerns above.
+
+  # 🚅 add belongs_to associations above.
+
+  # 🚅 add has_many associations above.
+
+  # 🚅 add oauth providers above.
+
+  # 🚅 add has_one associations above.
+
+  # 🚅 add scopes above.
+
+  # 🚅 add validations above.
+
+  # 🚅 add callbacks above.
+
+  # 🚅 add delegations above.
+
+  # 🚅 add methods above.
+
+  # 🚫 DEFAULT BULLET TRAIN TEAM FUNCTIONALITY
+  # We put these at the bottom of this file to keep them out of the way. You should define your own methods above here.
+
+  def name
+    full_name
+  end
+
+  def label_string
+    full_name
+  end
+
+  # we overload this method so that when setting the list of role ids
+  # associated with a membership, admins can never remove the last admin
+  # of a team.
+  def role_ids=(ids)
+    # if this membership was an admin, and the new list of role ids don't include admin.
+    if admin? && !ids.include?(Role.admin.id)
+      unless team.admins.count > 1
+        raise RemovingLastTeamAdminException.new("You can't remove the last team admin.")
+      end
+    end
+
+    super(ids)
+  end
+
+  def unclaimed?
+    user.nil? && !invitation.nil?
+  end
+
+  def tombstone?
+    user.nil? && invitation.nil?
+  end
+
+  def last_admin?
+    return false unless admin?
+    return false unless user.present?
+    team.memberships.current.select(&:admin?) == [self]
+  end
+
+  def nullify_user
+    if last_admin?
+      raise RemovingLastTeamAdminException.new("You can't remove the last team admin.")
+    end
+
+    if (user_was = user)
+      unless user_first_name.present?
+        self.user_first_name = user.first_name
+      end
+
+      unless user_last_name.present?
+        self.user_last_name = user.last_name
+      end
+
+      unless user_profile_photo_id.present?
+        self.user_profile_photo_id = user.profile_photo_id
+      end
+
+      unless user_email.present?
+        self.user_email = user.email
+      end
+
+      self.user = nil
+      save
+
+      user_was.invalidate_ability_cache
+
+      user_was.update(
+        current_team: user_was.teams.first,
+        former_user: user_was.teams.empty?
+      )
+    end
+
+    # we do this here just in case by some weird chance an active membership had an invitation attached.
+    invitation&.destroy
+  end
+
+  def email
+    user&.email || user_email.presence || invitation&.email
+  end
+
+  def full_name
+    user&.full_name || [first_name.presence, last_name.presence].join(" ").presence || email
+  end
+
+  def first_name
+    user&.first_name || user_first_name
+  end
+
+  def last_name
+    user&.last_name || user_last_name
+  end
+
+  def last_initial
+    return nil unless last_name.present?
+    "#{last_name}."
+  end
+
+  def first_name_last_initial
+    [first_name, last_initial].map(&:present?).join(" ")
+  end
+
+  # TODO utilize this.
+  # members shouldn't receive notifications unless they are either an active user or an outstanding invitation.
+  def should_receive_notifications?
+    invitation.present? || user.present?
+  end
+end

data/app/models/memberships/reassignments/assignment.rb

@@ -0,0 +1,12 @@
+class Memberships::Reassignments::Assignment < ApplicationRecord
+  belongs_to :scaffolding_completely_concrete_tangible_things_reassignment, class_name: "Memberships::Reassignments::ScaffoldingCompletelyConcreteTangibleThingsReassignment"
+  belongs_to :membership
+
+  validate :validate_membership
+
+  def validate_membership
+    unless scaffolding_completely_concrete_tangible_things_reassignment.valid_memberships.include?(membership)
+      errors.add(:membership, :invalid)
+    end
+  end
+end

data/app/models/memberships/reassignments/scaffolding_completely_concrete_tangible_things_reassignment.rb

@@ -0,0 +1,38 @@
+class Memberships::Reassignments::ScaffoldingCompletelyConcreteTangibleThingsReassignment < ApplicationRecord
+  # 🚅 add concerns above.
+
+  belongs_to :membership # this is the member being reassigned from.
+  has_one :team, through: :membership
+  # 🚅 add belongs_to associations above.
+
+  has_many :assignments
+  has_many :memberships, through: :assignments # these are the members being reassigned to.
+  # 🚅 add has_many associations above.
+
+  # 🚅 add has_one associations above.
+
+  # 🚅 add scopes above.
+
+  # 🚅 add validations above.
+
+  after_save :reassign
+  # 🚅 add callbacks above.
+
+  # 🚅 add delegations above.
+
+  def valid_memberships
+    team.memberships.current_and_invited
+  end
+
+  def reassign
+    membership.scaffolding_completely_concrete_tangible_things_assignments.each do |existing_assignment|
+      memberships.each do |target_membership|
+        unless existing_assignment.tangible_thing.memberships.include?(target_membership)
+          existing_assignment.tangible_thing.memberships << target_membership
+        end
+      end
+      existing_assignment.destroy
+    end
+  end
+  # 🚅 add methods above.
+end

data/app/models/memberships/reassignments.rb

@@ -0,0 +1,5 @@
+module Memberships::Reassignments
+  def self.table_name_prefix
+    "memberships_reassignments_"
+  end
+end

data/app/models/team.rb

@@ -0,0 +1,81 @@
+class Team < ApplicationRecord
+  # 🚫 DEFAULT BULLET TRAIN TEAM FUNCTIONALITY
+  # Typically you should avoid adding your own functionality in this section to avoid merge conflicts in the future.
+  # (If you specifically want to change Bullet Train's default behavior, that's OK and you can do that here.)
+
+  # Outgoing webhooks.
+  include Webhooks::Outgoing::TeamSupport
+
+  # super scaffolding
+  unless scaffolding_things_disabled?
+    has_many :scaffolding_absolutely_abstract_creative_concepts, class_name: "Scaffolding::AbsolutelyAbstract::CreativeConcept", dependent: :destroy, enable_updates: true
+  end
+
+  # memberships and invitations
+  has_many :memberships, dependent: :destroy
+  has_many :users, through: :memberships
+  has_many :invitations
+
+  # oauth for grape api
+  has_many :platform_applications, class_name: "Platform::Application", dependent: :destroy, foreign_key: :team_id
+
+  # integrations
+  has_many :integrations_stripe_installations, class_name: "Integrations::StripeInstallation", dependent: :destroy if stripe_enabled?
+
+  # validations
+  validates :name, presence: true
+  validates :time_zone, inclusion: {in: ActiveSupport::TimeZone.all.map(&:name)}, allow_nil: true
+
+  # ✅ YOUR APPLICATION'S TEAM FUNCTIONALITY
+  # This is the place where you should implement your own features on top of Bullet Train's functionality. There
+  # are a bunch of Super Scaffolding hooks here by default to try and help keep generated code logically organized.
+
+  # 🚅 add concerns above.
+
+  # 🚅 add belongs_to associations above.
+
+  # 🚅 add has_many associations above.
+
+  # 🚅 add oauth providers above.
+
+  # 🚅 add has_one associations above.
+
+  # 🚅 add scopes above.
+
+  # 🚅 add validations above.
+
+  # 🚅 add callbacks above.
+
+  # 🚅 add delegations above.
+
+  # 🚅 add methods above.
+
+  # 🚫 DEFAULT BULLET TRAIN TEAM FUNCTIONALITY
+  # We put these at the bottom of this file to keep them out of the way. You should define your own methods above here.
+
+  def admins
+    memberships.current_and_invited.admins
+  end
+
+  def admin_users
+    admins.map(&:user).compact
+  end
+
+  def primary_contact
+    admin_users.min { |user| user.created_at }
+  end
+
+  def formatted_email_address
+    primary_contact.email
+  end
+
+  def invalidate_caches
+    users.map(&:invalidate_ability_cache)
+  end
+
+  def team
+    # some generic features appeal to the `team` method for security or scoping purposes, but sometimes those same
+    # generic functions need to function for a team model as well, so we do this.
+    self
+  end
+end